HPE Community
LAN Routing
1827361 Members
5858 Online
109963 Solutions
New Discussion

Re: Policy Based Routing on 5406

 
ScottLangshaw
Occasional Contributor

‎11-15-2017 08:03 AM

‎11-15-2017 08:03 AM

Policy Based Routing on 5406

Hello 

I need some help in setting up a policy based route policy on our switches. I have a certain VLAN i want to set to use our new firewall for testing purposes 

But i just cant get the traffic to go to the new firewall at all i was wondering if anyone could help me out with the below and point me in the right direction?

class ipv4 "TCP"
10 match ip 10.77.0.0 0.0.255.255 213..121.240.192 0.0.0.15
exit


policy pbr "BT"
10 class ipv4 "TCP"
action ip next-hop 10.40.208.135
exit

10.40.208.135 - New Firewall

If anyone can help that would be great.

Regards,

Scott

 

0 Kudos
2 REPLIES 2
michelle79
Advisor

‎02-19-2018 07:51 PM

‎02-19-2018 07:51 PM

Re: Policy Based Routing on 5406

I know this is an old post but you will need to apply the policy you created to the VLAN or interface that the traffic will be coming in on.

Example:

vlan 1
service-policy "BT" in
exit

0 Kudos
network_king
HPE Pro

‎02-28-2018 02:44 AM

‎02-28-2018 02:44 AM

Re: Policy Based Routing on 5406

The following example shows TCP and UDP traffic routed on different network paths:

Create the traffic classes:


Rack2sw1(config)# class ipv4 TCP
Rack2sw1(config-class)# match tcp 10.0.8.1/24 15.29.16.104/24 eq 80
Rack2sw1(config-class)# match tcp 10.0.8.1/24 15.29.16.104/24 eq 22
Rack2sw1(config-class)# match tcp 10.0.8.1/24 15.29.16.104/24 eq 23
Rack2sw1(config-class)# exit

Rack2sw1(config)# class ipv4 UDP
Rack2sw1(config-class)# match udp 10.0.8.1/24 15.29.16.104/24 eq 80
Rack2sw1(config-class)# match udp 10.0.8.1/24 15.29.16.104/24 eq 22
Rack2sw1(config-class)# match udp 10.0.8.1/24 15.29.16.104/24 eq 23
Rack2sw1(config-class)# exit

 

Verify traffic classes:


Rack2sw1(config)# show class config

class ipv4 "TCP"
     10 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 80
     20 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 22
     30 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 23
   exit
class ipv4 "UDP"
     10 match udp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 80
     20 match udp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 22
     30 match udp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 23
   exit

 

Create the routing policy:


Rack2sw1(config)# policy pbr TCP_UDP
Rack2sw1(policy-pbr)# class ipv4 TCP
Rack2sw1(policy-pbr-class)# action ip next-hop 20.0.0.1
Rack2sw1(policy-pbr-class)# action interface null
Rack2sw1(policy-pbr-class)# exit

Rack2sw1(policy-pbr)# class ipv4 UDP
Rack2sw1(policy-pbr-class)# action ip default-next-hop 30.0.0.1
Rack2sw1(policy-pbr-class)# action interface tunnel 3
Rack2sw1(policy-pbr-class)# exit

 

Verify the routing policy:


Rack2sw1# show policy config

policy pbr "TCP_UDP"
     10 class ipv4 "TCP"
      action ip next-hop 20.0.0.1
      action interface null
      exit
     20 class ipv4 "UDP"
      action ip default-next-hop 30.0.0.1
      action interface tunnel 3
      exit
   exit

 

Configure the VLAN for the service policy:


Rack2sw1(config)# vlan 10 service-policy TCP_UDP in

 

Verify the vlan policy configuration:


Rack2sw1# show policy vlan 10

 Policies for VLAN 10
 Name   : TCP_UDP
 Type   : PBR

 

Use the show statistics policy command to display information about which PBR action for an applied policy is active. Hit counts are displayed for each entry in the class and policy with the active action.


Rack2sw1# show statistics policy TCP_UDP vlan 10 in

 HitCounts for Policy TCP_UDP

  Total

 10 class ipv4 TCP action interface null
(       0 )      10 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 80
(       0 )      20 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 22
(       0 )      30 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 23

 20 class ipv4 UDP action ignore
(       0 )      10 match udp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 80
(       0 )      20 match udp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 22
(       0 )      30 match udp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 23

I am an HPE Employee

Accept or Kudo

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.