Latest revision as of 11:35, 21 May 2014

Cisco Access Lists for IPv6 for IPv4 see Access-list Cisco IOS

Standard ACL

ipv6 access-list PERMIT-LOCAL
 deny ipv6 2001:16D8:DD85:4::/64 2001:16D8:DD85:3::/64
 permit ipv6 2001:16D8:DD85:4::/64 any
 
!
interface FastEthernet0/1
 ipv6 traffic-filter PERMIT-LOCAL out

Extended ACL

ipv6 access-list DMZ
 permit tcp any 2001:16D8:DD85:4::/64 eq www
 permit tcp any 2001:16D8:DD85:4::/64 eq 443
 permit tcp any 2001:16D8:DD85:4::/64 eq smtp
!
interface FastEthernet0/1
 ipv6 traffic-filter DMZ in

Examples

IPv6 Firewall Cisco IOS ACL based example

Reflexive ACL

Reflexive example. Only ICMP incoming traffic allowed

ipv6 access-list OUTGOING
 permit tcp 2001:410:0:2::/64 any reflect REFLECTOUT
 permit udp 2001:410:0:2::/64 any reflect REFLECTOUT
 deny ipv6 FC00::/7 any
 permit icmp any any
 deny ipv6 any any log
!
ipv6 access-list INCOMING
 permit icmp any any
 evaluate REFLECTOUT
 deny ipv6 any any log
!
interface FastEthernet0/1
 ipv6 traffic-filter INCOMING in
 ipv6 traffic-filter OUTGOING out

@@ Line 3: / Line 3: @@
 <source lang=cli>
 ipv6 access-list PERMIT-LOCAL
+ deny ipv6 2001:16D8:DD85:4::/64 2001:16D8:DD85:3::/64
   permit ipv6 2001:16D8:DD85:4::/64 any
-  deny ipv6 2001:16D8:DD85:4::/64 2001:16D8:DD85:3::/64
 !
 interface FastEthernet0/1
   ipv6 traffic-filter PERMIT-LOCAL out
 </source>
 =Extended ACL=
 <source lang=cli>
@@ Line 19: / Line 21: @@
   ipv6 traffic-filter DMZ in
 </source>
+==Examples==
+*[[IPv6 Firewall Cisco IOS ACL based]] example
 =Reflexive ACL=
 [[Image:IPv6 Reflexive ACL eksempel.png|500px|left|thumb|Reflexive example. Only ICMP incoming traffic allowed]]

Navigation menu

Difference between revisions of "Access-list IPv6 Cisco IOS"

Latest revision as of 11:35, 21 May 2014

Contents

Standard ACL

Extended ACL

Examples

Reflexive ACL