Command Reference Guide

Tunnel Configuration Command Set

 

 

access-policy <policyname>

Use the access-policycommand to assign a specified access policy for the inbound traffic on an interface. Use the no form of this command to remove an access policy association.

Note

Configured access policies will only be active if the ip firewall command has been entered

 

at the Global Configuration mode prompt to enable the SROS security features. All

 

configuration parameters are valid, but no security data processing will be attempted

 

unless the security features are enabled.

 

Syntax Description

 

 

<policyname>

Identifies the configured access policy alphanumeric descriptor (all access policy

 

descriptors are case-sensitive).

Default Values

By default, there are no configured access policies associated with an interface.

Command Modes

(config-interface)#

Interface Configuration Mode

 

Valid interfaces include: Ethernet (eth 0/1), PPP virtual interfaces (ppp 1), HDLC

 

virtual interfaces (hdlc 1), Frame Relay virtual sub-interfaces (fr 1.20), tunnel

 

interfaces (tunnel 1), and VLAN interface (vlan 1).

Functional Notes

To assign an access policy to an interface, enter the Interface Configuration mode for the desired interface and enter access-policy<policy name>.

Usage Examples

The following example associates the access policy UnTrusted (to allow inbound traffic to the Web server) to the tunnel 1 interface:

Enable the SROS security features:

(config)#ip firewall

Create the access list (this is the packet selector):

(config)#ip access-list extended InWeb (config-ext-nacl)#permit tcp any host 63.12.5.253 eq 80

Create the access policy that contains the access list InWeb:

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

779

Page 778 Page 780
Page 779
Image 779
HP 7000 dl Router manual Copyright 2005 Hewlett-Packard Development Company, L.P 779
Page 778 Page 780
Top Page Image Contents