Re: acl query

From: Bob Sinclair (bsinclair@netmasterclass.net)
Date: Wed Jul 20 2005 - 08:30:55 GMT-3

• Next message: ccie2be: "RE: acl query"
• Previous message: Jamie Caesar: "Re: BGP real world question"
• Maybe in reply to: ccie2be: "acl query"
• Next in thread: ccie2be: "RE: acl query"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Tim,

Protocol 41 matches on IPV6-over-IPV4 tunnel traffic. See RFC 3056.

HTH,

Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net

  ----- Original Message -----
  From: ccie2be
  To: 'Jaycee Cockburn - BCX SS' ; Group Study
  Sent: Wednesday, July 20, 2005 5:32 AM
  Subject: RE: acl query

  Hi JC,

  Thanks for getting back to me on this.

  What you say makes sense to me. But, if ipv6 and ipv4 are not related,
  what's the point of using an ipv4 acl like this:

  access-list 100 permit 41 any any

  where 41 is the protocol number for ipv6.

  I know I've seen example scenario's where this was needed but I can't find
  them now.

  TIA, Tim

  -----Original Message-----
  From: Jaycee Cockburn - BCX SS [mailto:Jaycee.Cockburn@bcx.co.za]
  Sent: Wednesday, July 20, 2005 12:20 AM
  To: ccie2be
  Subject: RE: acl query
  Importance: High

  Hi All,
  Sorry, lets try again....

  IPv6 and IPv4 are different protocols, so IPv6 won't be affected by any
  IPv4 access-lists...

  To create and apply IPv6 access-list:

  ipv6 access-list EXAMPLE
   permit icmp any any
   permit tcp any any eq telnet

  interface FastEthernet0/0
   no ip address
   duplex auto
   speed auto
   ipv6 traffic-filter EXAMPLE in

  You can see that IPv6 and IPv4 are separate and thus won't interfere
  each other...

  Regards
  JC

  -----Original Message-----
  From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
  ccie2be
  Sent: 20 July 2005 12:55 AM
  To: Group Study
  Subject: acl query

  Hi guys,

  I've got a dumb acl question.

  R1 ------- s0 R2

  I apply an acl inbound on s0 that explicitly allows only icmp, ripv2,
  telnet, and snmp.

  If an ipv6 packet arrives from R1, will that packet be blocked by the
  acl?

  Why or why not?

  I don't have access to any ipv6 routers at the moment to test this out
  but I vaguely recall that if I have an acl and I want to allow ipv6
  traffic I have to explicitly configure something like this:

  permit 41 any any

  Any thought?

  TIA, Tim

  _______________________________________________________________________
  Subscription information may be found at:
  http://www.groupstudy.com/list/CCIELab.html

  _______________________________________________________________________
  Subscription information may be found at:
  http://www.groupstudy.com/list/CCIELab.html

• Next message: ccie2be: "RE: acl query"
• Previous message: Jamie Caesar: "Re: BGP real world question"
• Maybe in reply to: ccie2be: "acl query"
• Next in thread: ccie2be: "RE: acl query"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3