to exit out of interface GigabitEthernet 0/2/0/2. The second entry is necessary because an implicit deny all
condition is at the end of each IPv6 ACL.
RP/0/RSP0/CPU0:router(config)# ipv6 access-list list2
RP/0/RSP0/CPU0:router(config-ipv6-acl)# 10 deny fec0:0:0:2::/64 any
RP/0/RSP0/CPU0:router(config-ipv6-acl)# 20 permit any any
RP/0/RSP0/CPU0:router# show ipv6 access-lists list2
ipv6 access-list list2
10 deny ipv6 fec0:0:0:2::/64 any
20 permit ipv6 any any
RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/2/0/2
RP/0/RSP0/CPU0:router(config-if)# ipv6 access-group list2 egress
IPv6 is automatically configured as the protocol type in permit any any and deny any any statements
that are translated from global configuration mode to IPv6 access list configuration mode.
Note
An IPv6 router does not forward to another network an IPv6 packet that has a link-local address as either
its source or destination address (and the source interface for the packet is different from the destination
interface for the packet).
Note
This example shows how to configure an IPv6 ACL for an L2 interface:
RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/1/0/4
RP/0/RSP0/CPU0:router(config-if)# l2transport
RP/0/RSP0/CPU0:router(config-if-l2)# ipv6 access-list list2 ingress
RP/0/RSP0/CPU0:router(config-if-l2)# ipv6 access-list list2 ingress
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference, Release
5.2.x
77
ACL and ABF Commands
ipv6 access-list (BNG)
To Next Page
Loading...
Need help?
General
