Intel 480T Switch User Manual


 
324
Intel
®
NetStructure 480T Routing Switch User Guide
See Creating an Access
Profile on page 324.
To use routing access policies
1. Create an access profile.
2. Configure the access profile to be of type
permit, deny, or none.
3. Add entries to the access profile.
4. Apply the access profile.
Creating an Access Profile
The first thing to do when using routing access policies is to create
an access profile. An access profile has a unique name, and contains
one of these entry types:
A list of IP addresses and associated subnet masks
One or more autonomous system path expressions (BGP only)
One or more BGP community numbers (BGP only)
You must give the access profile a unique name (in the same
manner as naming a VLAN, protocol filter, or Spanning Tree
Domain). You must also indicate the type of access list.
To create an access profile, use this command:
create access-profile <access_profile> type
[ipaddress | as-path | bgp-community]
Configuring an Access Profile Mode
After the access profile is created, you must configure the access
profile mode. The access profile mode determines whether the
items in the list are to be permitted access or denied access.
There are three available modes:
PermitThe permit access profile mode permits the operation,
if it matches any entry in the access profile. If the operation does
not match any entries in the list, the operation is denied.
DenyThe deny access profile mode denies the operation, if it
matches any entry in the access profile. If it does not match all
specified entries in the list, the operation is permitted.
NoneUsing the none mode, the access profile can contain a
combination of
permit and deny entries. Each entry must
include a
permit or deny attribute. The operation is compared