Applying Ipv6 Acls To Layer 2 And 3 Interface - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Applying IPv6 ACLs to Layer 2 and 3 Interface
The following example show various ways of configuring ACEs in IPv6 ACL:
To enable hardware statistics, enter the following commands while configuring ACEs in the access list:
Hardware statistics is disabled by default.
Note
Applying IPv6 ACLs to Layer 2 and 3 Interface
To apply an IPv6 ACL to a Layer 3 interface, perform the following task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# interface interface-type
slot/interface
Step 3
Switch(config-if)# ipv6 traffic-filter
ipv6-acl {in|out}
Note
IPv6 ACLs are supported on Layer 3 interfaces and on Layer 2 ports using the ipv6 traffic-filter
command.
The following example applies the extended-named IPv6 ACL simple-ipv6-acl to SVI 300 routed ingress
traffic:
Switch# configure terminal
Switch(config)# interface vlan 300
Switch(config-if)# ipv6 traffic-filter simple-ipv6-acl in
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
62-20
Switch(config)#ipv6 access-list v6test
The permit entry specifies the source and destination IPv6 addresses using wildcard masks:
Switch(config-ipv6-acl)#permit 1:2::3 FF:0:FFFF:AA:20:: 4:5::6 0:FFFF:2233::FFFF
Here the permit entry allows all packets that have a source UDP port, and specifies the permit
conditions for a destination IPv6 addresses using prefix/ prefix-length:
Switch(config-ipv6-acl)#permit udp any 3:8::5/64
Here the permit entry allows all packets that have a source TCP port and the IPv6 addresses (that
has been specified using a wildcard mask), and allows destination addresses that have IPv6 prefix
::/0.
Switch(config-ipv6-acl)#permit tcp 1:2::3 FFFF:FFFF:: any
Here the permit entry allows all packets (source and destination) that have IPv6 prefix ::/0. This is
necessary because an implicit deny -all condition is at the end of each IPv6 access list.
Switch(config-ipv6-acl)#permit any any
Switch(config)# ipv6 access-list v6test
Switch(config-ipv6-acl)# hardware statistics
Switch(config-ipv6-acl)# end
Chapter 62
Purpose
Enters global configuration mode.
Specifies the interface to be configured.
interface-type must be a Layer 3 interface.
Note
Applies the IPv6 ACL to a Layer 3 interface.
Configuring Network Security with ACLs
Advertisement
Chapters
Table of Contents
Troubleshooting
