47-24
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 47 Configuring Network Security with ACLs
Applying IPv6 ACLs to a Layer 3 Interface
Note Hardware statistics is disabled by default.
Applying IPv6 ACLs to a Layer 3 Interface
To apply an IPv6 ACL to a Layer 3 interface, perform the following task:
Note IPv6 ACLs are supported in hardware only on Supervisor 6-E and 6L-E.
Note IPv6 ACLs are supported on Layer 3 interfaces and on Layer 2 ports using the ipv6 traffic-filter
command.
The following example applies the extended-named IPv6 ACL simple-ipv6-acl to SVI 300 routed ingress
traffic:
Switch# configure terminal
Switch(config)# interface vlan 300
Switch(config-if)# ipv6 traffic-filter simple-ipv6-acl in
Note Output IPv6 ACLs with ACE to match on the ICMP option fail on a switch.
The following conditions may cause a RACL to malfunction (no workaround):
• ACLs are applied on the output direction of the interface.
• IPv6 ACL contain Ace to match on the ICMP option fields (ICMP Type or ICMP Code).
The following examples of nonfunctioning RACLs:
IPv6 access list a1
permit icmp any any nd-ns sequence 10
deny ipv6 any any sequence 20
IPv6 access list a2
permit icmp 2020::/96 any nd-ns sequence 10
deny ipv6 any any sequence 20
Configuring VLAN Maps
This section includes these topics:
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface interface-type
slot/interface
Specifies the interface to be configured.
Note interface-type must be a Layer 3 interface.
Step 3
Switch(config-if)# ipv6 traffic-filter
ipv6-acl {in|out}
Apply the IPv6 ACL to a Layer 3 interface.
