On Mon, 16 Nov 2009, Olof Kasselstrand wrote:
Hi,
What happends if you drop the "host" keyword and add /128 to the host address?
Hi Olof
Same thing. It doesn't matter if I add this as "host xxxxx" or as xxxx/128.
Primoz
// Olof
On Mon, Nov 16, 2009 at 11:56 AM, Primoz Jeroncic <[email protected]> wrote:
Hi
We are slowly moving toward IPv6 implementation in production, so I came to
ACLs. I would want to have some protection for our servers,
so I went to configure IPv6 ACL, which is based on our IPv4 ACL.
Problem is, that it looks like I can't make host based ACL entries
on c3560. If I try to add line for SMTP server I get following:
interface FastEthernet0/1
?no switchport
?ipv6 address xxxx:xxxx:0:3::1/64
?ipv6 enable
?ipv6 traffic-filter fw-ipv6 out
test(config)#ipv6 access-list fw-ipv6
test(config-ipv6-acl)#permit tcp any host xxxx:xxxx:0:3::2 eq 25
% Host address xxxx:xxxx:0:3::2 can not be supported
% ACE can not be added
% Failed to add access list
If I try to do same thing on c12008, it works without problems.
Any idea how to solve this problem?
PS: This c3560 is running Adv. IP services 12.2.40.SE IOS, in case if
this matters. And preffered SDM template is "desktop IPv4 and IPv6 routing".
Have fun,
Primoz Jeroncic
Support - IP Connectivity & Routing
-------------------------------------------------------------------
Softnet d.o.o. ?tel: ?+386 1 562 31 40 ? |
Borovec 2 ? ? ? fax: ?+386 1 562 18 55 ? | ? ? ? 1 + 1 = 3
1236 Trzin ? ? ?primoz(at)softnet.si ? ? | for larger values of 1
Slovenija ? ? ? http://flea.softnet.si/
-------------------------------------------------------------------
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Have fun,
Primoz Jeroncic
Support - IP Connectivity & Routing
-------------------------------------------------------------------
Softnet d.o.o. tel: +386 1 562 31 40 |
Borovec 2 fax: +386 1 562 18 55 | 1 + 1 = 3
1236 Trzin primoz(at)softnet.si | for larger values of 1
Slovenija http://flea.softnet.si/
-------------------------------------------------------------------
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/