John Mowry Community College of Rhode Island. IPv4 versus IPv6 ACL’s IPv4 ACL Types: Numbered...
20
Ipv6 Access Control Lists John Mowry Community College of Rhode Island
-
Upload
mitchell-jones -
Category
Documents
-
view
217 -
download
0
Transcript of John Mowry Community College of Rhode Island. IPv4 versus IPv6 ACL’s IPv4 ACL Types: Numbered...
Ipv6 Access Control Lists
John MowryCommunity College of Rhode Island
IPv4 versus IPv6 ACL’sIPv4 ACL Types:
Numbered Standard
Numbered Extended
Named Standard
Named Extended
IPv4 versus IPv6 ACL’s
IPv6 ACL Types:
Named Extended
IPv4 versus IPv6 ACL’s
IPv4 ACL Mask:Wildcard Mask
0’s Must Match1’s Don’t Care
IPv4 versus IPv6 ACL’s
IPv6 ACL Mask:Prefix Only
Note: Limits the ability to identify odd or even or other address manipulation.
IPv4 versus IPv6 ACL’s
IPv4 Example:Ip access-list standard ODD
Permit 192.168.3.1 0.0.0.254
This example looks for and allows only the odd addresses in the 192.168.3.0/24 subnet.
IPv4 versus IPv6 ACL’s
IPv4 Association:On Line Interfaces such as VTY
Access-class [number, name] [in, out]
On Interfaces such as Serial or EthernetIp access-group [number, name] [in, out]
IPv4 versus IPv6 ACL’s
IPv6 Association:On Line Interfaces such as VTY
Access-class [name] [in, out]
On Interfaces such as Serial or EthernetIpv6 traffic-filter [name] [in, out]
IPv4 versus IPv6 ACL’s
IPv4 and IPv6 Multiple ACL’s per interface:Same
One ACLPer ProtocolPer InterfacePer Direction
IPv4 versus IPv6 ACL’s
IPv4 and IPv6 Multiple ACL’s per interface:
Allowed to have both an IPv4 and an IPv6 ACL on a single interface.
IPv4 versus IPv6 ACL’s
IPv4 and IPv6 Deny Statements
Both have an implicit “deny any” statement ending the list
Configuring an IPv6 ACL
Identify the name of the ACL
Ipv6 access-list [Name]
Configuring an IPv6 ACL
Identify the permitted or denied traffic of the ACL
Permit [ipv6, tcp, udp….] [host, any, address/prefix] [eq, gt, lt, established,….] [protocol]
Configuring an IPv6 ACL
Note:
Using the “established” keyword in Packet Tracer 6.2® does not function
Configuring an IPv6 ACL
Identify the permitted or denied traffic of the ACLExample:
Permit ipv6 2001:0:0:3::0/0 2001:0:0:5::1/128
Permit ipv6 any host 2001:0:0:5::1
Configuring an IPv6 ACL
Identify the permitted or denied traffic of the ACL
/0 equals the keyword “any”
/128 equals the keyword “host”
Configuring an IPv6 ACL
Construct an IPv6 ACL:ipv6 access-list MY_ACLpermit tcp any host 2001:0:0:6::1 eq wwwpermit tcp any eq 8080 host 2001:0:0:6::1
eq wwwdeny ipv6 any host 2001:0:0:6::1permit ipv6 any any
Configuring an IPv6 ACL
Apply an IPv6 ACL:
interface GigabitEthernet 0/0Ipv6 traffic-filter MY_ACL out
Configuring an IPv6 ACL
Questions?
Configuring an IPv6 ACL
Thank You!
Now it’s LAB time!
