Project name: ccna-ipv6-0014-acl
enable configure terminal ! hostname R1 no ip domain-lookup line console 0 exec-timeout 0 0 logging synchronous exit ! ipv6 unicast-routing ! interface GigabitEthernet 0/0 ipv6 address fe80::1 link-local ipv6 address 2001:0:1:2::1/64 no shutdown exit interface GigabitEthernet 0/1 ipv6 address fe80::1 link-local ipv6 address 2001:1:1:0::1/64 no shutdown exit interface GigabitEthernet 0/2 ipv6 address fe80::1 link-local ipv6 address 2001:1:1:1::1/64 no shutdown exit ! end write
enable configure terminal ! hostname R2 no ip domain-lookup line console 0 exec-timeout 0 0 logging synchronous exit ! ipv6 unicast-routing ! interface GigabitEthernet 0/0 ipv6 address fe80::2 link-local ipv6 address 2001:0:2:3::2/64 no shutdown exit interface GigabitEthernet 0/1 ipv6 address fe80::2 link-local ipv6 address 2001:0:1:2::2/64 no shutdown exit ! end write
enable configure terminal ! hostname R3 no ip domain-lookup line console 0 exec-timeout 0 0 logging synchronous exit ! ipv6 unicast-routing ! interface GigabitEthernet 0/1 ipv6 address fe80::3 link-local ipv6 address 2001:0:2:3::3/64 no shutdown exit ! end write
ip 2001:1:1:0::10/64 2001:1:1:0::1 save
ip 2001:1:1:0::20/64 2001:1:1:0::1 save
ip 2001:1:1:1::30/64 2001:1:1:1::1 save
configure terminal ! router ospfv3 1 router-id 1.1.1.1 address-family ipv6 unicast exit-address-family exit ! interface GigabitEthernet 0/0 ospfv3 1 ipv6 area 0 exit interface GigabitEthernet 0/1 ospfv3 1 ipv6 area 0 exit interface GigabitEthernet 0/2 ospfv3 1 ipv6 area 0 exit ! end
configure terminal ! router ospfv3 1 router-id 2.2.2.2 address-family ipv6 unicast exit-address-family exit ! interface GigabitEthernet 0/0 ospfv3 1 ipv6 area 0 exit interface GigabitEthernet 0/1 ospfv3 1 ipv6 area 0 exit ! end
configure terminal ! router ospfv3 1 router-id 3.3.3.3 address-family ipv6 unicast exit-address-family exit ! interface GigabitEthernet 0/1 ospfv3 1 ipv6 area 0 exit ! end
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ipv R1(config)#ipv6 router R1(config)#ipv6 router os R1(config)#ipv R1(config)#router R1(config)#router os R1(config)#router ospfv R1(config)#router ospfv3 1 R1(config-router)#route R1(config-router)#router-id 1.1.1.1 R1(config-router)#add R1(config-router)#address-family ipv R1(config-router)#address-family ipv6 R1(config-router)#address-family ipv6 unica R1(config-router)#address-family ipv6 unicast R1(config-router-af)#exi R1(config-router-af)#exit-address-family R1(config-router)#int range gig0/0 R1(config-if-range)#os R1(config-if-range)#ospfv3 1 ipv R1(config-if-range)#ospfv3 1 ipv6 are R1(config-if-range)#ospfv3 1 ipv6 area 0 R1(config-if-range)#^Z R1# *Mar 23 11:12:34.772: %SYS-5-CONFIG_I: Configured from console by console R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int range gig0/0 - 2 R1(config-if-range)#ospfv R1(config-if-range)#ospfv3 1 ipv6 are R1(config-if-range)#ospfv3 1 ipv6 area 0 R1(config-if-range)#^Z R1# *Mar 23 11:14:04.436: %SYS-5-CONFIG_I: Configured from console by console R1# *Mar 23 11:14:30.078: %OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 2.2.2.2 on GigabitEthernet0/0 from LOADING to FULL, Loading Done R1
R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#router ospfv3 R2(config)#router ospfv3 1 R2(config-router)#router R2(config-router)#router-id 2.2.2.2 R2(config-router)#add R2(config-router)#address-family ipv6 R2(config-router)#address-family ipv6 uni R2(config-router)#address-family ipv6 unicast R2(config-router-af)#int range gig0/0-1 R2(config-if-range)#ospfv4 R2(config-if-range)#ospfv3 R2(config-if-range)#ospfv3 are R2(config-if-range)#ospfv3 1 ipv6 are R2(config-if-range)#ospfv3 1 ipv6 area 0 R2(config-if-range)# *Mar 23 11:14:30.493: %OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 1.1.1.1 on GigabitEthernet0/1 from LOADING to FULL, Loading Done R2(config-if-range)#^Z R2# *Mar 23 11:14:32.241: %SYS-5-CONFIG_I: Configured from console by console R2# *Mar 23 11:15:16.909: %OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 3.3.3.3 on GigabitEthernet0/0 from LOADING to FULL, Loading Done R2#
R3#conf t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#router ospfv3 1 R3(config-router)#router-id R3(config-router)#router-id 3.3.3.3 R3(config-router)#add R3(config-router)#address-family ipv R3(config-router)#address-family ipv6 R3(config-router)#address-family ipv6 uni R3(config-router)#address-family ipv6 unicast R3(config-router-af)#exi R3(config-router-af)#exit-address-family R3(config-router)#int gig0/1 R3(config-if)#ospfv4 R3(config-if)#ospfv R3(config-if)#ospfv3 1 ipv R3(config-if)#ospfv3 1 ipv6 R3(config-if)#ospfv3 1 ipv6 are R3(config-if)#ospfv3 1 ipv6 area 0 R3(config-if)# *Mar 23 11:15:17.175: %OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 2.2.2.2 on GigabitEthernet0/1 from LOADING to FULL, Loading Done R3(config-if)#^Z R3# *Mar 23 11:15:19.318: %SYS-5-CONFIG_I: Configured from console by console R3#
