VACL applications

VACL filter applications on IPv6 traffic

IPv6 VACLs filter traffic entering the switch on a VLAN configured with the "VLAN" ACL option:


vlan <vid> ipv6 access-group <vacl–identifier> vlan-in

Figure 5: Example of VACL filter applications on IPv6 traffic entering the switch

In this figure, you would assign a VACL to VLAN 2 to filter all inbound or outbound switched or routed IPv6 traffic received from clients on the 2001:db8 :0:222:: network. In this instance, routed IPv6 traffic received on VLAN 2 from VLANs 1 or 3 would not be filtered by the VACL on VLAN 2.


The switch allows one IPv6 VACL assignment configured per VLAN. This is in addition to any other IPv6 ACL applications assigned to the IP routing interface or to ports in the VLAN.