Lab 207 - IPv6 Access Control List

Lab 207 - IPv6 Access Control List
Di Posting Oleh : Simple Learning
Kategori : IPv6

Prerequisites: CCNP level skills.

Note!
If interfaces have not been configured with IPv6 addresses yet, use fc00:1:1::/64 as the network-ID and ::x, as a host ID (where x=router-ID).

Topology

Pic 1. IPv6 Topology Diagram.

Task 1
Enable HTTP service in R3. Check if Vlan 27 can access the service.

Task 2
Configure filtering in R3 blocking access to HTTP server if the packets are sourced by Vlan 27. All remaining IPv6 networks should be able to access this service.

Solution

Task 1
Enable HTTP service in R3. Check if Vlan 27 can access the service.

R3 Config:
!
ip http server
!

Verification:
Pic. 2 - HTTP Access from Vlan 27.

Task 2
Configure filtering in R3 blocking access to HTTP server if the packets are sourced by Vlan 27. All remaining IPv6 networks should be able to access this service.

R3 Config:
!
ipv6 access-list VLAN27_BLOCK_HTTP
 deny tcp FC00:1:1:1B::/64 any eq www
 permit ipv6 any any
!
interface Serial1/0
 ipv6 address FC00:1:1:20::3/64
 ipv6 traffic-filter VLAN27_BLOCK_HTTP in
 ipv6 ospf 1 area 13
 serial restart-delay 0
!

Verification:
Pic. 3 - HTTP Access from Vlan 27.

Pic. 4 - HTTP Access from R1.


0 Response to "Lab 207 - IPv6 Access Control List"

Post a Comment