ADTRAN 1000R Series

Command Reference Guide Global Configuration Mode Command Set

Functional Notes

AOS

access control policies are used to allow, discard, or manipulate (using NAT) data for each physical

interface. Each ACP consists of a selector (access list) and an action (allow, discard, NAT). When

packets are received on an interface, the configured ACPs are applied to determine whether the data will

be processed or discarded.

The following commands ar e contained in the policy-class:

allow list <access list names>

All packets passed by the access list(s) entered will be allowed to enter the router system.

discard list <access list names>

All packets passed by the access list(s) entered will be dropped from the router system.

allow list <access list names> policy <access policy name>

All packets passed by the access list(s) entered and destined for the interface using th e access policy

listed will be permitted to enter the router system. This allows for configurations to permit packets to a

single interface and not the entire system.

discard list <access list names> policy <access policy name>

All packets passed by the access list(s) entered and destined for the interface using th e access policy

listed will be blocked from the router system. This allows for configurations to deny packets on a specified

interface.

nat source list <access list names> address <IP address> overload policy <access policy name>

All packet s pa ssed by the access list(s) and destined for the interface using the access policy listed will be

modified to replace the source IP address with the entered IP address. The overload keyword allows

multiple source IP addresses to be replaced with the single IP address entered. This hides private IP

addresses from outside the local network.

nat source list <access list names> interface <interface> overload policy <access policy name>

All packet s pa ssed by the access list(s) and destined for the interface using the access policy listed will be

modified to replace the source IP address with the primary IP address of the listed inter face. The overload

keyword allows multip le sou r ce IP ad dr es se s to be rep lac ed with th e sing le IP addre ss of th e sp ecif ied

interface. This hides private IP addresses from outs ide the local network.

nat destination list <access list names> address <IP address>

All packet s passed by the access list(s) entered will be modified to replace the destination IP address with

the entered IP addr ess. The overload keyword is not an option when performing NAT on the destination IP

address; each private address must have a unique public address. This hides private IP addresses from

outside the local network.

Usage Examples

Refer to the Technology Review (which follows) for command syntax examples.