Manualshelf

User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentSummit Summit4
101102103104105106107108109110
106 Summit24e3 Switch Installation and User Guide
Access Policies
Export Filter Use an access profile to determine which RIP routes are advertised into a particular
VLAN, using the following command:
config rip vlan [<name> | all] export-filter [<access_profile> | none]
Examples
In the example shown in Figure 18, a switch is configured with two VLANs, Engsvrs and Backbone. The
RIP protocol is used to communicate with other routers on the network. The administrator wants to
allow all internal access to the VLANs on the switch, but no access to the router that connects to the
Internet. The remote router that connects to the Internet has a local interface connected to the corporate
backbone. The IP address of the local interface connected to the corporate backbone is 10.0.0.10/24.
Figure 18: RIP access policy example
Assuming the backbone VLAN interconnects all the routers in the company (and, therefore, the Internet
router does not have the best routes for other local subnets), the commands to build the access policy
for the switch would be:
create access-profile nointernet ipaddress
config access-profile nointernet mode deny
config access-profile nointernet add 10.0.0.10/32
config rip vlan backbone trusted-gateway nointernet
In addition, if the administrator wants to restrict any user belonging to the VLAN Engsvrs from
reaching the VLAN Sales (IP address 10.2.1.0/24) , the additional access policy commands to build the
access policy would be:
create access-profile nosales ipaddress
config access-profile nosales mode deny
config access-profile nosales add 10.2.1.0/24
EW_001
Internet
Backbone (RIP)
SalesEngsvrs
Switch being
configured
10.0.0.10 / 24
10.0.0.11 / 24
10.1.1.1 / 24 10.2.1.1 / 24
10.0.0.12 / 24
Internet
Engsvrs Sales