User`s guide
Using Access Policies
12-4
Figure 12-1
RIP Access Policy Example
Assuming the backbone VLAN interconnects all the routers in the
company (and, therefore, the Internet router does not have the best
routes for other local subnets), the commands to build the access
policy for the switch would be the following:
create access-profile nointernet ipaddress
config access-profile nointernet mode deny
config access-profile nointernet add
10.0.0.10/32
config rip vlan backbone trusted-gateway
nointernet
In addition, if the administrator wants to restrict any user belonging
to the VLAN
Engsvrs
from reaching the VLAN
Sales
(IP address
10.2.1.0/24) , the additional access policy commands to build the
access policy would be as follows:
create access-profile nosales ipaddress
config access-profile nosales mode deny
config access-profile nosales add 10.2.1.0/24
config rip vlan backbone import-filter nosales
POWER
MGMT.
10/100BASE-T ETHERNET SWITCH
WITH GIGABIT ETHERNET
1234
13 14 15 16
5678
17 18 19 20
9101112
21 22 23 24
LINK ON
ACTIVITY
DISABLED
123456
789101112
13 14 15 16 17 18
19 20 21 22 23 24
25
25
25R
25R
A
L
25 25R
1000BASE-X 10/100BASE-TX MDI-X
Internet
10.0.0.10/24
Backbone/RIP
POWER
MGMT.
10/100BASE-T ETHERNET SWITCH
WITH GIGABIT ETHERNET
1234
13 14 15 16
5678
17 18 19 20
9101112
21 22 23 24
LINK ON
ACTIVITY
DISABLED
123456
7 8 9101112
13 14 15 16 17 18
19 20 21 22 23 24
25
25
25R
25R
A
L
25 25R
1000BASE-X 10/100BASE-TX MDI-X
POWER
MGMT.
10/100BASE-T ETHERNET SWITCH
WITH GIGABIT ETHERNET
1234
13 14 15 16
5678
17 18 19 20
9101112
21 22 23 24
LINK ON
ACTIVITY
DISABLED
123456
7 8 9 10 11 12
13 14 15 16 17 18
19 20 21 22 23 24
25
25
25R
25R
A
L
25 25R
1000BASE-X 10/100BASE-TX MDI-X
10.0.0.11/24
Internet
Engrsvrs
10.1.1.1/24
Switch being
configured
Engrsvrs
Sales
10.0.0.12/24
Sales
10.2.1.1/24