Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPv6 ACL Help.


We have a new policy to block IPv6 routing header extension type 0, 1 and 3-255.  This is what I have came up:

ipv6 access-list inbound

deny ipv6 any any routing-type 0 log

deny ipv6 any any routing-type 1 log

However, I don't want to type every single ACL entry from 3 to 255.  From the CLI, I don't see a way to do 3 - 255.  Does anyone know?

So it would look like this:

ipv6 access-list inbound

deny ipv6 any any routing-type 0 log

deny ipv6 any any routing-type 1 log

deny ipv6 any any routing-type 3-255 log


Cisco Employee

Re: IPv6 ACL Help.

You only want to permit routing-type 2? You can do the following

ipv6 access-list inbound

permit ipv6 any any routing-type 2 log

The ipv6 ACL will have an implicit deny ipv6 any any at the end.



Community Member

Re: IPv6 ACL Help.

Thanks Jerry.  But I still would like to know some kind of "range" command within IPv6 ACL.  Anyone else knows?

Hall of Fame Super Silver

Re: IPv6 ACL Help.

Hello Kevin,

current command reference does not provide a range option for routing-type a specific value is expected


also because only first values have been defined for real use:

integer in the range from 0 to  255 representing an IPv6 routing header type. Possible routing header  types and their corresponding routing-number value are as follows:

0—Standard IPv6 routing header

2—Mobile IPv6 routing header

By the way, Jerry's solution should work well and shows how to deal with this limitation

if you want to add a third line to use log option you could use an explicit deny without any routing-type option.

Permitted routing type values are matched by previous lines


in a previous line you can permit routing-type 2 ( I see is the only one you are interested to permit)

a second line can deny all the rest with log option

Hope to help


CreatePlease to create content