12-28-2012 06:07 AM
Hi,
I am using a ASR9010 which currently has a vty access-list (it's an ipv4 access list ingress) only allowing certain ipv4 prefixes.
My question is, will a source address with an ipv6 address be allowed the vty access? If so how to stop it.
Currently the ASR9010 doesn't have any ipv6 configuration.
Best Regards
Saikat Chakraborty
12-28-2012 06:29 AM
Hello Saikat,
We should use Management Plane Protection instead of ACL on VTY. There you can simultaneously configure IPv4 and IPv6
Regards,
/A
12-28-2012 06:49 AM
Hi A,
Thanks for your prompt reply, MPP feature was a good read. But my customer is always conservative about changing config in a production router though I will propose it to them.
In the mean time, will a ipv6 source address be able to bypass the vty ipv4 access-list (this is current config)?
Best Regards
Saikat Chakraborty
Note: the ipv4 access list allows certain ipv4 access list and also currently the router has no ipv6 configuration as only ipv4 is used.
12-28-2012 06:56 AM
VTY access-lists are either v4 or v6, no combinations are allowed, so we can limit either v4 or v6 ingress but not both.
Regards,
/A
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide