ipv6 access-group
Use this command to attach an IPv6 access list to an interface to filter incoming IPv6 packets.
When you attach an access list to a VLAN interface or LAG
Link Aggregation Group interface as well as to a physical interface that is a member of that LAG and/or VLAN interface, the priority order is:
- VLAN interface
- LAG interface
- Physical interface
For example, if you attach access lists to both a LAG interface and a physical interface that is a member of that LAG, matching traffic rules are applied to the LAG interface, but not to the physical interface.
The time-range parameter is optional. If used, the access-group is tied to the timer specified.
After the access-group has been configured with the time-range, to detach the access-group from the time-range, use the no form of this command with a time-range parameter as shown in the syntax and examples below.
To delete the access-group, use the no form of this command without a time-range.
To attach IPv6 ACL in the ingress direction ingress-ipv6 TCAM group needs to be enabled.
Command Syntax
ipv6 access-group NAME in (time-range TR_NAME|)
no ipv6 access-group NAME in (time-range TR_NAME|)Parameters
NAME
Access list name.
TR_NAME
Time range name set with the time-range command.
Default
None
Command Mode
Interface mode
Applicability
This command was introduced before OcNOS version 1.3. The time-range parameter was added in OcNOS version 5.0.
Examples
#configure terminal
(config)#ipv6 access-list mylist
(config-ipv6-acl)#permit ipv6 any any
(config-ipv6-acl)#exit
(config)#hardware-profile filter ingress-ipv6 enable
(config)#interface xe3
(config-if)#ipv6 access-group mylist in
(config)#interface xe3
(config-if)#no ipv6 access-group mylist in
(config)#interface xe3
(config-if)#ipv6 access-group mylist in time-range TIMER1
(config)#interface xe3
(config-if)#no ipv6 access-group mylist in time-range TIMER1