IPv6 ACL applications

ACL filtering is applied to IPv6 traffic as follows:
  • Routed ACL (RACL) on a VLAN configured with an RACL, filters:
    • Routed IPv6 traffic entering or leaving the switch. (Routing can be between different VLANs or between different subnets in the same VLAN. IPv6 routing must be enabled.)

    • Routed IPv6 traffic having a DA on the switch itself. In RACL filter applications on routed IPv6 traffic, any of the IPv6 addresses shown in VLANs "A", "B", and "C". (IPv6 routing need not be enabled.)

    • If the ACL is applied to outbound traffic, filters outbound traffic generated by the switch itself

  • VLAN ACL (VACL): On a VLAN configured with a VACL, filters inbound or outbound IPv6 traffic, regardless of whether it is switched or routed. On a multinetted VLAN, this includes inbound IPv6 traffic from any subnet.

  • Static port ACL: Filters outbound IPv6 traffic on the port.

  • RADIUS-assigned ACL: On a port having an ACL assigned by a RADIUS server to filter an authenticated client's traffic, filters inbound IPv4 and IPv6 traffic (or IPv4-only traffic) from that client