User guide

Using Routing Access Profiles
ExtremeWare 7.2e Installation and User Guide 161
Figure 24: RIP access policy example
Assuming the backbone VLAN interconnects all the routers in the company (and, therefore, the Internet
router does not have the best routes for other local subnets), the commands to build the access policy
for the switch would be:
create access-profile nointernet ipaddress
configure access-profile nointernet mode deny
configure access-profile nointernet add 10.0.0.10/32
configure rip vlan backbone trusted-gateway nointernet
In addition, if the administrator wants to restrict any user belonging to the VLAN Engsvrs from
reaching the VLAN Sales (IP address 10.2.1.0/24), the additional access policy commands to build the
access policy would be:
create access-profile nosales ipaddress
configure access-profile nosales mode deny
configure access-profile nosales add 10.2.1.0/24
configure rip vlan backbone import-filter nosales
This configuration results in the switch having no route back to the VLAN Sales.
Routing Access Profiles for OSPF
Because OSPF is a link-state protocol, the access profiles associated with OSPF are different in nature
than those associated with RIP. Access profiles for OSPF are intended to extend the existing filtering and
security capabilities of OSPF (for example, link authentication and the use of IP address ranges). If you
are using the OSPF protocol, the switch can be configured to use an access profile to determine any of
the following:
ES4K013
Internet
Backbone (RIP)
SalesEngsvrs
Switch being
configured
10.0.0.10 / 24
10.0.0.11 / 24
10.1.1.1 / 24 10.2.1.1 / 24
10.0.0.12 / 24
Engsvrs
Sales
Internet