Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

281

Figure 99 Network diagram

Configuration procedure

1.

Configure IP addresses for the interfaces. (Details not shown.)

2.

Configure a local port mirroring group on Switch A.

system-view

[SwitchA] mirroring-group 1 local

[SwitchA] mirroring-group 1 mirroring-port GigabitEthernet 3/0/2 inbound

[SwitchA] mirroring-group 1 monitor-port GigabitEthernet 3/0/1

3.

Configure BGP and a routing policy on Switch A:
# Create ACL 2000 that denies all routes.

[SwitchA] acl number 2000

[SwitchA-acl-basic-2000] rule 0 deny

[SwitchA-acl-basic-2000] quit

# Configure community list 1 so that the received routes matching community 1:1 are not

advertised to any BGP peer or out of the AS.

[SwitchA] ip community-list 1 permit 1:1 no-export no-advertise

# Configure routing policy guard-in, matching community list 1.

[SwitchA] route-policy guard-in permit node 0

[SwitchA-route-policy] if-match community 1

[SwitchA-route-policy] quit

# Enable BGP and establish a neighbor relationship with the Guard device.

[SwitchA] bgp 100

[SwitchA-bgp] peer 5.5.5.6 as-number 200

# Apply ACL 2000 to filter routes advertised to peer 5.5.5.6, namely, to deny all those routes.

[SwitchA-bgp] peer 5.5.5.6 filter-policy 2000 export

# Apply routing policy guard-in to filter routes received from peer 5.5.5.6 so that the received

routes matching community 1:1 are not advertised to any BGP peer or outside of the AS.

[SwitchA-bgp] peer 5.5.5.6 route-policy guard-in import

[SwitchA-bgp] quit