PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:cisco:ipv6:ipv6-acl:ipv6-acl

Cisco: IPv6 ACL

Topology

IP

Project name: ccna-ipv6-0014-acl

  • R1
enable
configure terminal
!
hostname R1
no ip domain-lookup
line console 0
exec-timeout 0 0
logging synchronous
exit
!
ipv6 unicast-routing 
!
interface GigabitEthernet 0/0
ipv6 address fe80::1 link-local
ipv6 address 2001:0:1:2::1/64
no shutdown
exit
interface GigabitEthernet 0/1
ipv6 address fe80::1 link-local
ipv6 address 2001:1:1:0::1/64
no shutdown
exit
interface GigabitEthernet 0/2
ipv6 address fe80::1 link-local
ipv6 address 2001:1:1:1::1/64
no shutdown
exit
!
end
write
  • R2
enable
configure terminal
!
hostname R2
no ip domain-lookup
line console 0
exec-timeout 0 0
logging synchronous
exit
!
ipv6 unicast-routing 
!
interface GigabitEthernet 0/0
ipv6 address fe80::2 link-local
ipv6 address 2001:0:2:3::2/64
no shutdown
exit
interface GigabitEthernet 0/1
ipv6 address fe80::2 link-local
ipv6 address 2001:0:1:2::2/64
no shutdown
exit
!
end
write
  • R3
enable
configure terminal
!
hostname R3
no ip domain-lookup
line console 0
exec-timeout 0 0
logging synchronous
exit
!
ipv6 unicast-routing 
!
interface GigabitEthernet 0/1
ipv6 address fe80::3 link-local
ipv6 address 2001:0:2:3::3/64
no shutdown
exit
!
end
write
  • PC-1
ip 2001:1:1:0::10/64 2001:1:1:0::1
save
  • PC-2
ip 2001:1:1:0::20/64 2001:1:1:0::1
save
  • PC-3
ip 2001:1:1:1::30/64 2001:1:1:1::1
save

Configure OSPFv3

  • R1
configure terminal
!
router ospfv3 1
router-id 1.1.1.1
address-family ipv6 unicast
exit-address-family
exit
!
interface GigabitEthernet 0/0
ospfv3 1 ipv6 area 0
exit
interface GigabitEthernet 0/1
ospfv3 1 ipv6 area 0
exit
interface GigabitEthernet 0/2
ospfv3 1 ipv6 area 0
exit
!
end
  • R2
configure terminal
!
router ospfv3 1
router-id 2.2.2.2
address-family ipv6 unicast
exit-address-family
exit
!
interface GigabitEthernet 0/0
ospfv3 1 ipv6 area 0
exit
interface GigabitEthernet 0/1
ospfv3 1 ipv6 area 0
exit
!
end
  • R3
configure terminal
!
router ospfv3 1
router-id 3.3.3.3
address-family ipv6 unicast
exit-address-family
exit
!
interface GigabitEthernet 0/1
ospfv3 1 ipv6 area 0
exit
!
end
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ipv
R1(config)#ipv6 router
R1(config)#ipv6 router os
R1(config)#ipv               
R1(config)#router
R1(config)#router os
R1(config)#router ospfv 
R1(config)#router ospfv3 1
R1(config-router)#route
R1(config-router)#router-id 1.1.1.1
R1(config-router)#add
R1(config-router)#address-family ipv
R1(config-router)#address-family ipv6
R1(config-router)#address-family ipv6 unica
R1(config-router)#address-family ipv6 unicast 
R1(config-router-af)#exi
R1(config-router-af)#exit-address-family 
R1(config-router)#int range gig0/0
R1(config-if-range)#os
R1(config-if-range)#ospfv3 1 ipv
R1(config-if-range)#ospfv3 1 ipv6 are
R1(config-if-range)#ospfv3 1 ipv6 area 0
R1(config-if-range)#^Z
R1#
*Mar 23 11:12:34.772: %SYS-5-CONFIG_I: Configured from console by console
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int range gig0/0 - 2
R1(config-if-range)#ospfv               
R1(config-if-range)#ospfv3 1 ipv6 are
R1(config-if-range)#ospfv3 1 ipv6 area 0
R1(config-if-range)#^Z
R1#
*Mar 23 11:14:04.436: %SYS-5-CONFIG_I: Configured from console by console
R1#
*Mar 23 11:14:30.078: %OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 2.2.2.2 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
R1
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router ospfv3
R2(config)#router ospfv3 1
R2(config-router)#router
R2(config-router)#router-id 2.2.2.2
R2(config-router)#add
R2(config-router)#address-family ipv6
R2(config-router)#address-family ipv6 uni
R2(config-router)#address-family ipv6 unicast 
R2(config-router-af)#int range gig0/0-1 
R2(config-if-range)#ospfv4
R2(config-if-range)#ospfv3
R2(config-if-range)#ospfv3 are
R2(config-if-range)#ospfv3 1 ipv6 are
R2(config-if-range)#ospfv3 1 ipv6 area 0
R2(config-if-range)#
*Mar 23 11:14:30.493: %OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 1.1.1.1 on GigabitEthernet0/1 from LOADING to FULL, Loading Done
R2(config-if-range)#^Z
R2#
*Mar 23 11:14:32.241: %SYS-5-CONFIG_I: Configured from console by console
R2#
*Mar 23 11:15:16.909: %OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 3.3.3.3 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
R2#
R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router ospfv3 1
R3(config-router)#router-id
R3(config-router)#router-id 3.3.3.3
R3(config-router)#add
R3(config-router)#address-family ipv
R3(config-router)#address-family ipv6
R3(config-router)#address-family ipv6 uni
R3(config-router)#address-family ipv6 unicast 
R3(config-router-af)#exi
R3(config-router-af)#exit-address-family 
R3(config-router)#int gig0/1
R3(config-if)#ospfv4 
R3(config-if)#ospfv 
R3(config-if)#ospfv3 1 ipv
R3(config-if)#ospfv3 1 ipv6
R3(config-if)#ospfv3 1 ipv6 are
R3(config-if)#ospfv3 1 ipv6 area 0
R3(config-if)#
*Mar 23 11:15:17.175: %OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 2.2.2.2 on GigabitEthernet0/1 from LOADING to FULL, Loading Done
R3(config-if)#^Z
R3#
*Mar 23 11:15:19.318: %SYS-5-CONFIG_I: Configured from console by console
R3#
R1#sh ipv6 ro ospf
IPv6 Routing Table - default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       a - Application
O   2001:0:2:3::/64 [110/2]
     via FE80::2, GigabitEthernet0/0
R3#sh ipv6 ro ospf
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       a - Application
O   2001:0:1:2::/64 [110/2]
     via FE80::2, GigabitEthernet0/1
O   2001:1:1::/64 [110/3]
     via FE80::2, GigabitEthernet0/1
O   2001:1:1:1::/64 [110/3]
     via FE80::2, GigabitEthernet0/1
R1#ping 2001:0:2:3::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:0:2:3::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/8/27 ms
PC-1> ping 2001:0:2:3::3

