Last Updated on August 1, 2021 by Admin 1
Earlier today you created and applied an access list designed to restrict remote access to the router R62 ONLY from the device at 2001:DB8:0:4:: 32. During testing, you discover that it is not having the desired effect.You execute the show run command and see the following partial output that is relevant to the issue:
Why is the access list not functioning correctly?
- the IPv6 address in the list is not formatted correctly
- the list is not applied to the proper interface
- the list is missing a deny statement
- the ipv6 access-group command should be used to apply the list
The list is applied to the wrong interface. An access list that is designed to control remote access should be applied to the VTY lines, not to one of the physical interfaces. If the command were formatted correctly, the show run output would appear as follows:
The IPv6 address is formatted correctly. Although it has been shortened in format, it follows all of the shortening rules. It omits only leading zeros and it utilizes the double colon only once.
The access list does not require a deny statement. There is an implicit deny all at the end of the list.
The ipv6 access-group command should not be used to apply the list. This command is used when an access list is applied to a physical interface, not the VTY lines.
Configure and verify router security features