Filter
Top Products
24-7
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 24 Configuring IP Version 6
IPv6 Extended ACLs
DETAILED STEPS
Verifying IPv6 ACLs
In the following example, the show ipv6 access-list command is used to verify that IPv6 ACLs are
configured correctly:
Router> show ipv6 access-list
IPv6 access list inbound
permit tcp any any eq bgp reflect tcptraffic (8 matches) sequence 10
permit tcp any any eq telnet reflect tcptraffic (15 matches) sequence 20
permit udp any any reflect udptraffic sequence 30
IPv6 access list tcptraffic (reflexive) (per-user)
permit tcp host 2001:0DB8:1::32 eq bgp host 2001:0DB8:2::32 eq 11000 timeout 300 (time
left 243) sequence 1
permit tcp host 2001:0DB8:1::32 eq telnet host 2001:0DB8:2::32 eq 11001 timeout 300
(time left 296) sequence 2
IPv6 access list outbound
evaluate udptraffic
evaluate tcptraffic
Note For a description of each output display field, see the show ipv6 access-list command in the IPv6 for
Cisco IOS Command Reference document.
Command or Action Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
interface type number
Example:
Router(config)# interface ethernet 0
Specifies the interface type and number, and enters interface
configuration mode.
Step 4
ipv6 traffic-filter access-list-name {in | out}
Example:
Router(config-if)# ipv6 traffic-filter outbound
out
Applies the specified IPv6 access list to the interface
specified in the previous step.
• The in keyword filters incoming IPv6 traffic on the
specified interface.
• The out keyword filters outgoing IPv6 traffic on the
specified interface.