vlan ipv6 access-group identifier
You can assign the same ACL to filter both inbound and outbound routed traffic, and to filter traffic on multiple VLANs.
Syntax
vlan
vid ipv6 access-group identifier
[in|out]
no vlan
vid ipv6 access-group identifier
[in|out]
Description
Assigns an ACL to a VLAN as an RACL to filter routed IP traffic entering or leaving the switch on that VLAN. You can use either the global configuration level or the VLAN context level to assign or remove an RACL.
Options
- vid
-
VLAN identification number
tunnel
tunnel-id
-
Tunnel Identification
- identifier
-
The alphanumeric name by which the ACL can be accessed. An identifier can have up to 64 characters.
in
-
Keyword for assigning the ACL to filter routed traffic entering the switch on the specified VLAN
out
-
Keyword for assigning the ACL to filter routed traffic leaving the switch on the specified VLAN
Usage
The switch allows you to assign an "empty" ACL to a VLAN. In this case, if you later populate the empty ACL with one or more ACEs for that same identifier, the ACL automatically becomes active on the assigned VLAN. Also, where a given ACL is assigned to an interface, if you delete the ACL from the running configuration without also using the
no
form of this command to remove the assignment to the interface, the ACL becomes "empty," but remains assigned to the interface and continues to exist (as an empty ACL) in the running configuration. In this case, if you later repopulate the ACL with an explicit ACE, the ACL immediately reactivates and begins filtering traffic (which includes use of the implicit deny).
Example output
Methods for enabling and disabling RACLs
Switch(config)# vlan 20 ipv6 access-group List-001 in
Switch(config)# vlan 20
Switch(vlan-20)# ipv6 access-group List-005 out
Switch(vlan-20)# exit
Switch(config)# no vlan 20 ipv6 access-group List-001 in
Switch(config)# vlan 20
Switch(vlan-20)# no ipv6 access-group List-005 out
Switch(vlan-20)# exit