2001:0:2:3::3 icmp6_seq=1 ttl=62 time=13.792 ms
2001:0:2:3::3 icmp6_seq=2 ttl=62 time=7.737 ms
2001:0:2:3::3 icmp6_seq=3 ttl=62 time=5.853 ms
2001:0:2:3::3 icmp6_seq=4 ttl=62 time=6.365 ms
2001:0:2:3::3 icmp6_seq=5 ttl=62 time=3.973 ms
PC-2> ping 2001:0:2:3::3

2001:0:2:3::3 icmp6_seq=1 ttl=62 time=12.721 ms
2001:0:2:3::3 icmp6_seq=2 ttl=62 time=5.116 ms
2001:0:2:3::3 icmp6_seq=3 ttl=62 time=6.404 ms
2001:0:2:3::3 icmp6_seq=4 ttl=62 time=6.049 ms
2001:0:2:3::3 icmp6_seq=5 ttl=62 time=5.165 ms
PC-3> ping 2001:0:2:3::3

2001:0:2:3::3 icmp6_seq=1 ttl=62 time=12.884 ms
2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.176 ms
2001:0:2:3::3 icmp6_seq=3 ttl=62 time=7.507 ms
2001:0:2:3::3 icmp6_seq=4 ttl=62 time=5.720 ms
2001:0:2:3::3 icmp6_seq=5 ttl=62 time=8.023 ms

Configure SSH/Telnet

  • R3
configure terminal
!
hostname R3
username admin1 password cisco1
!
line vty 0 15
 exec-timeout 0 0
 password ciscotel
 login local
 logging synchronous
 ! this required by default IOSv for remote access
 transport input telnet ssh
exit
!
ip domain-name pg1x.net
!
crypto key generate rsa
!crypto key generate rsa modulus 4096
ip ssh version 2
!
end
  • PC-4.
ifconfig eth0 inet6 add 2001:1:1:0::40/64
route add -A inet6 default gw 2001:1:1:0::1
/etc/network/interfaces
auto eth0
iface eth0 inet6 static
  address 2001:1:1:0::40
  netmask 64
  gateway 2001:1:1:0::1
  • PC-5.
ifconfig eth0 inet6 add 2001:1:1:0::50/64
route add -A inet6 default gw 2001:1:1:0::1
/etc/network/interfaces
auto eth0
iface eth0 inet6 static
  address 2001:1:1:0::50
  netmask 64
  gateway 2001:1:1:0::1
  • PC-6.
ifconfig eth0 inet6 add 2001:1:1:1::60/64
route add -A inet6 default gw 2001:1:1:1::1
ifconfig eth0 inet6 del 2001:1:1:1:c820:a4ff:fe7b:8684/64
/etc/network/interfaces
auto eth0
iface eth0 inet6 static
  address 2001:1:1:1::60
  netmask 64
  gateway 2001:1:1:1::1
R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#username admin1 password cisco1
R3(config)#line vty 0 15
R3(config-line)#exec-timeout 0 0
R3(config-line)#password ciscotel
R3(config-line)#login local 
R3(config-line)#logging synchronous 
R3(config-line)#transport input telnet ssh
R3(config-line)#exit 
R3(config)#ip domain-name pg1x.net
R3(config)#crypto key generate rsa modulus 4096
The name for the keys will be: R3.pg1x.net

