ipv6 access-list

Creates a standard or extended IPv6 access control list (ACL). In ACLs, you can define rules that permit or deny network traffic based on criteria that you specify.

Syntax

ipv6 access-list { standard | extended } ACLname
no ipv6 access-list { standard | extended } ACLname

Parameters

standard | extended
Specifies one of the following types of access lists:
standard
Contains rules that permit or deny traffic based on source addresses that you specify. The rules are applicable to all ports of the specified addresses.
extended
Contains rules that permit or deny traffic according to source and destination addresses, as well as other parameters. For example, you can also filter by port, protocol (TCP or UDP), and TCP flags.
ACLname
Specifies an ACL name unique among all ACLs (Layer 2 and Layer 3). The name can be up to 63 characters in length, and must begin with an alphanumeric character. No special characters are allowed, except for the underscore and hyphen.

Modes

Global configuration mode

Usage Guidelines

An ACL name can be up to 63 characters long, and must begin with a–z, A–Z or 0–9. You can also use underscore (_) or hyphen (-) in an ACL name, but not as the first character.

After you create an ACL, use the seq command to create filtering rules for that ACL.

An ACL starts functioning only after:
  • Applied to an interface, using the { ip | ipv6 | mac } access-group command.
  • Applied at device-level, using the { ip | ipv6 } receive access-group command.

To delete an ACL, use the no access-list command. You can delete an ACL only after you first remove it from all interfaces to which it is applied, using the no access-group command.

Examples

The following example creates an IPv6 standard ACL: 
device# configure
device(config)# ipv6 access-list standard stdV6ACL1
The following example creates an IPv6 extended ACL: 
device# configure
device(config)# ipv6 access-list extended ipv6_acl_1
The following example creates rules on an IPv6 standard ACL: 
device# configure
device(config)# ipv6 access-list standard stdV6ACL1
device(conf-ipv6-std)# seq 10 permit 2001:db8:85a3:0:0:8a2e:370:7334
device(conf-ipv6-std)# seq 11 deny any
The following example deletes an IPv6 ACL: 
device# configure
device(config)# no ipv6 access-list standard stdV6ACL1
9036689-01 Rev AA