Adding or inserting an ACE in an ACL

To add an ACE to the end of an ACL:

  1. Use the ipv6 access-list name-str command to enter the context for a specific IPv6 ACL. (If the ACL does not exist in the switch configuration, this command creates it.)
  2. Enter the text of the ACE without specifying a sequence number.
  3. For example, the following pairs of commands enter the context of an ACL named "List-1" and add a "permit" ACE to the end of the list. This new ACE permits the IPv6 traffic from the device at 2001:db8:0:a9:8d:100 to go to all destinations.
    Switch(config)# ipv6 access-list List-1
    Switch(config-ipv6-acl)# permit host 2001:db8:0:a9::8d:100 any

To insert an ACE anywhere in an existing ACL:

Enter the context of the ACL and specify a sequence number.

To insert a new ACE

To insert a new ACE as line 15 between lines 10 and 20 in an existing ACL named "List-2" to deny traffic from the device at 2001:db8:0:a9::8d:77:
Switch(config)# ipv6 access-list List-2
Switch(config-ipv6-acl)# deny host 2001:db8:0:a9::8d:77 any