diff --git a/neutronclient/neutron/v2_0/securitygroup.py b/neutronclient/neutron/v2_0/securitygroup.py
index 962b3f874..2fb0bb95d 100644
--- a/neutronclient/neutron/v2_0/securitygroup.py
+++ b/neutronclient/neutron/v2_0/securitygroup.py
@@ -91,6 +91,12 @@ def _format_sg_rules(secgroup):
         return ''
 
 
+def generate_default_ethertype(protocol):
+    if protocol == 'icmpv6':
+        return 'IPv6'
+    return 'IPv4'
+
+
 class ListSecurityGroup(neutronV20.ListCommand):
     """List security groups that belong to a given tenant."""
 
@@ -303,7 +309,6 @@ class CreateSecurityGroupRule(neutronV20.CreateCommand):
             help=_('Direction of traffic: ingress/egress.'))
         parser.add_argument(
             '--ethertype',
-            default='IPv4',
             help=_('IPv4/IPv6'))
         parser.add_argument(
             '--protocol',
@@ -338,7 +343,8 @@ class CreateSecurityGroupRule(neutronV20.CreateCommand):
             self.get_client(), 'security_group', parsed_args.security_group_id)
         body = {'security_group_id': _security_group_id,
                 'direction': parsed_args.direction,
-                'ethertype': parsed_args.ethertype}
+                'ethertype': parsed_args.ethertype or
+                generate_default_ethertype(parsed_args.protocol)}
         neutronV20.update_dict(parsed_args, body,
                                ['protocol', 'port_range_min', 'port_range_max',
                                 'remote_ip_prefix', 'tenant_id'])
diff --git a/neutronclient/tests/unit/test_cli20_securitygroup.py b/neutronclient/tests/unit/test_cli20_securitygroup.py
index 758162d48..61b86fd9d 100644
--- a/neutronclient/tests/unit/test_cli20_securitygroup.py
+++ b/neutronclient/tests/unit/test_cli20_securitygroup.py
@@ -570,6 +570,14 @@ class CLITestV20SecurityGroupsJSON(test_cli20.CLITestV20Base):
         sg_rule = self._prepare_rule(protocol='icmp')
         self.assertEqual('icmp', securitygroup._get_protocol_port(sg_rule))
 
+    def test_get_ethertype_for_protocol_icmpv6(self):
+        self.assertEqual('IPv6',
+                         securitygroup.generate_default_ethertype('icmpv6'))
+
+    def test_get_ethertype_for_protocol_icmp(self):
+        self.assertEqual('IPv4',
+                         securitygroup.generate_default_ethertype('icmp'))
+
     def test__get_protocol_port_udp_code_type(self):
         sg_rule = self._prepare_rule(protocol='icmp',
                                      port_range_min=1, port_range_max=8)