Command Reference Guide
Command Reference Guide Tunnel Configuration Command Set
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 779
access-policy <policyname>
Use the access-policy command to assign a specified access policy for the inbound traffic on an interface.
Use the no form of this command to remove an access policy association.
Syntax Description
<policyname> Identifies the configured access policy alphanumeric descriptor (all access policy
descriptors are case-sensitive).
Default Values
By default, there are no configured access policies associated with an interface.
Command Modes
(config-interface)# Interface Configuration Mode
Valid interfaces include: Ethernet (eth 0/1), PPP virtual interfaces (ppp 1), HDLC
virtual interfaces (hdlc 1), Frame Relay virtual sub-interfaces (fr 1.20), tunnel
interfaces (tunnel 1), and VLAN interface (vlan 1).
Functional Notes
To assign an access policy to an interface, enter the Interface Configuration mode for the desired interface
and enter access-policy <policy name>.
Usage Examples
The following example associates the access policy UnTrusted (to allow inbound traffic to the Web server)
to the tunnel 1 interface:
Enable the SROS security features:
(config)#ip firewall
Create the access list (this is the packet selector):
(config)#ip access-list extended InWeb
(config-ext-nacl)#permit tcp any host 63.12.5.253 eq 80
Create the access policy that contains the access list InWeb:
Note
Configured access policies will only be active if the ip firewall command has been entered
at the Global Configuration mode prompt to enable the SROS security features. All
configuration parameters are valid, but no security data processing will be attempted
unless the security features are enabled.