Filtering inbound IPv6 traffic per port and trunk
You can use the same ACL for assignment to multiple interfaces.
Syntax
interface [port-list|trkx] access-group
identifier in
no interface [port-list|trkx] access-group
identifier in
Description
Assigns an ACL as a static port ACL to a port, port list, or static trunk to filter switched or routed IPv6 traffic entering the switch on that interface. You can use either the global configuration level or the interface context level to assign or remove a static port ACL.
Options
identifier
The alphanumeric name by which the ACL can be accessed. An identifier can have up to 64 characters.
[port-list|trkx]
The port, trunk, or list of ports and/or trunks on which to assign or remove the specified ACL.
Usage
The switch allows you to assign an "empty" ACL identifier to an interface. If you later populate the empty ACL with one or more ACEs, it automatically becomes active on the assigned interfaces. Also, if you delete an assigned ACL from the running config file without also using the
no
form of this command to remove the assignment to an interface, the ACL assignment remains and automatically activates any new ACL you create with the same identifier.
Example output
Methods for enabling and disabling ACLs
Switch(config)# interface b10 ipv6 access-group List-1 in 1
Switch(config)# interface b10
Switch(eth-b10)# ipv6 access-group List-4 in 2
Switch(eth-b10)# exit
Switch(config)# no interface b10 ipv6 access-group List-1 in 3
Switch(config)# interface b10
Switch(eth-b10)# no ipv6 access-group List-4 in 4
Switch(eth-b10)# exit
1 Enables a static port ACL from the Global Configuration level
2 Enables a static port ACL from a port
3 Disables a static port ACL from the Global Configuration level
4 Uses a VLAN context to disable a static port