H3C Technologies H3C SecPath F1000-E User Manual
Page 581
556
[SecPath] policy-based-route aaa permit node 5
[SecPath-pbr-aaa-5] if-match acl 3101
[SecPath-pbr-aaa-5] apply ip-address next-hop 1.1.2.2
[SecPath-pbr-aaa-5] quit
# Apply the policy aaa to GigabitEthernet 0/1.
[SecPath] interface GigabitEthernet 0/1
[SecPath-GigabitEthernet0/1] ip address 10.110.0.10 255.255.255.0
[SecPath-GigabitEthernet0/1] ip policy-based-route aaa
[SecPath-GigabitEthernet0/1] quit
# Configure the IP addresses of GigabitEthernet 0/2.
[SecPath] interface GigabitEthernet 0/2
[SecPath-GigabitEthernet0/2] ip address 1.1.2.1 255.255.255.0
[SecPath-GigabitEthernet0/2] quit
[SecPath] interface GigabitEthernet 0/3
[SecPath-GigabitEthernet0/3] ip address 1.1.3.1 255.255.255.0
2.
Configure Router B:
# Configure a static route to subnet 10.110.0.0/24.
[RouterB] ip route-static 10.110.0.0 24 1.1.2.1
# Configure the IP address of GigabitEthernet 0/1.
[RouterB] interface GigabitEthernet 0/1
[RouterB-GigabitEthernet0/1] ip address 1.1.2.2 255.255.255.0
[RouterB-GigabitEthernet0/1] quit
3.
Configure Router A:
# Configure a static route to subnet 10.110.0.0/24.
[RouterA] ip route-static 10.110.0.0 24 1.1.3.1
# Configure the IP address of GigabitEthernet 0/1.
[RouterA] interface GigabitEthernet 0/1
[RouterA-GigabitEthernet0/1] ip address 1.1.3.2 255.255.255.0
[RouterA-GigabitEthernet0/1] quit
4.
Verify the configuration:
Configure the IP address of Host A as 10.110.0.20/24, and the gateway as 10.110.0.10.
On Host A, telnet to Router B (1.1.2.2) that is directly connected to SecPath. The operation
succeeds.
On Host A, telnet to Router A (1.1.3.2) that is directly connected to SecPath. The operation fails.
Ping Router A from Host A. The operation succeeds.
Telnet uses TCP, and ping uses ICMP. The preceding results show that all TCP packets arriving on
GigabitEthernet 0/1 of SecPath are forwarded via GigabitEthernet 0/2, and other packets are
forwarded via GigabitEthernet 0/3. The PBR configuration is effective.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer