ipv6 access-list
Use this command to define a IPv6 access control list (ACL) that determines whether to accept or drop an incoming IPv6 packet based on specifications configured under the ACL. An ACL is made up of one or more ACL specifications.
Each packet that arrives at the device is compared to each specification in each ACL in the order that they are defined. The device continues to look until it has a match. If no match is found and the device reaches the end of the list, the packet is denied by default. For this reason, place the most frequently occurring specifications at the top of the list.
The device stops checking the specifications after a match occurs.
There is an implied deny specification for traffic that is not permitted. Implied specification can be updated to permit if the use-case is to deny a certain set of traffic.
Note: IPv6 routing protocols need neighbor discovery to establish sessions. Applying IPv6 ACLs implicitly drops all the ICMPv6 packets, thereby affecting the protocol sessions. To overcome this problem, an implicit ICMPv6 permit rule is added to the IPv6 ACLs.
If required behavior is to deny the icmpv6, the implicit rule can be deleted. For example, create an IPv6 ACL:
(config)#ipv6 access-list ipv6-acl
#show ipv6 access-lists
IPv6 access list ip1
268435453 permit icmpv6 any any
To delete this rule:
(config)#ipv6 access-list ipv6-acl
(config-ipv6-acl)#no 268435453 permit icmpv6 any any
#show ipv6 access-lists
IPv6 access list ip1
Use the no form of this command to remove the ACL.
Command Syntax
ipv6 access-list NAME
no ipv6 access-list NAME
Parameters
NAME
Access-list name.
Default
No default value is specified
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#ipv6 access-list ipv6-acl-01
(config-ipv6-acl)#exit
Last modified date: 10/19/2023