[f-nsp] Question about IPv6 SSH Access Group on Jetcore
Philipp Geschke
foundry-nsp at pgmail.net
Thu Nov 25 08:55:50 EST 2010
Hi,
I seem to be unable to get SSH Access via IPv6 restricted on a Jetcore
with Provider Firmware 08.0.01v.
After reading the manual, my understanding is that the following should
restrict ssh access only to subnet 2001:db8:1:2::/64:
ipv6 access-list ipv6-mgmt-in
permit ipv6 2001:db8:1:2::/64 any
ssh access-group ipv6 ipv6-mgmt-in
As all IPv6 acl's have an implicit deny ipv6 any any rule as soon as any
permit rules are configured this should block everything but the subnet
2001:db8:1:2::/64 from having access using SSH.
But when I test from any other IPv6 address I can log on to SSH without
any trouble.
I tried to use a manual deny ipv6 any any rule in the acl without any
difference.
Does anybody successfully restrict SSH Access on IPv6 and can give me a
hint here?
Thanks,
Philipp
More information about the foundry-nsp
mailing list