[c-nsp] Why doesn't this IPv6 ACL work?

Seth Mattinen sethm at rollernet.us
Mon Jun 21 22:40:19 EDT 2010


On 6/21/2010 19:14, Billy Guthrie wrote:
> Seth,
> 
> can you post line by line (including creation of the ACL list number)
> the commands you are entering?
> Maybe even a sanitized config?
> What IOS version are you running?
> 


Full sequence of commands, too:

switchy-core1>enable
Password:
switchy-core1#copy tftp://whiskers/acl/timmy-6 run
Destination filename [running-config]?
Accessing tftp://whiskers/acl/timmy-6...
Loading acl/timmy-6 from 208.79.242.34 (via Vlan7): !
[OK - 472 bytes]

472 bytes copied in 0.294 secs (1605 bytes/sec)
switchy-core1#conf ter
Enter configuration commands, one per line.  End with CNTL/Z.
switchy-core1(config)#int Fa1/0/3
switchy-core1(config-if)#ipv6 traffic-filter fw-timmy_6-out out
% This ACL contains following unsupported entries.
% Remove those entries and try again.
    permit tcp any host 2607:FE70:0:1:2C0:F0FF:FE5A:ABE8 eq smtp sequence 30
% This ACL can not be attached to the interface.
switchy-core1(config-if)#^Z
switchy-core1#show ipv6 access-list fw-timmy_6-out
IPv6 access list fw-timmy_6-out
    permit icmp any 2607:FE70:0:1::/64 sequence 10
    permit tcp any 2607:FE70:0:1::/64 established sequence 20
    permit tcp any host 2607:FE70:0:1:2C0:F0FF:FE5A:ABE8 eq smtp sequence 30
    permit tcp any host 2620:0:950:1:2C0:F0FF:FE5A:ABE8 eq smtp sequence 40
switchy-core1#




More information about the cisco-nsp mailing list