25 - IPv6 ACLs Flashcards
Can an outbound ACL on a router interface filter router-originated packets?
No
When using an ACL to perform security filtering on the perimeter of the network what is the more secure direction to apply it?
Apply in-bound ACLs on interfaces facing the untrusted network.
What is the first command when creating an IPv6 ACL?
ipv6 access-list (word) ex. Ipv6 access-list V6-VOIP-IN
How can you identify the difference between an IPv6 standard ACL vs an IPv6 extended ACL?
Just by looking at the content of the ACL. If more than source/destination then its and extended ACL
What are 2 permit statements that would allow RA and RS?
- permit icmp router-advertisement
- permit icmp any any router-solicitation
By default how often does a router send out RA messages?
every 200 seconds
What is PMTUD and what protocol does it use?
Packet MTU Discovery uses ICMP
What IPv6 command is equivalent to the IPv4 access-class cmd used to apply and ACL to a VTY line?
ipv6 access-class V6ACCESS in
How does IPv6 handle logging on entries in an ACL?
A log message is generated for the FIRST packet that matches and then every 5 minutes after that.
What is best practice when using ACLs to prevent trusted network packets from leaving the trusted network?
Apply out-bound on the interface facing the untrusted network
What 3 show commands can verify that an ACL has been created and applied?
- show running-config
- show ipv6 interface gig0/0
- show ipv6 access-list
Can you convert an IPv4 ACL by changing the addresses to IPv6 addresses and expect it to work?
No
What would an ACL have in it that permitted all multicast from anywhere?
permit ipv6 any ff80::/8
What are the 2 implicit permit statements in every IPv6 ACL?
- permit icmp any any nd-na
- permit icmp any any nd-ns
What would an ACL have in it that permitted ICMP echo-requests from anywhere?
permit icmp any any eq echo-request
