User Manual
IPv6 Access Control Lists (ACLs)
Overview
VLAN 1 with VACL “A”
(one network)
2001:db8:0:111::1
VLAN 2 with VACL “B”
(multiple networks)
2001:db8:0:22a::1
2001:db8:0:22b::1
2001:db8:0:22c::1
The prefix for this example is /64.
Because VLAN 2 is
subnetted, configuring a
VACL on VLAN 2 filters the
inbound IPv6 traffic from
multiple networks.
D
C
E
B
2001:db8:0:111::25
2001:db8:0:111::17
2001:db8:0:22b::12
2001:db8:0:22c::33
Switch with IPv6 VACLs Configured
A
2001:db8:0:22c::2
2001:db8:0:22a::132
2001:db8:0:22b::19
2001:db8:0:22a::144
F
G
H
Figure 8-1. Example of VACL Filter Applications on IPv6 Traffic Entering the Switch
Note The switch allows one IPv6 VACL assignment configured per VLAN. This is in
addition to any static or RADIUS-assigned (dynamic) ACLs assigned to ports
in the VLAN.
IPv6 Static Port ACL Applications
An IPv6 static port ACL filters IPv6 traffic inbound on the designated port(s).
RADIUS-Assigned (Dynamic) Port ACL Applications
Note Beginning with software release K.14.01, IPv6 support is available for
RADIUS-assigned port ACLs configured to filter inbound IPv4 and IPv6 traffic
from an authenticated client. Also, the implicit deny in RADIUS-assigned ACLs
applies to both IPv4 and IPv6 traffic inbound from the client. For information
on enabling RADIUS-assigned ACLs, refer to the chapter titled “Configuring
RADIUS Support for Switch Services” in this guide.
8-15