Pages

Monday, December 21, 2015

IPv6 and Security

R1#
! Prep work:
conf t
default int fa 1/0
default int fa 1/1
int fa 1/0
 mac-address cc1e.6783.1111
 no ip address
 duplex auto
 speed auto
 no keepalive
int fa 1/1
 mac-address cc1e.6783.1111
 no ip address
 duplex auto
 speed auto
 no keepalive
exit
no ipv6 router ospf 1
end
-----------------------------------------
configure terminal

! Enable IPv6 routing.  It is off by default
ipv6 unicast-routing
do show ipv6 int brief

!  Configure an IPv6 address on the interface
interface FastEthernet1/0
 ipv6 address 2001:0DB8:0000:000B:0000:0000:0000:0001/64
exit
do show ipv6 int brief

!  Configure the other interface on R1
interface FastEthernet1/1
ipv6 address 2001:DB8:0:A::1/64

!  Configure a routing protocol on R1
!  Note: no more "network" statements.

!  OSPFv3 requires a 32-bit router-id 
! If we have any IPv4 addresses, it will use that
! If no IPv4 addresses, we must set the router-id

ipv6 router ospf 1
router-id 1.1.1.1
exit

! To enable OSPFv3 on the interfaces, we need to
! go to each interface to tell them to participate in
! OSPFv3, in the correct process #
interface FastEthernet1/0
ipv6 ospf 1 area 0
exit

interface FastEthernet1/1
ipv6 ospf 1 area 0
exit

configure terminal
ipv6 access-list NO_TELNET
deny tcp 2001:db8:0:a::/64 any eq 23
permit any any

! Apply the ACL to the interface, inbound
int fa 1/1
ipv6 traffic-filter NO_TELNET in

! Verify the ACL
do show access-lists

No comments:

Post a Comment