Which configuration prevents traffic that is sourced from the unique local address scope to be sent
out of the link to the upstream service provider?
A.
interface ethernet0/0
ipv6 traffic-filter NoULA out
!
ipv6 access-list NoULA
deny ipv6 FC00::/8 any
permit ipv6 any any
B.
interface ethernet0/0
ipv6 traffic-filter NoULA out
!
ipv6 access-list NoULA
deny ipv6 FC00::/7 any
permit ipv6 any any
C.
interface ethernet0/0
ipv6 access-group NoULA out
!
ipv6 access-list NoULA
deny ipv6 FC00::/8 any
permit ipv6 any any
D.
interface ethernet0/0
ipv6 access-group NoULA out
!
ipv6 access-list NoULA
deny ipv6 FC00::/7 any
permit ipv6 any any
Explanation:
A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC 4193. It is
the approximate IPv6 counterpart of the IPv4 private address. Unique local addresses are
available for use in private networks, e.g. inside a single site or organization or spanning a limited
number of sites or organizations.
They are not routable in the global IPv6 Internet.
With our IPv6 ACL completed, we just need to apply it to an interface. There is a minor difference
in syntax herE. instead of using the command ip access-group to apply our IPv6 ACL, we use the
more aptly named command ipv6 traffic-filter, followed by the ACL name and a direction (in this
case, “out”).