[c-nsp] Why doesn't this IPv6 ACL work?
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jun 22 04:16:51 EDT 2010
On 06/22/2010 08:28 AM, Alexander Clouter wrote:
> Just to really be a pain, it all seems fine on our 3750 stack:
> ----
> 103-1#show sdm prefer | include --useful-stuff
> The current template is "desktop IPv4 and IPv6 routing" template.
>
> 103-1#show ver | include --useful-stuff
> Switch Ports Model SW Version SW Image
> ------ ----- ----- ---------- ----------
> * 1 52 WS-C3750-48TS 12.2(53)SE1 C3750-IPSERVICESK9-M
> 2 52 WS-C3750-48TS 12.2(53)SE1 C3750-IPSERVICESK9-M
>
> 103-1#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> 103-1(config)#ipv6 access-list test
> 103-1(config-ipv6-acl)#permit tcp any host 2620:0:950:1:2c0:f0ff:fe5a:abe8 eq 25
> 103-1(config-ipv6-acl)#permit tcp any host 2607:fe70:0:1:2c0:f0ff:fe5a:abe8 eq 25
> 103-1(config-ipv6-acl)#end
If I read it correctly, the problem was when applying the ACL to an
interface, not defining the ACL?
I get exactly the same as the OP:
noc-rt1(config)#ipv6 access-list TEST
noc-rt1(config-ipv6-acl)#permit tcp any host
2607:FE70:0:1:2C0:F0FF:FE5A:ABE8 sequence 30
...so it defines fine, then:
noc-rt1(config-ipv6-acl)#int vl51
noc-rt1(config-if)#ipv6 traffic-filter TEST in
% This ACL contains following unsupported entries.
% Remove those entries and try again.
permit tcp any host 2607:FE70:0:1:2C0:F0FF:FE5A:ABE8 sequence 30
% This ACL can not be attached to the interface.
...this on 12.2(52)SE
More information about the cisco-nsp
mailing list