Using IPv6 counters with multiple interface assignments

Where the same IPv6 ACL is assigned to multiple interfaces, the switch maintains a separate instance of each ACE counter in the ACL. When there is a match with traffic on one of the ACL's assigned interfaces, only the affected ACE counters for that interface are incremented. Other instances of the same ACL applied to other interfaces are not affected.


These examples of counters use small values to help illustrate counter operation. The counters in real-time network applications are generally much more active and show higher values.

For example, suppose that:
  • An ACL named "V6-01" is configured as shown in ACL "V6-01" and command for PACL assignment on port B2 to block Telnet access to a workstation at FE80::20:2, which is connected to a port belonging to VLAN 20.

  • The ACL is assigned as a PACL (port ACL) on port B2, which is also a member of VLAN 20:

ACL "V6-01" and command for PACL assignment on port B2
Application to filter traffic inbound on port B2

Using the topology in Application to filter traffic inbound on port B2, a workstation at FE80::20:117 on port B2 attempting to ping and Telnet to the workstation at FE80::20:2 is filtered through the PACL instance of the "V6-01" ACL assigned to port B2, resulting in the following:

Ping and telnet filtered by the assignment of "V6-01" as a PACL on port B2
Resulting ACE hits on ACL "V6-01"

IPv4 ACE counters assigned as RACLs operate differently than described above. For more information, see Using IPv4 counters with multiple interface assignments.