[c-nsp] "Compressed" IPv6 ACLs on Cat6500
Robert Hass
robhass at gmail.com
Wed Dec 8 03:41:30 EST 2010
Hi
We just implementing IPv6 in our network. As we operating Cisco
6500/Sup720 we also have to configure some IPv6 ACLs on these devices.
In ACLs we need to match tcp/udp port numbers so we will use 'mls ipv6
acl compress address unicast' mode (only match 112 bits of IPv6
address field).
My question is: After enabled 'ipv6 acl compress' Can I use > 112
addresses (eg. single hosts - /128) in IPv6 ACL line which don't have
port numbers ?
For example:
ipv6 access-list test
10 permit ip any 3333:3333:3333:3333:3333:33333:3333:AAAA/128
20 permit tcp any 3333:3333:3333:3333:3333:33333:4444:0000/112 eq 22
Will line '10' work proper or it will match /112 subnet instead of /128 ?
Robert
More information about the cisco-nsp
mailing list