Filtering inbound IPv6 traffic per port and trunk

You can use the same ACL for assignment to multiple interfaces.

Syntax

interface [port-list|trkx] access-group identifier in

no interface [port-list|trkx] access-group identifier in

Description

Assigns an ACL as a static port ACL to a port, port list, or static trunk to filter switched or routed IPv6 traffic entering the switch on that interface. You can use either the global configuration level or the interface context level to assign or remove a static port ACL.

Options

identifier

The alphanumeric name by which the ACL can be accessed. An identifier can have up to 64 characters.

[port-list|trkx]

The port, trunk, or list of ports and/or trunks on which to assign or remove the specified ACL.

Usage

The switch allows you to assign an "empty" ACL identifier to an interface. If you later populate the empty ACL with one or more ACEs, it automatically becomes active on the assigned interfaces. Also, if you delete an assigned ACL from the running config file without also using the no form of this command to remove the assignment to an interface, the ACL assignment remains and automatically activates any new ACL you create with the same identifier.

Example output

Methods for enabling and disabling ACLs

Switch(config)# interface b10 ipv6 access-group List-1 in 1

Switch(config)# interface b10
Switch(eth-b10)# ipv6 access-group List-4 in 2
Switch(eth-b10)# exit

Switch(config)# no interface b10 ipv6 access-group List-1 in 3

Switch(config)# interface b10
Switch(eth-b10)# no ipv6 access-group List-4 in 4
Switch(eth-b10)# exit
      

1 Enables a static port ACL from the Global Configuration level

2 Enables a static port ACL from a port

3 Disables a static port ACL from the Global Configuration level

4 Uses a VLAN context to disable a static port