Note!
If interfaces have not been configured with IPv6 addresses yet, use fc00:1:1::/64 as the network-ID and ::x, as a host ID (where x=router-ID).
Topology
Pic 1. IPv6 Topology Diagram.
Task 1
Enable HTTP service in R3. Check if Vlan 27 can access the service.
Task 2
Configure filtering in R3 blocking access to HTTP server if the packets are sourced by Vlan 27. All remaining IPv6 networks should be able to access this service.
Solution
Task 1
Enable HTTP service in R3. Check if Vlan 27 can access the service.
R3 Config:
!ip http server
!
Verification:
Pic. 2 - HTTP Access from Vlan 27.
Task 2
Configure filtering in R3 blocking access to HTTP server if the packets are sourced by Vlan 27. All remaining IPv6 networks should be able to access this service.
R3 Config:
!ipv6 access-list VLAN27_BLOCK_HTTP
deny tcp FC00:1:1:1B::/64 any eq www
permit ipv6 any any
!
interface Serial1/0
ipv6 address FC00:1:1:20::3/64
ipv6 traffic-filter VLAN27_BLOCK_HTTP in
ipv6 ospf 1 area 13
serial restart-delay 0
!
Verification:
Pic. 3 - HTTP Access from Vlan 27.
Pic. 4 - HTTP Access from R1.
