Refer to the exhibit. While monitoring VTY access to a router, an engineer notices that the router does not have any filter and anyone can access the router with username and password even though an ACL is configured.
Which command resolves this issue?
To filter management traffic such as VTY access, the command 'ipv6 access-class' is used. This command applies the access control list to traffic intended for the router itself, which includes management traffic like VTY access. The 'ipv6 traffic-filter' command, on the other hand, applies to traffic passing through an interface rather than traffic destined for the router. Therefore, the correct command to resolve the issue of unfiltered VTY access is 'ipv6 access-class INTERNET in'.
Answer is D: IPv6 access-class vs IPv6 traffic-filter The difference depends on whether you want to filter IPv6 traffic sent *to* the router or *through* the router. The 'ipv6 traffic-filter' command is used to filter IPv6 traffic flowing through an interface: Command reference (with example): http://www.cisco.com/en/US/docs/ios/ipv6/command/reference/ipv6_09.html#wp2297000 The 'ipv6 access-class' command is used to filter IPv6 traffic destined to the router (i.e. management traffic). Command reference (with example): http://www.cisco.com/en/US/docs/ios/ipv6/command/reference/ipv6_05.html#wp2274594
Simulated in a lab. It also can be applied to the vty with ipv6 access-class command. So, examine if the access-list applied via ipv6 access-class permit tcp traffic to port 23 (or 22 when ssh) from / to the desired IPs.
first, you should define ipv6 access-list in grobal configuration mode,and ipv6 traffic-filter is when you want to apply it in a interface, and when in conditio of a vty ,the command wull be access-list, the answer is D,given answer is correct
This is the right command to apply to the interface.
C is right,
C is correct answer, the ipv6 access-list need to be applied on an interface using ip filter command
This is being applied to the vty lines, so the answer is D
How can so many people get it wrong? traffic-filter command is the ipv6 equivalent for ip access-group for applying access-list to an interface
Answer is D: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-16/sec-data-acl-xe-16-book/ip6-acls-xe.html
Both C and D works to filter telnet access but in this case the acl, INTERNET, is not only dealing with telnet traffic but http and hosts as well and so it has to be applied at the interface using ipv6 traffic-filter in. C is the correct answer
Both C and D works to filter telnet access but in this case the acl, INTERNET, is not only dealing with telnet traffic but http and hosts as well and so it has to be applied at the interface using ipv6 traffic-filter in. C is the correct answer
Answer is D c) ipv6 traffic-filter -> it's used under the interface d) ipv6 access-class -> it's used under the VTY line