Cisco® CCNA Exam Cram Notes : IPv6 access-list

VIII. Security Fundamentals

6. IPv6 access-list

The syntax for configuring ipv6 ACL is as given below:

deny | permit <protocol> { source-ipv6-prefix / prefix-length | any | host source-ipv6-address } [ operator [ port-number ]] {destination-ipv6-prefix/ prefix-length | any | host destination-ipv6-address } [ operator [ port-number ]] [ dscp value ] [ fragments ] [ log ] [ log-input ] [ sequence value ] [ time-range name ]

Example1: The command "deny tcp any any eq telnet" command restricts any host telnetting to any destination host

ipv6 access-list <access-list-name>

the command defines IPv6 access list name, and enter IPv6 access-list configuration mode.

Example2: deny ipv6 host 2001:db8:100::18 2001:db8:100::1/64

The statement deny ipv6 host 2001:db8:100::18 2001:db8:100::1/64 denies any ipv6 traffic with a source IP Address of - 2001:db8:100::18 that is destined for 2001:db8:100::1/64, That is the IP Address must match exactly

Example3: Step 1: Create an IPv6 ACL, and enter IPv6 access list configuration mode.

Switch#configure terminal
Switch(config)#ipv6 access-list
Ex: Switch(config)#ipv6 access-list
myipv6list is the list name.


Step 2: Configure the IPv6 ACL to block (deny) or pass (permit) traffic, use the command:

Switch(config-ipv6-acl)#deny | permit protocol
Ex.: Switch(config-ipv6-acl)#permit icmp any any

Step 3: Apply the IPv6 ACL to an interface. For router ACLs, you must also configure an IPv6 address on the Layer 3 interface to which the ACL is applied.

Step: 3.1
Switch# configure terminal
Switch(config)# interface interface-id

Ex: Switch(config)# interface gigabitethernet1/0/2

Switch(config-if)#no switchport ; this command enables switch interface for layer-3 operation.

Step 3.2 : ipv6 address <ipv6-address>

Ex: Switch(config-if)# ipv6 address 2001::/64 eui-64
Here you assigned an ipv6 address to the interface.

Step 3.3 : ipv6 traffic-filter <access-list-name> { in | out }

Switch(config-if)# ipv6 traffic-filter myipv6list out

here you applied the access-list to an out going interface.

Some of the widely used port numbers are given below:

Port Number Description
21 FTP
22 SSH
23 Telnet
25 Simple mail Transfer Protocol

Previous    Contents    Next

CCNA Cram Notes Contents
certexams ad

simulationexams ad