Comments (4)
Further testing shows I am incorrect -- IOS correctly recognizes protocols 6
and 17, converting them to TCP and UDP:
LAB6500#conf t
Enter configuration commands, one per line. End with CNTL/Z.
LAB6500(config)#ipv6 access-list testing
LAB6500(config-ipv6-acl)#permit 6 any any
LAB6500#show ipv6 access-list testing
IPv6 access list testing
permit tcp any any sequence 10
So it appears just ICMP needs to not be converted, and left as a string
Original comment by [email protected]
on 25 Feb 2011 at 4:37
from capirca.
This seems like a bug in the Cisco IOS code rather than in capirca, as the
cisco docs indicate a numeric protocol is acceptable.
I tested this and my routers seems to accept the ACL onto the interface,
although I didn't test against live traffic to see if the actions work as
expected.
I'll take a close look at this soon.
Original comment by [email protected]
on 13 Jul 2011 at 9:55
- Changed state: Started
from capirca.
Brandon: To filter ICMP messages in inet6 filters one must use icmpv6 in term
definition:
term permit-icmp {
comment:: "Permit all ICMP traffic"
protocol:: icmpv6
action:: accept
}
This will result in the following output:
permit 58 any any
58 is a protocol number for icmpv6 which Cisco also properly recognizes (tested
on C4900M, IOS version 12.2(54)SG).
This info is based on the latest SVN version of capirca. It is possible that
icmpv6 handling for Cisco was indeed broken when this bug was opened.
Original comment by [email protected]
on 7 Aug 2011 at 3:45
from capirca.
[email protected] is correct.
use protocol icmpv6 (protocol 58) instead of icmp (protocol 1) when working
with IPv6 ICMP.
Original comment by watson
on 18 Aug 2011 at 1:00
- Changed state: Fixed
from capirca.
Related Issues (20)
- Release new PyPi version HOT 1
- Support for IOSXR IPv6 Object Group ACLs
- Cisco object-group ACLs don't properly render ICMP type and code
- Cisco remarks missing quotes HOT 2
- Indentation is wrong for the return statement HOT 1
- iptables does not generate any rules from protocol:: icmp icmpv6
- Installer doesn't put capirca command in ~/.local/bin HOT 1
- Juniper ethernet-switching for EX or QFX
- Capirca overwrites the tools namespace HOT 1
- Add support in ArubaOS-Switch and AOS-CX-Switch HOT 3
- Add support in HP Advanced ACL
- Add support in Cisco WLC ACL
- ACL with line numbering
- Add a generator for NSX-T HOT 3
- Allow dot in token names
- Implement atomic acl updates on cisco ios
- Add support for MikroTik RouterOS ACLs
- Build is broken on Python 3.8 due to types used in NSX-T plugin HOT 1
- NSX-T plugin generates invalid payload: netblocks including 0.0.0.0/anything, port ranges consisting of one port HOT 2
- Add support for OPNSense
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from capirca.