Using routing access policies, Creating an access profile, Configuring an access profile mode – Extreme Networks 200 Series User Manual
Page 130: Adding an access profile entry
128
Summit 200 Series Switch Installation and User Guide
Access Policies
Using Routing Access Policies
To use routing access policies, you must perform the following steps:
1
Create an access profile.
2
Configure the access profile to be of type permit, deny, or none.
3
Add entries to the access profile. Entries are IP addresses and subnet masks
4
Apply the access profile.
Creating an Access Profile
The first thing to do when using routing access policies is to create an access profile. An access profile has
a unique name and contains a list of IP addresses and associated subnet masks.
You must give the access profile a unique name (in the same manner as naming a VLAN, protocol filter,
or Spanning Tree Domain). To create an access profile, use the following command:
create access-profile
Configuring an Access Profile Mode
After the access profile is created, you must configure the access profile mode. The access profile mode
determines whether the items in the list are to be permitted access or denied access.
Three modes are available:
• Permit
—The permit access profile mode permits the operation, as long as it matches any entry in the
access profile. If the operation does not match any entries in the list, the operation is denied.
• Deny
—The deny access profile mode denies the operation, as long as it matches any entry in the
access profile. If it does not match all specified entries in the list, the operation is permitted.
• None
—Using the none mode, the access profile can contain a combination of permit and deny
entries. Each entry must have a permit or deny attribute. The operation is compared with each entry
in the list. Once a match is found, the operation is either permitted or denied, depending on the
configuration of the matched entry. If no match is found, the operation is implicitly denied.
To configure the access profile mode, use the following command:
config access-profile
Adding an Access Profile Entry
Next, configure the access profile, using the following command:
config access-profile
The following sections describe the
config access-profile add
command.