ipv6 access-group

Use this command to apply access restrictions to inbound or outbound frames on an interface when operating in router mode.

Syntax

ipv6 access-group name {in | out} [all-traffic | routed-traffic]
no ipv6 access-group name {in | out} [all-traffic | routed-traffic]

Parameters

name Specifies the name of the IPv6 access list to be applied to the interface.
in Filters inbound frames.
out Filters outbound frames.
all-traffic (Optional) Specifies that the assigned ACL is applied to all traffic on the interface, not just the routed traffic.
routed-traffic (Optional) Specifies that the assigned ACL is applied only to the routed traffic on the interface. (Default)

Defaults

None.

Mode

Interface configuration.

Usage

Access lists must be applied per routing interface. An entry (rule) can either be applied to inbound or outbound frames. An access list can be applied before it is created. The uncreated applied access list will have no affect.

By default, an IPv6 ACL is only applied to routed traffic. To apply the IPv6 ACL to all traffic, use the all-traffic option.

The no ipv6 access-group command removes the specified access list from this interface.

Example

This example shows how to apply the standard access list acl10 for all inbound frames on VLAN 50. Based upon the definition of access list acl10, only frames with source fe80:0:0:0:21f:45ff:fe3d:21aa/64 are routed. All the frames with other sources received on VLAN 50 are dropped:

System(su-config)->ipv6 access-list standard acl10
System(su-cfg-ipv6-std-acl)->permit fe80:0:0:0:21f:45ff:fe3d:21aa/64 log
System(su-cfg-ipv6-std-acl)->exit
System(su-config)->interface vlan 50
System(su-config-intf-vlan.0.50)->ipv6 access-group acl10 in
System(su-config-intf-vlan.0.50)->