User guide
16-24 E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
A
CCESS
P
OLICIES
To configure the switch labeled Engsvrs, use the following commands:
create access-profile nointernet ipaddress
config access-profile nointernet mode deny
config access-profile nointernet add 10.0.0.10/32
config dvmrp vlan backbone trusted-gateway nointernet
In addition, suppose the administrator wants to preclude users on the VLAN Engsvrs
from seeing any multicast streams that are generated by the VLAN Sales across the
backbone. The additional configuration of the switch labeled Engsvrs is as follows:
create access-profile nosales ipaddress
config access-profile nosales mode deny
config access-profile nosales add 10.2.1.0/24
config dvmrp vlan backbone import-filter nosales
R
OUTING
A
CCESS
P
OLICIES
FOR
PIM
Because PIM leverages the unicast routing capability that is already present in the
switch, the access policy capabilities are, by nature, different. If you are using the PIM
protocol for routing IP multicast traffic, you can configure the switch to use an access
profile to determine any of the following:
• Trusted Neighbor — Use an access profile to determine trusted PIM router
neighbors for the VLAN on the switch running PIM. To configure a trusted neighbor
policy, use the following command:
config pim vlan [<name> | all] trusted-gateway [<access_profile> |
none]
E
XAMPLE
Using PIM, the unicast access policies can be used to restrict multicast traffic. In this
example, a network similar to the example used in the previous RIP example is also
running PIM. The network administrator wants to disallow Internet access for multicast
traffic to users on the VLAN Engsvrs. This is accomplished by preventing the learning
of routes that originate from the switch labeled Internet by way of PIM on the switch
labeled Engsvrs.