ADTRAN AOS Version R10.1.0 Command Reference Manual page 1058

Command Reference Guide
ip policy-class <ipv4 acp name>
Use the ip policy-class command to create an Internet Protocol version 4 (IPv4) access control policy
(ACP) and enter the IPv4 ACP command set. Use the no form of this command to delete an IPv4 ACP and
all the entries it contains. Refer to the
Configured IPv4 ACPs will only be active if the command
entered at the Global Configuration mode prompt to enable the AOS IPv4 security
features. All configuration parameters are valid, but no security data processing will be
attempted unless the security features are enabled.
Before applying an ACP to an interface, verify your Telnet or secure shell (SSH)
connection will not be affected by the policy. If an ACP is applied to the interface you are
connecting through and it does not allow Telnet or SSH traffic, your connection will be
lost.
Syntax Description
<ipv4 acp name>
Default Values
By default, all AOS IPv4 security features are disabled and there are no configured ACP entries.
Command History
Release 2.1
Functional Notes
AOS IPv4 ACPs are used to allow, discard, or manipulate (using network address translation (NAT)) data
for each physical interface. Each ACP consists of an action (allow, discard, nat) and a selector access
control list (ACL). When IPv4 packets are received on an interface, the configured IPv4 ACPs are applied
to determine whether the data will be processed or discarded.
An implicit discard exists at the end of every IPv4 ACP. Specifying a discard list is
unnecessary in most applications and should be used with caution. A discard list can
adversely affect certain functions of a unit (virtual private network (VPN), routing
protocols, etc.). Specifying an empty ACL or a nonexistent ACL in an ACP will result in an
implicit permit.
IPv4 ACPs and ACLs cannot have the same name as a configured IPv6 ACP or ACL.
60000CRG0-35E
IPv4 Access Control Policy Command Set on page
Identifies the configured IPv4 ACP using an alphanumeric descriptor
(maximum of 50 characters). All ACP descriptors are case sensitive.
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
Global Configuration Mode Command Set
ip firewall on page 999
3144.
has been
1058