Cisco Catalyst 3120 Command Reference Manual page 235
Catalyst blade switch 3120 for hp command reference
Hide thumbs
Also See for Catalyst 3120:
- Software manual (1224 pages) ,
- Hardware installation manual (76 pages) ,
- Manual (42 pages)
Table of Contents
Advertisement
Chapter 2
Cisco Catalyst Blade Switch 3120 for HP Cisco IOS Commands
The IPv6 neighbor discovery process makes use of the IPv6 network layer service; therefore, by default,
IPv6 ACLs implicitly allow IPv6 neighbor discovery packets to be sent and received on an interface. In
IPv4, the Address Resolution Protocol (ARP), which is equivalent to the IPv6 neighbor discovery
process, uses a separate data-link layer protocol; therefore, by default, IPv4 ACLs implicitly allow ARP
packets to be sent and received on an interface.
Use the ipv6 traffic-filter interface configuration command with the access-list-name argument to apply
an IPv6 ACL to an IPv6 interface. You can apply inbound and outbound IPv6 ACLs to Layer 3 physical
interfaces or switch virtual interfaces for routed ACLs, but only inbound IPv6 ACLs to Layer 2 interfaces
for port ACLs.
Note
An IPv6 ACL applied to an interface with the ipv6 traffic-filter command filters traffic that is forwarded
by the switch and does not filter traffic generated by the switch.
Examples
This example puts the switch in IPv6 access list configuration mode and configures the IPv6 ACL named
list2 and applies the ACL to outbound traffic on an interface. The first ACL entry prevents all packets
from the network FE80:0:0:2::/64 (packets that have the link-local prefix FE80:0:0:2 as the first 64 bits
of their source IPv6 address) from leaving the interface. The second entry in the ACL permits all other
traffic to leave the interface. The second entry is necessary because an implicit deny-all condition is at
the end of each IPv6 ACL.
Switch(config)# ipv6 access-list list2
Switch(config-ipv6-acl)# deny FE80:0:0:2::/64 any
Switch(config-ipv6-acl)# permit any any
Switch(config-ipv6-acl)# exit
Switch(config)# interface gigabitethernet1/0/3
Switch(config-if)# no switchport
Switch(config-if)# ipv6 address 2001::/64 eui-64
Switch(config-if)# ipv6 traffic-filter list2 out
Note
IPv6 ACLs that rely on the implicit deny condition or specify a deny any any statement to filter traffic
should contain permit statements for link-local addresses to avoid the filtering of protocol packets.
Additionally IPv6 ACLs that use deny statements to filter traffic should also use a permit any any
statement as the last statement in the list.
Related Commands
Command
deny (IPv6 access-list
configuration)
ipv6 traffic-filter
permit (IPv6
access-list
configuration)
show ipv6 access-list
OL-12248-01
Description
Sets deny conditions for an IPv6 access list.
Filters incoming or outgoing IPv6 traffic on an interface.
Sets permit conditions for an IPv6 access list.
Displays the contents of all current IPv6 access lists.
Cisco Catalyst Blade Switch 3120 for HP Command Reference
ipv6 access-list
2-207
Advertisement
Table of Contents
