Aruba & ProVision-based
1748148 Members
3782 Online
108758 Solutions
New Discussion

Re: Policy route question on e5400 K.15.03.0007

 
jf500
Occasional Collector

Policy route question on e5400 K.15.03.0007

Thanks in advance for any and all input.

 

I am the IT manager for a school district.  I am also the WAN Manager for our Municipal fiber optic WAN for the entire city.  3 of our school buildings have police substations with a computer in each building that is part of each schools network.  We use ACLs to deny all traffic with the exception of these police PCs to the police station so that the officers can access servers housed in the police station.  They get Internet access through the school department ISP.

 

They now need to access a state web servers to run criminal history information.  These webservers are not accessible by just anyone.  By accessible, I mean that anyone attempting to access them will get a 'page cannot be displayed' error if their public IP not on the state's allowed list.

 

So...  What I hoped to be able to do is create a route policy based upon both Host IP AND destination network and route just the matched traffic to the state's router at the police department.  I want all typical Internet traffic to go through our ISP.

 

The source part is easy, I can't find anything that allows destination matching.  Is there a way to do this?

3 REPLIES 3
cenk sasmaztin
Honored Contributor

Re: Policy route question on e5400 K.15.03.0007

hi

 you need policy base routing

but 5400 series switches do not support policy base routing

 

please look at new 3800 series switch 

cenk

Antonio Milanese
Trusted Contributor

Re: Policy route question on e5400 K.15.03.0007

Hello,

 

a good news for all of us..PBR has been implemented in K.15.06 as an extensiont to traffic policies using an expanded "match / class action" (not to be confused with route maps "match/set").

 

Regards,

 

Antonio

 


cenk sasmaztin
Honored Contributor

Re: Policy route question on e5400 K.15.03.0007

woooww very good this switch is looks great new software

 

6in4 Tunneling

Enhancement (PR_0000072668) - IPv6 over IPv4 tunneling is a way to establish point-to-point tunnels by

encapsulating IPv6 packets within IPv4 headers so that they can be carried over the IPv4 routing infrastructure. IPv6

over IPv4 tunneling provides a mechanism for utilizing the existing IPv4 routing infrastructure to carry IPv6 traffic

between IPv6 networks. For information on configuring tunnels, see the “IPv6 Tunneling Over IPv4 Using Manually

Configured Tunnels” chapter in the

IPv6 Configuration Guide.

OSPFv3 over 6in4 Tunnels

Enhancement (PR_0000072702) - Both VLANS and tunnels can be assigned to areas and may be collectively

referred to as an IP routing interface. For information on configuring tunnels, see the “IPv6 Tunneling Over IPv4 Using

Manually Configured Tunnels” chapter in the

IPv6 Configuration Guide.

98

Enhancements

Version K.15.06.0006 Enhancements

Policy Based Routing (PBR)

Enhancement (PR_0000072658) - PBR provides the ability to manipulate a packet’s path based on attributes of

the packet. Traffic with the same destination can be routed over different paths, so that different types of traffic, such

as VOIP or traffic with special security requirements, can be better managed. For more information, see the "Classifier-

Based Software Configuration" chapter in the

Advanced Traffic Management Guide for your switch.

BGPv4

Enhancement (PR_0000073705) - Border Gateway Protocol (BGP) support has been added. For more information,

see the “BGP (Border Gateway Protocol)” chapter in the

Multicast and Routing Guide for your switch.

cenk