IPv6 Template ACL

When user profiles are configured using vendor-specific attribute (VSA) Cisco AV-pairs, similar per-user IPv6 ACLs may be replaced by a single template ACL. That is, one ACL represents many similar ACLs. By using IPv6 template ACLs, you can increase the total number of per-user ACLs while minimizing the memory and Ternary Content Addressable Memory (TCAM) resources needed to support the ACLs.

The IPv6 Template ACL feature can create templates using the following ACL fields:

  • IPv6 source and destination addresses

  • TCP and UDP, including all associated ports (0 through 65535)

  • ICMP neighbor discovery advertisements and solicitations

  • IPv6 DSCP with specified DSCP values

ACL names are dynamically generated by this feature; for example:

  • 6Temp_#152875854573--Example of a dynamically generated template name for a template ACL parent

  • Virtual-Access2.32135#152875854573--Example of a child ACL or an ACL that has not yet been made part of a template.

Your software release may not support all the features that are documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. The Feature Information Table at the end of this document provides information about the documented features and lists the releases in which each feature is supported.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/. An account on http://www.cisco.com/ is not required.

Contents

Hardware Compatibility Matrix for the Cisco cBR Series Routers


Note


The hardware components that are introduced in a given Cisco IOS-XE Release are supported in all subsequent releases unless otherwise specified.
Table 1. Hardware Compatibility Matrix for the Cisco cBR Series Routers

Cisco CMTS Platform

Processor Engine

Interface Cards

Cisco cBR-8 Converged Broadband Router

Cisco IOS-XE Release 16.5.1 and Later Releases

Cisco cBR-8 Supervisor:

  • PID—CBR-SUP-250G

  • PID—CBR-CCAP-SUP-160G

Cisco IOS-XE Release 16.5.1 and Later Releases

Cisco cBR-8 CCAP Line Cards:

  • PID—CBR-LC-8D30-16U30

  • PID—CBR-LC-8D31-16U30

  • PID—CBR-RF-PIC

  • PID—CBR-RF-PROT-PIC

  • PID—CBR-CCAP-LC-40G

  • PID—CBR-CCAP-LC-40G-R

  • PID—CBR-CCAP-LC-G2-R

  • PID—CBR-SUP-8X10G-PIC

  • PID—CBR-2X100G-PIC

Digital PICs:

  • PID—CBR-DPIC-8X10G

  • PID—CBR-DPIC-2X100G

Cisco cBR-8 Downstream PHY Module:

  • PID—CBR-D31-DS-MOD

Cisco cBR-8 Upstream PHY Modules:

  • PID—CBR-D31-US-MOD


Note


Do not use DPICs (8X10G and 2x100G) to forward IP traffic, as it may cause buffer exhaustion, leading to line card reload.

The only allowed traffic on a DPIC interface is DEPI, UEPI, and GCP traffic from the Cisco cBR-8 router to Remote PHY devices. Other traffic such as DHCP, SSH, and UTSC should flow via another router, since DPICs cannot be used for normal routing.


Information About IPv6 ACL—Template ACL

IPv6 Template ACL

When user profiles are configured using vendor-specific attribute (VSA) Cisco AV-pairs, similar per-user IPv6 ACLs may be replaced by a single template ACL. That is, one ACL represents many similar ACLs. By using IPv6 template ACLs, you can increase the total number of per-user ACLs while minimizing the memory and Ternary Content Addressable Memory (TCAM) resources needed to support the ACLs.

The IPv6 Template ACL feature can create templates using the following ACL fields:

  • IPv6 source and destination addresses

  • TCP and UDP, including all associated ports (0 through 65535)

  • ICMP neighbor discovery advertisements and solicitations

  • IPv6 DSCP with specified DSCP values

ACL names are dynamically generated by this feature; for example:

  • 6Temp_#152875854573--Example of a dynamically generated template name for a template ACL parent

  • Virtual-Access2.32135#152875854573--Example of a child ACL or an ACL that has not yet been made part of a template.

How to Enable IPv6 ACL—Template ACL

Enabling IPv6 Template Processing

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. access-list template [number-of-rules ]
  4. exit
  5. show access-list template {summary | aclname | exceed number | tree }

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable 

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal 

Enters global configuration mode.

Step 3

access-list template [number-of-rules ]

Example:


Router(config)# access-list template 50 

Enables template ACL processing.

  • The example in this task specifies that ACLs with 50 or fewer rules will be considered for template ACL status.

  • The number-of-rules argument default is 100.

Step 4

exit

Example:


Router(config)# exit 

Exits global configuration mode and places the router in privileged EXEC mode.

Step 5

show access-list template {summary | aclname | exceed number | tree }

Example:


Router# show access-list template summary

Displays information about ACL templates.

Configuration Examples for IPv6 ACL—Template ACL

Example: IPv6 Template ACL Processing

In this example, the contents of ACL1 and ACL2 are the same, but the names are different:


ipv6 access-list extended ACL1 (PeerIP: 2001:1::1/64) 
permit igmp any                  2003:1::1/64 
permit icmp 2002:5::B/64         any 
permit udp  any                  host 2004:1::5 
permit udp  any                  host 2002:2BC::a 
permit icmp host 2001:BC::7      host 2003:3::7 
ipv6 access-list extended ACL2 (PeerIP: 2007:2::7/64) 
permit igmp any                  2003:1::1/64 
permit icmp 2002:5::B/64         any 
permit udp  any                  host 2004:1::5 
permit udp  any                  host 2002:2BC::a 
permit icmp host 2001:BC::7      host 2003:3::7 

The template for these ACLs is as follows:


ipv6 access-list extended Template_1 
permit igmp any                  2003:1::1/64 
permit icmp 2002:5::B/64         any 
permit udp  any                  host 2004:1::5 
permit udp  any                  host 2002:2BC::a 
permit icmp host 2001:BC::7      host 2003:3::7 

Additional References

Related Documents

Related Topic

Document Title

IPv6 addressing and connectivity

IPv6 Configuration Guide

IPv6 commands

Cisco IOS IPv6 Command Reference

Cisco IOS IPv6 features

Cisco IOS IPv6 Feature Mapping

Standards and RFCs

Standard/RFC

Title

RFCs for IPv6

IPv6 RFCs

MIBs

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for IPv6 Template ACL

Use Cisco Feature Navigator to find information about the platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to the https://cfnng.cisco.com/ link. An account on the Cisco.com page is not required.


Note


The following table lists the software release in which a given feature is introduced. Unless noted otherwise, subsequent releases of that software release train also support that feature.


Table 2. Feature Information for IPv6 Template ACL

Feature Name

Releases

Feature Information

IPv6 Access Lists

Cisco IOS XE Fuji 16.7.1

This feature was integrated into Cisco IOS XE Fuji 16.7.1 on theCisco cBR Series Converged Broadband Routers.