Ip access-group <listname> [in | out – ADTRAN 1000R Series User Manual

Command Reference Guide

Tunnel Configuration Command Set

61200510L1-35E

Copyright © 2005 ADTRAN

1134

ip access-group <listname> [in | out]

Use the ip access-group command to create an access list to be used for packets transmitted on or received
from the specified interface. Use the no form of this command to disable this type of control.

Syntax Description

<listname>

Assigns an IP access list name.

in

Enables access control on packets received on the specified interface.

out

Enables access control on packets transmitted on the specified interface.

Default Values

By default, these commands are disabled.

Applicable Platforms

This command applies to the NetVanta 300, 1000R, 2000, 3000, 4000, and 5000 and Total Access 900
Series units.

Command History

Release 3.1

Command was introduced.

Release 9.1

Command was expanded to include tunnel interfaces.

Functional Notes

When this command is enabled, the IP destination address of each packet must be validated before being
passed through. If the packet is not acceptable per these settings, it is dropped.

Usage Examples

The following example sets up the unit to only allow Telnet traffic (as defined in the user-configured
TelnetOnly IP access list) into the tunnel interface:

(config)#ip access-list extended TelnetOnly

(config-ext-nacl)#permit tcp any any eq telnet

(config-ext-nacl)#interface tunnel 1

(config-tunnel 1)#ip access-group TelnetOnly in