beautypg.com

Using routing access policies, Creating an access profile, Configuring an access profile mode – Extreme Networks 200 Series User Manual

Page 130: Adding an access profile entry

background image

128

Summit 200 Series Switch Installation and User Guide

Access Policies

Using Routing Access Policies

To use routing access policies, you must perform the following steps:

1

Create an access profile.

2

Configure the access profile to be of type permit, deny, or none.

3

Add entries to the access profile. Entries are IP addresses and subnet masks

4

Apply the access profile.

Creating an Access Profile

The first thing to do when using routing access policies is to create an access profile. An access profile has
a unique name and contains a list of IP addresses and associated subnet masks.

You must give the access profile a unique name (in the same manner as naming a VLAN, protocol filter,
or Spanning Tree Domain). To create an access profile, use the following command:

create access-profile type ipaddress

Configuring an Access Profile Mode

After the access profile is created, you must configure the access profile mode. The access profile mode
determines whether the items in the list are to be permitted access or denied access.

Three modes are available:

• Permit

—The permit access profile mode permits the operation, as long as it matches any entry in the

access profile. If the operation does not match any entries in the list, the operation is denied.

• Deny

—The deny access profile mode denies the operation, as long as it matches any entry in the

access profile. If it does not match all specified entries in the list, the operation is permitted.

• None

—Using the none mode, the access profile can contain a combination of permit and deny

entries. Each entry must have a permit or deny attribute. The operation is compared with each entry
in the list. Once a match is found, the operation is either permitted or denied, depending on the
configuration of the matched entry. If no match is found, the operation is implicitly denied.

To configure the access profile mode, use the following command:

config access-profile mode [permit | deny | none]

Adding an Access Profile Entry

Next, configure the access profile, using the following command:

config access-profile add {} {permit | deny} [ipaddress

{exact}]

The following sections describe the

config access-profile add

command.