Table of Contents
Advertisement
ACL Commands
ipv6 access-list
ipv6 access-list
Cisco 220 Series Smart Plus Switches Command Line Interface Reference Guide Release 1.0.0.x
To define an IPv6-based ACL and to enter the IPv6 Access-List Configuration
mode, use the ipv6 access-list Global Configuration mode command.
To remove an IPv6-based ACL, use the no form of this command.
Syntax
acl-name
ipv6 access-list
no ipv6 access-list
acl-name
Parameters
acl-name
•
—Name of the IPv6-based ACL. (Range: 1 to 32 characters)
Default Configuration
No IPv6-based ACL is defined.
Command Mode
Global Configuration mode
User Guidelines
The IPv6-based ACEs for this IPv6-based ACL are defined in the permit (IPv6) and
deny (IPv6) commands.
An IPv6-based ACL is defined by a unique name. IPv4-based ACL, IPv6-based
ACL, MAC-based ACL, or policy map cannot have the same name.
Each IPv6-based ACL has implicit permit icmp any any nd-ns any, permit icmp any
any nd-na any, and deny ipv6 any any statements as its last match conditions. (The
former two match conditions allow for ICMPv6 neighbor discovery.)
The IPv6 neighbor discovery process uses the IPv6 network layer service,
therefore, by default, IPv6-based ACLs implicitly allow IPv6 neighbor discovery
packets to be sent and received on an interface. In IPv4, the Address Resolution
Protocol (ARP), which is equivalent to the IPv6 neighbor discovery process, uses a
separate data link layer protocol; therefore, by default, IPv4-based ACLs implicitly
allow ARP packets to be sent and received on an interface.
Example
switchxxxxxx(config)# ipv6 access-list test
4
76
Advertisement
Table of Contents
