[c-nsp] "Compressed" IPv6 ACLs on Cat6500
Saku Ytti
saku at ytti.fi
Thu Dec 9 17:02:29 EST 2010
On (2010-12-09 23:59 +0200), Saku Ytti wrote:
Ugh.
> The missing bits are never/rarely going to lead to expected behaviour. Anything
> more specific than /88 should just be used.
/just not/
> deny tcp F00F::C7C9:0/120 eq www host 2001:DB8::1 eq 42 sequence 30
> deny tcp 50:F00F::C9:0/104(eui) eq www host 2A:2001:DB8::1(eui) eq 42
>
> Especially observe how the sequence 20 becomes completely different rule in
/sequence 30/
--
++ytti
More information about the cisco-nsp
mailing list