Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - Cisco IPv6 Native Config: Difference between revisions

Router - Cisco IPv6 Native Config (view source)

Revision as of 13:54, 2 November 2011

936 bytes added ,  2 November 2011
→‎Lock down your IPv6 network with an access list
#interface dialer0
#ipv6 traffic-filter adsl-ipv6 in
</pre>
 
 
02/11/2011
I would use the following access-list - I would advise against allowing any IPv6 ICMP into the network unless absolutely necessary and then only allow on a case-by-case basis
<pre>
ipv6 access-list adsl-ipv6
! This only allows in IPv6 traffic which originated from our local network
! No need for a deny at the end as an implicit deny is the default
evaluate tcptraffic-out-ipv6
evaluate udptraffic-out-ipv6
evaluate icmptraffic-out-ipv6
 
ipv6 access-list outboundfilters-ipv6
! This only creates a reflexive access-list that adsl-ipv6 uses to allow traffic back in
! No need for a deny at the end as an implicit deny is the default
permit tcp any any reflect tcptraffic-out-ipv6 timeout 30
permit icmp any any reflect icmptraffic-out-ipv6 timeout 30
permit udp any any reflect udptraffic-out-ipv6 timeout 30
 
interface dialer<n>
ipv6 traffic-filter adsl-ipv6 in
ipv6 traffic-filter outboundfilters-ipv6 out
</pre>
Parknook
7

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/1061