Cisco Systems 10000 Network Router User Manual

Open as PDF

of 624

24-4

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 24 Configuring IP Version 6

IPv6 Extended ACLs

• ACL logging

• Time-based ACLs

• Reflexive ACLs

• Receive Path ACLs

• MiniACLs

QoS matching is not provided on the following two fields, which are IPv6-specific:

• IPv6 src/dst address

• IPv6 ACL

IPv6 Extended ACLs

Access lists determine what traffic is blocked and what traffic is forwarded at router interfaces and allow

filtering based on source and destination addresses, inbound and outbound to a specific interface. Each

access list has an implicit deny statement at the end. IPv6 ACLs are defined and their deny and permit

conditions are set using the ipv6 access-list command with the deny and permit keywords in global

configuration mode.

In Cisco IOS Release 12.2(31)SB2 and later releases, the standard IPv6 ACL functionality is extended

to support traffic filtering based on IPv6 option headers and optional, upper-layer protocol type

information for finer granularity of control (functionality similar to extended ACLs in IPv4).

Prerequisites

In Cisco IOS Release 12.2(13)T and 12.0(23)S or later releases, for backward compatibility, the ipv6

access-list command with the deny and permit keywords in global configuration mode is still

supported; however, an IPv6 ACL defined with deny and permit conditions in global configuration mode

is translated to IPv6 access list configuration mode. See the

“Create and Apply IPv6 ACL: Examples”

section for an example of a translated IPv6 ACL configuration.

Restrictions

IPv6 ACLs are defined by a unique name (IPv6 does not support numbered ACLs). An IPv4 ACL and

an IPv6 ACL cannot share the same name.

• Each IPv6 ACL contains implicit permit rules to enable IPv6 neighbor discovery. These rules can

be overridden by the user by placing a deny ipv6 any any statement within an ACL. The IPv6

neighbor discovery process makes use of the IPv6 network layer service; therefore, by default, IPv6

ACLs implicitly allow IPv6 neighbor discovery packets to be sent and received on an interface. In

IPv4, the Address Resolution Protocol (ARP), which is equivalent to the IPv6 neighbor discovery

process, makes use of a separate data link layer protocol; therefore, by default, IPv4 ACLs implicitly

allow ARP packets to be sent and received on an interface.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems 10000 Network Router User Manual