Access-list IPv6 Cisco IOS

From Teknologisk videncenter
Revision as of 09:13, 4 June 2011 by Heth (talk | contribs) (Reflexive ACL)
Jump to: navigation, search

Standard ACL

ipv6 access-list PERMIT-LOCAL
 permit ipv6 2001:16D8:DD85:4::/64 any
 deny ipv6 2001:16D8:DD85:4::/64 2001:16D8:DD85:3::/64
!
interface FastEthernet0/1
 ipv6 traffic-filter PERMIT-LOCAL out

Extended ACL

ipv6 access-list DMZ
 permit tcp any 2001:16D8:DD85:4::/64 eq www
 permit tcp any 2001:16D8:DD85:4::/64 eq 443
 permit tcp any 2001:16D8:DD85:4::/64 eq smtp
!
interface FastEthernet0/1
 ipv6 traffic-filter DMZ in

Reflexive ACL

Reflexive example. Only ICMP incoming traffic allowed
ipv6 access-list OUTGOING
 permit tcp 2001:410:0:2::/64 any reflect REFLECTOUT
 permit udp 2001:410:0:2::/64 any reflect REFLECTOUT
 deny ipv6 FC00::/7 any
 permit icmp any any
 deny ipv6 any any log
!
ipv6 access-list INCOMING
 permit icmp any any
 evaluate REFLECTOUT
 deny ipv6 any any log
!
interface FastEthernet0/1
 ipv6 traffic-filter INCOMING in
 ipv6 traffic-filter OUTGOING out