09-25-2021 04:56 AM
I want to configure an ipv6 ACL called PORT80 that:
This ACL also must not prevent other ipv6 traffic.
Is this right?
10 permit ipv6 2001:10:1:1::/64 2001:202:1:1::254
40 deny tcp any eq 23 any
Solved! Go to Solution.
09-25-2021 02:09 PM
Hi there,
To acheive your first and third reqirments the ACL would look like:
! ipv6 access-list PORT80 permit tcp 2001:10:1:1::/64 host 2001:202:1:1::254 eq 80 deny ipv6 any any !
However your second requirement is mixing IPv6 and IPv4 which is not possible. The two protocols *could* communicate via network translation, and the translated traffic could then be blocked, but for now, it is safe to say that source IPv6 packets will not be able to reach IPV4 hosts in the 179.1.1.0/24 (?) subnet.
cheers,
Seb.
09-25-2021 02:09 PM
Hi there,
To acheive your first and third reqirments the ACL would look like:
! ipv6 access-list PORT80 permit tcp 2001:10:1:1::/64 host 2001:202:1:1::254 eq 80 deny ipv6 any any !
However your second requirement is mixing IPv6 and IPv4 which is not possible. The two protocols *could* communicate via network translation, and the translated traffic could then be blocked, but for now, it is safe to say that source IPv6 packets will not be able to reach IPV4 hosts in the 179.1.1.0/24 (?) subnet.
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide