[c-nsp] ipv6 and ipv4 access-class on vty only ipv4 fires
Jan-Willem Smaal
cisco-nsp at vivid.demon.nl
Tue Aug 30 11:11:46 EDT 2005
I am having problems limiting vty access with both IPv4 and IPv6....
!
ipv6 access-list INTERNAL_v6
permit ipv6 host 2001:xx:xx:xx:::1 any
deny ipv6 any any log-input
!
ip access-list extended INTERNAL_v4
permit ip 192.168.64.0 0.0.0.255 any
deny ip any any log-input
!
line vty 0 4
session-timeout 15
access-class INTERNAL_v4 in
ipv6 access-class INTERNAL_v6 in
logging synchronous
transport preferred ssh
transport input ssh
!
When I try to access with a ssh IPv6 session with the access-class INTERNAL_v4 present I get reject with the following log entry:
%SEC-6-IPACCESSLOGP: list NETMAN_NC3A denied tcp 32.1.6.16(33059) -> 0.0.0.0(22), 1 packet
I am using using
cat4000-i5k91s-mz.122-25.EWA2.bin
on a Cisco WS-C4506 (MPC8245) Supervisor IV engine.
Any clues?
J-W,
--
Jan-Willem Smaal <Jan-Willem.Smaal at nc3a.nato.int>
More information about the cisco-nsp
mailing list