ADTRAN AOS Version R10.1.0 Command Reference Manual page 3136

Command Reference Guide
<destination>
<destination port>
log
track <name>
Default Values
By default, all AOS security features are disabled, and there are no configured IPv4 ACLs.
Command History
Release 2.1
Release 16.1
Functional Notes
IPv4 Access control lists (ACLs) are used as packet selectors by different AOS features (firewall, virtual
private network (VPN), quality of service (QoS)); by themselves they do nothing. IPv4 ACLs are composed
of an ordered list of entries with an implicit deny all at the end of each list. An IPv4 ACL entry contains two
parts: an action (permit or deny) and a packet pattern. A permit IPv4 ACL is used to match packets
(meeting the specified pattern) to enter the router system. A deny IPv4 ACL advances AOS to the next
access policy entry. AOS provides two types of IPv4 ACLs: standard and extended. Standard IPv4 ACLs
match based on the source of the packet. Extended IPv4 ACLs match based on the source and destination
of the packet.
60000CRG0-35E
Specifies the destination used for IPv4 packet matching. Destinations can be
expressed in one of five ways:
1. Using the keyword any to match any IPv4 address.
2. Using host <ip address> to specify a single host address. IPv4 addresses
should be expressed in dotted decimal notation (for example, 10.10.10.1).
3. Using the <ip address> <wildcard mask> format to match all IPv4
addresses in a range. The wildcard mask corresponds to a range of IPv4
addresses (network) or a specific host. Wildcard masks are expressed in
dotted decimal notation (for example, 0.0.0.255).
4. Using the keyword hostname <hostname> to match based on a DNS
name. The unit must be configured with DNS servers for this function to
work. Using vrf <name> in conjunction with the hostname parameter
associates a nondefault VRF with the DNS host name for the source. The
VRF is required if the router's DNS server is on a nondefault VRF. This
parameter can only be used with the hostname source.
Optional. Specifies the destination port. Only valid when <protocol> is tcp or
udp. The same keywords and port numbers/names used for the <source port>
field are valid for the <destination port> field. Refer to previously listed <source
port> for more details.
Optional. Enables logging of any packets that match the IPv4 ACL entry.
Optional. Makes the IPv4 ACL entry dependent upon a track.
Command was introduced.
Command was expanded to include the log, track, and vrf parameters.
Copyright © 2012 ADTRAN, Inc.
IPv4 Access Control List Command Set
irc (Port 194)
klogin (Port 543)
kshell (Port 544)
login (Port 513)
whois (Port 43)
www (Port 80)
3136