Table of Contents
Advertisement
ACL Commands
78-20269-01 Command Line Interface Reference Guide
console(config)# ip access-list extended server
console(config-ip-al)# deny ip 176.212.0.0 00.255.255
40.4
ipv6 access-list
Use the ipv6 access-list Global Configuration mode command to define an IPv6
access list (ACL) and to place the device in IPv6 Access List Configuration mode.
All commands after this command refer to this ACL. The rules (ACEs) for this ACL
are defined in the
permit ( IPv6 )
command is used to attach this ACL to an interface.
Use the no form of this command to remove the access list.
Syntax
ipv6 access-list [
acl-name]
no ipv6 access-list
[acl-name]
Parameters
•
acl-name—Name of the IPv6 access list. Range 0-32 characters (use "" for
empty string).
Default Configuration
No IPv6 access list is defined.
Command Mode
Global Configuration mode
User Guidelines
IPv6 ACL is defined by a unique name. IPv4 ACL, IPv6 ACL, MAC ACL or policy
maps cannot have the same name.
Every IPv6 ACL has an implicit permit icmp any any nd-ns any, permit icmp any
any nd-na any, and deny ipv6 any any statements as its last match conditions. (The
former two match conditions allow for ICMPv6 neighbor discovery.)
The IPv6 neighbor discovery process uses the IPv6 network layer service,
therefore, by default, IPv6 ACLs implicitly allow IPv6 neighbor discovery packets
to be sent and received on an interface. In IPv4, the Address Resolution Protocol
(ARP), which is equivalent to the IPv6 neighbor discovery process, uses a
and
deny ( IPv6 )
commands. The
40
service-acl
539
Advertisement
Table of Contents
