Table of Contents
Advertisement
Configuring IPv6 ACLs
Configuration Example
Command
show access-lists
show ipv6 access-list [access-list-name]
Configuration Example
The following example:
Creates an IPv6 ACL named CISCO.
Defines one deny entry that denies all packets that have a destination TCP port number greater than 5000 and a
second deny entry that denies packets that have a source UDP port number less than 5000. The second deny entry
also logs all matches to the console.
Defines a permit entry to permit all ICMP packets and another permit entry that allows all other traffic. The second
permit entry is necessary because an implicit deny-all condition is at the end of each IPv6 access list.
Applies the access list CISCO to outbound traffic on a Layer 3 interface.
Switch(config)# ipv6 access-list CISCO
Switch(config-ipv6-acl)# deny tcp any any gt 5000
Switch config-ipv6-acl)# deny ::/0 lt 5000 ::/0 log
Switch(config-ipv6-acl)# permit icmp any any
Switch(config-ipv6-acl)# permit any any
Switch(config-ipv6-acl)# exit
Switch(config)# interface gigabitethernet 0/3
Switch(config-if)# no switchport
Switch(config-if)# ipv6 address 2001::/64 eui-64
Switch(config-if)# ipv6 traffic-filter CISCO out
Purpose
Display all access lists configured on the switch.
Display all configured IPv6 access list or the access list specified by
name.
788
- Quick Links:
- Configuration Overview
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
