Command Line Reference Guide
IPv6 Access Control Lists (IPv6 ACLs) | 665
7 0001111100000000 1111111111000000 7936 7999 64
8 0001111101000000 1111111111111111 8000 8000 1
Total Ports: 4001
But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# Data Mask From To #Covered
1 0000000000000000 1111110000000000 0 1023 1024
Total Ports: 1024
Related
Commands
ipv6 access-group
c e s
Assign an IPv6 access-group to an interface.
Syntax
ipv6 access-group access-list-name {in | out} [implicit-permit] [vlan range]
To delete an IPv6 access-group configuration, use the no ipv6 access-group access-list-name {in}
[implicit-permit] [vlan range] command.
Parameters
Defaults
Disabled
Command Modes
INTERFACE
Command
History
Usage
Information
You can assign an IPv6 access group to a physical, LAG, or VLAN interface context.
Example FTOS(conf-if-gi-9/0)#ipv6 access-group AclList1 in implicit-permit vlan
10-20
FTOS(conf-if-gi-9/0)#show config
deny Assign a deny filter for IP traffic.
deny tcp Assign a deny filter for TCP traffic.
access-list-name
Enter the name of a configured access list, up to 140 characters.
in | out Enter either the keyword in or out to apply the IPv6 ACL to incoming traffic
(ingress) or outgoing traffic (egress).
implicit-permit (OPTIONAL) Enter the keyword implicit-permit to change the default action of
the IPv6 ACL from implicit-deny to implicit-permit (that is, if the traffic does not
match the filters in the IPv6 ACL, the traffic is permitted instead of dropped).
vlan range (OPTIONAL) Enter the keyword vlan followed by the VLAN range in a comma
separated format.
Range: 1 to 4094
Version 8.4.2.1 Introduced on the S-Series
Version 7.8.1.0 Introduced on the C-Series
Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to 16
characters long.
Version 7.4.1.0 Introduced on the E-Series TeraScale