https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79912#M5618 <P>Hi Kransom</P><P>Thank you for reaching us</P><P>Could you please help me with below outputs from the switch&nbsp;</P><UL><LI><FONT face="courier new,courier" size="2">show running-config access-list ipv6</FONT></LI><LI><FONT face="courier new,courier" size="2">show ipv6 access-list inboundv6</FONT></LI><LI><FONT face="courier new,courier" size="2">show ipv6 access-list outboundv6</FONT></LI><LI><FONT face="courier new,courier" size="2">show ipv6 access-lists brief</FONT></LI><LI><FONT face="courier new,courier" size="2">show logging | inc ACL</FONT></LI></UL><P>Thanks&nbsp;</P><P>&nbsp;</P> Sat, 18 May 2024 12:31:58 GMT Chandini 2024-05-18T12:31:58Z https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79862#M5615 <P>Hi,</P><P>I am configuring ACLs for IPv6, and it is not going as expected. There must be something I am missing as the logic, in my mind, is making sense but it is not working. I have VE 10 (Vlan 10) connected to ISP (internet), VE 20 (Vlan 20), VE 30 (Vlan 30). I want to allow Vlan 20 to access the internet. I only added rules for the subnet on ve 20 since there is an implicit deny at the end of an ACL.</P><P>int ve 10<BR />2600:f600:0:10001::c3/126</P><P>int ve 20<BR />2600:f600:3600:1::/64</P><P>int ve 30<BR />2600:f600:4600:1::/64</P><P>#ipv6 access-list inboundv6<BR />permit ipv6 any 2600:f600:3600:1::/64</P><P>#ipv6 access-list outboundv6<BR />permit ipv6 2600:f600:3600:1::/64&nbsp; any</P><P>(int-vif-10)#ipv6 traffic-filter inboundv6 in<BR />(int-vif-10)#ipv6 traffic-filter otuboundv6 out</P><P>This s h o u l d permit Vlan 20 to get out to the internet (do ping, ssh, dns, etc.), but for some reason it is being blocked.</P> Fri, 17 May 2024 16:58:35 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79862#M5615 kransom 2024-05-17T16:58:35Z https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79912#M5618 <P>Hi Kransom</P><P>Thank you for reaching us</P><P>Could you please help me with below outputs from the switch&nbsp;</P><UL><LI><FONT face="courier new,courier" size="2">show running-config access-list ipv6</FONT></LI><LI><FONT face="courier new,courier" size="2">show ipv6 access-list inboundv6</FONT></LI><LI><FONT face="courier new,courier" size="2">show ipv6 access-list outboundv6</FONT></LI><LI><FONT face="courier new,courier" size="2">show ipv6 access-lists brief</FONT></LI><LI><FONT face="courier new,courier" size="2">show logging | inc ACL</FONT></LI></UL><P>Thanks&nbsp;</P><P>&nbsp;</P> Sat, 18 May 2024 12:31:58 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79912#M5618 Chandini 2024-05-18T12:31:58Z https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79916#M5620 <P>Traffic is coming OUT of VLAN 20 and INTO VLAN 10. You have no valid rule allowing INBOUND traffic from the VLAN 20 subnet to VLAN 10.&nbsp;</P> Sat, 18 May 2024 18:42:35 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79916#M5620 Squozen 2024-05-18T18:42:35Z https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79964#M5621 <P>Could you provide an example of such rule?<BR />In outboundv6 I have a rule permitting traffic from VLAN 20 to any host on VLAN 10. That is applied outbound on int ve 10.</P> Mon, 20 May 2024 14:40:29 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79964#M5621 kransom 2024-05-20T14:40:29Z https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79969#M5622 <P>I believe I have provided the necessary information. It is in a pseudo-ish format but that is it really.<BR /><BR />To give more context, for what it's worth, I was trying to make our IPv6 network be default DENY and permit known good addresses, ports, and protocols. It seems like that's not possible since the ACL is stateless. Which would make configuring the ACL very complex. Correct me if I'm wrong.</P> Mon, 20 May 2024 15:06:37 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/79969#M5622 kransom 2024-05-20T15:06:37Z https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/94265#M6717 <P>Revisiting this, it should be<BR />permit ipv6 2600:f600:3600:1::/64 any<BR />instead of<BR />permit ipv6 any 2600:f600:3600:1::/64</P> Thu, 01 Aug 2024 15:56:52 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ACL-not-working/m-p/94265#M6717 kransom 2024-08-01T15:56:52Z