Filter
Top Products
Command Reference Guide Global Configuration Mode Command Set
61200510L1-35E Copyright © 2005 ADTRAN 415
Technology Review
Concepts:
Access control using the AOS
firewall has two fundamental parts: Access Control Lists (ACLs) and Access
Policy Classes (ACPs). ACLs are used as packet selectors by other AOS
systems; by themselves they do
nothing. ACPs consist of a selector (ACL) and an action (allow, discard, NAT). ACPs integrate both allow
and discard policies with NAT. ACPs have no effect until they are assigned to a network interface.
Both ACLs and ACPs are order dependent. When a packet is evaluated, the matching engine begins with
the first entry in the list and progresses through the entries until it finds a match. The first entry that
matches is executed.
Packet Flow:
Case 1: Packets from interfaces with a configured policy class to any other interface
ACPs are applied when packets are received on an interface. If an interface has not been assigned a policy
class, by default it will allow all received traffic to pass through. If an interface has been assigned a policy class
but the firewall has not been enabled with the
ip firewall
command, traffic will flow normally from this interface
with no firewall processing.
Case 2: Packets that travel in and out a single interface with a configured policy class
These packets are processed through the ACPs as if they are destined for another interface (identical to
Case 1).
Case 3: Packets from interfaces without a configured policy class to interfaces with one
These packets are routed normally and are not processed by the firewall. The ip firewall command has no
effect on this traffic.
Interface Association List
Access Control Polices
(permit, deny, NAT)
Route Lookup Packet OutPacket In
If session hit,
or no ACP configured