ipv6 access-group
Applies rules specified in an IPv6 access control list (ACL) to traffic entering an
interface.
Syntax
ipv6 access-group
ACLname
in
[
routed
]
no ipv6 access-group
ACLname
in
[
routed
]
Parameters
-
ACLname
- Specifies the name of the standard or extended IPv6 access list.
-
in
- Applies the ACL to incoming switched and routed traffic.
-
routed
- Applies this ACL only on Routed traffic.
Modes
Interface subtype configuration mode
Usage Guidelines
Use this command to apply an IPv6 ACL to one of the following interface types:
- User interfaces
- Physical interfaces
- Port-channels (LAGs)
- Virtual Ethernet (VE) (attached to a VLAN or to a bridge domain)
- The management interface
You can apply a maximum of five ACLs to a user interface, as follows:
- One ingress MAC ACL—if the interface is in switchport mode
- One egress MAC ACL—if the interface is in switchport mode
- One ingress IPv4 ACL
- One egress IPv4 ACL
- One ingress IPv6 ACL
You can apply a maximum of two ACLs to the management interface, as follows:
- One ingress IPv4 ACL
- One ingress IPv6 ACL
You can apply an ACL to multiple interfaces.
To remove an ACL from an interface, enter the no form of this
command.
The following guidelines apply to the routed keyword:
Examples
The following example applies an IPv6 ACL on an Ethernet interface to incoming
traffic.
device# configure terminal
device(config)# interface ethernet 0/1
device(conf-if-eth-0/1)# ipv6 access-group ipv6_acl_7 in
The following example removes an IPv6 ACL from an Ethernet interface.
device# configure terminal
device(config)# interface ethernet 0/1
device(conf-if-eth-0/1)# no ipv6 access-group ipv6_acl_7 in
The following example applies an IPv6 ACL on an Virtual Ethernet interface to incoming
routed traffic.
device# configure terminal
device(config)# interface Ve 10
device(conf-if-Ve-10)# ipv6 access-group ipv6_acl_7 in routed
