ADTRAN AOS Version R10.1.0 Command Reference Manual page 3154

Command Reference Guide
Functional Notes
AOS IPv4 ACPs are used to allow, discard, or manipulate (using network address translation (NAT)) data
for each physical interface. Each IPv4 ACP consists of an action (allow, discard, nat) and a selector
(ACL). When packets are received on an interface, the configured IPv4 ACPs are applied to determine
whether the data will be processed or discarded.
An implicit discard exists at the end of every IPv4 ACP. Specifying a discard list is
unnecessary in most applications and should be used with caution. A discard list can
adversely affect certain functions of a unit (VPN, routing protocols, etc.). Specifying an
empty IPv4 ACL or a nonexistent IPv4 ACL in an IPv4 ACP will result in an implicit
permit.
The optional vrf <vrf name> parameter specifies the VRF instance. The VRF does not have to be the
same VRF from which the packet originated. VRF on an AOS product allows a single physical router to be
partitioned into multiple virtual routers. Each router instance has its own route table and interface
assignments. Beginning with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF)
have an unnamed default VRF instance regardless of whether multi-VRF is configured. Therefore,
executing the abovementioned commands without specifying a VRF indicates that the specified address
corresponds to the default unnamed VRF.
Usage Examples
The following example enables NAT for traffic that matches the IPv4 ACL INWEB and changes the
destination address to 192.168.0.253:
(config)#ip policy-class UNTRUSTED
(config-policy-class)#nat destination list INWEB address 192.168.0.253
60000CRG0-35E Copyright © 2012 ADTRAN, Inc.
IPv4 Access Control Policy Command Set
3154