R1#sh ipv6 ro ospf IPv6 Routing Table - default - 8 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid a - Application O 2001:0:2:3::/64 [110/2] via FE80::2, GigabitEthernet0/0
R3#sh ipv6 ro ospf IPv6 Routing Table - default - 6 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid a - Application O 2001:0:1:2::/64 [110/2] via FE80::2, GigabitEthernet0/1 O 2001:1:1::/64 [110/3] via FE80::2, GigabitEthernet0/1 O 2001:1:1:1::/64 [110/3] via FE80::2, GigabitEthernet0/1
R1#ping 2001:0:2:3::3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:0:2:3::3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 3/8/27 ms
PC-1> ping 2001:0:2:3::3 2001:0:2:3::3 icmp6_seq=1 ttl=62 time=13.792 ms 2001:0:2:3::3 icmp6_seq=2 ttl=62 time=7.737 ms 2001:0:2:3::3 icmp6_seq=3 ttl=62 time=5.853 ms 2001:0:2:3::3 icmp6_seq=4 ttl=62 time=6.365 ms 2001:0:2:3::3 icmp6_seq=5 ttl=62 time=3.973 ms
PC-2> ping 2001:0:2:3::3 2001:0:2:3::3 icmp6_seq=1 ttl=62 time=12.721 ms 2001:0:2:3::3 icmp6_seq=2 ttl=62 time=5.116 ms 2001:0:2:3::3 icmp6_seq=3 ttl=62 time=6.404 ms 2001:0:2:3::3 icmp6_seq=4 ttl=62 time=6.049 ms 2001:0:2:3::3 icmp6_seq=5 ttl=62 time=5.165 ms
PC-3> ping 2001:0:2:3::3 2001:0:2:3::3 icmp6_seq=1 ttl=62 time=12.884 ms 2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.176 ms 2001:0:2:3::3 icmp6_seq=3 ttl=62 time=7.507 ms 2001:0:2:3::3 icmp6_seq=4 ttl=62 time=5.720 ms 2001:0:2:3::3 icmp6_seq=5 ttl=62 time=8.023 ms
configure terminal ! hostname R3 username admin1 password cisco1 ! line vty 0 15 exec-timeout 0 0 password ciscotel login local logging synchronous ! this required by default IOSv for remote access transport input telnet ssh exit ! ip domain-name pg1x.net ! crypto key generate rsa !crypto key generate rsa modulus 4096 ip ssh version 2 ! end
ifconfig eth0 inet6 add 2001:1:1:0::40/64 route add -A inet6 default gw 2001:1:1:0::1
auto eth0 iface eth0 inet6 static address 2001:1:1:0::40 netmask 64 gateway 2001:1:1:0::1
ifconfig eth0 inet6 add 2001:1:1:0::50/64 route add -A inet6 default gw 2001:1:1:0::1
auto eth0 iface eth0 inet6 static address 2001:1:1:0::50 netmask 64 gateway 2001:1:1:0::1
ifconfig eth0 inet6 add 2001:1:1:1::60/64 route add -A inet6 default gw 2001:1:1:1::1 ifconfig eth0 inet6 del 2001:1:1:1:c820:a4ff:fe7b:8684/64
auto eth0 iface eth0 inet6 static address 2001:1:1:1::60 netmask 64 gateway 2001:1:1:1::1
R3#conf t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#username admin1 password cisco1 R3(config)#line vty 0 15 R3(config-line)#exec-timeout 0 0 R3(config-line)#password ciscotel R3(config-line)#login local R3(config-line)#logging synchronous R3(config-line)#transport input telnet ssh R3(config-line)#exit R3(config)#ip domain-name pg1x.net R3(config)#crypto key generate rsa modulus 4096 The name for the keys will be: R3.pg1x.net % The key modulus size is 4096 bits % Generating 4096 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 8 seconds) R3(config)# *Mar 24 00:14:34.733: %SSH-5-ENABLED: SSH 1.99 has been enabled R3(config)#ip ssh version 2 R3(config)#^Z R3# *Mar 24 00:15:01.725: %SYS-5-CONFIG_I: Configured from console by console
Telnet/SSH from R1
R1#ping 2001:0:2:3::3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:0:2:3::3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 3/23/78 ms R1#telnet 2001:0:2:3::3 Trying 2001:0:2:3::3 ... % Connection refused by remote host R1#telnet 2001:0:2:3::3 Trying 2001:0:2:3::3 ... Open User Access Verification Username: admin1 Password: R3>en % No password set R3>sh ipv6 inter bri GigabitEthernet0/0 [administratively down/down] unassigned GigabitEthernet0/1 [up/up] FE80::3 2001:0:2:3::3 GigabitEthernet0/2 [administratively down/down] unassigned GigabitEthernet0/3 [administratively down/down] unassigned R3>show users Line User Host(s) Idle Location 0 con 0 idle 00:01:17 *578 vty 0 admin1 idle 00:00:00 2001:0:1:2::1 Interface User Mode Idle Peer Address R3>exit [Connection to 2001:0:2:3::3 closed by foreign host] R1#ssh -l admin1 2001:0:2:3::3 Password: R3>show ipv6 int bri GigabitEthernet0/0 [administratively down/down] unassigned GigabitEthernet0/1 [up/up] FE80::3 2001:0:2:3::3 GigabitEthernet0/2 [administratively down/down] unassigned GigabitEthernet0/3 [administratively down/down] unassigned R3>show users Line User Host(s) Idle Location 0 con 0 idle 00:02:31 *578 vty 0 admin1 idle 00:00:00 2001:0:1:2::1 Interface User Mode Idle Peer Address R3>exit [Connection to 2001:0:2:3::3 closed by foreign host]
Configure Docker host (PC-4).
