[c-nsp] Why doesn't this IPv6 ACL work?
Seth Mattinen
sethm at rollernet.us
Mon Jun 21 22:06:56 EDT 2010
On 6/21/2010 18:59, Jared Mauch wrote:
> I don't have any 3750's, but are you sure it can match the lower half of the v6 address?
>
> It would be worthwhile to document what the limitations are in production to assist others that are looking at doing IPv6.
>
It can, it stores the extra stuff in the "ff:fe" part in TCAM, hence the
EUI-64 requirement. You should be able to make up any IPv6 address as
long as it contains ff:fe in the right place. I've been using 3750's for
a couple years now with IPv6 access lists and I've just come across this
annoyance while migrating things out of 2620:0:950::/48 and over to
2607:fe70::/32.
~Seth
More information about the cisco-nsp
mailing list