Create an IPv6 ACL

Create an IPv6 ACL to specify an ordered list of ACEs, or filter rules.

You must specify the packet type as IPv6 at the ACL level to enable IPv6 filtering. By default, an ACL filters non IPv6 packets.

Note

Note

You cannot change packet type for the ACL after you have configured it. If you want a different packet type, you must delete the ACL and re-create it using the other packet type.

Before you begin

  • Application Telemetry must be disabled on VSP 4450 Series, VSP 7200 Series, VSP 8200 Series, and VSP 8400 Series.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create an IPv6 ACL:
    filter acl <acl-id> type <inVlan|inPort|outPort|inVsn> [matchType <both|terminatingNNIOnly|uniOnly> ] [name WORD<0-32>] [pktType ipv6] [name <0-32>]
    Note

    Note

    IPv6 egress QoS ACL/Filters are not supported.
  3. Enable the ACL:

    filter acl <acl-id> enable

  4. Ensure the configuration is correct:

    show filter acl [<acl-id>]

Variable definitions

Use the data in the following table to use the filter acl command.

Variable

Value

<acl-id>

Specifies the ACL ID. Use the CLI Help to see the available range for the switch.

enable

Enables the ACL state, and all associated ACEs. Enabled is the default state.

matchType <both|terminatingNNIOnly|uniOnly>

For inVsn ACL types, specifies the match type to associate with the ACL. Valid options are:
  • both for traffic ingressing on both UNI ports and NNI ports terminating on this node

  • terminatingNNIOnly for traffic ingressing on NNI ports only and terminating on this node

  • uniOnly for traffic ingressing on UNI ports only

The default value is both.

name WORD<0-32>

Specifies an optional descriptive name for the ACL.

type <inVlan|inPort|outPort|inVsn>

Specifies the ACL type. The values inVlan, inPort, and inVsn are ingress ACLs. The value outPort configures IPv6 egress filters.

A port-based ACL has precedence over a VLAN-based ACL.

pktType <ipv6>

Specifies the IP version as IPv6. The default is nonipv6.

Note:

You cannot change packet type for the ACL once you have configured it. If you want a different packet type, you must delete the ACL and re-create it using the other packet type.