Routing access policy commands – Extreme Networks 200 Series User Manual
Page 135
Routing Access Policy Commands
Summit 200 Series Switch Installation and User Guide
133
Routing Access Policy Commands
Table 33 describes the commands used to configure routing access policies.
Table 33: Routing Access Policy Configuration Commands
Command
Description
config access-profile <access_profile> add
{<seq_number>} {permit | deny} [ipaddress
<ipaddress> <mask> {exact}]
Adds an entry to the access profile. The explicit
sequence number, and permit or deny attribute
should be specified if the access profile mode is
none.
Specify one of the following:
•
<seq-number>
—The order of the entry
within the access profile. If no sequence
number is specified, the new entry is added to
the end of the access-profile and is
automatically assigned a value of 5 more than
the sequence number of the last entry.
•
{permit | deny}
—Per-entry permit or
deny specification. The per-entry attribute only
takes effect if the access-profile mode is
none
. Otherwise, the overall access profile
type takes precedence.
•
<ipaddress> <mask>
—An IP address and
mask. If the attribute “exact” is specified for
an entry, then a exact match with address
and mask is performed, subnets within the
address range do not match entry against
entry.
config access-profile <access_profile> delete
<seq_number>
Deletes an access profile entry using the
sequence number.
config access-profile <access_profile> mode
[permit | deny | none]
Configures the access profile to be one of the
following:
•
permit
—Allows the addresses that match
the access profile description.
•
deny
—Denies the addresses that match the
access profile description.
•
none
—Permits and denies access on a
per-entry basis. Each entry must be added to
the profile as either type permit or deny.
The default setting is
permit
.
config ospf area <area_id> external-filter
[<access_profile> | none]
Configures the router to use the access policy to
determine which external routes are allowed to
be exported into the area. This router must be an
ABR.
config ospf area <area_id> interarea-filter
[<access_profile> | none]
Configures the router to use the access policy to
determine which inter-area routes are allowed to
be exported into the area. This router must be an
ABR.
config ospf asbr-filter [<access_profile> |
none]
Configures the router to use the access policy to
limit the routes that are advertised into OSPF for
the switch as a whole for switches configured to
support RIP and static route re-distribution into
OSPF.