Defining and applying an IPv6 ACL
Procedure
-
Begin defining an IPv6 ACL named V6_INPUT_FILTER:
switch(config)# access-list ipv6 V6_INPUT_FILTER
-
Add an ACE that denies access to an IP addresses 1001::2 through 2001::2 (includes Host B):
switch(config-acl-ipv6)# deny any 1001::2 2001::2 log
-
Add an ACE that allows access from all other IP addresses:
switch(config-acl-ipv6)# permit any any any
-
Exit the ACL definition:
switch(config-acl-ipv6)# exit
-
Enter the interface to which you will apply the ACL:
switch(config)# interface 1/1/1
-
Apply the V6_INPUT_FILTER ACL to inbound (ingress) traffic:
switch(config-if)# apply access-list ipv6 V6_INPUT_FILTER in
-
Show your ACL:
switch(config-if)# exit switch# show access-list interface 1/1/1 Direction Type Name Sequence Comment Action L3 Protocol Source IP Address Source L4 Port(s) Destination IP Address Destination L4 Port(s) Additional Parameters ------------------------------------------------------------------------------- Inbound IPv6 V6_INPUT_FILTER 10 deny any 1001::2 2001::2 Logging: enabled Hit-counts: enabled 20 permit any any any -------------------------------------------------------------------------------