Filter
Top Products
C H A P T E R 17 Access Policies
333
configure the switch to use an access profile to determine trusted
neighbor (PIM) router neighbors for the VLAN on the switch
running PIM.
To configure a trusted neighbor policy, use this command:
configure pim vlan [<name> | all] trusted-
gateway [<access_profile> | none]
PIM Example
With PIM, you can use the unicast access policies to restrict
multicast traffic. In this example, a network similar to the example
used in the previous RIP example is also running PIM. The network
administrator wants to disallow Internet access for multicast traffic
to users on the VLAN Engsvrs. This is accomplished by preventing
the learning of routes that originate from the switch labeled Internet
using PIM on the switch labeled Engsvrs.
To configure the switch labeled Engsvrs, the commands would be:
create access-profile nointernet type ipaddress
configure access-profile nointernet mode deny
configure access-profile nointernet add ipaddress
10.0.0.10/32
configure pim vlan backbone trusted-gateway
nointernet
Routing Access Policies for BGP
If the BGP protocol is being used, you can configure the switch to
use an access profile to determine:
• NLRI filter—Use an access profile to determine the NLRI
information that must be exchanged with a neighbor. To configure
an NLRI filter policy, use this command:
configure bgp neighbor [<ipaddress> | all]
nlri-filter [in | out] [<access_profile> |
none]
The NLRI filter access policy can be applied to the ingress or
egress updates, using the
in and out keywords, respectively.
• Autonomous system path filter—Use an access profile to
determine which NLRI information must be exchanged with a
neighbor based on the AS path information present in the path