root@PC-4:~# ifconfig eth0 inet6 add 2001:1:1:0::40/64 root@PC-4:~# route add -A inet6 default gw 2001:1:1:0::1 root@PC-4:~# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 92:ca:96:18:fb:b3 inet6 addr: 2001:1:1::40/64 Scope:Global inet6 addr: 2001:1:1:0:90ca:96ff:fe18:fbb3/64 Scope:Global inet6 addr: fe80::90ca:96ff:fe18:fbb3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:87 errors:0 dropped:1 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:13177 (13.1 KB) TX bytes:1024 (1.0 KB) root@PC-4:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface root@PC-4:~# route -6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2001:1:1::/64 :: UAe 256 0 1 eth0 fe80::/64 :: U 256 0 0 eth0 ::/0 2001:1:1::1 UG 1 0 0 eth0 ::/0 fe80::1 UGDAe 1024 0 0 eth0 ::/0 :: !n -1 1 2 lo ::1/128 :: Un 0 1 0 lo 2001:1:1::40/128 :: Un 0 1 0 lo 2001:1:1:0:90ca:96ff:fe18:fbb3/128 :: Un 0 1 0 lo fe80::90ca:96ff:fe18:fbb3/128 :: Un 0 1 0 lo ff00::/8 :: U 256 4 71 eth0 ::/0 :: !n -1 1 2 lo
root@PC-4:~# ping 2001:1:1::1 ping: unknown host 2001:1:1::1 root@PC-4:~# ping6 2001:1:1::1 PING 2001:1:1::1(2001:1:1::1) 56 data bytes 64 bytes from 2001:1:1::1: icmp_seq=1 ttl=64 time=9.17 ms 64 bytes from 2001:1:1::1: icmp_seq=2 ttl=64 time=2.22 ms 64 bytes from 2001:1:1::1: icmp_seq=3 ttl=64 time=2.18 ms 64 bytes from 2001:1:1::1: icmp_seq=4 ttl=64 time=1.93 ms 64 bytes from 2001:1:1::1: icmp_seq=5 ttl=64 time=2.29 ms ^C --- 2001:1:1::1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4004ms rtt min/avg/max/mdev = 1.936/3.563/9.174/2.808 ms root@PC-4:~# ping6 -c4 2001:1:1::1 PING 2001:1:1::1(2001:1:1::1) 56 data bytes 64 bytes from 2001:1:1::1: icmp_seq=1 ttl=64 time=3.85 ms 64 bytes from 2001:1:1::1: icmp_seq=2 ttl=64 time=3.86 ms 64 bytes from 2001:1:1::1: icmp_seq=3 ttl=64 time=5.47 ms 64 bytes from 2001:1:1::1: icmp_seq=4 ttl=64 time=4.90 ms --- 2001:1:1::1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms rtt min/avg/max/mdev = 3.851/4.524/5.475/0.698 ms root@PC-4:~# ping6 -c4 2001:1:1::10 PING 2001:1:1::10(2001:1:1::10) 56 data bytes 64 bytes from 2001:1:1::10: icmp_seq=1 ttl=63 time=3.25 ms 64 bytes from 2001:1:1::10: icmp_seq=2 ttl=63 time=2.66 ms 64 bytes from 2001:1:1::10: icmp_seq=3 ttl=63 time=2.29 ms 64 bytes from 2001:1:1::10: icmp_seq=4 ttl=63 time=2.60 ms --- 2001:1:1::10 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3002ms rtt min/avg/max/mdev = 2.296/2.706/3.250/0.344 ms root@PC-4:~# ping6 -c4 2001:1:1::20 PING 2001:1:1::20(2001:1:1::20) 56 data bytes 64 bytes from 2001:1:1::20: icmp_seq=1 ttl=63 time=3.10 ms 64 bytes from 2001:1:1::20: icmp_seq=2 ttl=63 time=2.44 ms 64 bytes from 2001:1:1::20: icmp_seq=3 ttl=63 time=2.42 ms 64 bytes from 2001:1:1::20: icmp_seq=4 ttl=63 time=2.33 ms --- 2001:1:1::20 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3002ms rtt min/avg/max/mdev = 2.334/2.576/3.101/0.305 ms root@PC-4:~# ping6 -c4 2001:1:1:1::30 PING 2001:1:1:1::30(2001:1:1:1::30) 56 data bytes 64 bytes from 2001:1:1:1::30: icmp_seq=1 ttl=62 time=9.55 ms 64 bytes from 2001:1:1:1::30: icmp_seq=2 ttl=62 time=0.859 ms 64 bytes from 2001:1:1:1::30: icmp_seq=3 ttl=62 time=1.80 ms 64 bytes from 2001:1:1:1::30: icmp_seq=4 ttl=62 time=1.41 ms --- 2001:1:1:1::30 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3002ms rtt min/avg/max/mdev = 0.859/3.406/9.553/3.565 ms root@PC-4:~# ping6 -c4 2001:0:2:3::3 PING 2001:0:2:3::3(2001:0:2:3::3) 56 data bytes 64 bytes from 2001:0:2:3::3: icmp_seq=1 ttl=62 time=18.2 ms 64 bytes from 2001:0:2:3::3: icmp_seq=2 ttl=62 time=4.22 ms 64 bytes from 2001:0:2:3::3: icmp_seq=3 ttl=62 time=5.44 ms 64 bytes from 2001:0:2:3::3: icmp_seq=4 ttl=62 time=4.67 ms --- 2001:0:2:3::3 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms rtt min/avg/max/mdev = 4.224/8.141/18.221/5.835 ms
root@PC-4:~# telnet 2001:0:2:3::3 Trying 2001:0:2:3::3... Connected to 2001:0:2:3::3. Escape character is '^]'. User Access Verification Username: admin1 Password: R3>sh ipv6 int bri GigabitEthernet0/0 [administratively down/down] unassigned GigabitEthernet0/1 [up/up] FE80::3 2001:0:2:3::3 GigabitEthernet0/2 [administratively down/down] unassigned GigabitEthernet0/3 [administratively down/down] unassigned R3>exit Connection closed by foreign host. root@PC-4:~# ssh admin1@2001:0:2:3::3 The authenticity of host '2001:0:2:3::3 (2001:0:2:3::3)' can't be established. RSA key fingerprint is SHA256:/QFTAMFoJZj1QpMf7uMA9j21YYIAbk6KddsU44LYVhc. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '2001:0:2:3::3' (RSA) to the list of known hosts. Password: R3>sh ipv6 proto IPv6 Routing Protocol is "connected" IPv6 Routing Protocol is "application" IPv6 Routing Protocol is "ND" IPv6 Routing Protocol is "ospf 1" Router ID 3.3.3.3 Number of areas: 1 normal, 0 stub, 0 nssa Interfaces (Area 0): GigabitEthernet0/1 Redistribution: None R3> Connection to 2001:0:2:3::3 closed.
configure terminal ! ipv6 access-list TESTV6ACL deny tcp host 2001:1:1::40 any eq 22 deny tcp host 2001:1:1::40 any eq 23 deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request permit ipv6 any any exit ! interface GigabitEthernet 0/1 ipv6 traffic-filter TESTV6ACL in exit ! end
R3#conf t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ipv R3(config)#ipv6 acc R3(config)#ipv6 access-list TESTV6ACL R3(config-ipv6-acl)#de R3(config-ipv6-acl)#den R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 an R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 any e R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 any eq R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 any eq 22 R3(config-ipv6-acl)#deny tcp host R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 an R3(config-ipv6-acl)#deny tcp host 2001:1:1::40 any eq 23 R3(config-ipv6-acl)#deny icm R3(config-ipv6-acl)#deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo R3(config-ipv6-acl)#deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-requ R3(config-ipv6-acl)#deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request R3(config-ipv6-acl)#permi R3(config-ipv6-acl)#permit ipv6 any R3(config-ipv6-acl)#permit ipv6 any any R3(config-ipv6-acl)#int gig0/1 R3(config-if)#ipv R3(config-if)#ipv6 tra R3(config-if)#ipv6 traffic-filter TESTV6ACL in R3(config-if)#^Z R3# *Mar 24 01:03:01.617: %SYS-5-CONFIG_I: Configured from console by console R3#sh ipv6 access-list IPv6 access list TESTV6ACL deny tcp host 2001:1:1::40 any eq 22 sequence 10 deny tcp host 2001:1:1::40 any eq telnet sequence 20 deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request sequence 30 permit ipv6 any any (1 match) sequence 40 R3#sh ipv6 access-list IPv6 access list TESTV6ACL deny tcp host 2001:1:1::40 any eq 22 sequence 10 deny tcp host 2001:1:1::40 any eq telnet sequence 20 deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request (10 matches) sequence 30 permit ipv6 any any (104 matches) sequence 40 R3#sh ipv6 access-list IPv6 access list TESTV6ACL deny tcp host 2001:1:1::40 any eq 22 (1 match) sequence 10 deny tcp host 2001:1:1::40 any eq telnet (1 match) sequence 20 deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request (10 matches) sequence 30 permit ipv6 any any (117 matches) sequence 40 R3#sh ipv6 access-list IPv6 access list TESTV6ACL deny tcp host 2001:1:1::40 any eq 22 (5 matches) sequence 10 deny tcp host 2001:1:1::40 any eq telnet (6 matches) sequence 20 deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request (10 matches) sequence 30 permit ipv6 any any (121 matches) sequence 40 R3#sh ipv6 acc R3#sh ipv6 access-list IPv6 access list TESTV6ACL deny tcp host 2001:1:1::40 any eq 22 (5 matches) sequence 10 deny tcp host 2001:1:1::40 any eq telnet (6 matches) sequence 20 deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request (21 matches) sequence 30 permit ipv6 any any (502 matches) sequence 40 R3#clea R3#clear acc R3#clear access-li R3#clear access-list cou R3#clear access-list counters R3#sh ipv6 acc R3#sh ipv6 access-list IPv6 access list TESTV6ACL deny tcp host 2001:1:1::40 any eq 22 sequence 10 deny tcp host 2001:1:1::40 any eq telnet sequence 20 deny icmp 2001:1:1::/64 host 2001:0:2:3::3 echo-request sequence 30 permit ipv6 any any sequence 40 R3#show iv R3#show i R3#show ipv R3#show ipv6 inter GigabitEthernet0/1 is up, line protocol is up IPv6 is enabled, link-local address is FE80::3 No Virtual link-local address(es): Global unicast address(es): 2001:0:2:3::3, subnet is 2001:0:2:3::/64 Joined group address(es): FF02::1 FF02::2 FF02::5 FF02::6 FF02::1:FF00:3 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent Input features: Access List Inbound access list TESTV6ACL ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) ND advertised reachable time is 0 (unspecified) ND advertised retransmit interval is 0 (unspecified) ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use stateless autoconfig for addresses.
PC-1> ping 2001:0:2:3::3 2001:0:2:3::3 icmp6_seq=1 ttl=62 time=14.905 ms 2001:0:2:3::3 icmp6_seq=2 ttl=62 time=3.884 ms 2001:0:2:3::3 icmp6_seq=3 ttl=62 time=4.602 ms 2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.568 ms 2001:0:2:3::3 icmp6_seq=5 ttl=62 time=5.617 ms PC-1> ping 2001:0:2:3::3 *2001:0:2:3::3 icmp6_seq=1 ttl=62 time=6.195 ms (ICMP type:1, code:5, Source address failed ingress/egress policy) *2001:0:2:3::3 icmp6_seq=2 ttl=62 time=6.025 ms (ICMP type:1, code:5, Source address failed ingress/egress policy) *2001:0:2:3::3 icmp6_seq=3 ttl=62 time=4.738 ms (ICMP type:1, code:5, Source address failed ingress/egress policy) *2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.350 ms (ICMP type:1, code:5, Source address failed ingress/egress policy) *2001:0:2:3::3 icmp6_seq=5 ttl=62 time=5.325 ms (ICMP type:1, code:5, Source address failed ingress/egress policy)
PC-2> ping 2001:0:2:3::3 *2001:0:2:3::3 icmp6_seq=1 ttl=62 time=13.560 ms (ICMP type:1, code:5, Source address failed ingress/egress policy) *2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.465 ms (ICMP type:1, code:5, Source address failed ingress/egress policy) *2001:0:2:3::3 icmp6_seq=3 ttl=62 time=4.891 ms (ICMP type:1, code:5, Source address failed ingress/egress policy) *2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.769 ms (ICMP type:1, code:5, Source address failed ingress/egress policy) *2001:0:2:3::3 icmp6_seq=5 ttl=62 time=4.312 ms (ICMP type:1, code:5, Source address failed ingress/egress policy) PC-2>
PC-3> ping 2001:0:2:3::3 2001:0:2:3::3 icmp6_seq=1 ttl=62 time=15.052 ms 2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.172 ms 2001:0:2:3::3 icmp6_seq=3 ttl=62 time=4.100 ms 2001:0:2:3::3 icmp6_seq=4 ttl=62 time=5.129 ms 2001:0:2:3::3 icmp6_seq=5 ttl=62 time=5.057 ms PC-3> ping 2001:0:2:3::3 2001:0:2:3::3 icmp6_seq=1 ttl=62 time=5.375 ms 2001:0:2:3::3 icmp6_seq=2 ttl=62 time=6.734 ms 2001:0:2:3::3 icmp6_seq=3 ttl=62 time=5.109 ms 2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.954 ms 2001:0:2:3::3 icmp6_seq=5 ttl=62 time=7.463 ms PC-3> ping 2001:0:2:3::3 2001:0:2:3::3 icmp6_seq=1 ttl=62 time=5.202 ms 2001:0:2:3::3 icmp6_seq=2 ttl=62 time=5.146 ms 2001:0:2:3::3 icmp6_seq=3 ttl=62 time=5.564 ms 2001:0:2:3::3 icmp6_seq=4 ttl=62 time=6.506 ms 2001:0:2:3::3 icmp6_seq=5 ttl=62 time=7.309 ms PC-3> ping 2001:0:2:3::3 2001:0:2:3::3 icmp6_seq=1 ttl=62 time=6.204 ms 2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.338 ms 2001:0:2:3::3 icmp6_seq=3 ttl=62 time=5.212 ms 2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.563 ms 2001:0:2:3::3 icmp6_seq=5 ttl=62 time=4.511 ms PC-3> ping 2001:0:2:3::3 2001:0:2:3::3 icmp6_seq=1 ttl=62 time=5.256 ms 2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.645 ms 2001:0:2:3::3 icmp6_seq=3 ttl=62 time=5.079 ms 2001:0:2:3::3 icmp6_seq=4 ttl=62 time=5.954 ms 2001:0:2:3::3 icmp6_seq=5 ttl=62 time=5.174 ms PC-3> ping 2001:0:2:3::3 2001:0:2:3::3 icmp6_seq=1 ttl=62 time=11.964 ms 2001:0:2:3::3 icmp6_seq=2 ttl=62 time=4.123 ms 2001:0:2:3::3 icmp6_seq=3 ttl=62 time=4.665 ms 2001:0:2:3::3 icmp6_seq=4 ttl=62 time=4.651 ms 2001:0:2:3::3 icmp6_seq=5 ttl=62 time=4.815 ms PC-3>
root@PC-4:~# ifconfig eth0 Link encap:Ethernet HWaddr 46:7c:94:7f:80:ea inet6 addr: 2001:1:1::40/64 Scope:Global inet6 addr: fe80::447c:94ff:fe7f:80ea/64 Scope:Link inet6 addr: 2001:1:1:0:447c:94ff:fe7f:80ea/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:587 errors:0 dropped:3 overruns:0 frame:0 TX packets:424 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:75277 (75.2 KB) TX bytes:38801 (38.8 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) root@PC-4:~# ifconfig inet6 del 2001:1:1:0:447c:94ff:fe7f:80ea/64 eth0 SIOGIFINDEX: No such device eth0: Host name lookup failure ifconfig: `--help' gives usage information. root@PC-4:~# ifconfig eth0 inet6 del 2001:1:1:0:447c:94ff:fe7f:80ea/64 root@PC-4:~# ifconfig eth0 Link encap:Ethernet HWaddr 46:7c:94:7f:80:ea inet6 addr: 2001:1:1::40/64 Scope:Global inet6 addr: fe80::447c:94ff:fe7f:80ea/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:592 errors:0 dropped:3 overruns:0 frame:0 TX packets:424 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:76035 (76.0 KB) TX bytes:38801 (38.8 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:256 (256.0 B) TX bytes:256 (256.0 B) root@PC-4:~# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 46:7c:94:7f:80:ea inet6 addr: 2001:1:1::40/64 Scope:Global inet6 addr: fe80::447c:94ff:fe7f:80ea/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:592 errors:0 dropped:3 overruns:0 frame:0 TX packets:424 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:76035 (76.0 KB) TX bytes:38801 (38.8 KB) root@PC-4:~# telnet 2001:0:2:3::3 Trying 2001:0:2:3::3... telnet: Unable to connect to remote host: Permission denied root@PC-4:~# ssh admin1@2001:0:2:3::3 ssh: connect to host 2001:0:2:3::3 port 22: Permission denied root@PC-4:~# ssh admin1@2001:0:2:3::3 ssh: connect to host 2001:0:2:3::3 port 22: Permission denied root@PC-4:~# telnet 2001:0:2:3::3 Trying 2001:0:2:3::3... telnet: Unable to connect to remote host: Permission denied root@PC-4:~# telnet 2001:0:2:3::3 Trying 2001:0:2:3::3... telnet: Unable to connect to remote host: Permission denied root@PC-4:~# telnet 2001:0:2:3::3 Trying 2001:0:2:3::3... telnet: Unable to connect to remote host: Permission denied root@PC-4:~# telnet 2001:0:2:3::3 Trying 2001:0:2:3::3... telnet: Unable to connect to remote host: Permission denied root@PC-4:~# telnet 2001:0:2:3::3 Trying 2001:0:2:3::3... telnet: Unable to connect to remote host: Permission denied root@PC-4:~# ssh admin1@2001:0:2:3::3 ssh: connect to host 2001:0:2:3::3 port 22: Permission denied root@PC-4:~# ssh admin1@2001:0:2:3::3 ssh: connect to host 2001:0:2:3::3 port 22: Permission denied root@PC-4:~# ssh admin1@2001:0:2:3::3 ssh: connect to host 2001:0:2:3::3 port 22: Permission denied root@PC-4:~# ping 2001:0:2:3::3 ping: unknown host 2001:0:2:3::3 root@PC-4:~# ping6 2001:0:2:3::3 PING 2001:0:2:3::3(2001:0:2:3::3) 56 data bytes From 2001:0:2:3::3 