This tutorial is all about how to configure IPv6 ACL on cisco Router.Here in this example lab we have shown ACL configuration on Cisco Router using cisco packet tracer software.Before we start configuring ACL on IPv6 i want to inform you that on IPV6 we only use Name Based Extended ACL
STEP 1:First Draw the Network Topology Diagram.
STEP 2: Assign IPv6 Address on Routers and PC as mentioned in Above Diagram.
Router>enable Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ipv6 unicast-routing Router(config)#int fa0/0 Router(config-if)#ipv6 add 2000::1/64 Router(config-if)#no shut Router(config-if)#exit Router(config)#int fa0/1 Router(config-if)#ipv6 add 2001::1/64 Router(config-if)#no shut
STEP 3:Configure Name Based Extended ACL on Router now.
Block web server for host 2000::2/64 but allow FTP server
Router(config)#ipv6 access-list CCNA Router(config-ipv6-acl)#deny tcp host 2000::2 host 2001::3 eq 80 Router(config-ipv6-acl)#permit tcp host 2000::2 host 2001::2 eq 21
Block FTP server for host 2000::3/64 but allow WEB Server access for him.
Router(config-ipv6-acl)#permit tcp host 2000::3 host 2001::3 eq 80 Router(config-ipv6-acl)#deny tcp host 2000::3 host 2001::2 eq 21 Router(config-ipv6-acl)#exit
STEP 4: Now tell the Router Interface about the ACL NAME you have created above.
Router(config)#int fa0/0 Router(config-if)#ipv6 traffic-filter CCNA in Router(config-if)#exit
STEP 5:Check Your Configuration from Host 2000::2/64
You must be able to access FTP server but can’t access WEB server
STEP 6: Check your Configuration From HOST 2000::3/64
You must be able to access WEB server but you cant Access FTP server.
Learn Linux CCNA CEH IPv6 Cyber-Security Online 