Table of Contents
Advertisement
Using Routing Access Profiles
Figure 26: RIP access policy example
Internet
Internet
10.0.0.10 / 24
Backbone (RIP)
Switch being
10.0.0.11 / 24
10.0.0.12 / 24
configured
Engsvrs
Sales
10.1.1.1 / 24
10.2.1.1 / 24
Engsvrs
Sales
ES4K013
Assuming the backbone VLAN interconnects all the routers in the company (and, therefore, the Internet
router does not have the best routes for other local subnets), the commands to build the access policy
for the switch would be:
create access-profile nointernet ipaddress
configure access-profile nointernet mode deny
configure access-profile nointernet add 10.0.0.10/32
configure rip vlan backbone trusted-gateway nointernet
In addition, if the administrator wants to restrict any user belonging to the VLAN Engsvrs from
reaching the VLAN Sales (IP address 10.2.1.0/24), the additional access policy commands to build the
access policy would be:
create access-profile nosales ipaddress
configure access-profile nosales mode deny
configure access-profile nosales add 10.2.1.0/24
configure rip vlan backbone import-filter nosales
This configuration results in the switch having no route back to the VLAN Sales.
Routing Access Profiles for OSPF
Because OSPF is a link-state protocol, the access profiles associated with OSPF are different in nature
than those associated with RIP. Access profiles for OSPF are intended to extend the existing filtering and
security capabilities of OSPF (for example, link authentication and the use of IP address ranges). If you
are using the OSPF protocol, the switch can be configured to use an access profile to determine any of
the following:
ExtremeWare 7.2e Installation and User Guide
165
- Quick Links:
- Spanning Tree Protocol
Hide quick links:
Advertisement
Table of Contents
