Configuring Destination-Sensitive Accounting
Configuring an Access Profile Mode
After the access profile is created, you must configure the access profile mode. The
access profile mode determines whether the items in the list are to be permitted access
or denied access.
Three access profile modes are available:
• Permit — The permit mode permits the operation, as long as it matches any entry in
the access profile. If the operation does not match any entries in the list, the
operation is denied.
• Deny — The deny mode denies the operation, as long as it matches any entry in the
access profile. If it does not match all specified entries in the list, the operation is
permitted.
• None — Using the none mode, the access profile can contain a combination of
permit and deny entries. Each entry must have a permit or deny attribute. The
operation is compared with each entry in the list. When a match is found, the
operation is either permitted or denied, depending on the configuration of the
matched entry. If no match is found, the operation is implicitly denied.
To configure the access profile mode, use the following command:
config access-profile <access_profile> mode [permit | deny | none]
The following command example defines the
:
none
config access-profile cold mode none
Adding an Access Profile Entry
Next, configure the access profile by adding or deleting IP addresses, autonomous
system path expressions, or BGP communities using the following command:
config access-profile <access_profile> add {<seq_number>} {permit | deny}
[ipaddress <ipaddress> <mask> {exact} | as-path <path-expression> |
bgp-community [internet | no-export | no-advertise | no-export-subconfed |
<as_no:number> | number <community>]]
The following sections describe the
8-6
access-profile to have a mode of
cold
config access-profile add
command.
MPLS Module Installation and User Guide