Layer 2 Switching Commands 504For the N1100-ON/N1500/N2000/N2100-ON/N3000/N3100-ON seriesswitches, for ingress (in) ACLs:• The IPv6 ACL “fragment” keyword matches only on the first IPv6extension header for the fragment header (next header code 44). If thefragment header appears in the second or a subsequent header, it is notmatched.• The IPv6 ACL “routing” keyword matches only on the first IPv6 extensionheader for the routing header (next header code 43). If the fragmentheader appears in the second or a subsequent header, it is not matched.• For all series switches, port ranges are not supported on egress (out) ACLs.Only the eq operator is supported in an egress ACL.Command HistoryUpdated in 6.3.0.1 firmware.Example and description updated in the 6.4 release.ExampleThe following example creates rules in an IPv6 ACL named "STOP_HTTP"to discard any HTTP traffic from the 2001:DB8::0/32 network, but allow allother traffic from that network:console(config)#ipv6 access-list STOP_HTTPconsole(Config-ipv6-acl)#deny tcp 2001:DB8::0/32 any eq httpconsole(Config-ipv6-acl)#permit everyipv6 access-listThe ipv6 access-list command creates an IPv6 Access Control List (ACL)consisting of classification fields defined for the IP header of an IPv6 frame.The name parameter is a case-sensitive alphanumeric string from 1 to 31characters uniquely identifying the IPv6 access list.If an IPv6 ACL with this name already exists, this command enters Ipv6-Access-List Configuration mode to update the existing IPv6 ACL.Use the no form of the command to delete an IPv6 ACL from the system.