cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3426
Views
5
Helpful
2
Replies

IPv6 internet edge access-list

nortlov9253
Level 1
Level 1

Hello All. Is there the best practice for securing access to ipv6 network on the internet edge routers?

Like for ipv4 below and i want make up something like that for ipv6.

access-list 100 deny ip 10.0.0.0 0.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 deny ip 172.16.0.0 0.15.255.255 any

access-list 100 deny ip 192.168.0.0 0.0.255.255 any

access-list 100 deny ip 224.0.0.0 15.255.255.255 any

1 Accepted Solution

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

What you are looking for is a prefix list of bogon and martian IPv6 addresses. Team Cymru host a static list which you can find here (it's pretty big!):

http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt

 

...but they have updated their methods and you can now peer with them to receive a dynamically updated list:

https://www.team-cymru.com/bogon-reference.html

 

cheers,

Seb.

View solution in original post

2 Replies 2

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

What you are looking for is a prefix list of bogon and martian IPv6 addresses. Team Cymru host a static list which you can find here (it's pretty big!):

http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt

 

...but they have updated their methods and you can now peer with them to receive a dynamically updated list:

https://www.team-cymru.com/bogon-reference.html

 

cheers,

Seb.

Thanks, very helpful)
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco