Ip access-group [in | out – ADTRAN 5000 Series User Manual

Command Reference Guide

Demand Interface Configuration Command Set

61200990L1-35E

Copyright © 2005 ADTRAN

654

ip access-group [in | out]

Use the ip access-group command to create an access list to be used for packets transmitted on or received
from the specified interface. Use the no form of this command to disable this type of control.

Syntax Description

Indicates the assigned IP access list name.

in

Enables access control on packets received on the specified interface.

out

Enables access control on packets transmitted on the specified interface.

Default Values

By default, these commands are disabled.

Applicable Platforms

This command applies to the NetVanta 1000R, 3000, 4000, and 5000 Series units.

Command History

Release 3.1

Command was introduced.

Release 11.1

Command expanded to include the demand interface.

Functional Notes

When this command is enabled, the IP destination address of each packet must be validated before being
passed through. If the packet is not acceptable per these settings, it is dropped.

Usage Examples

The following example sets up the router to only allow Telnet traffic into the demand interface:

(config)#ip access-list extended TelnetOnly

(config-ext-nacl)#permit tcp any any eq telnet

(config-ext-nacl)#interface demand 1

(config-demand 1)#ip access-group TelnetOnly in