icmp_seq=1 Destination unreachable: Unknown code 5 From 2001:0:2:3::3 icmp_seq=2 Destination unreachable: Unknown code 5 From 2001:0:2:3::3 icmp_seq=3 Destination unreachable: Unknown code 5 From 2001:0:2:3::3 icmp_seq=4 Destination unreachable: Unknown code 5 From 2001:0:2:3::3 icmp_seq=5 Destination unreachable: Unknown code 5 ^C --- 2001:0:2:3::3 ping statistics --- 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4005ms root@PC-4:~# ping6 2001:0:2:3::2 -c3 PING 2001:0:2:3::2(2001:0:2:3::2) 56 data bytes 64 bytes from 2001:0:2:3::2: icmp_seq=1 ttl=63 time=3.93 ms 64 bytes from 2001:0:2:3::2: icmp_seq=2 ttl=63 time=3.65 ms 64 bytes from 2001:0:2:3::2: icmp_seq=3 ttl=63 time=4.21 ms --- 2001:0:2:3::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 3.652/3.931/4.212/0.234 ms
root@PC-5:~# ifconfig eth0 inet6 add 2001:1:1:0::50/64 root@PC-5:~# route add -A inet6 default gw 2001:1:1:0::1 root@PC-5:~# ping 2001:0:2:3::3 ping: unknown host 2001:0:2:3::3 root@PC-5:~# ping6 2001:0:2:3::3 PING 2001:0:2:3::3(2001:0:2:3::3) 56 data bytes 64 bytes from 2001:0:2:3::3: icmp_seq=2 ttl=62 time=4.58 ms 64 bytes from 2001:0:2:3::3: icmp_seq=3 ttl=62 time=5.21 ms ^C --- 2001:0:2:3::3 ping statistics --- 3 packets transmitted, 2 received, 33% packet loss, time 2008ms rtt min/avg/max/mdev = 4.586/4.902/5.218/0.316 ms root@PC-5:~# ifconfig eth0 inet6 del Usage: ifconfig [-a] [-v] [-s] <interface> [[<AF>] <address>] [add <address>[/<prefixlen>]] [del <address>[/<prefixlen>]] [[-]broadcast [<address>]] [[-]pointopoint [<address>]] [netmask <address>] [dstaddr <address>] [tunnel <address>] [outfill <NN>] [keepalive <NN>] [hw <HW> <address>] [metric <NN>] [mtu <NN>] [[-]trailers] [[-]arp] [[-]allmulti] [multicast] [[-]promisc] [mem_start <NN>] [io_addr <NN>] [irq <NN>] [media <type>] [txqueuelen <NN>] [[-]dynamic] [up|down] ... <HW>=Hardware Type. List of possible hardware types: loop (Local Loopback) slip (Serial Line IP) cslip (VJ Serial Line IP) slip6 (6-bit Serial Line IP) cslip6 (VJ 6-bit Serial Line IP) adaptive (Adaptive Serial Line IP) ash (Ash) ether (Ethernet) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) rose (AMPR ROSE) tunnel (IPIP Tunnel) ppp (Point-to-Point Protocol) hdlc ((Cisco)-HDLC) lapb (LAPB) arcnet (ARCnet) dlci (Frame Relay DLCI) frad (Frame Relay Access Device) sit (IPv6-in-IPv4) fddi (Fiber Distributed Data Interface) hippi (HIPPI) irda (IrLAP) ec (Econet) x25 (generic X.25) eui64 (Generic EUI-64) <AF>=Address family. Default: inet List of possible address families: unix (UNIX Domain) inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) rose (AMPR ROSE) ipx (Novell IPX) ddp (Appletalk DDP) ec (Econet) ash (Ash) x25 (CCITT X.25) root@PC-5:~# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 36:d2:57:40:94:c0 inet6 addr: 2001:1:1::50/64 Scope:Global inet6 addr: 2001:1:1:0:34d2:57ff:fe40:94c0/64 Scope:Global inet6 addr: fe80::34d2:57ff:fe40:94c0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:93 errors:0 dropped:1 overruns:0 frame:0 TX packets:19 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11873 (11.8 KB) TX bytes:1738 (1.7 KB) root@PC-5:~# ifconfig eth0 inet6 del 2001:1:1:0:34d2:57ff:fe40:94c0/64 root@PC-5:~# ping6 2001:0:2:3::2 PING 2001:0:2:3::2(2001:0:2:3::2) 56 data bytes 64 bytes from 2001:0:2:3::2: icmp_seq=1 ttl=63 time=13.5 ms 64 bytes from 2001:0:2:3::2: icmp_seq=2 ttl=63 time=4.51 ms 64 bytes from 2001:0:2:3::2: icmp_seq=3 ttl=63 time=3.51 ms ^C --- 2001:0:2:3::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 3.511/7.179/13.511/4.496 ms root@PC-5:~# ping6 2001:0:2:3::3 PING 2001:0:2:3::3(2001:0:2:3::3) 56 data bytes From 2001:0:2:3::3 icmp_seq=1 Destination unreachable: Unknown code 5 From 2001:0:2:3::3 icmp_seq=2 