1
00:00:09,180 --> 00:00:17,430
This video we're going to discuss IP version 6 access control lists IPV six seals on the same way as

2
00:00:17,490 --> 00:00:24,930
with IP version 4 IPV 6 access control lists allow you to permit or deny traffic in your network and

3
00:00:24,960 --> 00:00:28,850
are a component of a layered security model.

4
00:00:30,840 --> 00:00:32,060
Access denied.

5
00:00:37,700 --> 00:00:41,010
I it's create an extended access list.

6
00:00:41,010 --> 00:00:46,160
So that's the access list we could apply it on gigabit to 0 0.

7
00:00:46,480 --> 00:00:58,850
I'll say no and remove the access list to show IPV 6 interface gigabit 0 0 doesn't show any access lists

8
00:00:58,850 --> 00:01:01,970
applied to the interface.

9
00:01:02,040 --> 00:01:10,870
And again show run shows us that no access list is applied to the interface so we can paying

10
00:01:13,820 --> 00:01:23,860
the loopback overall history from both the gigabit 00 interface and loopback interface of wrote a one.

11
00:01:24,040 --> 00:01:28,160
So let's create another access list so IPV 6 access list.

12
00:01:29,500 --> 00:01:36,150
And use a name such as ACL 2 would make more sense to use better names than that.

13
00:01:36,580 --> 00:01:38,370
But that's OK for this lab.

14
00:01:40,410 --> 00:01:56,090
Now I'm going to specify protocols permit TCAP any any permit or see MP three thousand and one color

15
00:01:56,320 --> 00:02:02,120
in one colon colon slash 64 going any.

16
00:02:03,050 --> 00:02:14,010
Interface gigabit is 0 0 IPV 6 and we have to use traffic full here ACL to inbound.

17
00:02:14,630 --> 00:02:18,860
So again can a one paying the loop of router 3.

18
00:02:18,860 --> 00:02:20,210
The answer is No.

19
00:02:20,630 --> 00:02:29,780
When using the loopback as the source but it can ping the loopback of router 3 using the physical interface

20
00:02:30,770 --> 00:02:36,440
can we telnet to the loopback of wrote 3.

21
00:02:36,610 --> 00:02:46,310
The moment it says Connection refused Let's have a look to the Viti one line of auroras three.

22
00:02:47,920 --> 00:03:00,630
We need to allow telnet on the line so line Vicci 1 0 for transport input all posts what Siska enable

23
00:03:00,630 --> 00:03:04,040
password Cisco Let's try again.

24
00:03:05,170 --> 00:03:19,460
We can telnet to the Rodda and what happens if we telnet using a source interface of loopback Zira.

25
00:03:19,810 --> 00:03:29,740
Notice we are able to telnet to router 3 using both the loopback as well as the physical interface but

26
00:03:29,740 --> 00:03:35,170
we can't ping from the loop back off road of one.

27
00:03:35,230 --> 00:03:36,520
So just to reiterate

28
00:03:39,490 --> 00:03:46,630
we have created an access list so show IPV six access list.

29
00:03:46,960 --> 00:03:54,370
We've created the sexist list called access list too that's permitting any TZP traffic but it's only

30
00:03:54,370 --> 00:04:01,020
permitting ICMP traffic from the network.

31
00:04:01,070 --> 00:04:02,870
There is an implicit deny.

32
00:04:02,890 --> 00:04:08,820
So when traffic is sent from this Lubeck address as the source it's dropped

33
00:04:11,510 --> 00:04:16,160
because it's not permitted by the statement or by the statement.

34
00:04:16,250 --> 00:04:24,620
But if we telnet to the loop back from the local loop back it works.

35
00:04:24,640 --> 00:04:33,750
Notice when we do show access list we can see the matches have increased just pulled us to the right

36
00:04:34,770 --> 00:04:44,460
and put in the password to that again notice matches have increased to enter matches have increased

37
00:04:45,630 --> 00:04:48,400
and again matches have increased.

38
00:04:48,480 --> 00:04:55,640
So telnet is permitted from the back of the router but ICMP isn't.

39
00:04:55,650 --> 00:04:58,690
So again pings are failing.

40
00:05:01,490 --> 00:05:05,570
And that's because of this access list is only permitting pain.

41
00:05:05,930 --> 00:05:08,970
Why see MP traffic from this network.

42
00:05:08,990 --> 00:05:19,480
We've also applied the access list inbound on gigabit 00 of Rodda to.

43
00:05:19,510 --> 00:05:24,070
So that's an example of an extended IP version 6 access list.

44
00:05:24,710 --> 00:05:31,100
A lot of the knowledge that you have with IP version 4 can be applied directly to IP version 6 access

45
00:05:31,100 --> 00:05:32,700
lists.

46
00:05:32,780 --> 00:05:39,430
I hope you enjoyed this video if you did please like it and please subscribe to my YouTube channel.

47
00:05:39,740 --> 00:05:41,390
I wish you all the very best.