ADTRAN AOS Version R10.1.0 Command Reference Manual page 3128

Command Reference Guide
Step 3:
Create an IPv4 ACL to permit or deny specified traffic by using either the ip access-list extended or ip
access-list standard command. Standard IPv4 ACLs match based on the source IPv4 address of the
packet. Extended IPv4 ACLs match based on the source and destination of the packet. Refer to the
command ip access-list extended <ipv4 acl name> on page 982
<ipv4 acl name> on page 984
1. Using the keyword any to match any IPv4 address.
2. Using host <ipv4 address> to specify a single host address.
3. Using the <ipv4 address> <wildcard> format to match all IPv4 addresses in a range. Wildcard masks
work in reverse logic from subnet masks. When broken out into binary form, a 0 indicates which bits of
the IPv4 address to consider, a 1 indicates which bits are disregarded. For example, specifying 255 in
any octet of the wildcard mask equates to a "don't care" for that octet in the IPv4 address. Additionally,
a 30-bit mask would be represented with the wildcard string 0.0.0.3, a 28-bit mask with 0.0.0.15, a
24-bit mask with 0.0.0.255, and so forth.
4. Using the keyword hostname to match based on a domain naming system (DNS) name. DNS servers
must be configured or host names must be locally defined for this function to work.
Step 4:
Apply the created IPv4 ACP to an interface. To assign an IPv4 ACP to an interface, enter the interface
configuration mode for the desired interface and enter ip access-policy <ipv4 acp name>. The following
example assigns ACP UNTRUSTED to the Ethernet 0/1 interface:
(config)#interface ethernet 0/1
(config-eth 0/1)#ip access-policy UNTRUSTED
For more information about configuring ACLs, ACPs, and the AOS Firewall, refer to the
IP Firewall configuration guide (article number 1543) available at
https://supportforums.adtran.com.
The following commands are common to multiple command sets and are covered in a centralized section
of this guide. For more information, refer to the sections listed below:
cross-connect on page 67
do on page 71
exit on page 73
interface on page 74
The following are commands used to configure an extended IPv4 ACL. Extended IPv4 ACL
configuration includes specifying an IPv4 ACL action, a protocol, a packet source, a source port, a packet
destination, and a destination port. These commands are described in this section in alphabetical order.
deny <protocol> <source> <source port> <destination> <destination port> on page 3130
permit <protocol> <source> <source port> <destination> <destination port> on page 3134
60000CRG0-35E
for more information. Sources can be expressed in one of four ways:
Copyright © 2012 ADTRAN, Inc.
IPv4 Access Control List Command Set
or the command ip access-list standard
3128