User`s guide
Using Access Policies
12-6
Example.
Figure 1 2-2 illustrates an OSPF network that is similar to
the network used previously in the RIP example. In this example,
access to the Internet is accomplished by the use the ASBR function
on the switch labeled “Internet.” As a result, all routes to the Internet
will be done through external routes. Suppose the network
administrator wishes to only allow access only to certain internet
addresses falling within the range 192.1.1.0/24 to the internal
backbone.
Figure 12-2
OSPF Access Policy Example
To configuring the switch labeled Internet, the commands would be
as follows:
create access-profile okinternet ipaddress
config access-profile okinternet mode permit
config access-profile okinternet add
192.1.1.0/24
config ospf asbr-filter okinternet
POWER
MGMT.
10/100BASE-T ETHERNET SWITCH
WITH GIGABIT ETHERNET
1234
13 14 15 16
5678
17 18 19 20
9101112
21 22 23 24
LINK ON
ACTIVITY
DISABLED
123456
7 8 9101112
13 14 15 16 17 18
19 20 21 22 23 24
25
25
25R
25R
A
L
25 25R
1000BASE-X 10/100BASE-TX MDI-X
Internet
10.0.0.10/24
Backbone/OSPF
POWER
MGMT.
10/100BASE-T ETHERNET SWITCH
WITH GIGABIT ETHERNET
1234
13 14 15 16
5678
17 18 19 20
9101112
21 22 23 24
LINK ON
ACTIVITY
DISABLED
123456
7 8 9101112
13 14 15 16 17 18
19 20 21 22 23 24
25
25
25R
25R
A
L
25 25R
1000BASE-X 10/100BASE-TX MDI-X
POWER
MGMT.
10/100BASE-T ETHERNET SWITCH
WITH GIGABIT ETHERNET
1234
13 14 15 16
5678
17 18 19 20
9101112
21 22 23 24
LINK ON
ACTIVITY
DISABLED
123456
7 8 9 10 11 12
13 14 15 16 17 18
19 20 21 22 23 24
25
25
25R
25R
A
L
25 25R
1000BASE-X 10/100BASE-TX MDI-X
10.0.0.11/24
Internet
Engrsvrs
10.1.1.1/24
Switch being
configured
Engrsvrs
Sales
10.0.0.12/24
Sales
10.2.1.1/24
area 0.0.0.0