I'm running version 08.0.30uT7f3.well that's wild. Never seen that before, I have a bunch of v6 ACLs on a stack of 2 6610's here at home and never ran into any issues. Could you post the problematic config, and what firmware version are you on
Here's the 2 ACLs that caused me issues.
Code:
ipv6 access-list iot-v6
remark DENY ADMIN ACCESS TO SWITCH
deny tcp any host 2605:a000:d401:7a03::1 eq ssh log
deny tcp any host 2605:a000:d401:7a03::1 eq telnet log
deny tcp any host 2605:a000:d401:7a03::1 eq http log
deny tcp any host 2605:a000:d401:7a03::1 eq ssl log
remark ALLOW SAME VLAN TRAFFIC
permit ipv6 any 2605:a000:d401:7a03::/64
remark ALLOW DHCP
permit udp any any eq bootps
permit udp any any eq bootpc
remark ALLOW ICMP
permit icmp any any
remark ALLOW ESTABLISHED TCP TRAFFIC
permit tcp any any established
remark ALLOW DNS REQUESTS
permit udp any host 2605:a000:d401:7a26::3 eq dns
permit tcp any host 2605:a000:d401:7a26::3 eq dns
permit udp any host 2605:a000:d401:7a26::5 eq dns
permit tcp any host 2605:a000:d401:7a26::5 eq dns
remark ALLOW RETURN OF SNMP TRAFFIC TO LIBRENMS SERVER
permit udp any eq snmp host 2605:a000:d401:7a26::81
permit udp any eq snmp-trap host 2605:a000:d401:7a26::81
remark DENY ALL OTHER INTER-VLAN TRAFFIC
deny ipv6 any 2605:a000:d401:7a00::/56 log
remark ALLOW REMAINING TRAFFIC
permit ipv6 any any
!
ipv6 access-list voip-v6
remark DENY ADMIN ACCESS TO SWITCH
deny tcp any host 2605:a000:d401:7a02::1 eq ssh log
deny tcp any host 2605:a000:d401:7a02::1 eq telnet log
deny tcp any host 2605:a000:d401:7a02::1 eq http log
deny tcp any host 2605:a000:d401:7a02::1 eq ssl log
remark ALLOW SAME VLAN TRAFFIC
permit ipv6 any 2605:a000:d401:7a02::/64
remark ALLOW DHCP
permit udp any any eq bootps
permit udp any any eq bootpc
remark ALLOW ICMP
permit icmp any any
remark ALLOW ESTABLISHED TCP TRAFFIC
permit tcp any any established
remark ALLOW DNS REQUESTS
permit udp any host 2605:a000:d401:7a26::3 eq dns
permit tcp any host 2605:a000:d401:7a26::3 eq dns
permit udp any host 2605:a000:d401:7a26::5 eq dns
permit tcp any host 2605:a000:d401:7a26::5 eq dns
remark ALLOW RETURN OF SNMP TRAFFIC TO LIBRENMS SERVER
permit udp any eq snmp host 2605:a000:d401:7a26::81
permit udp any eq snmp-trap host 2605:a000:d401:7a26::81
remark DENY ALL OTHER INTER-VLAN TRAFFIC
deny ipv6 any 2605:a000:d401:7a00::/56 log
remark ALLOW REMAINING TRAFFIC
permit ipv6 any any
I gave it another shot tonight, and so far no problems. I'm testing IPv6 ACLs on these two networks because there's only a handful of devices on them that support IPv6 before I roll out more ACLs to my other VLANs.
Last edited: