35-2
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide
OL-12189-01
Chapter 35 Configuring IPv6 ACLs
Supported IPv6 ACLs
Supported IPv6 ACLs
Table 35-1 shows the supported IPv6 ACLs on each switch.
Understanding IPv6 ACLs
This section has this information:
• Supported ACL Features, page 35-2
• IPv6 ACL Limitations, page 35-3
• IPv6 ACLs and Switch Stacks, page 35-4
Supported ACL Features
IPv6 ACLs on a Catalyst Switch Module 3110 or 3012 have these characteristics:
• Fragmented frames (the fragments keyword as in IPv4) are supported.
• The same statistics supported in IPv4 are supported for IPv6 ACLs.
• If the switch runs out of hardware memory, packets associated with the ACL are forwarded to the
CPU, and the ACLs are applied in software.
IPv6 ACLs on the Catalyst Switch Module 3110 have these characteristics:
• A switch running the advanced IP services feature set supports these IPv6 ACLs:
–
IPv6 router ACLs are supported on outbound or inbound traffic on Layer 3 interfaces, which
can be routed ports, switch virtual interfaces (SVIs), or Layer 3 EtherChannels. IPv6 router
ACLs apply only to IPv6 packets that are routed.
–
IPv6 port ACLs are supportedonly on inbound traffic on Layer 2 interfaces. IPv6 port ACLs are
applied to all IPv6 packets entering the interface.
• A switch running the IP services or IP base feature set supports only input router IPv6 ACLs. It does
not support port ACLs or output IPv6 router ACLs.
Note If you configure unsupported IPv6 ACLs, an error message appears, and the configuration does
not take affect.
Table 35-1 Supported IPv6 ACL Features
Feature Catalyst Switch Module 3110 Catalyst Switch Module 3012
Input router IPv6 ACLs Yes Yes
Output router IPv6 ACLs Yes No
Input port IPv6 ACLs Yes No
Output port IPv6 ACLs No No
MAC ACLs No No
VLAN ACLs (VLAN maps) No No
