Pbr classification, Pbr and track, Configuring pbr in the web interface – H3C Technologies H3C SecPath F1000-E User Manual

540

When you configure policy nodes, you need to specify the match mode as permit or deny:

{

permit—Specifies the match mode of a policy node as permit. If a packet satisfies all the
if-match clauses on the policy node, the apply clause is executed. If not, the packet will go to the
next policy node.

{

deny—Specifies the match mode of a policy node as deny. When a packet satisfies all the
if-match clauses on the policy node, the packet will be rejected and will not go to the next policy

node.

A packet satisfying the match criteria on a node will not go to other nodes. If the packet does not
satisfy the match criteria of any node of the policy, the packet cannot pass the policy and will be

forwarded through the routing table.

PBR classification

PBR falls into the following types:

•

Local PBR—Applies to locally generated packets only.

•

Interface PBR—Applies to packets forwarded through the interface only.

To meet general forwarding and security requirements, interface PBR is used in most cases.

PBR and Track

Associated with a track object, PBR can sense topology changes faster. You can associate PBR with a

track entry when you configure the outgoing interface, default outgoing interface, next hop, and default

next hop to dynamically determine link reachability. The PBR configuration takes effect when the status of

the associated track object is Positive or Invalid.

NOTE:

For more information about Track-PBR collaboration, see

High Availability Configuration Guide.

Configuring PBR in the web interface

Configuration task list

Task Remarks

Configuring a policy
and the policy node

Required.
Create a policy and configure the policy node.
By default, no policy is created.