Filtering routed or switched IPv6 traffic inbound on a VLAN

For a given port, port list, or static port trunk, you can assign an ACL as a static port ACL to filter switched or routed IPv6 traffic entering the switch on that interface. You can use the same ACL for assignment to multiple VLANs.

Syntax

vlan vid ipv6 access-group identifier <vlan-in|vlan-out>

no vlan vid ipv6 access-group identifier <vlan-in|vlan-out>

Description

Assigns an ACL as a VACL to a VLAN to filter switched or routed IPv6 traffic entering or leaving the switch on that VLAN. You can use either the global configuration level or the VLAN context level to assign or remove a VACL.

Options

vid

VLAN identification number.

identifier

The alphanumeric name by which the ACL can be accessed. An identifier can have up to 64 characters.

Usage

The switch allows you to assign an "empty" ACL identifier to a VLAN. In this case, if you later populate the ACL with ACEs, the new ACEs automatically become active on the assigned VLAN as they are created. Also, if you delete an assigned ACL from the switch without also using the no form of this command to remove the assignment to a VLAN, the ACL assignment remains as an "empty" ACL.

Example output

Methods for enabling and disabling VACLs

Switch(config)# vlan 20 ipv6 access-group List-010 vlan-in

Switch(config)# vlan 20
Switch(vlan-20)# ipv6 access-group List-015 vlan-in
Switch(vlan-20)# exit

Switch(config)# no vlan 20 ipv6 access-group List-010 vlan-in

Switch(config)# vlan 20
Switch(vlan-20)# no ipv6 access-group 015 vlan-in
Switch(vlan-20)# exit