IPv6 counter operation with multiple interface assignments

NOTE:

The examples of counters in this section use small values to help illustrate counter operation. The counters in real-time network applications are generally much more active and show higher values.

Where the same IPv6 ACL is assigned to multiple interfaces, the switch maintains a separate instance of each ACE counter in the ACL. When there is a match with traffic on one of the ACL’s assigned interfaces, only the affected ACE counters for that interface are incremented. Other instances of the same ACL applied to other interfaces are not affected.

For example, suppose that:

  • An ACL named “V6-01” is configured as shown in figure to block Telnet access to a workstation at FE80::20:2, which is connected to a port belonging to VLAN 20.

  • The ACL is assigned as a PACL (port ACL) on port B2, which is also a member of VLAN 20:

Figure 56: ACL “V6-01” and command for PACL assignment on Port B2
Figure 57: Application to filter traffic inbound on Port B2

Using the topology in figure 8-39, a workstation at FE80::20:117 on port B2 attempting to ping and Telnet to the workstation at FE80::20:2 is filtered through the PACL instance of the “V6-01” ACL assigned to port B2, resulting in the following:

Figure 58: Ping and Telnet from FE80::20:117 to FE80::20:2 filtered by the assignment of “V6-01” as a PACL on Port B2
Figure 59: Resulting ACE hits on ACL “V6-01”