DGS-6604
ipv6 access-list
CLI Reference Guide
329
ipv6 access-list
Use this command to create or modify an IPv6 access list. This command will
enter into the ipv6 access-list configuration mode. Use the no form of the
command to remove an IPv6 access-list.
ipv6 access-list extended NAME
no ipv6 access-list extended NAME
Default
No IPv6 access list is defined.
The access list defaults to an implicit deny statement for all traffic.
Command Mode
Global configuration
Usage Guideline
The name must be unique among all (including MAC, IP, and IPv6) access-lists.
The characters are case sensitive.
The maximum number of IPv6 access-list supported by the system is project
dependent.
An error message will appear if the allowed number is exceeded after the
execution of the command.
An IPv6 access list can not be deleted if it is applied to interfaces.
The access list is always terminated by an implicit deny statement for all traffic.
Examples
This example shows how to configure an IPv6 extended access-list, named ip6-
control.
This example shows how configure an IPv6 extended access-list, named ip6-std-
control.
Verify the settings by entering the
show access-list
command.
Syntax Description
NAME
The name of the IPv6 access-list to be configured. A maximum of 32 characters.
The syntax is a general string that does not allow spaces.
Switch(config)#ipv6 access-list extended ip6-control
Swtich(config-ipv6-ext-acl)#permit tcp any 2002:f03::1 ffff::
Switch(config-ipv6-ext-acl)#
Switch(config)#ipv6 access-list extended ip6-std-control
Swtich(config-ipv6-ext-acl)#permit tcp any fe80::101:1 ffff:ffff:ffff::
Switch(config-ipv6-ext-acl)#