[c-nsp] ipv6 and ipv4 access-class on vty only ipv4 fires
gert at greenie.muc.de
Tue Aug 30 11:49:05 EDT 2005
On Tue, Aug 30, 2005 at 05:11:46PM +0200, Jan-Willem Smaal wrote:
> I am having problems limiting vty access with both IPv4 and IPv6....
> When I try to access with a ssh IPv6 session with the access-class INTERNAL_v4 present I get reject with the following log entry:
> %SEC-6-IPACCESSLOGP: list NETMAN_NC3A denied tcp 220.127.116.11(33059) -> 0.0.0.0(22), 1 packet
I've seen this on 7603/Sup720 with 12.2(18)SXE2. Which is a router we
can open TAC cases for :-)
TAC response was that this is CSCsa77158: "Router stops accepting SSH
IPv6 connections, IPv4 SSH still works", and that this is only in 12.2SXE,
and "already fixed in a more recent 12.2S version". So YMMV.
The bug toolkit does not list any fixed-version at all, and *especially*
doesn't list any IOS versions that are not 12.2SX* - so the information
given is certainly not complete.
If you can open a TAC case, it would make sense to point them to this
bug, and explain "we're affected, too, go and fix it"...
("That's what they get from inventing a bazillion loosely-related
USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp