Solved: Re: Is IPv6 ACL needed if not yet using IPv6?

kduckett · ‎07-14-2009

I am concerned about IPv6 traffic infiltrating my network before I'm ready to accept it. Do I need to configure an IPv6 ACL to deny any any IPv6 traffic if I'm only using IPv4? Can you have both an IPv4 and IPv6 ACL configured on the same interface?

Jerry Ye · ‎07-14-2009

Hi Aaron,

Do you even have ipv6 unicast-routing in your configuration? If no, you don't have to concern about IPv6 traffic. You can apply IPv6 ACL on the IPv4 interface, but they are not going to do anything.

Here is a reference on how to do IPv6 ACL

http://www.cisco.com/en/US/partner/docs/ios/ipv6/configuration/guide/ip6-sec_trfltr_fw.html#wp1073622

HTH,

jerry

View solution in original post

Jerry Ye · ‎07-14-2009

Hi Aaron,

Do you even have ipv6 unicast-routing in your configuration? If no, you don't have to concern about IPv6 traffic. You can apply IPv6 ACL on the IPv4 interface, but they are not going to do anything.

Here is a reference on how to do IPv6 ACL

http://www.cisco.com/en/US/partner/docs/ios/ipv6/configuration/guide/ip6-sec_trfltr_fw.html#wp1073622

HTH,

jerry

kduckett · ‎07-14-2009

Hi Jerry,

Thanks for the reply. No, I do not have IPv6 unicast-routing enabled so I guess I'm good. I was not sure if any IPv6 commands were hidden thus making IPv6 operational.

Thanks again,

Keith

Jerry Ye · ‎07-14-2009

Hi Keith,

You are good if you don't have ipv6 unicast-routing enabled. Your router doesn't know how to pass the traffic without that command.

Regards,

jerry