Configuring pbr at the cli, Defining a policy – H3C Technologies H3C SecPath F1000-E User Manual

Page 575

550

Configuring PBR at the CLI

Defining a policy

Step Command

Remarks

Enter system view.

system-view

N/A

Create a policy or
policy node and enter

PBR policy node view.

policy-based-route policy-name
[ deny | permit ] node node-number

N/A

Define a packet length

match criterion.

if-match packet-length min-len
max-len

Optional.

Define an ACL match

criterion.

if-match acl acl-number

Optional.

Set VPN instances.

apply access-vpn vpn-instance
vpn-instance-name&<1-6>

Optional.

Set an IP precedence. apply ip-precedence value

Optional.

Set outgoing

interfaces.

apply output-interface interface-type
interface-number [ track

track-entry-number ] [ interface-type
interface-number [ track

track-entry-number ] ]

Optional.
Two interfaces at most can be specified
to send matching IP packets. These two

interfaces are simultaneously active to
achieve load sharing.
For a non-P2P outgoing interface
(broadcast and NBMA interfaces) such

as Ethernet interface, multiple next
hops are possible, and thus packets

may not be forwarded successfully.

Set next hops.

apply ip-address next-hop ip-address
[ direct ] [ track track-entry-number ]

[ ip-address [ direct ] [ track

track-entry-number ] ]

Optional.
Two next hops at most can be
specified. These two next hops are

simultaneously active to achieve load

sharing.

Set default outgoing
interfaces.

apply default output-interface
interface-type interface-number [ track

track-entry-number ] [ interface-type

interface-number [ track
track-entry-number ] ]

Optional.
Two default outgoing interfaces at most

can be specified. These two interfaces
are simultaneously active to achieve

load sharing.

10.

Set default next hops.

apply ip-address default next-hop
ip-address [ track track-entry-number ]

[ ip-address [ track
track-entry-number ] ]

Optional.
Two default next hops at most can be
specified. These two next hops are

simultaneously active to achieve load
sharing.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer