[c-nsp] c3560 IPv6 and ACL
Primoz Jeroncic
jp at softnet.si
Mon Nov 16 05:56:17 EST 2009
Hi
We are slowly moving toward IPv6 implementation in production, so I
came to ACLs. I would want to have some protection for our servers,
so I went to configure IPv6 ACL, which is based on our IPv4 ACL.
Problem is, that it looks like I can't make host based ACL entries
on c3560. If I try to add line for SMTP server I get following:
interface FastEthernet0/1
no switchport
ipv6 address xxxx:xxxx:0:3::1/64
ipv6 enable
ipv6 traffic-filter fw-ipv6 out
test(config)#ipv6 access-list fw-ipv6
test(config-ipv6-acl)#permit tcp any host xxxx:xxxx:0:3::2 eq 25
% Host address xxxx:xxxx:0:3::2 can not be supported
% ACE can not be added
% Failed to add access list
If I try to do same thing on c12008, it works without problems.
Any idea how to solve this problem?
PS: This c3560 is running Adv. IP services 12.2.40.SE IOS, in case if
this matters. And preffered SDM template is "desktop IPv4 and IPv6 routing".
Have fun,
Primoz Jeroncic
Support - IP Connectivity & Routing
-------------------------------------------------------------------
Softnet d.o.o. tel: +386 1 562 31 40 |
Borovec 2 fax: +386 1 562 18 55 | 1 + 1 = 3
1236 Trzin primoz(at)softnet.si | for larger values of 1
Slovenija http://flea.softnet.si/
-------------------------------------------------------------------
More information about the cisco-nsp
mailing list