Hi,
I am using a ASR9010 which currently has a vty access-list (it's an ipv4 access list ingress) only allowing certain ipv4 prefixes.
My question is, will a source address with an ipv6 address be allowed the vty access? If so how to stop it.
Currently the ASR9010 doesn't have any ipv6 configuration.
Best Regards
Saikat Chakraborty
Hello Saikat,
We should use Management Plane Protection instead of ACL on VTY. There you can simultaneously configure IPv4 and IPv6
Regards,
/A
Hi A,
Thanks for your prompt reply, MPP feature was a good read. But my customer is always conservative about changing config in a production router though I will propose it to them.
In the mean time, will a ipv6 source address be able to bypass the vty ipv4 access-list (this is current config)?
Best Regards
Saikat Chakraborty
Note: the ipv4 access list allows certain ipv4 access list and also currently the router has no ipv6 configuration as only ipv4 is used.
VTY access-lists are either v4 or v6, no combinations are allowed, so we can limit either v4 or v6 ingress but not both.
Regards,
/A