ADTRAN 1000R Series ip access-list extended <listname>

Command Reference Guide Global Configuration Mode Command Set

ip access-list extended <listname>

Use the ip access-list extended command to create an empty access list and enter the extended access-list.

Use the no form of this command to delete an access list and all the entries contained in it.

The following lists the complete syntax for the ip access-list extended commands:

Example:

Syntax Description

<listname> Identifying the configured access list using an alphan umeric descriptor. All access

list descriptors are case-sensitive.

<protocol> Specifies the data protocol such as IP, ICMP, TCP, UDP, or a specific protocol

(range: 0 to 255).

<source ip> Specifies the source IP address used for packet matching. IP addresses can be

expressed in on e of three ways:

1. Using the keyword any to match any IP address. For exampl e, ente rin g deny

any will effectively shut down the interface that uses the access list because all

traffic will match the any keyword.

2. Using the host <A.B.C.D> to specify a single host address. For example,

entering permit host 196.173.22.253 will allow all traffic from the host with an

IP address of 196.173.22.253.

3. Using the <A.B.C.D> <wildcard> format to match all IP addresses in a “range.”

Wildcard masks work in reverse logic from subnet mask. Specifying a one in

the wildcard mask equates to a “don’t care”. For example, entering permit

192.168.0.0 0.0.0.255 will permit all traffic from the 192.168.0.0/24 network.

<source port> Optional. The source port is used only when <protocol> is tcp or udp.

Example:

[permit | deny] icmp [any | host <A.B.C.D> | <A.B.C.D> <W.W.W.W>]

[any | host <A.B.C.D> | <A.B.C.D> <W.W.W.W>] <icmp-type>* <icmp-code>* <icmp-message>*

* = optional

Source IP Address

Destination IP Address

<source port>* [any | host <A.B.C.D> | <A.B.C.D> <W.W.W.W>] <destination port>*

Source IP Address

Destination IP Address