User guide
16-16 E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
A
CCESS
P
OLICIES
C
REATING
AN
A
CCESS
P
ROFILE
The first thing to do when using routing access policies is to create an access profile. An
access profile has a unique name, and contains one of the following entry types:
• A list of IP addresses and associated subnet masks
• One or more autonomous system path expressions (BGP only)
• One or more BGP community numbers (BGP only)
You must give the access profile a unique name (in the same manner as naming a
VLAN, protocol filter, or Spanning Tree Domain). To create an access profile, use the
following command:
create access-profile <access_profile> type [ipaddress | as-path |
bgp-community]
C
ONFIGURING
AN
A
CCESS
P
ROFILE
M
ODE
After the access profile is created, you must configure the access profile mode. The
access profile mode determines whether the items in the list are to be permitted access
or denied access.
There are three available modes:
• Permit — The permit access profile mode permits the operation, as long as it
matches any entry in the access profile. If the operation does not match any entries
in the list, the operation is denied.
• Deny — The deny access profile mode denies the operation, as long as it matches
any entry in the access profile. If it does not match all specified entries in the list, the
operation is permitted.
• None — Using the none mode, the access profile can contain a combination of
permit and deny entries. Each entry must have a permit or deny attribute. The
operation is compared with each entry in the list. Once a match is found, the
operation is either permitted or denied, depending on the configuration of the
matched entry. If no match is found, the operation is implicitly denied.