User guide
E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
16-23
U
SING
R
OUTING
A
CCESS
P
OLICIES
To configure the switch labeled Internet, the commands would be as follows:
create access-profile okinternet ipaddress
config access-profile okinternet mode permit
config access-profile okinternet add 192.1.1.0/24
config ospf asbr-filter okinternet
R
OUTING
A
CCESS
P
OLICIES
FOR
DVMRP
The access policy capabilities for DVMRP are very similar to those for RIP. If you are
using the DVMRP protocol is used for routing IP multicast traffic, you can configure the
switch to use an access profile to determine any of the following:
• Trusted Neighbor — Use an access profile to determine trusted DVMRP router
neighbors for the VLAN on the switch running DVMRP. To configure a trusted
neighbor policy, use the following command:
config dvmrp vlan [<name> | all] trusted-gateway [<access_profile> |
none]
• Import Filter — Use an access profile to determine which DVMRP routes are
accepted as valid routes. To configure an import filter policy, use the following
command:
config dvmrp vlan [<name> | all] import-filter [<access_profile> |
none]
• Export-Filter — Use an access profile to determine which DVMRP routes are
advertised into a particular VLAN, using the following command:
config dvmrp vlan [<name> | all] export-filter [<access_profile> |
none]
E
XAMPLE
In this example, the network used in the previous RIP example is configured to run
DVMRP. The network administrator wants to disallow Internet access for multicast
traffic to users on the VLAN Engsvrs. This is accomplished by preventing the learning
of routes that originate from the switch labeled Internet by way of DVMRP on the
switch labeled Engsvrs.