Table of Contents
Advertisement
Command Reference Guide
discard list
Use the discard list command to specify an Internet Protocol version 4 (IPv4) access control list (ACL) to
determine which packets are discarded after entering the interface to which the IPv4 access control policy
(ACP) is assigned. Packets matched by the IPv4 ACL will be discarded, and no further IPv4 ACP entries
will be inspected. All packets not matched by the IPv4 ACL will be processed by the next IPv4 ACP entry
or implicitly discarded if no further IPv4 ACP entries exist. Variations of this command include:
discard list <ipv4 acl name>
discard list <ipv4 acl name> policy <ipv4 acp name>
discard list <ipv4 acl name> self
Syntax Description
<ipv4 acl name>
policy <ipv4 acp name>
self
Default Values
By default, all AOS security features are disabled and there are no configured IPv4 ACP entries.
Command History
Release 2.1
Functional Notes
AOS IPv4 ACPs are used to allow, discard, or manipulate (using network address translation (NAT)) data
for each physical interface. Each IPv4 ACP consists of an action (allow, discard, nat) and a selector (IPv4
ACL). When packets are received on an interface, the configured IPv4 ACPs are applied to determine
whether the data will be processed or discarded.
60000CRG0-35E
Specifies the IPv4 ACL against which to check traffic before discarding the
packet. All packets not matched by the IPv4 ACL will be processed by the
next IPv4 ACP entry or implicitly discarded if no further IPv4 ACP entries
exist.
Optional. Specifies the destination IPv4 ACP against which to match traffic.
The firewall attempts to match the specified IPv4 ACP with the IPv4 ACP
that is applied to the packet's egress interface as determined by the routing
table or policy-based routing configuration. If there is a match, the firewall
will discard the packet. If there is no match, the firewall will process the
packet based on the next IPv4 ACP entry or implicitly discard it if no further
IPv4 ACP entries exist.
Optional. Discards packets that are matched by the IPv4 ACL and destined
for any local interface on the unit. These packets, had they been allowed,
would be terminated by the unit and not routed or forwarded to other
destinations. Using the self keyword is helpful when forbidding certain
access to the unit.
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
IPv4 Access Control Policy Command Set
3151
Advertisement
Table of Contents
