Configuring An Ipv6 Og Acl - Cisco Catalyst 4500 Series Software Configuration Manual

Configuring Object Group ACLs

Configuring an IPv6 OG ACL

Command or Action
Step 1 configure terminal
Example:
Switch# configure terminal
Step 2 ipv6 access-list access-list-name
Example:
Switch(config)# ipv6 access-list
example-ipv6-acl
Step 3
{deny | permit } { any | proto | object-group
service-object-group-name} { host ipv6-addr |
ipv6-prefix | ipv6-addr ipv6-wildcard-bits |
object-group source-network-object-group-name} {
host ipv6-addr | ipv6-prefix | ipv6-addr
ipv6-wildcard-bits | object-group
dest-network-object-group-name}
Example:
Switch(config-ext-nacl)# permit object-group
mySG object-group myOG any sequence 10
Step 4 Repeat the steps to specify the fields and values on
which you want to base your access list.
Step 5 {end } | { exit }
Example:
Switch(config-v6service-group)# end
Applying an IPv6 OG ACL to an Interface
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2 interface type / slot
Example:
Switch(config)# interface vlan 100
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
62-48
Chapter 62 Configuring Network Security with ACLs
Purpose
Enters global configuration mode.
Defines an OG ACL with the specified name and enters
IPv6-ACL configuration mode.
(Optional) Permits any packet that matches all conditions
specified in the statement.
In this example, the service object group my SG, allows
network object groups from myOG with any destination.
Remember that all sources not specifically permitted are
denied by an implicit deny statement at the end of the
access list.
To exit the configuration mode, enter the end command.
To exit the IPv6-address object-group configuration mode,
enter the exit command.
Purpose
Enters the global configuration mode.
Specifies the interface and enters interface configuration
mode.
The interface-type must be a Layer 3 interface.