ADTRAN 1000R Series Network Card User Manual

Open as PDF

of 1373

Command Reference Guide Global Configuration Mode Command Set

Functional Notes

Access control lists are used as packet selectors by access policies (ACPs); by themselves they do

nothing. ACLs are composed of an ordered list of entries with an implicit deny all at the end of each list. An

ACL entry contains two parts: an action (permit or deny) and a packet pattern. A permit ACL is used to

allow packets (meeting the specified pattern) to enter the router system. A deny ACL advances the AOS

the next access policy entry. The AOS

provides two types of ACLs: standard and extended. Standard

ACLs allow source IP address packet patterns only. Extended ACLs may specify patterns using most fields

in the IP header and the TCP or UDP header.

ACLs are performed in order from the top of the list down. Generally the most specific entries should be at

the top and the most general at the bottom.

The following commands are contained in the access-list standard:

remark

Associates a descriptive tag (up to 80 alphanumeric characters enclosed in quotation marks) to the access

list. Enter a functional description for the list such as “This list blocks all outbound web traffic.”

log

Logs a message (if debug access-list is enabled for this access list) when the access list finds a packet

match.

permit or deny any

Uses the any keyword to match any IP address received by the access list. For example, the following

allows all packets through the configured access list:

(config)#ip access-list standard MatchAll

(config-std-nacl)#permit any

permit or deny host <ip address>

Uses the host <A.B.C.D> keyword to specify a single host address. For example, the following allows all

traffic from the host with an IP address of 196.173.22.253.

(config)#ip access-list standard MatchHost

(config-std-nacl)#permit host 196.173.22.253

permit or deny <ip address> <wildcard>

Uses the <A.B.C.D> <wildcard> format to match all IP addresses in a “range.” Wildcard masks work in

reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a “don’t care.” For

example, the following denies all traffic from the 192.168.0.0/24 network:

(config)#ip access-list standard MatchNetwork

(config-std-nacl)#deny 192.168.0.0 0.0.0.255

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

ADTRAN 1000R Series Network Card User Manual