Command Reference Guide Global Configuration Mode Command Set
61200510L1-35E Copyright © 2005 ADTRAN 395
<icmp-code> Optional. Filters ICMP packets that are filtered using the ICMP message type
(using the <icmp-type> keyword) may also be filtered using the ICMP message
code (valid range: 0 to 255).
An <icmp-type> must be specified when entering an <icmp-code>.
<icmp-message> Optional. Filters packets using ICMP descriptive message rather than the
correspond in g typ e an d code associations.
Default Values
By default, all AOS
security features are disabled and there are no configured access lists.
Applicable Platforms
This command applies to the NetVanta 300, 1000, 1000R, 2000, 3000, 4000, and 5000 and
Total Access 9 00 Series units.
Command History
Release 2.1 Command was introduced.
Functional Notes
Access control lists (ACLs) are used as packet selectors by other AOS
systems; by themselves they do
nothing. ACLs are composed of an or dered list of entries with an implicit deny all at the end of each list. An
ACL entry contains two parts: an action (permit or deny) and a packet pattern. A permit ACL is used to
allow packets (meeting the specified pattern) to enter the router system. A deny ACL advances the AOS
to
the next access po licy en tr y. The AOS
provides two types of ACLs: standard and extended. Standard
ACLs allow source IP address p acket patterns only. Extended ACLs may specify patterns using most fields
in the IP header and the TCP or UDP heade r.
ACLs are performed in order from the top of the list down. Generally, the most specific entries should be at
the top and the mo st gen er al at the bo tt om .
The following commands ar e contained in the access-list extended mode:
remark Associates a descriptive tag (up to 80 alphanumeric characters enclosed in
quotation marks) to the access list. Enter a functional description for the list such
as “This list blocks all outbound web traffic”.
log Logs a message (if debug access-list is enabled for this access list) when the
access list finds a packet match.