User`s guide
Using Access Policies
12-2
Using Access Policies
To use access policies:
1. Create an access profile.
2. Configure the access profile to be of type
permit
or
deny
.
3. Apply the access profile.
Creating an
Access Profile
The first thing to do when using access policies is create an
access
profile
. An access profile is a named list of IP addresses and
associated subnet masks.
You must give the access profile a unique name (in the same manner
as naming a protocol filter or Spanning Tree Domain). You must also
indicate the type of access list (IP address) to be used. To create an
access profile, use the following command:
create access-profile <access_profile> type
[ipaddress]
Configuring an
Access Profile
After the access profile is created, configure it by adding or deleting
IP addresses. To add or delete IP addresses to an access profile, use
the following command:
config access-profile <access_profile> [add |
delete] {ipaddress <ipaddress> <mask>}
Then, configure the access list to be one of the following types:
❑
Permit
❑
Deny
The access list type determines whether the items in the list are to be
permitted access or denied access. To configure the type of access
profile, use the following command:
config access-profile <access_profile> mode
[permit | deny]
Applying Access
Profiles
Once the access profile is defined, apply it to one or more routing
protocols. When an access profile is applied to a protocol function
(for example, the export of RIP routes), this forms an access policy. A
profile can be used by multiple routing protocol functions , but a
protocol function can use only one access profile.