cancel
Showing results for 
Search instead for 
Did you mean: 

ACL not working

kransom
New Contributor

Hi,

I am configuring ACLs for IPv6, and it is not going as expected. There must be something I am missing as the logic, in my mind, is making sense but it is not working. I have VE 10 (Vlan 10) connected to ISP (internet), VE 20 (Vlan 20), VE 30 (Vlan 30). I want to allow Vlan 20 to access the internet. I only added rules for the subnet on ve 20 since there is an implicit deny at the end of an ACL.

int ve 10
2600:f600:0:10001::c3/126

int ve 20
2600:f600:3600:1::/64

int ve 30
2600:f600:4600:1::/64

#ipv6 access-list inboundv6
permit ipv6 any 2600:f600:3600:1::/64

#ipv6 access-list outboundv6
permit ipv6 2600:f600:3600:1::/64  any

(int-vif-10)#ipv6 traffic-filter inboundv6 in
(int-vif-10)#ipv6 traffic-filter otuboundv6 out

This s h o u l d permit Vlan 20 to get out to the internet (do ping, ssh, dns, etc.), but for some reason it is being blocked.

5 REPLIES 5

Revisiting this, it should be
permit ipv6 2600:f600:3600:1::/64 any
instead of
permit ipv6 any 2600:f600:3600:1::/64