Adding or inserting an ACE in an ACL

To add an ACE to the end of an ACL:

  1. Use the ipv6 access-list <name–str> command to enter the context for a specific IPv6 ACL. (If the ACL does not already exist in the switch configuration, this command creates it.)
  2. Enter the text of the ACE without specifying a sequence number.
  3. For example, the following pair of commands enter the context of an ACL named "List-1" and add a "permit" ACE to the end of the list. This new ACE permits the IPv6 traffic from the device at 2001:db8:0:a9:8d:100 to go to all destinations.
    Switch(config)# ipv6 access-list List-1 Switch(config–ipv6–acl)# permit host 2001:db8:0:a9::8d:100 any
  4. To insert an ACE anywhere in an existing ACL:
  5. Enter the context of the ACL and specify a sequence number.
  6. For example, to insert a new ACE as line 15 between lines 10 and 20 in an existing ACL named "List-2" to deny traffic from the device at 2001:db8:0:a9::8d:77:
    Switch(config)# ipv6 access-list List-2 Switch(config–ipv6–acl)# deny host 2001:db8:0:a9::8d:77 any