- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: Policy based routing on a A7500
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2013 06:41 AM - edited 05-13-2013 06:42 AM
05-13-2013 06:41 AM - edited 05-13-2013 06:42 AM
Policy based routing on a A7500
Hi all
I have a question that I wanted to ask over policy based routing. We have a mobile device network I want to configure a policy that says if the Core switch receives traffic on to the mobile device subnet that it will route this traffic to a specified next hop address. At the moment mobile device traffic goes to an ASA which then routes traffic to our websense server then out to the net. We want to re-route that traffic and point it to another firewall instead while all other data traffic goes through the ASA here is my config
.
LSW-A7506-C-01:
# Define ACL 3101 to match mobile device network.
< LSW-A7506-C-01> system-view
[LSW-A7506-C-01] acl number 2007
[LSW-A7506-C-01-acl-adv-3101] rule permit source 10.x.x.x (mobile device subnet)
[LSW-A7506-C-01-acl-adv-3101] quit
# Define Node 5 of policy mobile device, which forwards packets to next hop 194.x.x.x (Palo alto firewall)
[LSW-A7506-C-01] policy-based-route mobile device permit node 2
[LSW-A7506-C-01-pbr-mobile device-5] if-match acl 2007
[LSW-A7506-C-01-pbr-mobile device-5] apply ip-address next-hop 194.x.x.x (Palo alto firewall)
[LSW-A7506-C-01-pbr-mobile device-5] quit
# Apply policy mobile device to LSW-A7506-C-01.
[LSW-A7506-C-01] ip local policy-based-route mobile device
i want to know from what i have put together would this work? . in theory it should but theres a lot riding on this and i have no time to test. Plus im not 100% sure
any feed back would be appreciated
regards
rob
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2013 02:33 PM
05-21-2013 02:33 PM
Re: Policy based routing on a A7500
I'm not qualified to answer your specific question, but if you're in a situation where there's a lot riding on it, you're not sure, and you don't have time to test, that's a pretty dangerous position to be in. I think that justifies outsourcing the question to someone who can be 100% sure without testing and take responsibility for it if it fails.
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2013 07:19 PM
05-21-2013 07:19 PM
Re: Policy based routing on a A7500
Hear! Hear!
You do need to test it.
Create a new subnet. Put one PC on it. Create your policy-based route. Test.
If you have no time for testing, you don't have time to change anything.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2013 04:10 AM
05-22-2013 04:10 AM
Re: Policy based routing on a A7500
Hi,
the "ip local policy-based-route " command activates PBR for the locally generated traffic of the switch (like outgoing snmp traps, or telnet reply traffic), it is not applied to the user traffic passing the switch.
To apply the pbr policy for user traffic, you should identify the L3 interface on which the traffic is arriving at the switch. On that interface, you must enable the pbr policy.
So if your mobile device client traffic would be entering the switch through the vlan 10 IP interfaces, you would configure:
int vlan 10
ip policy-based-route XXX
So this must be configured on the source interface (PBR is also sometimes referred to as source-based routing).
Hope this helps,
Best regards,Peter.