Defining and applying an IPv6 ACL

Procedure
  1. Begin defining an IPv6 ACL named V6_INPUT_FILTER:

    switch(config)# access-list ipv6 V6_INPUT_FILTER

  2. Add an ACE that denies access to an IP addresses 1001::2 through 2001::2 (includes Host B):

    switch(config-acl-ipv6)# deny any 1001::2 2001::2 log

  3. Add an ACE that allows access from all other IP addresses:

    switch(config-acl-ipv6)# permit any any any

  4. Exit the ACL definition:

    switch(config-acl-ipv6)# exit

  5. Enter the interface to which you will apply the ACL:

    switch(config)# interface 1/1/1

  6. Apply the V6_INPUT_FILTER ACL to inbound (ingress) traffic:

    switch(config-if)# apply access-list ipv6 V6_INPUT_FILTER in

  7. Show your ACL:
    switch(config-if)# exit				  
    switch# show access-list interface 1/1/1
    Direction
    Type       Name
      Sequence Comment
               Action                          L3 Protocol
               Source IP Address               Source L4 Port(s)
               Destination IP Address          Destination L4 Port(s)
               Additional Parameters
    -------------------------------------------------------------------------------
    Inbound
    IPv6       V6_INPUT_FILTER
            10
               deny                            any
               1001::2
               2001::2
               Logging: enabled
               Hit-counts: enabled
            20
               permit                          any
               any
               any
    -------------------------------------------------------------------------------