Which of the following IPv6 access list statements would permit SSH traffic from 2001:DB8:0:4::32 when applied to the VTY lines?

Last Updated on August 1, 2021 by Admin 1

Which of the following IPv6 access list statements would permit SSH traffic from 2001:DB8:0:4::32 when applied to the VTY lines?

  • permit ipv6 2001:DB3:0:5::/48 any eq ssh
  • permit ipv6 2001:DB8:0:4::/64 any eq ssh
  • permit ipv6 host 2001:DB8:0:4::32 any eq 23
  • permit ipv6 2001:DE8:0:4:::/48 any eq 22
Explanation:
The only statement that would allow SSH traffic from 2001:DB8:0:4::32 is permit ipv6 2001:DB8:0:4::/64 any eq ssh. It would match because it specifies the 2001:DB8:0:4:: subnet as a result of the /64 prefix. With that prefix, traffic must match in the first four hextets. Since the address 2001:DB8:0:5::32 matches in the first four hextets, it is allowed.

The statement permit ipv6 2001:DB3:0:5::/48 any eq ssh will not permit traffic from 2001:DB8:0:4::32. With a /48 subnet mask, the address must match in the first three hextets, and it does not do

Objective:
Infrastructure Security
Sub-Objective:
Configure and verify router security features

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments