1
00:00:08,940 --> 00:00:16,500
In this video, we're going to discuss IP version six access control lists or IPV six ACLs on the same

2
00:00:16,500 --> 00:00:23,430
way as with IP version four, IPV six access control lists allow you to permit or deny traffic in your

3
00:00:23,430 --> 00:00:28,530
network and are a component of a layered security model.

4
00:00:30,770 --> 00:00:32,060
Access denied.

5
00:00:37,760 --> 00:00:39,920
Now let's create an extended access list.

6
00:00:40,820 --> 00:00:45,530
So that's the access list we've got applied on gigabit or zero zero.

7
00:00:46,370 --> 00:00:50,810
So I'll say no and remove the access list.

8
00:00:51,320 --> 00:00:55,850
So show IPV six interface gigabit is zero zero.

9
00:00:56,900 --> 00:01:01,010
It doesn't show any access lists applied to the interface.

10
00:01:01,850 --> 00:01:07,310
And again, show run shows us that no access list is applied to the interface.

11
00:01:09,040 --> 00:01:10,990
So we can ping.

12
00:01:13,680 --> 00:01:21,420
The loopback of router three from both the gigabit zero zero interface and loopback interface of right

13
00:01:21,420 --> 00:01:22,140
of one.

14
00:01:23,780 --> 00:01:25,520
So let's create another access list.

15
00:01:25,520 --> 00:01:35,240
So IPV six access list and I'll use a name such as ACL two would make more sense to use better names

16
00:01:35,240 --> 00:01:36,050
than that.

17
00:01:36,320 --> 00:01:38,330
But that's okay for this lab.

18
00:01:40,210 --> 00:01:42,220
Now I'm going to specify a protocol.

19
00:01:42,220 --> 00:01:48,310
So permit TCP any any.

20
00:01:49,990 --> 00:02:00,400
Permit ICMP 2001 colon one colon colon slash 64.

21
00:02:00,760 --> 00:02:06,760
Going anywhere interface gigabit zero zero IPV six.

22
00:02:07,240 --> 00:02:09,669
And we have to use traffic full to here.

23
00:02:10,770 --> 00:02:13,480
A SQL to inbound.

24
00:02:14,440 --> 00:02:18,780
So again can rather one ping the loopback of router three.

25
00:02:18,790 --> 00:02:27,790
The answer is no when using the loopback as the source, but it can ping the loopback of router three

26
00:02:27,820 --> 00:02:29,890
using the physical interface.

27
00:02:30,700 --> 00:02:35,320
Can we telnet to the loopback of right of three?

28
00:02:36,450 --> 00:02:36,900
At the moment.

29
00:02:36,900 --> 00:02:38,610
It says Connection refused.

30
00:02:38,670 --> 00:02:43,860
Let's have a look to the v t line of right of three.

31
00:02:47,670 --> 00:02:51,210
We need to allow telnet on the line.

32
00:02:51,510 --> 00:03:03,960
So line v t y is zero for transport input all password Cisco enable password Cisco to try again.

33
00:03:04,980 --> 00:03:06,960
We can telnet to the router.

34
00:03:08,040 --> 00:03:18,750
And what happens if we telnet using a source interface of loopback zero.

35
00:03:19,650 --> 00:03:29,220
Notice we are able to telnet to router three using both the loopback as well as the physical interface,

36
00:03:29,280 --> 00:03:34,350
but we can't ping from the loopback of rata one.

37
00:03:35,010 --> 00:03:36,660
So just to reiterate.

38
00:03:39,250 --> 00:03:41,410
We have created an access list.

39
00:03:41,410 --> 00:03:49,960
So show IPV six access list we've created to the sexist list called access list too.

40
00:03:50,110 --> 00:03:56,680
That's permitting any TCP traffic, but it's only permitting ICMP traffic from.

41
00:03:57,770 --> 00:03:59,090
This network.

42
00:04:01,050 --> 00:04:02,710
There's an implicit deny.

43
00:04:02,730 --> 00:04:08,970
So when traffic is sent from this loopback address as the source, it's dropped.

44
00:04:11,320 --> 00:04:15,700
Because it's not permitted by the statement or by this statement.

45
00:04:16,060 --> 00:04:21,040
But if we telnet to the loopback from the local loopback.

46
00:04:22,600 --> 00:04:23,830
It works.

47
00:04:24,430 --> 00:04:30,040
I notice when we do show access list, we can see the matches have increased.

48
00:04:31,910 --> 00:04:36,230
And I'll just pulled us to the right and put in the password.

49
00:04:37,520 --> 00:04:38,630
Do that again.

50
00:04:39,800 --> 00:04:41,240
Notice matches have increased.

51
00:04:41,240 --> 00:04:42,140
Hit enter.

52
00:04:43,160 --> 00:04:44,630
Matches have increased.

53
00:04:45,350 --> 00:04:46,420
Enter again.

54
00:04:46,430 --> 00:04:47,810
Matches have increased.

55
00:04:48,230 --> 00:04:54,800
So Telnet is permitted from the loopback of this router, but ICMP isn't.

56
00:04:55,400 --> 00:04:58,520
So again, pings are failing.

57
00:05:01,300 --> 00:05:08,200
And that's because this access list is only permitting ping or ICMP traffic from this network.

58
00:05:08,770 --> 00:05:17,920
We've also applied the access list inbound on gigabit zero zero of router to.

59
00:05:19,270 --> 00:05:23,710
So that's an example of an extended IP version six axis list.

60
00:05:24,580 --> 00:05:30,550
A lot of the knowledge that you have with IP version four can be applied directly to IP version six

61
00:05:30,550 --> 00:05:31,720
access lists.

62
00:05:32,680 --> 00:05:34,240
I hope you enjoyed this video.

63
00:05:34,270 --> 00:05:39,250
If you did, please like it and please subscribe to my YouTube channel.

64
00:05:39,580 --> 00:05:41,530
I wish you all the very best.