vlan ipv6 access-group identifier

You can assign the same ACL to filter both inbound and outbound routed traffic, and to filter traffic on multiple VLANs.

Syntax

vlan vid ipv6 access-group identifier [in|out]

no vlan vid ipv6 access-group identifier [in|out]

Description

Assigns an ACL to a VLAN as an RACL to filter routed IP traffic entering or leaving the switch on that VLAN. You can use either the global configuration level or the VLAN context level to assign or remove an RACL.

Options

vid

VLAN identification number

tunnel tunnel-id

Tunnel Identification

identifier

The alphanumeric name by which the ACL can be accessed. An identifier can have up to 64 characters.

in

Keyword for assigning the ACL to filter routed traffic entering the switch on the specified VLAN

out

Keyword for assigning the ACL to filter routed traffic leaving the switch on the specified VLAN

Usage

The switch allows you to assign an "empty" ACL to a VLAN. In this case, if you later populate the empty ACL with one or more ACEs for that same identifier, the ACL automatically becomes active on the assigned VLAN. Also, where a given ACL is assigned to an interface, if you delete the ACL from the running configuration without also using the no form of this command to remove the assignment to the interface, the ACL becomes "empty," but remains assigned to the interface and continues to exist (as an empty ACL) in the running configuration. In this case, if you later repopulate the ACL with an explicit ACE, the ACL immediately reactivates and begins filtering traffic (which includes use of the implicit deny).

Example output

Methods for enabling and disabling RACLs

Switch(config)# vlan 20 ipv6 access-group List-001 in

Switch(config)# vlan 20
Switch(vlan-20)# ipv6 access-group List-005 out
Switch(vlan-20)# exit

Switch(config)# no vlan 20 ipv6 access-group List-001 in

Switch(config)# vlan 20
Switch(vlan-20)# no ipv6 access-group List-005 out
Switch(vlan-20)# exit