Configuring Access Control Lists access-list ipv6
34-10
Usage
In order to create a MAC-based access list, the switch must be put into access list “ipv6mode” with
the access-list ipv6mode command (page 34-2).
The no form of this command removes the defined access list or entry.
MAC-based access lists are applied to VLAN interfaces by using the
ip access-group command
(page 34-12) and to ports with the access-list interface command (page 34-14).
Example
This example creates a MAC-based access list.
C3(su)->router(Config)#access-list mac mymaclist permit any any ethertype arp vlan
100
access-list ipv6
Use this command to define an IPv6 access list when operating in router mode. In order to create
an IPv6 access list, the switch must be put into access list “ipv6mode” with the access-list
ipv6mode command.
The no form of this command removes the defined access list or entry.
Syntax
To create an IPv6 ACL entry:
access-list ipv6 name {deny | permit} protocol {srcipv6-addr/prefix-length | any}
[eq port] {dstipv6-addr/prefix-length | any} [eq port] [dscp dscp] [flow-label
label-value] [assign-queue queue-id]
no access-list ipv6 name [entryno [entryno]]
To insert or replace an ACL entry:
access-list ipv6 name insert | replace entryno {deny | permit} protocol srcipv6-
addr/prefix-length [eq port] dstipv6-addr/prefix-length [eq port] [dscp dscp]
[flow-label label-value] [assign-queue queue-id]
To move entries within an ACL:
access-list ipv6 name move destination source1 [source2]
Parameters
ipv6 name
[entryno [entryno]]
Specifies the name of the IPv6 access list. The name can be from 1 to 31
characters in length and is case-sensitive.
When using the no access-list command, you can delete a whole access-
list, or only specific entries in the list with the optional entryno
parameter. Specify a range of entries by entering the start and end entry
numbers.
deny | permit Denies or permits access if specified conditions are met.
To Next Page
Loading...
Need help?
General