Applying An Ipv6 Acl To An Interface - Cisco 3032 Software Configuration Manual

Configuring IPv6 ACLs
Use the no {deny | permit} IPv6 access-list configuration commands with keywords to remove the deny
or permit conditions from the specified access list.
This example configures the IPv6 access list named CISCO. The first deny entry in the list denies all
packets that have a destination TCP port number greater than 5000. The second deny entry denies
packets that have a source UDP port number less than 5000. The second deny also logs all matches to
the console. The first permit entry in the list permits all ICMP packets. The second permit entry in the
list permits all other traffic. The second permit entry is necessary because an implicit deny-all condition
is at the end of each IPv6 access list.
Switch(config)# ipv6 access-list CISCO
Switch(config-ipv6-acl)# deny tcp any any gt 5000
Switch config-ipv6-acl)# deny ::/0 lt 5000 ::/0 log
Switch(config-ipv6-acl)# permit icmp any any
Switch(config-ipv6-acl)# permit any any

Applying an IPv6 ACL to an Interface

This section describes how to apply IPv6 ACLs to network interfaces. If the switch is running the IP
services feature set, you can apply an ACL to outbound or inbound traffic on Layer 3 interfaces or to
inbound traffic on Layer 2 interfaces. If the switch is running the IP services or IP base feature set, you
can apply ACLs only to inbound management traffic on Layer 3 interfaces.
Beginning in privileged EXEC mode, follow these steps to control access to an interface:
Command
Step 1 configure terminal
Step 2 interface interface-id
Step 3 no switchport
Step 4 ipv6 address ipv6-address
Step 5 ipv6 traffic-filter access-list-name
{in | out}
Step 6 end
Step 7
show running-config
Step 8 copy running-config
startup-config
Use the no ipv6 traffic-filter access-list-name interface configuration command to remove an access
list from an interface.
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
35-8
Purpose
Enter global configuration mode.
Identify a Layer 2 interface (for port ACLs) or Layer 3 interface (for router
ACLs) on which to apply an access list, and enter interface configuration mode.
Switches running the IP services or IP base feature set do not support
Note
port ACLs.
If applying a router ACL, change the interface from Layer 2 mode (the default)
to Layer 3 mode.
Configure an IPv6 address on a Layer 3 interface.
This command is not required on Layer 2 interfaces or if the interface
Note
has already been configured with an explicit IPv6 address.
Apply the access list to incoming or outgoing traffic on the interface.
The out keyword is not supported for Layer 2 interfaces (port ACLs).
Note
If the switch is running the IP services or IP base feature set, the out
keyword is not supported for Layer 3 interfaces.
Return to privileged EXEC mode.
Verify the access list configuration.
(Optional) Save your entries in the configuration file.
Chapter 35 Configuring IPv6 ACLs
OL-12247-04