Allied Telesis AT-8550 User Manual
Page 212
Using Access Policies
12-4
Figure 12-1 RIP Access Policy Example
Assuming the backbone VLAN interconnects all the routers in the
company (and, therefore, the Internet router does not have the best
routes for other local subnets), the commands to build the access
policy for the switch would be the following:
create access-profile nointernet ipaddress
config access-profile nointernet mode deny
config access-profile nointernet add
10.0.0.10/32
config rip vlan backbone trusted-gateway
nointernet
In addition, if the administrator wants to restrict any user belonging
to the VLAN Engsvrs from reaching the VLAN Sales (IP address
10.2.1.0/24) , the additional access policy commands to build the
access policy would be as follows:
create access-profile nosales ipaddress
config access-profile nosales mode deny
config access-profile nosales add 10.2.1.0/24
config rip vlan backbone import-filter nosales
POWER
MGMT.
10/100BASE-T ETHERNET SWITCH
WITH GIGABIT ETHERNET
1
2
3
4
13
14
15
16
5
6
7
8
17
18
19
20
9
10
11
12
21
22
23
24
LINK ON
ACTIVITY
DISABLED
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
25
25R
25R
A
L
25
25R
1000BASE-X
10/100BASE-TX MDI-X
Internet
10.0.0.10/24
Backbone/RIP
POWER
MGMT.
10/100BASE-T ETHERNET SWITCH
WITH GIGABIT ETHERNET
1
2
3
4
13
14
15
16
5
6
7
8
17
18
19
20
9
10
11
12
21
22
23
24
LINK ON
ACTIVITY
DISABLED
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
25
25R
25R
A
L
25
25R
1000BASE-X
10/100BASE-TX MDI-X
POWER
MGMT.
10/100BASE-T ETHERNET SWITCH
WITH GIGABIT ETHERNET
1
2
3
4
13
14
15
16
5
6
7
8
17
18
19
20
9
10
11
12
21
22
23
24
LINK ON
ACTIVITY
DISABLED
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
25
25R
25R
A
L
25
25R
1000BASE-X
10/100BASE-TX MDI-X
10.0.0.11/24
Internet
Engrsvrs
10.1.1.1/24
Switch being
configured
Engrsvrs
Sales
10.0.0.12/24
Sales
10.2.1.1/24