Destination unreachable: Unknown code 5 From 2001:0:2:3::3 icmp_seq=3 Destination unreachable: Unknown code 5 From 2001:0:2:3::3 icmp_seq=4 Destination unreachable: Unknown code 5 From 2001:0:2:3::3 icmp_seq=5 Destination unreachable: Unknown code 5 From 2001:0:2:3::3 icmp_seq=6 Destination unreachable: Unknown code 5 ^C --- 2001:0:2:3::3 ping statistics --- 6 packets transmitted, 0 received, +6 errors, 100% packet loss, time 5004ms root@PC-5:~# ssh admin1@2001:0:2:3::3 The authenticity of host '2001:0:2:3::3 (2001:0:2:3::3)' can't be established. RSA key fingerprint is SHA256:BQUANPqXZh52qD8k02jQ+Vvb5eHCdVOESU0oC5Aze9k. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '2001:0:2:3::3' (RSA) to the list of known hosts. Password: R3>show users Line User Host(s) Idle Location 0 con 0 idle 00:02:29 *578 vty 0 admin1 idle 00:00:00 2001:1:1:0:34D2:57FF:FE40:94C0 Interface User Mode Idle Peer Address R3>exit Connection to 2001:0:2:3::3 closed. root@PC-5:~# telnet 2001:0:2:3::3 Trying 2001:0:2:3::3... Connected to 2001:0:2:3::3. Escape character is '^]'. User Access Verification Username: admin1 Password: R3>show users Line User Host(s) Idle Location 0 con 0 idle 00:02:46 *578 vty 0 admin1 idle 00:00:00 2001:1:1:0:34D2:57FF:FE40:94C0 Interface User Mode Idle Peer Address R3>exit Connection closed by foreign host.
root@PC-6:~# ifconfig eth0 inet6 add 2001:1:1:1::60/64 root@PC-6:~# route add -A inet6 default gw 2001:1:1:1::1 root@PC-6:~# ifconfig eth0 eth0 Link encap:Ethernet HWaddr ca:20:a4:7b:86:84 inet6 addr: 2001:1:1:1::60/64 Scope:Global inet6 addr: fe80::c820:a4ff:fe7b:8684/64 Scope:Link inet6 addr: 2001:1:1:1:c820:a4ff:fe7b:8684/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1236 (1.2 KB) TX bytes:884 (884.0 B) root@PC-6:~# ifconfig eth0 inet6 del 2001:1:1:1:c820:a4ff:fe7b:8684/64 root@PC-6:~# ifconfig eth0 eth0 Link encap:Ethernet HWaddr ca:20:a4:7b:86:84 inet6 addr: 2001:1:1:1::60/64 Scope:Global inet6 addr: fe80::c820:a4ff:fe7b:8684/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1326 (1.3 KB) TX bytes:884 (884.0 B) root@PC-6:~# ping 2001:0:2:3::3 ping: unknown host 2001:0:2:3::3 root@PC-6:~# ping6 2001:0:2:3::3 PING 2001:0:2:3::3(2001:0:2:3::3) 56 data bytes 64 bytes from 2001:0:2:3::3: icmp_seq=1 ttl=62 time=11.5 ms 64 bytes from 2001:0:2:3::3: icmp_seq=2 ttl=62 time=4.97 ms 64 bytes from 2001:0:2:3::3: icmp_seq=3 ttl=62 time=4.81 ms ^C --- 2001:0:2:3::3 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 4.817/7.115/11.552/3.139 ms root@PC-6:~# ping6 2001:0:2:3::2 PING 2001:0:2:3::2(2001:0:2:3::2) 56 data bytes 64 bytes from 2001:0:2:3::2: icmp_seq=1 ttl=63 time=3.71 ms 64 bytes from 2001:0:2:3::2: icmp_seq=2 ttl=63 time=3.51 ms ^C --- 2001:0:2:3::2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 3.518/3.615/3.713/0.114 ms root@PC-6:~# telnet 2001:0:2:3::3 Trying 2001:0:2:3::3... Connected to 2001:0:2:3::3. Escape character is '^]'. User Access Verification Username: admin Password: % Login invalid Username: Username: admin1 Password: R3>show users Line User Host(s) Idle Location 0 con 0 idle 00:06:29 *578 vty 0 admin1 idle 00:00:00 2001:1:1:1::60 Interface User Mode Idle Peer Address R3>exit Connection closed by foreign host. root@PC-6:~# ssh admin1@2001:0:2:3::3 The authenticity of host '2001:0:2:3::3 (2001:0:2:3::3)' can't be established. RSA key fingerprint is SHA256:BQUANPqXZh52qD8k02jQ+Vvb5eHCdVOESU0oC5Aze9k. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '2001:0:2:3::3' (RSA) to the list of known hosts. Password: R3>show users Line User Host(s) Idle Location 0 con 0 idle 00:06:50 *578 vty 0 admin1 idle 00:00:00 2001:1:1:1::60 Interface User Mode Idle Peer Address R3>exit Connection to 2001:0:2:3::3 closed. root@PC-6:~#