This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ACL not working

kransom
New Contributor

‎05-17-2024 09:57 AM - edited ‎05-17-2024 09:58 AM

Hi,

I am configuring ACLs for IPv6, and it is not going as expected. There must be something I am missing as the logic, in my mind, is making sense but it is not working. I have VE 10 (Vlan 10) connected to ISP (internet), VE 20 (Vlan 20), VE 30 (Vlan 30). I want to allow Vlan 20 to access the internet. I only added rules for the subnet on ve 20 since there is an implicit deny at the end of an ACL.

int ve 10
2600:f600:0:10001::c3/126

int ve 20
2600:f600:3600:1::/64

int ve 30
2600:f600:4600:1::/64

#ipv6 access-list inboundv6
permit ipv6 any 2600:f600:3600:1::/64

#ipv6 access-list outboundv6
permit ipv6 2600:f600:3600:1::/64  any

(int-vif-10)#ipv6 traffic-filter inboundv6 in
(int-vif-10)#ipv6 traffic-filter otuboundv6 out

This s h o u l d permit Vlan 20 to get out to the internet (do ping, ssh, dns, etc.), but for some reason it is being blocked.

Labels:
0 Kudos
5 REPLIES 5

kransom
New Contributor
In response to Squozen

‎08-01-2024 08:56 AM

Revisiting this, it should be
permit ipv6 2600:f600:3600:1::/64 any
instead of
permit ipv6 any 2600:f600:3600:1::/64

0 Kudos
Copyright © 2024 Khoros, LLC