% The key modulus size is 4096 bits
% Generating 4096 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 8 seconds)

R3(config)#
*Mar 24 00:14:34.733: %SSH-5-ENABLED: SSH 1.99 has been enabled
R3(config)#ip ssh version 2
R3(config)#^Z
R3#
*Mar 24 00:15:01.725: %SYS-5-CONFIG_I: Configured from console by console

Telnet/SSH from R1

R1#ping 2001:0:2:3::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:0:2:3::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/23/78 ms
R1#telnet 2001:0:2:3::3
Trying 2001:0:2:3::3 ... 
% Connection refused by remote host

R1#telnet 2001:0:2:3::3
Trying 2001:0:2:3::3 ... Open


User Access Verification

Username: admin1
Password: 

R3>en
% No password set
R3>sh ipv6 inter bri
GigabitEthernet0/0     [administratively down/down]
    unassigned
GigabitEthernet0/1     [up/up]
    FE80::3
    2001:0:2:3::3
GigabitEthernet0/2     [administratively down/down]
    unassigned
GigabitEthernet0/3     [administratively down/down]
    unassigned
R3>show users
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                 00:01:17   
*578 vty 0     admin1     idle                 00:00:00 2001:0:1:2::1

  Interface    User               Mode         Idle     Peer Address

R3>exit

[Connection to 2001:0:2:3::3 closed by foreign host]
R1#ssh -l admin1 2001:0:2:3::3             

Password: 

R3>show ipv6 int bri
GigabitEthernet0/0     [administratively down/down]
    unassigned
GigabitEthernet0/1     [up/up]
    FE80::3
    2001:0:2:3::3
GigabitEthernet0/2     [administratively down/down]
    unassigned
GigabitEthernet0/3     [administratively down/down]
    unassigned
R3>show users
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                 00:02:31   
*578 vty 0     admin1     idle                 00:00:00 2001:0:1:2::1

  Interface    User               Mode         Idle     Peer Address

R3>exit

[Connection to 2001:0:2:3::3 closed by foreign host]

Configure Docker host (PC-4).

root@PC-4:~# ifconfig eth0 inet6 add 2001:1:1:0::40/64
root@PC-4:~# route add -A inet6 default gw 2001:1:1:0::1
root@PC-4:~# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 92:ca:96:18:fb:b3  
          inet6 addr: 2001:1:1::40/64 Scope:Global
          inet6 addr: 2001:1:1:0:90ca:96ff:fe18:fbb3/64 Scope:Global
          inet6 addr: fe80::90ca:96ff:fe18:fbb3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:87 errors:0 dropped:1 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:13177 (13.1 KB)  TX bytes:1024 (1.0 KB)

root@PC-4:~# route     
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
root@PC-4:~# route -6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2001:1:1::/64                  ::                         UAe  256 0     1 eth0
fe80::/64                      ::                         U    256 0     0 eth0
::/0                           2001:1:1::1                UG   1   0     0 eth0
::/0                           fe80::1                    UGDAe 1024 0     0 eth0
::/0                           ::                         !n   -1  1     2 lo
::1/128                        ::                         Un   0   1     0 lo
2001:1:1::40/128               ::                         Un   0   1     0 lo
2001:1:1:0:90ca:96ff:fe18:fbb3/128 ::                         Un   0   1     0 lo
fe80::90ca:96ff:fe18:fbb3/128  ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 4    71 eth0
::/0                           ::                         !n   -1  1     2 lo
root@PC-4:~# ping 2001:1:1::1
ping: unknown host 2001:1:1::1
root@PC-4:~# ping6 2001:1:1::1
PING 2001:1:1::1(2001:1:1::1) 56 data bytes
64 bytes from 2001:1:1::1: icmp_seq=1 ttl=64 time=9.17 ms
64 bytes from 2001:1:1::1: icmp_seq=2 ttl=64 time=2.22 ms
64 bytes from 2001:1:1::1: icmp_seq=3 ttl=64 time=2.18 ms
64 bytes from 2001:1:1::1: icmp_seq=4 ttl=64 time=1.93 ms
64 bytes from 2001:1:1::1: icmp_seq=5 ttl=64 time=2.29 ms
^C
--- 2001:1:1::1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 1.936/3.563/9.174/2.808 ms
root@PC-4:~# ping6 -c4 2001:1:1::1
PING 2001:1:1::1(2001:1:1::1) 56 data bytes
64 bytes from 2001:1:1::1: icmp_seq=1 ttl=64 time=3.85 ms
64 bytes from 2001:1:1::1: icmp_seq=2 ttl=64 time=3.86 ms
64 bytes from 2001:1:1::1: icmp_seq=3 ttl=64 time=5.47 ms
64 bytes from 2001:1:1::1: icmp_seq=4 ttl=64 time=4.90 ms

--- 2001:1:1::1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 3.851/4.524/5.475/0.698 ms
root@PC-4:~# ping6 -c4 2001:1:1::10
PING 2001:1:1::10(2001:1:1::10) 56 data bytes
64 bytes from 2001:1:1::10: icmp_seq=1 ttl=63 time=3.25 ms
64 bytes from 2001:1:1::10: icmp_seq=2 ttl=63 time=2.66 ms
64 bytes from 2001:1:1::10: icmp_seq=3 ttl=63 time=2.29 ms
64 bytes from 2001:1:1::10: icmp_seq=4 ttl=63 time=2.60 ms

--- 2001:1:1::10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 2.296/2.706/3.250/0.344 ms
root@PC-4:~# ping6 -c4 2001:1:1::20
PING 2001:1:1::20(2001:1:1::20) 56 data bytes
64 bytes from 2001:1:1::20: icmp_seq=1 ttl=63 time=3.10 ms
64 bytes from 2001:1:1::20: icmp_seq=2 ttl=63 time=2.44 ms
64 bytes from 2001:1:1::20: icmp_seq=3 ttl=63 time=2.42 ms
64 bytes from 2001:1:1::20: icmp_seq=4 ttl=63 time=2.33 ms

--- 2001:1:1::20 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 2.334/2.576/3.101/0.305 ms
root@PC-4:~# ping6 -c4 2001:1:1:1::30
PING 2001:1:1:1::30(2001:1:1:1::30) 56 data bytes
64 bytes from 2001:1:1:1::30: icmp_seq=1 ttl=62 time=9.55 ms
64 bytes from 2001:1:1:1::30: icmp_seq=2 ttl=62 time=0.859 ms
64 bytes from 2001:1:1:1::30: icmp_seq=3 ttl=62 time=1.80 ms
64 bytes from 2001:1:1:1::30: icmp_seq=4 ttl=62 time=1.41 ms

--- 2001:1:1:1::30 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.859/3.406/9.553/3.565 ms
root@PC-4:~# ping6 -c4 2001:0:2:3::3
PING 2001:0:2:3::3(2001:0:2:3::3) 56 data bytes
64 bytes from 2001:0:2:3::3: icmp_seq=1 ttl=62 time=18.2 ms
64 bytes from 2001:0:2:3::3: icmp_seq=2 ttl=62 time=4.22 ms
64 bytes from 2001:0:2:3::3: icmp_seq=3 ttl=62 time=5.44 ms
64 bytes from 2001:0:2:3::3: icmp_seq=4 ttl=62 time=4.67 ms

--- 2001:0:2:3::3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 4.224/8.141/18.221/5.835 ms
root@PC-4:~# telnet 2001:0:2:3::3 
Trying 2001:0:2:3::3...
Connected to 2001:0:2:3::3.
Escape character is '^]'.


User Access Verification

Username: admin1
Password: 
R3>sh ipv6 int bri
GigabitEthernet0/0     [administratively down/down]
    unassigned
GigabitEthernet0/1     [up/up]
    FE80::3
    2001:0:2:3::3
GigabitEthernet0/2     [administratively down/down]
    unassigned
GigabitEthernet0/3     [administratively down/down]
    unassigned
R3>exit
Connection closed by foreign host.
root@PC-4:~# ssh admin1@2001:0:2:3::3      
The authenticity of host '2001:0:2:3::3 (2001:0:2:3::3)' can't be established.
RSA key fingerprint is SHA256:/QFTAMFoJZj1QpMf7uMA9j21YYIAbk6KddsU44LYVhc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '2001:0:2:3::3' (RSA) to the list of known hosts.

Password: 

R3>sh ipv6 proto
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "application"
IPv6 Routing Protocol is "ND"
IPv6 Routing Protocol is "ospf 1"
  Router ID 3.3.3.3
  Number of areas: 1 normal, 0 stub, 0 nssa
  Interfaces (Area 0):
    GigabitEthernet0/1
  Redistribution:
    None
R3>
Connection to 2001:0:2:3::3 closed.

Configure IPv6 ACL

  • R3
configure terminal
!
ipv6 access-list TESTV6ACL
 deny tcp host 2001:1:1::40 any eq 22
 deny tcp host 2001:1:1::40 any eq 23
 deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request
 permit ipv6 any any
exit
!
interface GigabitEthernet 0/1
ipv6 traffic-filter TESTV6ACL in
exit
!
end
R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#ipv
R3(config)#ipv6 acc
R3(config)#ipv6 access-list TESTV6ACL
R3(config-ipv6-acl)#de
R3(config-ipv6-acl)#den
R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 an
R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 any e
R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 any eq
R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 any eq 22
R3(config-ipv6-acl)#deny tcp host
R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 an
R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 any eq 23
R3(config-ipv6-acl)#deny icm
R3(config-ipv6-acl)#deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo
R3(config-ipv6-acl)#deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-requ
R3(config-ipv6-acl)#deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request 
R3(config-ipv6-acl)#permi
R3(config-ipv6-acl)#permit ipv6 any
R3(config-ipv6-acl)#permit ipv6 any any
R3(config-ipv6-acl)#int gig0/1
R3(config-if)#ipv
R3(config-if)#ipv6 tra
R3(config-if)#ipv6 traffic-filter TESTV6ACL in
R3(config-if)#^Z
R3#
*Mar 24 01:03:01.617: %SYS-5-CONFIG_I: Configured from console by console
R3#sh ipv6 access-list
IPv6 access list TESTV6ACL
    deny tcp host 2001:1:1::40 any eq 22 sequence 10
    deny tcp host 2001:1:1::40 any eq telnet sequence 20
    deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request sequence 30
    permit ipv6 any any (1 match) sequence 40
R3#sh ipv6 access-list
IPv6 access list TESTV6ACL
    deny tcp host 2001:1:1::40 any eq 22 sequence 10
    deny tcp host 2001:1:1::40 any eq telnet sequence 20
    deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request (10 matches) sequence 30
    permit ipv6 any any (104 matches) sequence 40
R3#sh ipv6 access-list
IPv6 access list TESTV6ACL
    deny tcp host 2001:1:1::40 any eq 22 (1 match) sequence 10
    deny tcp host 2001:1:1::40 any eq telnet (1 match) sequence 20
    deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request (10 matches) sequence 30
    permit ipv6 any any (117 matches) sequence 40
R3#sh ipv6 access-list
IPv6 access list TESTV6ACL
    deny tcp host 2001:1:1::40 any eq 22 (5 matches) sequence 10
    deny tcp host 2001:1:1::40 any eq telnet (6 matches) sequence 20
    deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request (10 matches) sequence 30
    permit ipv6 any any (121 matches) sequence 40
R3#sh ipv6 acc
R3#sh ipv6 access-list 
IPv6 access list TESTV6ACL
    deny tcp host 2001:1:1::40 any eq 22 (5 matches) sequence 10
    deny tcp host 2001:1:1::40 any eq telnet (6 matches) sequence 20
    deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request (21 matches) sequence 30
    permit ipv6 any any (502 matches) sequence 40
R3#clea
R3#clear acc
R3#clear access-li
R3#clear access-list cou
R3#clear access-list counters 
R3#sh ipv6 acc
R3#sh ipv6 access-list 
IPv6 access list TESTV6ACL
    deny tcp host 2001:1:1::40 any eq 22 sequence 10
    deny tcp host 2001:1:1::40 any eq telnet sequence 20
    deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request sequence 30
    permit ipv6 any any sequence 40
R3#show iv
R3#show i 
R3#show ipv
R3#show ipv6 inter
GigabitEthernet0/1 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::3 
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:0:2:3::3, subnet is 2001:0:2:3::/64 
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::5
    FF02::6
    FF02::1:FF00:3
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Input features: Access List
  Inbound access list TESTV6ACL
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.
PC-1> ping 2001:0:2:3::3

2001:0:2:3::3 icmp6_seq=1 ttl=62 time=14.905 ms
2001:0:2:3::3 icmp6_seq=2 ttl=62 time=3.884 ms
2001:0:2:3::3 icmp6_seq=3 ttl=62 time=4.602 ms
2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.568 ms
2001:0:2:3::3 icmp6_seq=5 ttl=62 time=5.617 ms

PC-1> ping 2001:0:2:3::3

*2001:0:2:3::3 icmp6_seq=1 ttl=62 time=6.195 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)
*2001:0:2:3::3 icmp6_seq=2 ttl=62 time=6.025 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)
*2001:0:2:3::3 icmp6_seq=3 ttl=62 time=4.738 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)
*2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.350 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)
*2001:0:2:3::3 icmp6_seq=5 ttl=62 time=5.325 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)

PC-2> ping 2001:0:2:3::3                                   

*2001:0:2:3::3 icmp6_seq=1 ttl=62 time=13.560 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)
*2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.465 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)
*2001:0:2:3::3 icmp6_seq=3 ttl=62 time=4.891 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)
*2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.769 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)
*2001:0:2:3::3 icmp6_seq=5 ttl=62 time=4.312 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)

PC-2> 

PC-3> ping 2001:0:2:3::3

2001:0:2:3::3 icmp6_seq=1 ttl=62 time=15.052 ms
2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.172 ms
2001:0:2:3::3 icmp6_seq=3 ttl=62 time=4.100 ms
2001:0:2:3::3 icmp6_seq=4 ttl=62 time=5.129 ms
2001:0:2:3::3 icmp6_seq=5 ttl=62 time=5.057 ms

PC-3> ping 2001:0:2:3::3  

2001:0:2:3::3 icmp6_seq=1 ttl=62 time=5.375 ms
2001:0:2:3::3 icmp6_seq=2 ttl=62 time=6.734 ms
2001:0:2:3::3 icmp6_seq=3 ttl=62 time=5.109 ms
2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.954 ms
2001:0:2:3::3 icmp6_seq=5 ttl=62 time=7.463 ms

PC-3> ping 2001:0:2:3::3

2001:0:2:3::3 icmp6_seq=1 ttl=62 time=5.202 ms
2001:0:2:3::3 icmp6_seq=2 ttl=62 time=5.146 ms
2001:0:2:3::3 icmp6_seq=3 ttl=62 time=5.564 ms
2001:0:2:3::3 icmp6_seq=4 ttl=62 time=6.506 ms
2001:0:2:3::3 icmp6_seq=5 ttl=62 time=7.309 ms

