User guide
E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
16-25
M
AKING
C
HANGES
TO
A
R
OUTING
A
CCESS
P
OLICY
To configure the switch labeled Engsvrs, the commands would be as follows:
create access-profile nointernet ipaddress
config access-profile nointernet mode deny
config access-profile nointernet add 10.0.0.10/32
config pim vlan backbone trusted-gateway nointernet
R
OUTING
A
CCESS
P
OLICIES
FOR
BGP
If the BGP protocol is being used, the switch can be configured to use an access profile
to determine any of the following:
• NLRI filter — Use an access profile to determine the NLRI information that must be
exchanged with a neighbor. To configure an NLRI filter policy, use the following
command:
config bgp neighbor [<ipaddress> | all] nlri-filter [in | out]
[<access_profile> | none]
The NLRI filter access policy can be applied to the ingress or egress updates, using
the
in
and
out
keywords, respectively.
• Autonomous system path filter — Use an access profile to determine which NLRI
information must be exchanged with a neighbor based on the AS path information
present in the path attributes of the NLRI. To configure an autonomous system path
filter policy, use the following command:
config bgp neighbor [<ipaddress> | all] as-path-filter [in | out]
[<access_profile> | none]
The autonomous system path filter can be applied to the ingress or egress updates,
using the
in
and
out
keywords, respectively.
M
AKING
C
HANGES
TO
A
R
OUTING
A
CCESS
P
OLICY
You can change the routing access policy by changing the associated access profile.
However, the propagation of the change depends on the protocol and policy involved.
Propagation of changes applied to RIP, DVMRP, and PIM access policies depend on the
respective protocol timers to age-out entries.
In BGP, the change to the policy is immediately effective on the routing information
exchanged after the policy changes. The changes can be applied on the routing
information that had been exchanged before the policy changes by issuing a soft reset