User's Manual
577
rule deny or permit. In other words, add [sequence value] in the front or back of the rule deny/permit, you can
add ACL commands in any position of the designated ACL.
Likewise, you can use “no permit” and “no deny” to delete an item in ACL or “no sequence” to delete the rule
in a certain position directly.
Note:
When setting up ACL, please remember the end sentence of ACL by default covers the sentence of deny ipv6
any any.
The ACL must be applied to the line or port after being set up. Refer to the description of “Apply the ACL to the
port”.
83.1.3 Applying ACL to the Ports
ACL can be applied to one or multiple ports or the ingress.
Run this command in the configuration mode.
Command Purpose
IPv6 access-group
name
Apply ACL to the port.
For the standard ingress ACL, check the source address of the packet after receiving it. For the expanded
ACL, the routing switch also checks the objective address. If the ACL enables the address, the software
continues to handle the packet. If ACL does not allow the address, the software will drop the packet and returns
one ICMP host unreachable packets.
If there is no designated ACL, all packets will be allowed to pass.
83.1.4 Examples of IPv6 ACL
In the following example, please first enable to connect with the individual destination host of the host
A:B:C:D::E and disable the new TCP to connect with SMTP port whose host IPv6 source prefix
255:255:255::/48. The next rule sequence of the final ACL comes before the former rule.
Switch_config#ipv6 access-list xxcom
Switch_config_ipv6acl#permit any host A:B:C:D::E sequence 20
Switch_config_ipv6acl#deny tcp any 255:255:255::/48 eq 25 sequence 10
Switch_config_ipv6acl#ex
Switch_config#show ipv6 access-lists xxcom
ipv6 access-list xxcom
deny tcp any 255:255:255::/48 eq smtp sequence 10
permit ipv6 any host A:B:C:D::E sequence 20