IPv6 ACL operation

An ACL is a list of one or more ACEs, where each ACE consists of a matching criteria and an action (permit or deny). An ACL applies only to the switch in which it is configured. ACLs operate on assigned interfaces, and offer the below traffic filtering options:

IPv6 traffic inbound or outbound on a port.
IPv6 traffic inbound or outbound on a VLAN.
Routed IPv6 traffic entering or leaving the switch on a VLAN. (ACLs do not screen traffic at the internal point where traffic moves between VLANs or subnets within the switch.)

The following table lists the range of interface options:

Interface	ACL application	Application point	Filter action
Port	Static port ACL (switch configured)	Inbound on the switch port	Inbound IPv6 traffic
Port	RADIUS-assigned ACLThis chapter describes ACLs statically configured on the switch. For information on RADIUS-assigned ACLs, see the Aruba-OS Switch Access Security Guide for your switch.	Inbound on the switch port used by authenticated client	Inbound IPv6 traffic from the authenticated client
VLAN	VACL	Entering the switch on the VLAN	Inbound IPv6 traffic
IP routing interface (VLAN or tunnel)	RACLSupports one inbound and/or one outbound RACL. When both are used, one RACL can be assigned to filter both inbound and outbound, or different RACLs can be assigned to filter inbound and outbound.	Entering the switch on the VLAN	Routed IPv6 traffic entering the switch and IPv6 traffic with a destination on the switch itself
IP routing interface (VLAN or tunnel)		Exiting from the switch on the VLAN	Routed IPv6 traffic exiting from the switch

NOTE:

After you assign an ACL to an interface, the default action on the interface is to implicitly deny any IPv6 traffic that is not permitted by the ACL. (This applies only in the direction of traffic flow filtered by the ACL.)