Packet Tracer Details: This packet tracer asks us to finish the addressing scheme, configure routing, and implement named access control lists for both routers and any other affected devices. This PT is only harder because of how much we have to do. To summarize it, all we have to really configure is OSPF, the ACLs, and some here-and-there type of things.
Below you will find a download of the completed packet tracer file. It is recommended that you read the tutorial, it provides knowledge on the configuration of this ACL.
Alternatively, you may use the commands from the tutorial.
Tutorial / Walk-throughThis Packet Tracer demonstrates how to use ACLs for IPv6 addresses. Generally, the method to do this is similar or the same, yet there are some differences. We've seen this type of formatting change before, such as OSPF's IPv6 versus IPv4 configuring.
Create an ACL, remeber to use the correct formatting, as this is an IPv6
R1(config)#ipv6 access-list BLOCK_HTTP
R1(config-ipv6-acl)#deny tcp any host 2001:db8:1:30::30 eq www
R1(config-ipv6-acl)#deny tcp any host 2001:db8:1:30::30 eq 443
R1(config-ipv6-acl)#permit ipv6 any any
So, I have a question for you, reader.
The purpose of ACL was to stop a DOS attack on Server 3 from a computer with the address of "2001:DB8:1:11::0/64", right?
So, PC1 should be able to visit the website, but PC2 should not be able to.
After all, you made an ACL for this, correct? Well... try to connect to the website on PC2. Does your ACL work?
It shouldn't, unless you've already done the next step.
PC2 is the cause for issues, so we need to apply this ACL onto that interface.
The interface that houses PC2 is G0/1, so apply the interface there.
R1(config-if)#ipv6 traffic-filter BLOCK_HTTP in
Good! So lets go into R3 to complete the next steps (which is blocking ICMP).
R3(config)#ipv6 access-list BLOCK_ICMP
R3(config-ipv6-acl)#deny icmp any any
R3(config-ipv6-acl)#permit ipv6 any any
Though... something is wrong...
The data from G0/0 (what we need to secure) is outbound, therefor, we need to block outbound pings, as such.
R3(config-if)#ipv6 traffic-filter BLOCK_ICMP out