Is IPv6 ACL needed if not yet using IPv6?

Answered Question
Jul 14th, 2009
User Badges:

I am concerned about IPv6 traffic infiltrating my network before I'm ready to accept it. Do I need to configure an IPv6 ACL to deny any any IPv6 traffic if I'm only using IPv4? Can you have both an IPv4 and IPv6 ACL configured on the same interface?

Correct Answer by Jerry Ye about 8 years 1 week ago

Hi Aaron,


Do you even have ipv6 unicast-routing in your configuration? If no, you don't have to concern about IPv6 traffic. You can apply IPv6 ACL on the IPv4 interface, but they are not going to do anything.


Here is a reference on how to do IPv6 ACL


http://www.cisco.com/en/US/partner/docs/ios/ipv6/configuration/guide/ip6-sec_trfltr_fw.html#wp1073622


HTH,

jerry

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jerry Ye Tue, 07/14/2009 - 10:27
User Badges:
  • Cisco Employee,

Hi Aaron,


Do you even have ipv6 unicast-routing in your configuration? If no, you don't have to concern about IPv6 traffic. You can apply IPv6 ACL on the IPv4 interface, but they are not going to do anything.


Here is a reference on how to do IPv6 ACL


http://www.cisco.com/en/US/partner/docs/ios/ipv6/configuration/guide/ip6-sec_trfltr_fw.html#wp1073622


HTH,

jerry

kduckett Tue, 07/14/2009 - 10:42
User Badges:

Hi Jerry,


Thanks for the reply. No, I do not have IPv6 unicast-routing enabled so I guess I'm good. I was not sure if any IPv6 commands were hidden thus making IPv6 operational.


Thanks again,

Keith

Jerry Ye Tue, 07/14/2009 - 10:51
User Badges:
  • Cisco Employee,

Hi Keith,


You are good if you don't have ipv6 unicast-routing enabled. Your router doesn't know how to pass the traffic without that command.


Regards,

jerry

Actions

This Discussion