Options
IPV6 Access List Question. ACL Not Blocking Every ICMP Echo Request.
Uriah7
Member Posts: 45 ■■□□□□□□□□
in CCNA & CCENT
Hello everyone,
Studying for my CCNA and I have a quick question about IPV6 access lists. I have 3 routers connected with EIGRP routing enabled on interfaces used:
[Router1] G0/0 < -> G0/0 [Router2] G0/1 < - > G0/1 (2001:A:B:31::2) [Router3]
I created an access list on Router2 which is designed to block access from Router 1 G0/0 to Router 3 G0/1 (2001:A:B:31::2):
I then applied said ACL to interface G0/1 of Router2:
When I ping from Router1 to Router3:
Well, while typing up this thread, I realized that I must have an extra physical connection somewhere between Router2 and Router3. Of course, I did and a simple interface shutdown command on the proper interface of Router2 fixed everything. I will still post this so that others can laugh/learn from my mistake.
Studying for my CCNA and I have a quick question about IPV6 access lists. I have 3 routers connected with EIGRP routing enabled on interfaces used:
[Router1] G0/0 < -> G0/0 [Router2] G0/1 < - > G0/1 (2001:A:B:31::2) [Router3]
I created an access list on Router2 which is designed to block access from Router 1 G0/0 to Router 3 G0/1 (2001:A:B:31::2):
ipv6 access-list block_Router1 deny ipv6 any host 2001:A:B:31::2 permit ipv6 any any
I then applied said ACL to interface G0/1 of Router2:
interface GigabitEthernet0/1 .... ipv6 traffic-filter block_NYEDGE2 out ....
When I ping from Router1 to Router3:
ping ipv6 2001:A:B:31::2I receive the following output (with "debug ipv6 icmp" enabled):
Router1#ping 2001:A:B:31::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:A:B:31::2, timeout is 2 seconds: [B]A!AA![/B] [B]Success rate is 40 percent (2/5)[/B], round-trip min/avg/max = 0/0/0 ms NYWAN1# *Feb 23 18:43:26.403: ICMPv6: Sent echo request, Src=2001:A:B:30::3, Dst=2001:A:B:31::2 *Feb 23 18:43:26.403: ICMPv6: Received Unreachable code 1, Src=2001:A:B:31::1, Dst=2001:A:B:30::3 *Feb 23 18:43:26.403: ICMPv6: Sent echo request, Src=2001:A:B:30::3, Dst=2001:A:B:31::2 *Feb 23 18:43:26.403: ICMPv6: Received echo reply, Src=2001:A:B:31::2, Dst=2001:A:B:30::3 *Feb 23 18:43:26.407: ICMPv6: Sent echo request, Src=2001:A:B:30::3, Dst=2001:A:B:31::2 *Feb 23 18:43:26.407: ICMPv6: Received Unreachable code 1, Src=2001:A:B:30::1, Dst=2001:A:B:30::3 *Feb 23 18:43:26.407: ICMPv6: Sent echo request, Src=2001:A:B:30::3, Dst=2001:A:B:31::2 *Feb 23 18:43:26.407: ICMPv6: Received Unreachable code 1, Src=2001:A:B:31::1, Dst=2001:A:B:30::3 *Feb 23 18:43:26.407: ICMPv6: Sent echo request, Src=2001:A:B:30::3, Dst=2001:A:B:31::2 *Feb 23 18:43:26.407: ICMPv6: Received echo reply, Src=2001:A:B:31::2, Dst=2001:A:B:30::3 *Feb 23 18:43:31.491: ICMPv6: Received N-Solicit, Src=FE80::21F:6CFF:FE78:4120, Dst=2001:A:B:30::3 *Feb 23 18:43:31.495: ICMPv6: Sent N-Advert, Src=2001:A:B:30::3, Dst=FE80::21F:6CFF:FE78:4120 *Feb 23 18:43:31.499: ICMPv6: Sent N-Solicit, Src=FE80::225:45FF:FE47:4760, Dst=FE80::21F:6CFF:FE78:4121 *Feb 23 18:43:31.499: ICMPv6: Sent N-Solicit, Src=FE80::225:45FF:FE47:4760, Dst=FE80::21B:2AFF:FE49:B71 *Feb 23 18:43:31.503: ICMPv6: Received N-Advert, Src=FE80::21F:6CFF:FE78:4121, Dst=FE80::225:45FF:FE47:4760 *Feb 23 18:43:31.503: ICMPv6: Received N-Advert, Src=FE80::21B:2AFF:FE49:B71, Dst=FE80::225:45FF:FE47:4760
Well, while typing up this thread, I realized that I must have an extra physical connection somewhere between Router2 and Router3. Of course, I did and a simple interface shutdown command on the proper interface of Router2 fixed everything. I will still post this so that others can laugh/learn from my mistake.