Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 580
555
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/2 ms
Telnet uses TCP, and ping uses ICMP. The preceding results show that all TCP packets of SecPath
are forwarded via GigabitEthernet 0/1, and other packets are forwarded via GigabitEthernet
0/2. The PBR configuration is effective.
Configuring interface PBR based on packet type at the CLI
Network requirements
As shown in
, configure PBR on SecPath, so that TCP packets arriving on GigabitEthernet 0/1
are forwarded via GigabitEthernet 0/2 and other packets are forwarded according to the routing table.
Figure 315 Network diagram
Configuration procedure
NOTE:
In this example, static routes are configured to ensure the reachability among devices.
1.
Configure SecPath:
# Define ACL 3101 to match TCP packets.
[SecPath] acl number 3101
[SecPath-acl-adv-3101] rule permit tcp
[SecPath-acl-adv-3101] quit
# Define Node 5 of policy aaa so that TCP packets are forwarded via GigabitEthernet 0/2.
SecPath
GE0/1
10.110.0.10/24
GE0/2
1.1.2.1/24
GE0/3
1.1.3.1/24
Subnet
10.110.0.0/24
GE0/1
1.1.2.2/24
GE0/1
1.1.3.2/24
Router B
Router A
Host A
Host B
10.110.0.20/24
Gateway: 10.110.0.10
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer