Hi, What happends if you drop the "host" keyword and add /128 to the host address?
// Olof On Mon, Nov 16, 2009 at 11:56 AM, Primoz Jeroncic <[email protected]> wrote: > Hi > > We are slowly moving toward IPv6 implementation in production, so I came to > ACLs. I would want to have some protection for our servers, > so I went to configure IPv6 ACL, which is based on our IPv4 ACL. > Problem is, that it looks like I can't make host based ACL entries > on c3560. If I try to add line for SMTP server I get following: > > interface FastEthernet0/1 > no switchport > ipv6 address xxxx:xxxx:0:3::1/64 > ipv6 enable > ipv6 traffic-filter fw-ipv6 out > > test(config)#ipv6 access-list fw-ipv6 > test(config-ipv6-acl)#permit tcp any host xxxx:xxxx:0:3::2 eq 25 > % Host address xxxx:xxxx:0:3::2 can not be supported > % ACE can not be added > % Failed to add access list > > If I try to do same thing on c12008, it works without problems. > > Any idea how to solve this problem? > > PS: This c3560 is running Adv. IP services 12.2.40.SE IOS, in case if > this matters. And preffered SDM template is "desktop IPv4 and IPv6 routing". > > Have fun, > Primoz Jeroncic > Support - IP Connectivity & Routing > ------------------------------------------------------------------- > Softnet d.o.o. tel: +386 1 562 31 40 | > Borovec 2 fax: +386 1 562 18 55 | 1 + 1 = 3 > 1236 Trzin primoz(at)softnet.si | for larger values of 1 > Slovenija http://flea.softnet.si/ > ------------------------------------------------------------------- > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
