beautypg.com

Examples – Extreme Networks 200 Series User Manual

Page 132

background image

130

Summit 200 Series Switch Installation and User Guide

Access Policies

• Export Filter

—Use an access profile to determine which RIP routes are advertised into a particular

VLAN, using the following command:

config rip vlan [ | all] export-filter [ | none]

Examples

In the example shown in Figure 22, a switch is configured with two VLANs, Engsvrs and Backbone. The
RIP protocol is used to communicate with other routers on the network. The administrator wants to
allow all internal access to the VLANs on the switch, but no access to the router that connects to the
Internet. The remote router that connects to the Internet has a local interface connected to the corporate
backbone. The IP address of the local interface connected to the corporate backbone is 10.0.0.10/24.

Figure 22: RIP access policy example

Assuming the backbone VLAN interconnects all the routers in the company (and, therefore, the Internet
router does not have the best routes for other local subnets), the commands to build the access policy
for the switch would be:

create access-profile nointernet ipaddress

config access-profile nointernet mode deny

config access-profile nointernet add 10.0.0.10/32

config rip vlan backbone trusted-gateway nointernet

Internet

Backbone (RIP)

Sales

Engsvrs

Switch being

configured

10.0.0.10 / 24

10.0.0.11 / 24

10.1.1.1 / 24

10.2.1.1 / 24

10.0.0.12 / 24

LC24011