IPv6 Configuration Guide K/KA/KB.15.15
Example of using the offline process
Suppose that you want to create an IPv6 ACL for a VACL application and download it to a switch
from a TFTP server at FE80::1ad:17. Suppose that you want to create an IPv6 ACL for a RACL
application and download it to a switch from a TFTP server at FE80::1ad:17.
1. You would create a .txt file with the content shown in Example 84 (page 142).
2. After you copy the above .txt file to the TFTP server at FE80::1ad:17, you would then execute
the following command:
copy tftp command-file fe80::1ad:17 acl-001.txt pc
In this example, the CLI would show output similar to the following to indicate that the ACL
was successfully downloaded to the switch:
NOTE: If a transport error occurs, the switch does not execute the command and the ACL
is not configured.
NOTE: Blank lines may appear in the command output when you copy the command file
to the switch. However, they are eliminated in the copy of the ACL in switch memory. This is
normal operation. See also Example 87 (page 145) for the configuration resulting from this
output.
Example 86 Using copy tftp command-file to configure an ACL in the switch
Switch(config)# copy tftp command-file fe80::1ad:17 acl-001.txt
pc
Running configuration may change, do you want to continue[y/n]? y
1. ipv6 access-list "acl-001"
6. ; CREATED ON JUNE 10
10. 10 remark "Telnet Denied Here"
13. 10 deny tcp 2001:db8:0:1af::/64 ::/0 eq 23
16. 30 deny tcp ::/0 ::/0 log
19. 40 deny icmp 2001:db8:0:1af::/64 ::/0 134
22. 50 deny icmp 2001:db8:0:1af::/64 ::/0 133
27. ; PERMITS IPV6 ANY ANY
31. 60 permit ipv6 ::/0 ::/0
34. exit
36. vlan 20 ipv6 access-group acl-001 in
3. In this example, the command to assign the ACL to a VLAN was included in the .txt command
file. If this is not done in your applications, the next step is to manually assign the new ACL
to the intended VLAN:
vlan vid ipv6 access-group identifier vlan
vlan vid ipv6 access-group identifier in
4. You can then use the show run or show access-list config command to inspect the
switch configuration to ensure that the ACL was properly downloaded.
144 IPv6 Access Control Lists (ACLs)