PC-3> ping 2001:0:2:3::3

2001:0:2:3::3 icmp6_seq=1 ttl=62 time=6.204 ms
2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.338 ms
2001:0:2:3::3 icmp6_seq=3 ttl=62 time=5.212 ms
2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.563 ms
2001:0:2:3::3 icmp6_seq=5 ttl=62 time=4.511 ms

PC-3> ping 2001:0:2:3::3

2001:0:2:3::3 icmp6_seq=1 ttl=62 time=5.256 ms
2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.645 ms
2001:0:2:3::3 icmp6_seq=3 ttl=62 time=5.079 ms
2001:0:2:3::3 icmp6_seq=4 ttl=62 time=5.954 ms
2001:0:2:3::3 icmp6_seq=5 ttl=62 time=5.174 ms

PC-3> ping 2001:0:2:3::3

2001:0:2:3::3 icmp6_seq=1 ttl=62 time=11.964 ms
2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.123 ms
2001:0:2:3::3 icmp6_seq=3 ttl=62 time=4.665 ms
2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.651 ms
2001:0:2:3::3 icmp6_seq=5 ttl=62 time=4.815 ms

PC-3> 

root@PC-4:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 46:7c:94:7f:80:ea  
          inet6 addr: 2001:1:1::40/64 Scope:Global
          inet6 addr: fe80::447c:94ff:fe7f:80ea/64 Scope:Link
          inet6 addr: 2001:1:1:0:447c:94ff:fe7f:80ea/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:587 errors:0 dropped:3 overruns:0 frame:0
          TX packets:424 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:75277 (75.2 KB)  TX bytes:38801 (38.8 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@PC-4:~# ifconfig inet6 del 2001:1:1:0:447c:94ff:fe7f:80ea/64 eth0
SIOGIFINDEX: No such device
eth0: Host name lookup failure
ifconfig: `--help' gives usage information.
root@PC-4:~# ifconfig eth0 inet6 del 2001:1:1:0:447c:94ff:fe7f:80ea/64     
root@PC-4:~# ifconfig             
eth0      Link encap:Ethernet  HWaddr 46:7c:94:7f:80:ea  
          inet6 addr: 2001:1:1::40/64 Scope:Global
          inet6 addr: fe80::447c:94ff:fe7f:80ea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:592 errors:0 dropped:3 overruns:0 frame:0
          TX packets:424 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:76035 (76.0 KB)  TX bytes:38801 (38.8 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:256 (256.0 B)  TX bytes:256 (256.0 B)

root@PC-4:~# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 46:7c:94:7f:80:ea  
          inet6 addr: 2001:1:1::40/64 Scope:Global
          inet6 addr: fe80::447c:94ff:fe7f:80ea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:592 errors:0 dropped:3 overruns:0 frame:0
          TX packets:424 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:76035 (76.0 KB)  TX bytes:38801 (38.8 KB)

root@PC-4:~# telnet 2001:0:2:3::3 
Trying 2001:0:2:3::3...
telnet: Unable to connect to remote host: Permission denied
root@PC-4:~# ssh admin1@2001:0:2:3::3
ssh: connect to host 2001:0:2:3::3 port 22: Permission denied
root@PC-4:~# ssh admin1@2001:0:2:3::3
ssh: connect to host 2001:0:2:3::3 port 22: Permission denied
root@PC-4:~# telnet 2001:0:2:3::3    
Trying 2001:0:2:3::3...
telnet: Unable to connect to remote host: Permission denied
root@PC-4:~# telnet 2001:0:2:3::3 
Trying 2001:0:2:3::3...
telnet: Unable to connect to remote host: Permission denied
root@PC-4:~# telnet 2001:0:2:3::3 
Trying 2001:0:2:3::3...
telnet: Unable to connect to remote host: Permission denied
root@PC-4:~# telnet 2001:0:2:3::3 
Trying 2001:0:2:3::3...
telnet: Unable to connect to remote host: Permission denied
root@PC-4:~# telnet 2001:0:2:3::3 
Trying 2001:0:2:3::3...
telnet: Unable to connect to remote host: Permission denied
root@PC-4:~# ssh admin1@2001:0:2:3::3
ssh: connect to host 2001:0:2:3::3 port 22: Permission denied
root@PC-4:~# ssh admin1@2001:0:2:3::3
ssh: connect to host 2001:0:2:3::3 port 22: Permission denied
root@PC-4:~# ssh admin1@2001:0:2:3::3
ssh: connect to host 2001:0:2:3::3 port 22: Permission denied
root@PC-4:~# ping 2001:0:2:3::3
ping: unknown host 2001:0:2:3::3
root@PC-4:~# ping6 2001:0:2:3::3
PING 2001:0:2:3::3(2001:0:2:3::3) 56 data bytes
From 2001:0:2:3::3 icmp_seq=1 Destination unreachable: Unknown code 5
From 2001:0:2:3::3 icmp_seq=2 Destination unreachable: Unknown code 5
From 2001:0:2:3::3 icmp_seq=3 Destination unreachable: Unknown code 5
From 2001:0:2:3::3 icmp_seq=4 Destination unreachable: Unknown code 5
From 2001:0:2:3::3 icmp_seq=5 Destination unreachable: Unknown code 5
^C
--- 2001:0:2:3::3 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4005ms

root@PC-4:~# ping6 2001:0:2:3::2 -c3
PING 2001:0:2:3::2(2001:0:2:3::2) 56 data bytes
64 bytes from 2001:0:2:3::2: icmp_seq=1 ttl=63 time=3.93 ms
64 bytes from 2001:0:2:3::2: icmp_seq=2 ttl=63 time=3.65 ms
64 bytes from 2001:0:2:3::2: icmp_seq=3 ttl=63 time=4.21 ms

