4
ACL Commands
4.4
ipv6 access-list (IPv6 extended)
Use the ipv6 access-list Global Configuration mode command to define an IPv6
access list (ACL) and to place the device in Ipv6 Access-list Configuration mode.
All commands after this command refer to this ACL. The rules (ACEs) for this ACL
are defined in the
permit ( IPv6 )
and
deny ( IPv6 )
commands. The
service-acl
input
command is used to attach this ACL to an interface.
Use the no form of this command to remove the access list.
Syntax
acl-name]
ipv6 access-list [
[acl-name]
no ipv6 access-list
Parameters
acl-name—Name of the IPv6 access list. Range 1-32 characters.
Default Configuration
No IPv6 access list is defined.
Command Mode
Global Configuration mode
User Guidelines
IPv6 ACL is defined by a unique name. IPv4 ACL, IPv6 ACL, MAC ACL or policy
maps cannot have the same name.
Every IPv6 ACL has an implicit permit icmp any any nd-ns any, permit icmp any
any nd-na any, and deny ipv6 any any statements as its last match conditions. (The
former two match conditions allow for ICMPv6 neighbor discovery.)
The IPv6 neighbor discovery process uses the IPv6 network layer service,
therefore, by default, IPv6 ACLs implicitly allow IPv6 neighbor discovery packets
to be sent and received on an interface. In IPv4, the Address Resolution Protocol
(ARP), which is equivalent to the IPv6 neighbor discovery process, uses a
separate data link layer protocol; therefore, by default, IPv4 ACLs implicitly allow
ARP packets to be sent and received on an interface.
Example
switchxxxxxx(config)#
ipv6 access-list
acl1
119
OL-32830-01 Command Line Interface Reference Guide