HTTP-over-IPv6 on Cisco IOS

Stumbled across this marvel while updating my IPv6 presentations for a 2-day seminar in Milano and Rome (straight from 15.2M&T command reference):

With IPv6 support added in Cisco IOS Release 12.2(2)T, the ip http server command simultaneously enables and disables both IP and IPv6 access to the HTTP server. However, an access list configured with the ip http access-class command will only be applied to IPv4 traffic. IPv6 traffic filtering is not supported.

Wait ... WHAT? I cannot control who can access the HTTP(S) server running in Cisco IOS over IPv6 (apart from kludges like ingress ACLs on all interfaces or CoPP), and this stupidity has been left unfixed for nine(9) years?. Are we really in 2012, less than a month away from World IPv6 Launch or have I been transported to 1990’s?

Recent posts in the same categories

13 comments:

  1. Doronin Pavel 21 May 2012 08:52
    Moreover

    ip http access-class access-list-number

    Where "access-list-number" is - standard IP access list number in the range 0 to 99, as configured by the access-list global configuration command.
    No named or extended ACL's, and no ACL's with expanded range <1300-1999>
    Seems to be very strange
  2. Jan Zorz 21 May 2012 09:08
    Pffff.... all I have to say :)
  3. Anonymous 21 May 2012 10:25
    It's a shame how big vendors still treat IPv6 as an experimental protocol without commercial relevance. A respected North-European telco equipment vendor delivered us an IPv6 implementation that doesn't support path MTU discovery. 'Just use TCP if you you want to send anything bigger than 1280 bytes'. In 2012.
  4. Job 21 May 2012 14:39
    That's just cruel...
  5. Anonymous 21 May 2012 14:39
    any decent STIG would have the http server disabled.
  6. Mirek Burnejko 21 May 2012 14:59
    Haha. The truth is no one cares. Even bad guys :)
  7. Michael67 21 May 2012 20:37
    What would be our world without your blog! Thanks to that posting, I can now go to bed with a calm conscience...
  8. N1x 22 May 2012 09:21
    It's Hole ;-)
  9. vit 22 May 2012 11:27
    control-plane policy?
  10. Frank Bulk 22 May 2012 20:06
    Open a case and add this URL to the case notes: http://www.youtube.com/watch?v=VCCgVh8wFdA
  11. RPM 29 May 2012 13:41
    I suppose this is an indication of justhow awful the IOS code base has become. Lord knows release quality has also taken a nose-dive in the last few years
  12. L3-switch 08 December 2016 13:07
    It is almost 2k17...
    Replies
    1. Ivan Pepelnjak 08 December 2016 13:17
      Checked the documentation. No visible progress in the last 4.5 years...
Add comment
Home
Sidebar