05-17-2024 09:57 AM - edited 05-17-2024 09:58 AM
Hi,
I am configuring ACLs for IPv6, and it is not going as expected. There must be something I am missing as the logic, in my mind, is making sense but it is not working. I have VE 10 (Vlan 10) connected to ISP (internet), VE 20 (Vlan 20), VE 30 (Vlan 30). I want to allow Vlan 20 to access the internet. I only added rules for the subnet on ve 20 since there is an implicit deny at the end of an ACL.
int ve 10
2600:f600:0:10001::c3/126
int ve 20
2600:f600:3600:1::/64
int ve 30
2600:f600:4600:1::/64
#ipv6 access-list inboundv6
permit ipv6 any 2600:f600:3600:1::/64
#ipv6 access-list outboundv6
permit ipv6 2600:f600:3600:1::/64 any
(int-vif-10)#ipv6 traffic-filter inboundv6 in
(int-vif-10)#ipv6 traffic-filter otuboundv6 out
This s h o u l d permit Vlan 20 to get out to the internet (do ping, ssh, dns, etc.), but for some reason it is being blocked.
08-01-2024 08:56 AM
Revisiting this, it should be
permit ipv6 2600:f600:3600:1::/64 any
instead of
permit ipv6 any 2600:f600:3600:1::/64