VACL applications

IPv6 VACLs filter traffic entering or leaving the switch on a VLAN configured with the "VLAN" ACL option:


vlan vid ipv6 access-group vacl-identifier <vlan-in|vlan-out>

VACL filter applications on IPv6 traffic

In the following figure ,you would assign a VACL to VLAN 2 to filter all inbound switched or routed IPv6 traffic received from clients on the 2001:db8 :0:222:: network. In this instance, routed IPv6 traffic received on VLAN 2 from VLANs 1 or 3 would not be filtered by the VACL on VLAN 2.

Figure 5: Example of VACL filter applications on IPv6 traffic entering the switch

The switch allows one IPv6 VACL assignment configured per VLAN. This is in addition to any other IPv6 ACL applications assigned to the IP routing interface or to ports in the VLAN.