RE: ipv6 acl's [bcc][faked-from][bayes]

From: ccie2be (ccie2be@nyc.rr.com)
Date: Wed Mar 09 2005 - 20:42:00 GMT-3

• Next message: Matt White: "Re: frame-relay fragmentation choices"
• Previous message: marvin greenlee: "RE: ipv6 acl's [bcc][faked-from][bayes]"
• Maybe in reply to: marvin greenlee: "RE: ipv6 acl's [bcc][faked-from][bayes]"
• Next in thread: marvin greenlee: "RE: ipv6 acl's [bcc][faked-from][bayes]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Marvin,

That makes sense.

So, would there ever be a good reason to use a link-local address in an ipv6
acl?

Based on what you just said, it doesn't sound like there would be, but maybe
that's just my inexperience with ipv6.

More generally, the only time I would need to use the link-local address to
configure something, as far as I know, is when I'm configuring layer 3 to
layer 2 mapping on p2m interfaces like with frame-relay or atm or bri.
Otherwise, the link-local address is there doing its thing in the background
and from a configuration point of view, I don't need to be concerned with
it.

Would you agree with that statement?

If not, where else do I need to be concerned with link-local addresses?

Thanks again,

Tim

-----Original Message-----
From: marvin greenlee [mailto:marvin@ccbootcamp.com]
Sent: Wednesday, March 09, 2005 6:27 PM
To: 'ccie2be'; Group Study
Subject: RE: ipv6 acl's [bcc][faked-from][bayes]

Link local addressing is per link. The link local address of R3 means
nothing to R1, because R1 is on a different link. Whether you need site
local or global depends on what addressing you have configured on R3. Does
R3 have a site-local address?

Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Wednesday, March 09, 2005 3:16 PM
To: Group Study
Subject: ipv6 acl's [bcc][faked-from][bayes]
Importance: Low

Hi guys,

When an ipv6 acl is being configured, which type of ipv6 address should be
used: global, link-local, site-local?

I'm sure the answer depends but can someone explain how I should think about
this so I know how to go about this.

Assume this topology:

            /-> r3

r1 --> r2

           \--> r4

For example, suppose I need to block all ipv6 traffic at r2 coming from r1
and going to r3.

r2 is connected to r3 and r4 via a p2m f/r interface. I want to place the
acl on r2's interface connected to r1.

So, the acl will filter based on destination ipv6 address. Which type ipv6
address should be in the acl?

Does it matter?

Note that r3 interface has 2 types of ipv6 address: a link-local and a
global.

Thanks, Tim

• Next message: Matt White: "Re: frame-relay fragmentation choices"
• Previous message: marvin greenlee: "RE: ipv6 acl's [bcc][faked-from][bayes]"
• Maybe in reply to: marvin greenlee: "RE: ipv6 acl's [bcc][faked-from][bayes]"
• Next in thread: marvin greenlee: "RE: ipv6 acl's [bcc][faked-from][bayes]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:44 GMT-3