Security

ACLs can enhance security by blocking IPv6 traffic carrying an unauthorized source IPv6 address. This can include:
  • Blocking access from specific devices or interfaces (port or VLAN)

  • Blocking access to or from subnets in your network

  • Blocking access to or from the Internet

  • Blocking access to sensitive data storage or restricted equipment

  • Preventing specific TCP, UDP, and ICMP traffic types, including unauthorized access using functions such as Telnet and SSH

You can also enhance switch management security by using ACLs to block IPv6 traffic that has the switch itself as the DA.

CAUTION:

ACLs can enhance network security by denying selected IPv6 traffic, and they can serve as one aspect of maintaining network security. However, because ACLs do not provide user or device authentication, or protection from malicious manipulation of data carried in IPv6 packet transmissions, they should not be relied upon for a complete security solution.

NOTE:

ACLs in the switches do not filter non-IPv6 traffic such as IPv4, AppleTalk, and IPX packets.