ADTRAN AOS Version R10.1.0 Command Reference Manual page 3137

Command Reference Guide IPv4 Access Control List Command Set
IPv4 ACLs are performed in order from the top of the list down. Generally, the most specific entries should
be at the top and the more general at the bottom.
VRF on AOS products allows a single physical router to be partitioned into multiple virtual routers. Each
router instance has its own route table and interface assignments. Beginning with Release 16.1, all AOS
routers supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless
of whether multi-VRF is configured. Therefore, executing the abovementioned commands without
specifying a VRF will only affect the default unnamed VRF.
Usage Examples
The following example creates an IPv4 ACL AllowIKE to allow all Internet key exchange (IKE) (UDP Port
500) packets from the 190.72.22.0 /24 network:
(config)#ip access-list extended AllowIKE
(config-ext-nacl)#permit udp 190.72.22.0 0.0.0.255 eq 500 any eq 500
The following example creates an entry in the MatchAll IPv4 ACL to permit ip packets from host name
www.adtran.com using the nondefault VRF RED to resolve the DNS host name with any destination:
(config)#ip access-list extended MatchAll
(config-ext-nacl)#permit ip hostname www.adtran.com vrf RED any
60000CRG0-35E Copyright © 2012 ADTRAN, Inc. 3137