Access policies for dvmrp, Access policies for dvmrp -7 – Allied Telesis AT-8550 User Manual

AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide

12-7

Access Policies

for DVMRP

The access policy capabilities for DVMRP are very similar to those for
RIP. If the DVMRP protocol is used for routing IP multicast traffic, the
switch can be configured to use an access profile to determine any of
the following:

❑ Trusted Neighbor — Use an access profile to determine

trusted DVMRP router neighbors for the VLAN on the switch
running DVMRP. To configure a trusted neighbor policy, use
the following command:

config dvmrp vlan [ | all] trusted-
gateway [ | none]

❑ Import Filter — Use an access profile to determine which

DVMRP routes are accepted as valid routes. To configure an
import filter policy, use the following command:

config dvmrp vlan [ | all] import-
filter [ | none]

❑ Export-Filter — Use an access profile to determine which

DVMRP routes are advertised into a particular VLAN, using the
following command:

config dvmrp vlan [ | all] export-
filter [ | none]

Example. In this example, the network used in the previous RIP
example is configured to run DVMRP. The network administrator
wants to disallow Internet access for multicast traffic to users on the
VLAN Engsvrs. This is accomplished by preventing the learning of
routes that originate from the switch labeled “Internet” by way of
DVMRP on the switch labeled “Engsvrs.” To configure the switch
labeled “Engsvrs,” use the following commands:

create access-profile nointernet ipaddress

config access-profile nointernet mode deny

config access-profile nointernet add

10.0.0.10/32

config dvmrp vlan backbone trusted-gateway

nointernet