[c-nsp] Why doesn't this IPv6 ACL work?
Alexander Clouter
alex at digriz.org.uk
Tue Jun 22 06:47:28 EDT 2010
Hi,
Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
> On 06/22/2010 08:28 AM, Alexander Clouter wrote:
>
>> Just to really be a pain, it all seems fine on our 3750 stack:
>> ----
>> 103-1#show sdm prefer | include --useful-stuff
>> The current template is "desktop IPv4 and IPv6 routing" template.
>>
>> 103-1#show ver | include --useful-stuff
>> Switch Ports Model SW Version SW Image
>> ------ ----- ----- ---------- ----------
>> * 1 52 WS-C3750-48TS 12.2(53)SE1 C3750-IPSERVICESK9-M
>> 2 52 WS-C3750-48TS 12.2(53)SE1 C3750-IPSERVICESK9-M
>>
>> 103-1#conf t
>> Enter configuration commands, one per line. End with CNTL/Z.
>> 103-1(config)#ipv6 access-list test
>> 103-1(config-ipv6-acl)#permit tcp any host 2620:0:950:1:2c0:f0ff:fe5a:abe8 eq 25
>> 103-1(config-ipv6-acl)#permit tcp any host 2607:fe70:0:1:2c0:f0ff:fe5a:abe8 eq 25
>> 103-1(config-ipv6-acl)#end
>
> If I read it correctly, the problem was when applying the ACL to an
> interface, not defining the ACL?
>
> I get exactly the same as the OP:
>
> noc-rt1(config)#ipv6 access-list TEST
> noc-rt1(config-ipv6-acl)#permit tcp any host
> 2607:FE70:0:1:2C0:F0FF:FE5A:ABE8 sequence 30
>
> ...so it defines fine, then:
>
> noc-rt1(config-ipv6-acl)#int vl51
> noc-rt1(config-if)#ipv6 traffic-filter TEST in
> % This ACL contains following unsupported entries.
> % Remove those entries and try again.
> permit tcp any host 2607:FE70:0:1:2C0:F0FF:FE5A:ABE8 sequence 30
> % This ACL can not be attached to the interface.
>
> ...this on 12.2(52)SE
>
...and SE1 :)
My bad.
Cheers
--
Alexander Clouter
.sigmonster says: BOFH excuse #71:
The file system is full of it
More information about the cisco-nsp
mailing list