Solved: Re: IPv6 internet edge access-list

nortlov9253 · ‎04-23-2018

Hello All. Is there the best practice for securing access to ipv6 network on the internet edge routers?

Like for ipv4 below and i want make up something like that for ipv6.

access-list 100 deny ip 10.0.0.0 0.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 deny ip 172.16.0.0 0.15.255.255 any

access-list 100 deny ip 192.168.0.0 0.0.255.255 any

access-list 100 deny ip 224.0.0.0 15.255.255.255 any

Seb Rupik · ‎04-23-2018

Hi there,

What you are looking for is a prefix list of bogon and martian IPv6 addresses. Team Cymru host a static list which you can find here (it's pretty big!):

http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt

...but they have updated their methods and you can now peer with them to receive a dynamically updated list:

https://www.team-cymru.com/bogon-reference.html

cheers,

Seb.

View solution in original post

Seb Rupik · ‎04-23-2018