Filtering routed or switched IPv6 traffic inbound or outbound on a VLAN

For a given VLAN interface, you can assign an ACL as a VACL to filter switched IPv6 traffic entering the switch on that VLAN. For a given VLAN interface, you can assign an ACL as a VACL to filter switched or routed IPv6 traffic entering the switch on that VLAN. You can also use the same ACL for assignment to multiple VLANs. For limits and operating rules, see ACL configuration and operating rules.

Syntax:

vlan <vid> ipv6 access-group <identifier> <vlan-in|vlan-out>

no vlan <vid> ipv6 access-group <identifier> <vlan-in|vlan-out>

Assigns an ACL as a VACL to a VLAN to filter switched IPv6 traffic entering the switch on that VLAN. Assigns an ACL as a VACL to a VLAN to filter switched or routed IPv6 traffic entering the switch on that VLAN. You can use either the global configuration level or the VLAN context level to assign or remove a VACL.

<vid> : VLAN Identification Number.

<identifier> : The alphanumeric name by which the ACL can be accessed. An identifier can have up to 64 characters.

The no form of the command removes the ACL assignment from the interface.

NOTE:

The switch allows you to assign an “empty” ACL identifier to a VLAN. In this case, if you later populate the ACL with ACEs, the new ACEs automatically become active on the assigned VLAN as they are created. Also, if you delete an assigned ACL from the switch without also using the “no” form of this command to remove the assignment to a VLAN, the ACL assignment remains as an “empty” ACL. For more on “empty” ACLs, refer to the “Note” under Deleting an ACL.

Methods for enabling and disabling VACLs

Switch(config)# vlan 20 ipv6 access-group List-010 <vlan1-in|vlan-out>
Switch(config)# vlan 20
Switch(vlan-20)# ipv6 access-group List-015 <vlan2-in|vlan-out>
Switch(vlan-20)# exit
Switch(config)# no vlan 20 ipv6 access-group List-010 <vlan3-in|vlan-out>
Switch(config)# vlan 20
Switch(vlan-20)# no ipv6 access-group 015 <vlan-in|vlan-out>4
Switch(vlan-20)# exit
      

1 Enables a VACL from the Global Configuration Level

2 Enables a VACL from a VLAN Context

3 Disables a VACL from the Global Configuration Level

4 Disables a VACL from a VLAN Context