IPv6 Access Control Lists

As with IPv4, network administrators can use access control lists (ACL) on IOS devices to filter and restrict the types of IPv6 traffic that enters the network at ingress points. The configuration in Example 12-4 prevents unauthorized IPv6 packets on UDP port 53 (DNS) from entering the network from interface Gigabit 0/0. In this example, 2001:DB8:1:60::/64 represents the IP address space that is used by DNS servers that the network administrator is trying to protect, and 2001:DB8::100:1 is the IP address of the host that is allowed to access the DNS servers.

Caution

Be careful to ensure that all required traffic for routing and administrative access is allowed in the ACL before denying all unauthorized traffic.

Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.