Command Reference Guide
SROS Command Line Interface Reference Guide PPP Interface Configuration Command Set
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 717
access-policy <policyname>
Use the access-policy command to assign a specified access policy to an interface. Use the no form of this
command to remove an access policy association.
Syntax Description
<policyname> Alphanumeric descriptor for identifying the configured access policy.
Default Values
By default, there are no configured access policies associated with an interface.
Command Modes
(config-interface)# Interface Configuration Mode
Valid interfaces include: Ethernet (eth 0/1), virtual PPP interfaces (ppp 1), virtual
Frame Relay sub-interfaces (fr 1.20), and VLAN interface (vlan 1).
Usage Examples
The following example associates the access policy UnTrusted (to allow inbound traffic to the Web server)
to the virtual PPP interface:
Enable the Secure Router OS security features:
(config)#ip firewall
Create the access list (this is the packet selector):
(config)#ip access-list extended InWeb
(config-ext-nacl)#permit tcp any host 63.12.5.253 eq 80
Create the access policy that contains the access list InWeb:
(config)#ip policy-class UnTrusted
(config-policy-class)#allow list InWeb
Associate the access list with the PPP virtual interface (labeled 1):
(config)#interface ppp 1
(config-ppp 1)#access-policy UnTrusted
Technology Review
Creating access policies and lists to regulate traffic through the routed network is a four-step process:
Note
All access policy descriptors are case-sensitive.