ipv6 receive access-group

Applies an IPv6 access control list (ACL) at global configuration level. Such receive-path ACLs filter incoming route-processor traffic according to rules that you create, but do not filter data-path traffic.

Syntax

ipv6 receive access-group acl-name [ sequence seq-number ]
no ipv6 receive access-group acl-name

Command Default

No receive-path ACLs are applied.

Parameters

acl-name
Specifies the name of the standard or extended IP access list.
sequence seq-number
Specifies the sequence of the rACL you are applying. Values range from 1 through 2047.

Modes

Global configuration mode

Usage Guidelines

For both interface ACLs and receive-path ACLs, you use identical commands to create the ACLs. You also use identical commands to define permit/deny rules in the ACLs. The only variance is the command you use to apply the ACL:
  • To apply an interface ACL, from an interface-subtype configuration mode you use the { ip | ipv6 | mac } access-group command.
  • To apply a receive-path ACL, from global configuration mode you use the { ip | ipv6 } receive access-group command.
You can apply a maximum of 400 receive-path ACLs to a device, as follows:
  • 200 IPv4 receive-path ACLs
  • 200 IPv6 receive-path ACLs

To remove a receive-path ACL, enter the no form of this command.

Examples

The following example creates an IPv6 extended ACL, defines rules in the ACL, and applies it as a receive-path ACL. 

device(config)# ipv6 access-list extended ipv6-receive-acl-example
device(conf-ipacl-ext)# hard-drop tcp host 10::1 any count 
device(conf-ipacl-ext)# hard-drop udp any host 20::1 count 
device(conf-ipacl-ext)# permit tcp host 10::2 any eq telnet count 
device(conf-ipacl-ext)# permit tcp host 10::2 any eq bgp count 

device(conf-ipacl-ext)# exit
device(config)# ipv6 receive access-group ipv6-receive-acl-example

The following example creates two IPv6 extended ACLs, defines rules in the ACLs, and applies them as receive-path ACLs—specifying the priority of each ACL.

device# configure terminal
device(config)# ipv6 access-list extended test-racl-v6-1
device(conf-ip6acl-ext)# deny ipv6 host 2::2 any count
device(conf-ip6acl-ext)# exit
device(config)# ipv6 access-list extended test-racl-v6-2
device(conf-ip6acl-ext)# permit ipv6 host 3::3 any
device(conf-ip6acl-ext)# exit


device(config)# ipv6 receive access-group test-racl-v6-1 seq 10
device(config)# ipv6 receive access-group test-racl-v6-2 seq 20
9036689-01 Rev AA