The bits that are ignored are a little higher up. 3333:3333:3333:3333:3333:33xx:xx33:AAAA
The rules are a bit more complicated than that as those bits are fixed in EUI-64 addresses. A different set of bits is lost if the upper 64 bits are zero. So you only lose those bits when a statically configured IP is used. Additionally those bits are only ignored in hardware. Response in software will be different. The assumption is that if you are manually assigning addresses then you are using something less than 256 trillion hosts per vlan and can live with losing those bits. The vlan boundary is arbitrarily designed to be a /64. So if you are assigning /112 you should still reserve the full /64 in case you need more hosts. Mack McBride Network Architect -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Robert Hass Sent: Wednesday, December 08, 2010 1:42 AM To: [email protected] Subject: [c-nsp] "Compressed" IPv6 ACLs on Cat6500 Hi We just implementing IPv6 in our network. As we operating Cisco 6500/Sup720 we also have to configure some IPv6 ACLs on these devices. In ACLs we need to match tcp/udp port numbers so we will use 'mls ipv6 acl compress address unicast' mode (only match 112 bits of IPv6 address field). My question is: After enabled 'ipv6 acl compress' Can I use > 112 addresses (eg. single hosts - /128) in IPv6 ACL line which don't have port numbers ? For example: ipv6 access-list test 10 permit ip any 3333:3333:3333:3333:3333:33333:3333:AAAA/128 20 permit tcp any 3333:3333:3333:3333:3333:33333:4444:0000/112 eq 22 Will line '10' work proper or it will match /112 subnet instead of /128 ? Robert _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
