beautypg.com

Creating multi-statement ip policies – Cabletron Systems SmartSwitch User Manual

Page 211

background image

SmartSwitch Router User Reference Manual

211

Chapter 13: IP Policy-Based Forwarding Configuration Guide

cause packets matching a defined profile to be forwarded to a next-hop gateway, enter the
following command in Configure mode:

For example, the following command creates an IP policy called “p1” and specifies that
packets matching profile “prof1” are forwarded to next-hop gateway 10.10.10.10:

You can also set up a policy to prevent packets from being forwarded by an IP policy. To
prevent packets matching a defined profile from being forwarded by an IP policy to a
next-hop gateway, enter the following command in Configure mode:

Packets matching the specified profile are forwarded using dynamic routes instead.

For example, the following command creates an IP policy called “p2” that prevents
packets matching prof1 from being forwarded using an IP policy:

Creating Multi-statement IP Policies

An IP policy can contain more than one ip-policy statement. For example, an IP policy can
contain one statement that sends all packets matching a profile to one next-hop gateway,
and another statement that sends packets matching a different profile to a different next-
hop gateway. If an IP policy has multiple ip-policy statements, you can assign each
statement a sequence number that controls the order in which they are evaluated.
Statements are evaluated from lowest sequence number to highest.

To specify the order in which IP policy statements are evaluated by an IP policy, enter the
following command in Configure mode:

For example, the following commands create an IP policy called “p3”, which consists of
two IP policy statements. The ip policy permit statement has a sequence number of 1,

Forward packets matching a
profile to a next-hop gateway.

ip-policy

permit acl

next-

hop-list

ssr(config)# ip-policy p1 permit acl prof1 next-hop-list 10.10.10.10

Prevent packets matching a
profile from being forwarded
by an IP policy.

ip-policy

deny acl

ssr(config)# ip-policy p2 deny acl prof1

Specify a sequence number
for IP policy statements

ip-policy

permit|deny acl

sequence

See also other documents in the category Cabletron Systems Hardware: