Introduction to IOS IPv6 ACLs

This post quickly discusses simple Cisco IOS IPv6 Access Control Lists (ACLs). As summarized in the figure, the construction logic of the ACL is basically identical to the classic v4 ACLs (those that do not use object-groups). The permit (or deny) statements are created by specifying the following elements (in this order):

  • source of the traffic
  • destination of the traffic
  • services involved (from source to destination)

One noticeable difference refers to the way in which v6 ACLs are applied to interfaces: the correct command to accomplish that task is the ipv6 traffic -filter (and not something such as “ipv6 access-group”).

Basic Description of simple IOS IPv6 ACLs

** Notes:

  • Object-groups for v6 elements are not supported on IOS yet.
  • IOS supports IPv6 ACLs that allow filtering based on the v6 extension headers.

** Related Posts:

Leave a comment

Filed under English, Firewalls, IPv6, Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s