SROS Command Line Interface Reference Guide

PPP Interface Configuration Command Set

 

 

access-policy <policyname>

Use the access-policycommand to assign a specified access policy to an interface. Use the no form of this command to remove an access policy association.

Syntax Description

<policyname>

Alphanumeric descriptor for identifying the configured access policy.

 

 

Note

All access policy descriptors are case-sensitive.

Default Values

By default, there are no configured access policies associated with an interface.

Command Modes

(config-interface)#

Interface Configuration Mode

 

Valid interfaces include: Ethernet (eth 0/1), virtual PPP interfaces (ppp 1), virtual

 

Frame Relay sub-interfaces (fr 1.20), and VLAN interface (vlan 1).

Usage Examples

The following example associates the access policy UnTrusted (to allow inbound traffic to the Web server) to the virtual PPP interface:

Enable the Secure Router OS security features:

(config)#ip firewall

Create the access list (this is the packet selector):

(config)#ip access-list extended InWeb (config-ext-nacl)#permit tcp any host 63.12.5.253 eq 80

Create the access policy that contains the access list InWeb:

(config)#ip policy-class UnTrusted (config-policy-class)#allow list InWeb

Associate the access list with the PPP virtual interface (labeled 1):

(config)#interface ppp 1

(config-ppp1)#access-policy UnTrusted

Technology Review

Creating access policies and lists to regulate traffic through the routed network is a four-step process:

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

717

Page 717
Image 717
HP 7000 dl Router manual Access-policy policyname, Config#interface ppp Config-ppp1#access-policy UnTrusted