ADTRAN AOS Version R10.1.0 Command Reference Manual page 3199

Command Reference Guide
discard list
Use the discard list command to specify an Internet Protocol version 6 (IPv6) access control list (ACL) to
determine which packets are discarded after entering the interface to which the IPv6 access control policy
(ACP) is assigned. Packets matched by the IPv6 ACL will be discarded, and no further IPv6 ACP entries
will be inspected. All packets not matched by the IPv6 ACL will be processed by the next ACP entry or
implicitly discarded if no further ACP entries exist. Variations of this command include:
discard list <ipv6 acl name>
discard list <ipv6 acl name> policy <ipv6 acp name>
discard list <ipv6 acl name> self
Syntax Description
<ipv6 acl name>
policy <ipv6 acp name>
self
Default Values
By default, all AOS IPv6 security features are disabled and there are no configured IPv6 ACP entries.
Command History
Release 18.1
Functional Notes
AOS IPv6 ACPs are used to allow or discard IPv6 data for each physical interface. Each IPv6 ACP consists
of an action (allow, discard) and a selector (IPv6 ACL). When IPv6 packets are received on an interface,
the configured ACPs are applied to determine whether the data will be processed or discarded.
An implicit discard exists at the end of every ACP. Specifying a discard list is unnecessary
in most applications and should be used with caution. Specifying an empty ACL or a
nonexistent ACL in an ACP will result in an implicit permit.
60000CRG0-35E
Specifies the IPv6 ACL against which to check traffic before discarding the
packet. All packets not matched by the IPv6 ACL will be processed by the
next IPv6 ACP entry or implicitly discarded if no further ACP entries exist.
Optional. Specifies the destination IPv6 ACP against which to match traffic.
The firewall attempts to match the specified ACP with the ACP that is
applied to the packet's egress interface as determined by the routing table.
If there is a match, the firewall attempts to match the ACL next. If there is no
match, the firewall will process the packet based on the next IPv6 ACP
entry or implicitly discard it if no further ACP entries exist.
Optional. Discards packets that are matched by the IPv6 ACL and destined
for any local interface on the unit. These packets, had they been allowed,
would be terminated by the unit and not routed or forwarded to other
destinations.
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
IPv6 Access Control Policy Command Set
3199