[c-nsp] ipv6 and ipv4 access-class on vty only ipv4 fires

Gert Doering gert at greenie.muc.de
Tue Aug 30 11:49:05 EDT 2005


On Tue, Aug 30, 2005 at 05:11:46PM +0200, Jan-Willem Smaal wrote:
> I am having problems limiting vty access with both IPv4 and IPv6.... 
> When I try to access with a ssh IPv6 session with the access-class INTERNAL_v4 present I get reject with the following log entry:
> %SEC-6-IPACCESSLOGP: list NETMAN_NC3A denied tcp ->, 1 packet

I've seen this on 7603/Sup720 with 12.2(18)SXE2.  Which is a router we 
can open TAC cases for :-) 

TAC response was that this is CSCsa77158: "Router stops accepting SSH 
IPv6 connections, IPv4 SSH still works", and that this is only in 12.2SXE, 
and "already fixed in a more recent 12.2S version".   So YMMV.

The bug toolkit does not list any fixed-version at all, and *especially* 
doesn't list any IOS versions that are not 12.2SX* - so the information 
given is certainly not complete.

If you can open a TAC case, it would make sense to point them to this
bug, and explain "we're affected, too, go and fix it"...

("That's what they get from inventing a bazillion loosely-related 
12.2-something trains")

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the cisco-nsp mailing list