Cisco Catalyst 4500 Series - Applying Ipv6 Acls to Layer 2 and 3 Interface

To Next Page

To Previous Page

62-20

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 62 Configuring Network Security with ACLs

Applying IPv6 ACLs to Layer 2 and 3 Interface

The following example show various ways of configuring ACEs in IPv6 ACL:

Switch(config)#ipv6 access-list v6test

The permit entry specifies the source and destination IPv6 addresses using wildcard masks:

Switch(config-ipv6-acl)#permit 1:2::3 FF:0:FFFF:AA:20:: 4:5::6 0:FFFF:2233::FFFF

Here the permit entry allows all packets that have a source UDP port, and specifies the permit

conditions for a destination IPv6 addresses using prefix/ prefix-length:

Switch(config-ipv6-acl)#permit udp any 3:8::5/64

Here the permit entry allows all packets that have a source TCP port and the IPv6 addresses (that

has been specified using a wildcard mask), and allows destination addresses that have IPv6 prefix

::/0.

Switch(config-ipv6-acl)#permit tcp 1:2::3 FFFF:FFFF:: any

Here the permit entry allows all packets (source and destination) that have IPv6 prefix ::/0. This is

necessary because an implicit deny -all condition is at the end of each IPv6 access list.

Switch(config-ipv6-acl)#permit any any

To enable hardware statistics, enter the following commands while configuring ACEs in the access list:

Switch(config)# ipv6 access-list v6test

Switch(config-ipv6-acl)# hardware statistics

Switch(config-ipv6-acl)# end

Note Hardware statistics is disabled by default.

Applying IPv6 ACLs to Layer 2 and 3 Interface

To apply an IPv6 ACL to a Layer 3 interface, perform the following task:

Note IPv6 ACLs are supported on Layer 3 interfaces and on Layer 2 ports using the ipv6 traffic-filter

command.

The following example applies the extended-named IPv6 ACL simple-ipv6-acl to SVI 300 routed ingress

traffic:

Switch# configure terminal

Switch(config)# interface vlan 300

Switch(config-if)# ipv6 traffic-filter simple-ipv6-acl in

Command Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# interface interface-type

slot/interface

Specifies the interface to be configured.

Note interface-type must be a Layer 3 interface.

Step 3

Switch(config-if)# ipv6 traffic-filter

ipv6-acl {in|out}

Applies the IPv6 ACL to a Layer 3 interface.

Main Page

Cisco Catalyst 4500 Series - Applying Ipv6 Acls to Layer 2 and 3 Interface

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Related product manuals