--- 2001:0:2:3::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 3.652/3.931/4.212/0.234 ms
root@PC-5:~# ifconfig eth0 inet6 add 2001:1:1:0::50/64
root@PC-5:~# route add -A inet6 default gw 2001:1:1:0::1
root@PC-5:~# ping 2001:0:2:3::3
ping: unknown host 2001:0:2:3::3
root@PC-5:~# ping6 2001:0:2:3::3
PING 2001:0:2:3::3(2001:0:2:3::3) 56 data bytes
64 bytes from 2001:0:2:3::3: icmp_seq=2 ttl=62 time=4.58 ms
64 bytes from 2001:0:2:3::3: icmp_seq=3 ttl=62 time=5.21 ms
^C
--- 2001:0:2:3::3 ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2008ms
rtt min/avg/max/mdev = 4.586/4.902/5.218/0.316 ms
root@PC-5:~# ifconfig eth0 inet6 del 
Usage:
  ifconfig [-a] [-v] [-s] <interface> [[<AF>] <address>]
  [add <address>[/<prefixlen>]]
  [del <address>[/<prefixlen>]]
  [[-]broadcast [<address>]]  [[-]pointopoint [<address>]]
  [netmask <address>]  [dstaddr <address>]  [tunnel <address>]
  [outfill <NN>] [keepalive <NN>]
  [hw <HW> <address>]  [metric <NN>]  [mtu <NN>]
  [[-]trailers]  [[-]arp]  [[-]allmulti]
  [multicast]  [[-]promisc]
  [mem_start <NN>]  [io_addr <NN>]  [irq <NN>]  [media <type>]
  [txqueuelen <NN>]
  [[-]dynamic]
  [up|down] ...

  <HW>=Hardware Type.
  List of possible hardware types:
    loop (Local Loopback) slip (Serial Line IP) cslip (VJ Serial Line IP) 
    slip6 (6-bit Serial Line IP) cslip6 (VJ 6-bit Serial Line IP) adaptive (Adaptive Serial Line IP) 
    ash (Ash) ether (Ethernet) ax25 (AMPR AX.25) 
    netrom (AMPR NET/ROM) rose (AMPR ROSE) tunnel (IPIP Tunnel) 
    ppp (Point-to-Point Protocol) hdlc ((Cisco)-HDLC) lapb (LAPB) 
    arcnet (ARCnet) dlci (Frame Relay DLCI) frad (Frame Relay Access Device) 
    sit (IPv6-in-IPv4) fddi (Fiber Distributed Data Interface) hippi (HIPPI) 
    irda (IrLAP) ec (Econet) x25 (generic X.25) 
    eui64 (Generic EUI-64) 
  <AF>=Address family. Default: inet
  List of possible address families:
    unix (UNIX Domain) inet (DARPA Internet) inet6 (IPv6) 
    ax25 (AMPR AX.25) netrom (AMPR NET/ROM) rose (AMPR ROSE) 
    ipx (Novell IPX) ddp (Appletalk DDP) ec (Econet) 
    ash (Ash) x25 (CCITT X.25) 
root@PC-5:~# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 36:d2:57:40:94:c0  
          inet6 addr: 2001:1:1::50/64 Scope:Global
          inet6 addr: 2001:1:1:0:34d2:57ff:fe40:94c0/64 Scope:Global
          inet6 addr: fe80::34d2:57ff:fe40:94c0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:93 errors:0 dropped:1 overruns:0 frame:0
          TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:11873 (11.8 KB)  TX bytes:1738 (1.7 KB)

root@PC-5:~# ifconfig eth0 inet6 del 2001:1:1:0:34d2:57ff:fe40:94c0/64
root@PC-5:~# ping6 2001:0:2:3::2     
PING 2001:0:2:3::2(2001:0:2:3::2) 56 data bytes
64 bytes from 2001:0:2:3::2: icmp_seq=1 ttl=63 time=13.5 ms
64 bytes from 2001:0:2:3::2: icmp_seq=2 ttl=63 time=4.51 ms
64 bytes from 2001:0:2:3::2: icmp_seq=3 ttl=63 time=3.51 ms
^C
--- 2001:0:2:3::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 3.511/7.179/13.511/4.496 ms
root@PC-5:~# ping6 2001:0:2:3::3
PING 2001:0:2:3::3(2001:0:2:3::3) 56 data bytes
From 2001:0:2:3::3 icmp_seq=1 Destination unreachable: Unknown code 5
From 2001:0:2:3::3 icmp_seq=2 Destination unreachable: Unknown code 5
From 2001:0:2:3::3 icmp_seq=3 Destination unreachable: Unknown code 5
From 2001:0:2:3::3 icmp_seq=4 Destination unreachable: Unknown code 5
From 2001:0:2:3::3 icmp_seq=5 Destination unreachable: Unknown code 5
From 2001:0:2:3::3 icmp_seq=6 Destination unreachable: Unknown code 5
^C
--- 2001:0:2:3::3 ping statistics ---
6 packets transmitted, 0 received, +6 errors, 100% packet loss, time 5004ms

