Configuring an IPv6 access list is similar configuring an IPv4 access, but with IPv6 addresses.
To configure an IPv6 access list, perform the following steps:
Step 1 
Create an access entry. To create an access list, use the ipv6 access-list command to create entries for the access list. There are two main forms of this command to choose from, one for creating access list entries specifically for ICMP traffic, and one to create access list entries for all other types of IP traffic.
Create an access entry. To create an access list, use the ipv6 access-list command to create entries for the access list. There are two main forms of this command to choose from, one for creating access list entries specifically for ICMP traffic, and one to create access list entries for all other types of IP traffic.•To create an IPv6 access list entry specifically for ICMP traffic, enter the following command:
To create an IPv6 access list entry specifically for ICMP traffic, enter the following command:hostname(config)# ipv6 access-list id [line num] {permit | deny} icmp source
destination [icmp_type]
•To create an IPv6 access list entry, enter the following command:
To create an IPv6 access list entry, enter the following command:hostname(config)# ipv6 access-list id [line num] {permit | deny} protocol source
[src_port] destination [dst_port]
The following describes the arguments for the ipv6 access-list command:
•id—The name of the access list. Use the same id in each command when you are entering multiple entries for an access list.
id—The name of the access list. Use the same id in each command when you are entering multiple entries for an access list.•line num—When adding an entry to an access list, you can specify the line number in the list where the entry should appear.
line num—When adding an entry to an access list, you can specify the line number in the list where the entry should appear.•permit | deny—Determines whether the specified traffic is blocked or allowed to pass.
permit | deny—Determines whether the specified traffic is blocked or allowed to pass.•icmp—Indicates that the access list entry applies to ICMP traffic.
icmp—Indicates that the access list entry applies to ICMP traffic.•protocol—Specifies the traffic being controlled by the access list entry. This can be the name (ip, tcp, or udp) or number (1-254) of an IP protocol. Alternatively, you can specify a protocol object group using object-group grp_id.
protocol—Specifies the traffic being controlled by the access list entry. This can be the name (ip, tcp, or udp) or number (1-254) of an IP protocol. Alternatively, you can specify a protocol object group using object-group grp_id.•source and destination—Specifies the source or destination of the traffic. The source or destination can be an IPv6 prefix, in the format prefix/length, to indicate a range of addresses, the keyword any, to specify any address, or a specific host designated by host host_ipv6_addr.
source and destination—Specifies the source or destination of the traffic. The source or destination can be an IPv6 prefix, in the format prefix/length, to indicate a range of addresses, the keyword any, to specify any address, or a specific host designated by host host_ipv6_addr.•src_port and dst_port—The source and destination port (or service) argument. Enter an operator (lt for less than, gtfor greater than, eq for equal to, neq for not equal to, or range for an inclusive range) followed by a space and a port number (or two port numbers separated by a space for the range keyword).
src_port and dst_port—The source and destination port (or service) argument. Enter an operator (lt for less than, gtfor greater than, eq for equal to, neq for not equal to, or range for an inclusive range) followed by a space and a port number (or two port numbers separated by a space for the range keyword).•icmp_type—Specifies the ICMP message type being filtered by the access rule. The value can be a valid ICMP type number (from 0 to 155) or one of the ICMP type literals . Alternatively, you can specify an ICMP object group using object-group id.
icmp_type—Specifies the ICMP message type being filtered by the access rule. The value can be a valid ICMP type number (from 0 to 155) or one of the ICMP type literals . Alternatively, you can specify an ICMP object group using object-group id.Step 2 To apply the access list to an interface, enter the following command:
To apply the access list to an interface, enter the following command:hostname(config)# access-group access_list_name {in | out} interface if_name
