ipv6 access-group (BNG)
Use the ipv6 access-group command to control access to an interface. To remove the specified access group,
use the no form of the command. Use the access-list-name to specify a particular IPv6 access list. Use
theingress keyword to filter on inbound packets or the egress keyword to filter on outbound packets.
Use the ipv6 access-group command in the l2 transport mode for IPv6 ACL on L2 interfaces.
IPv6 ACL for L2 transport can exist with other IPv4 ACLs. IPv4 and IPv6 ACL can exist in the same direction.
Ethernet Services-ACL (ES-ACL) with IPv4 or IPv6 ACL in same direction is not supported.
Supported L2 interfaces are:
• main and sub-interface, bundle interface and bundle sub-interface
• vpws and vpls main interface and sub-interface, vpws and vpls on bundle interface and bundle
sub-interface, vlan encapsulation QinQ, dot1Q, dot1ad
Filtering of MPLS packets through common ACL and interface ACL is not supported.
If the packet comes on an ASR 9000 Ethernet Line Card (LC), and is labeled as part of an MPLS flow, then
the ingress ASR 9000 Ethernet Line Card cannot apply ACL. Whereas, an ASR 9000 Enhanced Ethernet Line
Card having Cisco IOS XR Software Release 5.1.x or above, can do ingress IP ACL for MPLS labeled packets.
Also, for ASR 9000 Ethernet Line Cards, if the label is popped because it is routed to an attached customer
edge (CE), then the egress LC sees a plain IP. But, it still cannot apply an egress (outbound) ACL on the IP
packet. Whereas, an ASR 9000 Enhanced Ethernet Line Card can perform an egress IP ACL on this packet
before sending it to the directly attached CE.
Restrictions for common ACLs are:
• Common ACL is supported in only ingress direction and for L3 interfaces only.
• The interface-statistics option is not available for common ACLs.
• The hardware-count option is available for only IPv4 ACLs.
• Only one common IPv4 and IPv6 ACL is supported on each line card.
• The common ACL option is not available for Ethernet Service (ES) ACLs.
• The IPv4 and IPv6 common ACL is limited to 200 Ternary Content Addressable Memory(TCAM)
entries for the ASR 9000 Enhanced Ethernet line card and A9K-SIP-700 line card. Although,
A9K-SIP-700 line card may support more.
• Common ACL is not supported on ASR 9000 Ethernet line card and ASR 9000 Enhanced Ethernet-TR
line card.
• You can specify only common ACL or only interface ACL or both common and interface ACL in this
command.
• The compress option is not supported for common ACLs.
• Object-groups are not supported with common ACLs.
• The interface-statistics and hardware-count options are not supported for ACLs on the A9K-SIP-700
line card.
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference,
Release 5.2.x
72
ACL and ABF Commands