root@PC-5:~# ssh admin1@2001:0:2:3::3
The authenticity of host '2001:0:2:3::3 (2001:0:2:3::3)' can't be established.
RSA key fingerprint is SHA256:BQUANPqXZh52qD8k02jQ+Vvb5eHCdVOESU0oC5Aze9k.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '2001:0:2:3::3' (RSA) to the list of known hosts.

Password: 

R3>show users
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                 00:02:29   
*578 vty 0     admin1     idle                 00:00:00
                                                  2001:1:1:0:34D2:57FF:FE40:94C0

  Interface    User               Mode         Idle     Peer Address

R3>exit
Connection to 2001:0:2:3::3 closed.
root@PC-5:~# telnet 2001:0:2:3::3           
Trying 2001:0:2:3::3...
Connected to 2001:0:2:3::3.
Escape character is '^]'.


User Access Verification

Username: admin1
Password: 
R3>show users
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                 00:02:46   
*578 vty 0     admin1     idle                 00:00:00
                                                  2001:1:1:0:34D2:57FF:FE40:94C0

  Interface    User               Mode         Idle     Peer Address

R3>exit
Connection closed by foreign host.
root@PC-6:~# ifconfig eth0 inet6 add 2001:1:1:1::60/64
root@PC-6:~# route add -A inet6 default gw 2001:1:1:1::1
root@PC-6:~# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr ca:20:a4:7b:86:84  
          inet6 addr: 2001:1:1:1::60/64 Scope:Global
          inet6 addr: fe80::c820:a4ff:fe7b:8684/64 Scope:Link
          inet6 addr: 2001:1:1:1:c820:a4ff:fe7b:8684/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1236 (1.2 KB)  TX bytes:884 (884.0 B)

root@PC-6:~# ifconfig eth0 inet6 del 2001:1:1:1:c820:a4ff:fe7b:8684/64
root@PC-6:~# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr ca:20:a4:7b:86:84  
          inet6 addr: 2001:1:1:1::60/64 Scope:Global
          inet6 addr: fe80::c820:a4ff:fe7b:8684/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1326 (1.3 KB)  TX bytes:884 (884.0 B)

root@PC-6:~# ping 2001:0:2:3::3
ping: unknown host 2001:0:2:3::3
root@PC-6:~# ping6 2001:0:2:3::3
PING 2001:0:2:3::3(2001:0:2:3::3) 56 data bytes
64 bytes from 2001:0:2:3::3: icmp_seq=1 ttl=62 time=11.5 ms
64 bytes from 2001:0:2:3::3: icmp_seq=2 ttl=62 time=4.97 ms
64 bytes from 2001:0:2:3::3: icmp_seq=3 ttl=62 time=4.81 ms
^C
--- 2001:0:2:3::3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 4.817/7.115/11.552/3.139 ms
root@PC-6:~# ping6 2001:0:2:3::2
PING 2001:0:2:3::2(2001:0:2:3::2) 56 data bytes
64 bytes from 2001:0:2:3::2: icmp_seq=1 ttl=63 time=3.71 ms
64 bytes from 2001:0:2:3::2: icmp_seq=2 ttl=63 time=3.51 ms
^C
--- 2001:0:2:3::2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 3.518/3.615/3.713/0.114 ms
root@PC-6:~# telnet 2001:0:2:3::3     
Trying 2001:0:2:3::3...
Connected to 2001:0:2:3::3.
Escape character is '^]'.


User Access Verification

Username: admin
Password: 
% Login invalid

Username: 
Username: admin1
Password: 
R3>show users
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                 00:06:29   
*578 vty 0     admin1     idle                 00:00:00 2001:1:1:1::60

  Interface    User               Mode         Idle     Peer Address

R3>exit
Connection closed by foreign host.
root@PC-6:~# ssh admin1@2001:0:2:3::3       
The authenticity of host '2001:0:2:3::3 (2001:0:2:3::3)' can't be established.
RSA key fingerprint is SHA256:BQUANPqXZh52qD8k02jQ+Vvb5eHCdVOESU0oC5Aze9k.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '2001:0:2:3::3' (RSA) to the list of known hosts.

Password: 

R3>show users
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                 00:06:50   
*578 vty 0     admin1     idle                 00:00:00 2001:1:1:1::60

  Interface    User               Mode         Idle     Peer Address

R3>exit
Connection to 2001:0:2:3::3 closed.
root@PC-6:~# 



References

tech/network/cisco/ipv6/ipv6-acl/ipv6-acl.txt · Last modified: 2019/03/24 10:40 by wnoguchi