Is IPv6 ACL needed if not yet using IPv6?

Answered Question
Jul 14th, 2009

I am concerned about IPv6 traffic infiltrating my network before I'm ready to accept it. Do I need to configure an IPv6 ACL to deny any any IPv6 traffic if I'm only using IPv4? Can you have both an IPv4 and IPv6 ACL configured on the same interface?

I have this problem too.
0 votes
Correct Answer by Jerry Ye about 7 years 4 months ago

Hi Aaron,

Do you even have ipv6 unicast-routing in your configuration? If no, you don't have to concern about IPv6 traffic. You can apply IPv6 ACL on the IPv4 interface, but they are not going to do anything.

Here is a reference on how to do IPv6 ACL

http://www.cisco.com/en/US/partner/docs/ios/ipv6/configuration/guide/ip6-sec_trfltr_fw.html#wp1073622

HTH,

jerry

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
kduckett Tue, 07/14/2009 - 10:42

Hi Jerry,

Thanks for the reply. No, I do not have IPv6 unicast-routing enabled so I guess I'm good. I was not sure if any IPv6 commands were hidden thus making IPv6 operational.

Thanks again,

Keith

Jerry Ye Tue, 07/14/2009 - 10:51

Hi Keith,

You are good if you don't have ipv6 unicast-routing enabled. Your router doesn't know how to pass the traffic without that command.

Regards,

jerry

Actions

This Discussion