User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentSummit Summit4

161

162

163

164

165

166

167

168

169

170

Using Routing Access Profiles

ExtremeWare 7.2e Installation and User Guide 163

Figure 25: OSPF access policy example

To configure the switch labeled Internet, the commands would be as follows:

create access-profile okinternet ipaddress

configure access-profile okinternet mode permit

configure access-profile okinternet add 192.1.1.0/24

configure ospf asbr-filter okinternet

Routing Access Profiles for PIM

Because PIM leverages the unicast routing capability that is already present in the switch, the access

policy capabilities are, by nature, different. If you are using the PIM protocol for routing IP multicast

traffic, you can configure the switch to use an access profile to determine:

Trusted Neighbor—Use an access profile to determine trusted PIM router neighbors for the VLAN on

the switch running PIM. To configure a trusted neighbor policy, use the following command:

configure pim vlan [<vlan name> | all] trusted-gateway [<access profile> | none]

Example

Using PIM, the unicast access profiles can be used to restrict multicast traffic. In this example, a network

similar to the example used in the previous RIP example is also running PIM. The network

administrator wants to disallow Internet access for multicast traffic to users on the VLAN Engsvrs. This

is accomplished by preventing the learning of routes that originate from the switch labeled Internet by

way of PIM on the switch labeled Engsvrs.

ES4K014

Internet

Backbone (OSPF)

area 0.0.0.0

Sales

area 0.0.0.2

Engsvrs

area 0.0.0.1

10.0.0.10 / 24

10.0.0.11 / 24

10.1.1.1 / 24 10.2.1.1 / 24

10.0.0.12 / 24

Switch being

configured

Engsvrs

Sales

Internet