1
00:00:09,180 --> 00:00:17,490
This video we're going to discuss IP version 6 access control lists IPV six seals on the same way as

2
00:00:17,490 --> 00:00:24,720
with IP version 4 IPV 6 access control lists allow you to permit or deny traffic in your network and

3
00:00:24,750 --> 00:00:28,660
are a component of a layered security model.

4
00:00:28,720 --> 00:00:31,010
What makes

5
00:00:36,490 --> 00:00:42,410
in the real world you don't necessarily just want to use Access Control lists for your security.

6
00:00:42,630 --> 00:00:49,470
You want to implement firewalls and other mechanisms such as intrusion prevention systems or IP addresses

7
00:00:49,890 --> 00:00:56,250
but access lists are typically a first line of defense in security implementations.

8
00:00:56,290 --> 00:01:01,410
Now IPV six access lists share many of the same characteristics of IP version 4.

9
00:01:01,440 --> 00:01:07,200
So the knowledge that you've gained when working with IP version for access lists can also be applied

10
00:01:07,650 --> 00:01:09,700
to IPV Sixaxis lists.

11
00:01:09,870 --> 00:01:16,700
So they very similar but there are differences between the two that you need to be aware of in this

12
00:01:16,730 --> 00:01:17,230
topology.

13
00:01:17,230 --> 00:01:18,830
I've got three Cisco Ioway.

14
00:01:18,880 --> 00:01:26,600
If the routers are running in Janissary the routers are configured per the topology diagram.

15
00:01:26,790 --> 00:01:35,670
Notice as an example that Rodda one on the left is able to paying the loop back of three.

16
00:01:35,890 --> 00:01:48,210
So we could ping the loop back directly like that or we could specify a source address being the loopback

17
00:01:48,870 --> 00:01:51,180
of Rato one.

18
00:01:51,180 --> 00:02:01,260
So one can ping the loop back of router three directly using the gigabit 00 interface or using the loopback

19
00:02:01,290 --> 00:02:04,470
as the source of the traffic.

20
00:02:04,500 --> 00:02:15,530
So in order to convert IPV 6 and there's a lot of options here but we'll specify access list and let's

21
00:02:15,530 --> 00:02:19,410
call this access list 1 and press enter.

22
00:02:19,790 --> 00:02:24,110
Question mark shows us that we can permit or deny traffic as an example.

23
00:02:24,110 --> 00:02:37,570
So I'm going to permit a source network of 2001 Colan one colon colon slash 64 going anyway.

24
00:02:38,070 --> 00:02:43,770
So in other words we going to permit all traffic on this network but that doesn't include the loopback

25
00:02:43,800 --> 00:02:50,220
of Route One or two gigabit 0 0 and type IPV syncs.

26
00:02:50,250 --> 00:02:58,390
And again we have a lot of options but in this case we're going to use a traffic filter of ACL one inbound

27
00:03:00,310 --> 00:03:06,860
So previously we were able to paying the loopback of rodder three from the loop back of wrought a one

28
00:03:07,580 --> 00:03:11,660
as well as using the gigabit 00 interface.

29
00:03:12,260 --> 00:03:21,290
So pinging the loopback of Rodda 3 works but when we specify the loopback as the source the ping doesn't

30
00:03:21,290 --> 00:03:22,220
work.

31
00:03:22,400 --> 00:03:29,650
We've got a zero success rate where as this way we've got 100 percent success rate.

32
00:03:29,700 --> 00:03:32,690
So the access list is definitely working.

33
00:03:32,820 --> 00:03:43,880
So show IPV 6 access list shows us how access list we can see that there are 11 matches.

34
00:03:45,750 --> 00:03:51,570
So ping that again we don't see any matches on this line.

35
00:03:51,600 --> 00:04:01,110
The implicit deny is dropping the traffic if we're paying this way we see the additional matches because

36
00:04:01,110 --> 00:04:05,320
the source traffic here is coming from 2001 cold on one.

37
00:04:05,550 --> 00:04:19,210
And that's what we matching in the access list show IPV 6 interface gigabit 00 shows us information

38
00:04:19,210 --> 00:04:29,420
such as the link local address global unicorn's to trace multicast groups that have been joined.

39
00:04:29,730 --> 00:04:39,540
But notice here in bone access list is access list one ACL one so we can see the access list Beland

40
00:04:39,540 --> 00:04:41,890
on that interface.

41
00:04:41,940 --> 00:04:49,000
So there was a simple example of an IP version 6 access list permitting and denying traffic.

42
00:04:49,500 --> 00:04:53,670
That's an example of a standard access list.

43
00:04:53,940 --> 00:05:00,610
I hope you enjoyed this video if you did please like it please subscribe to my YouTube channel.

44
00:05:00,900 --> 00:05:02,480
I wish you all the very best.