1
00:00:00,830 --> 00:00:05,510
Now IPV six access lists are similar to IP version for access lists.

2
00:00:05,660 --> 00:00:07,280
Here are some examples.

3
00:00:08,109 --> 00:00:13,210
Both can match on the source IP address or destination IP address in the protocol header.

4
00:00:13,780 --> 00:00:17,890
IPV six ACLs on IPV six IP addresses.

5
00:00:18,280 --> 00:00:23,200
IP version for access lists on IP version four addresses.

6
00:00:23,740 --> 00:00:28,930
Both can match individual host addresses or subnets or prefixes.

7
00:00:29,440 --> 00:00:35,800
In other words, you can match an individual host in IPV six and permit or deny that host, or you could

8
00:00:35,800 --> 00:00:39,010
permit or deny a IP version six subnet.

9
00:00:39,430 --> 00:00:46,750
Both IP version four and IP version six are applied in an inbound or outbound direction on a layer three

10
00:00:46,750 --> 00:00:52,780
interface, such as a routers interface or switch to virtual interface on a switch.

11
00:00:53,200 --> 00:00:59,510
Both IP version four and IP version six can match on transport layer protocol information such as TCP

12
00:00:59,510 --> 00:01:04,239
IP or UDP source port number or destination port number.

13
00:01:04,810 --> 00:01:08,920
Both can also match ICMP message types and codes.

14
00:01:08,950 --> 00:01:09,700
Be careful.

15
00:01:09,700 --> 00:01:17,050
There are differences between the types and codes in IP version six versus IP version four.

16
00:01:17,410 --> 00:01:23,260
Both have an implicit deny statement at the end that matches all remaining packets.

17
00:01:23,260 --> 00:01:29,740
So a deny any any to the end of both IP version four and IP version six.

18
00:01:30,430 --> 00:01:33,550
Both also support time based access lists.

19
00:01:33,670 --> 00:01:37,510
Now, there are some differences between IP version four and IP version six.

20
00:01:37,750 --> 00:01:45,100
IP version four access lists only match IP version four packets and not IP version six and also only

21
00:01:45,100 --> 00:01:48,400
match fields in IP version four headers.

22
00:01:48,670 --> 00:01:50,950
We have this concept of ships in the night.

23
00:01:50,980 --> 00:01:55,450
IP version six is totally independent and separate to IP version four.

24
00:01:55,780 --> 00:02:00,010
So what IP version four is doing has nothing to do with IP version six.

25
00:02:00,370 --> 00:02:04,510
And what IP version six is doing has nothing to do with IP version four.

26
00:02:04,630 --> 00:02:10,539
IP version six could be permitted, but IP version four could be denied as an example, IP version six

27
00:02:10,539 --> 00:02:14,020
access lists match on IP version six addresses only.

28
00:02:14,350 --> 00:02:20,620
So it matches on source destination IP version six address as well as other fields unique to an IP version

29
00:02:20,620 --> 00:02:21,460
six header.

30
00:02:21,610 --> 00:02:26,860
Here are some examples of the differences between IP version four and IP version six.

31
00:02:27,280 --> 00:02:32,320
IP version for access lists once again, only match IP version for packets.

32
00:02:32,560 --> 00:02:39,730
IP version six Access Lists Only Match IP version six packets IP version four Access lists are identified

33
00:02:39,730 --> 00:02:45,850
by a name or a number, but IP version six access lists only use names.

34
00:02:46,550 --> 00:02:54,470
IP version for access lists identify whether an access list is extended or standard by using either

35
00:02:54,470 --> 00:03:03,980
numbers such as 1 to 99 being standard access lists or 100 to 199 being extended access lists.

36
00:03:04,100 --> 00:03:11,570
Or they use keywords such as standard or extended IP version six access lists use a similar convention

37
00:03:11,570 --> 00:03:19,010
of standard and extended access lists, but they are only differentiated by the use of a word rather

38
00:03:19,010 --> 00:03:23,600
than a number because numbers are not used in IP version six.

39
00:03:24,110 --> 00:03:31,280
IP version for access lists can match on specific values unique to IP version for such as precedence

40
00:03:31,280 --> 00:03:33,920
type of service, title and fragments.

41
00:03:34,460 --> 00:03:41,780
Whereas IP version six access lists match on specific values unique to an IP version six header such

42
00:03:41,780 --> 00:03:48,320
as a flow label or a DHCP value as well as extensions and option header values.

43
00:03:48,470 --> 00:03:54,530
IP Version six Access lists have some implicit permit statements at the end of each access list just

44
00:03:54,530 --> 00:03:58,250
above the implicit deny all at the end of the access list.

45
00:03:58,250 --> 00:04:03,800
Whereas IP version for access lists do not have implicit permit statements.