Command Reference Guide
SROS Command Line Interface Reference Guide Ethernet Interface Configuration Command Set
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 436
access-policy <policyname>
Use the access-policy command to assign a specified access policy to an interface. Use the no form of this
command to remove an access policy association.
Syntax Description
<policyname> Alphanumeric descriptor for identifying the configured access policy (all access
policy descriptors are case-sensitive)
Default Values
By default, there are no configured access policies associated with an interface.
Command Modes
(config-interface)# Interface Configuration Mode
Valid interfaces include: Ethernet, virtual PPP interfaces (ppp 1), virtual Frame
Relay sub-interfaces (fr 1.20), and VLAN interfaces.
Functional Notes
To assign an access policy to an interface, enter the interface configuration mode for the desired interface
and enter access policy <policy name>.
Usage Examples
The following example associates the access policy UnTrusted (to allow inbound traffic to the Web server)
to the Ethernet 0/1 interface:
Enable the Secure Router OS security features:
(config)#ip firewall
Create the access list (this is the packet selector):
(config)#ip access-list extended InWeb
(config-ext-nacl)#permit tcp any host 63.12.5.253 eq 80
Create the access policy that contains the access list InWeb:
(config)#ip policy-class UnTrusted
(config-policy-class)#allow list InWeb