IPv6 ACL on Telnet

Posted: April 19, 2017 in ipv6
Tags: , ,

Learn to configure ACL for Telnet on IPv6.Here in this example lab we are going to configure ACL on IPv6 for telnet service.First we will configure telnet on cisco router. Then we will configure IPv6 ACL on Router such that it allow telnet access to some hosts and block few hosts from telnet.

Here i have blocked host PC 2000::2/64 from telnet Cisco router and allowed other hosts to successfully telnet router machine.

ipv6 acl on telnet

STEP 1:Configure IPv6 Address on Cisco Routers and Other Host Machines Like PC and Servers.

 

Router>enable

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ipv6 unicast-routing

Router(config)#int fa0/0

Router(config-if)#ipv6 add 2000::1/64

Router(config-if)#no shut

Router(config-if)#exit

Router(config)#int fa0/1

Router(config-if)#ipv6 add 2001::1/64

Router(config-if)#no shut

 

STEP 2: Configure Telnet on Cisco Router.

 

Router>enable

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#enable password redhat

Router(config-line)#line vty 0 4

Router(config-line)#password ccna123

Router(config-line)#login

Router(config-line)#

 

STEP 3:Configure IPv6 ACL on TELNET

 

Router(config)#line vty 0 4

Router(config-line)#ipv6 access-list CCNP

Router(config-ipv6-acl)#deny ipv6 host 2000::2 any

Router(config-ipv6-acl)#permit ipv6 any any

Router(config-ipv6-acl)#exit

 

STEP 4: Now Apply the ACL rule created above for TELNET

 

Router(config)#line vty 0 4

Router(config-line)#ipv6 access-class CCNP in

Router(config-line)#exit

Router(config)#

 

STEP 5:Now troubleshoot and test your ACL rule.

 

Test telnet connection by trying to telnet your router machine from different hosts.

Check and find whether the hosts you blocked from telnet are blocked or not.

Also check other hosts which are not blocked from telnet are able to telnet your router.

 

 

STEP 6: SEE the ACL rules created.

 

Router#show ipv6 access-list

IPv6 access list CCNP

deny ipv6 host 2000::2 any (4 match(es))

permit ipv6 any any (1 match(es))
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s