Solved: ASR1001 Restrict telnet IPv6

fabienfs · ‎09-08-2020

Hello,

I use access-list to restrict access to telnet.

How to adapt this rule to also restrict telnet access in IPv6?

access-list 50 remark ---Restrict Telnet Access---
access-list 50 permit xx.xx.xx.xx 0.0.3.255
access-list 50 deny any

Do I need to add something like this?

access-list 50 remark ---Restrict Telnet Access IPv6---
access-list 50 permit 2A0A:xxx:xxx:xxxx/?
access-list 50 deny any

thanks for your help :-)

Georg Pauwen · ‎09-09-2020

Hello,

there is (the same as in IPv4 access lists) and implicit deny at the end. Here is what the ACL for just Telnet would look like:

ipv6 access-list RESTRICT_TELNET_IPv6_ACL
permit tcp 2A0A:DB2:0200::/64 eq telnet any
!
line vty 0 4
ipv6 access-class RESTRICT_TELNET_IPv6_ACL in

balaji.bandi · ‎09-08-2020

the syntax will be bit different, refer below guide has different examples:

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎09-09-2020

Hello,

there is (the same as in IPv4 access lists) and implicit deny at the end. Here is what the ACL for just Telnet would look like:

ipv6 access-list RESTRICT_TELNET_IPv6_ACL
permit tcp 2A0A:DB2:0200::/64 eq telnet any
!
line vty 0 4
ipv6 access-class RESTRICT_TELNET_IPv6_ACL in

fabienfs · ‎12-12-2020

thanks!