Table of Contents
Advertisement
C H A P T E R 1 4
Switch being
264
Access Policies
10.0.0.11 / 24
configured
10.1.1.1 / 24
Figure 29: RIP access policy example
Assuming the backbone VLAN interconnects all the routers in the
company (and, therefore, the Internet router does not have the best
routes for other local subnets), the commands to build the access
policy for the switch would be the following:
create access-profile nointernet ipaddress
config access-profile nointernet mode deny
config access-profile nointernet add 10.0.0.10/32
config rip vlan backbone trusted-gateway nointernet
In addition, if the administrator wants to restrict any user belonging
to the VLAN Engsvrs from reaching the VLAN Sales (IP address
10.2.1.0/24), the additional access policy commands to build the
access policy would be as follows:
create access-profile nosales ipaddress
config access-profile nosales mode deny
config access-profile nosales add 10.2.1.0/24
config rip vlan backbone import-filter nosales
Internet
10.0.0.10 / 24
Engsvrs
Engsvrs
Internet
Backbone (RIP)
10.0.0.12 / 24
Sales
10.2.1.1 / 24
Sales
480t_007
Advertisement
Table of Contents
