1
00:00:08,940 --> 00:00:16,500
In this video, we're going to discuss IP version six access control lists or IPV six ACLs on the same

2
00:00:16,500 --> 00:00:23,430
way as with IP version four, IPV six access control lists allow you to permit or deny traffic in your

3
00:00:23,430 --> 00:00:28,340
network and are a component of a layered security model.

4
00:00:28,350 --> 00:00:32,490
Warning security breach scanning.

5
00:00:36,350 --> 00:00:42,320
In the real world, you don't necessarily just want to use access control lists for your security.

6
00:00:42,350 --> 00:00:49,610
You want to implement firewalls and other mechanisms such as intrusion prevention systems or IPS.

7
00:00:49,610 --> 00:00:55,550
But access lists are typically a first line of defense in security implementations.

8
00:00:56,090 --> 00:01:01,100
Now, IPV six access lists share many of the same characteristics of IP version four.

9
00:01:01,190 --> 00:01:07,340
So the knowledge that you've gained when working with IP version four access lists can also be applied

10
00:01:07,340 --> 00:01:09,560
to IPV six access lists.

11
00:01:09,560 --> 00:01:11,030
So they very similar.

12
00:01:11,030 --> 00:01:15,200
But there are differences between the two that you need to be aware of.

13
00:01:16,310 --> 00:01:17,150
In this topology.

14
00:01:17,150 --> 00:01:20,990
I've got three Cisco, iOS, AVI routers running in genius three.

15
00:01:21,800 --> 00:01:26,030
The routers are configured per the topology diagram.

16
00:01:26,690 --> 00:01:34,610
Notice as an example that router one on the left is able to ping the loopback of router three.

17
00:01:35,700 --> 00:01:39,750
So we could ping the loop back directly like that.

18
00:01:41,110 --> 00:01:53,170
Or we could specify a source address being the loopback of router one, so rather one can ping the loopback

19
00:01:53,170 --> 00:02:02,140
of router three directly using the gigabit or zero zero interface or using the loopback as the source

20
00:02:02,140 --> 00:02:03,460
of the traffic.

21
00:02:04,240 --> 00:02:14,230
So in order to conf t ipv six and there's a lot of options here, but we'll specify access list.

22
00:02:15,130 --> 00:02:17,260
And let's call this access list one.

23
00:02:17,710 --> 00:02:23,560
And press enter question mark shows us that we can permit or deny traffic as an example.

24
00:02:23,860 --> 00:02:29,320
So I'm going to permit a source network of 2001.

25
00:02:30,670 --> 00:02:31,150
Colon.

26
00:02:31,150 --> 00:02:32,230
One colon.

27
00:02:33,350 --> 00:02:37,280
Pollen slash 64 going anywhere.

28
00:02:37,820 --> 00:02:43,280
So in other words, we're going to permit all traffic on this network, but that doesn't include the

29
00:02:43,280 --> 00:02:44,780
loopback of rather one.

30
00:02:45,350 --> 00:02:53,060
I'll go into gigabit zero zero and type IPV six and again, we have a lot of options, but in this case,

31
00:02:53,060 --> 00:02:58,520
we're going to use a traffic filter of ACL one inbound.

32
00:03:00,130 --> 00:03:07,930
So previously we were able to ping the loopback of router three from the loop back of rata one as well

33
00:03:07,930 --> 00:03:11,170
as using the gigabit zero zero interface.

34
00:03:12,010 --> 00:03:16,030
So pinging the loop back of router three works.

35
00:03:16,510 --> 00:03:21,880
But when we specify the loop back as the source, the ping doesn't work.

36
00:03:22,120 --> 00:03:28,360
We've got a zero success rate, whereas this way we've got 100% success rate.

37
00:03:29,470 --> 00:03:31,870
So the access list is definitely working.

38
00:03:32,560 --> 00:03:40,170
So show IPV six access list shows us our access list.

39
00:03:40,180 --> 00:03:43,720
We can see that there are 11 matches.

40
00:03:45,640 --> 00:03:47,290
So ping that again.

41
00:03:48,150 --> 00:03:51,300
We don't see any matches on this line.

42
00:03:51,330 --> 00:03:54,660
The implicit deny is dropping the traffic.

43
00:03:55,170 --> 00:04:04,200
If we ping this way, we see the additional matches because the source traffic here is coming from 2001

44
00:04:04,200 --> 00:04:05,220
colon one.

45
00:04:05,220 --> 00:04:10,020
And that's what we matching in this access list.

46
00:04:11,630 --> 00:04:16,220
Show IPV six interface gigabit zero zero.

47
00:04:17,940 --> 00:04:25,260
Shows us information such as the link, local address, global unicast address.

48
00:04:26,530 --> 00:04:28,900
Multicast groups that have been joined.

49
00:04:29,470 --> 00:04:39,430
But notice sheer inbound access list is access list one or ACL one, so we can see the access list bound

50
00:04:39,460 --> 00:04:41,080
on that interface.

51
00:04:41,740 --> 00:04:48,700
So there was a simple example of an IP version six access list, permitting and denying traffic.

52
00:04:49,300 --> 00:04:52,600
That's an example of a standard access list.

53
00:04:53,860 --> 00:04:55,450
I hope you enjoyed this video.

54
00:04:55,450 --> 00:05:00,430
If you did, please like it and please subscribe to my YouTube channel.

55
00:05:00,760 --> 00:05:02,650
I wish you all the very best.