Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 582
557
Configuring interface PBR based on packet length at the CLI
Network requirements
As shown in
, PBR is configured to control packets arriving on GigabitEthernet 0/1 of SecPath.
Configure 150.1.1.2/24 as the next hop for packets with a length of 64 to 100 bytes, and configure
151.1.1.2/24 as the next hop for packets with a length of 101 to 1000. All other packets are forwarded
according to the routing table.
Figure 316 Network diagram
Configuration procedure
NOTE:
In this example, RIP is configured to ensure the reachability among devices.
1.
Configure SecPath:
# Configure RIP.
[SecPath] rip
[SecPath-rip-1] network 192.1.1.0
[SecPath-rip-1] network 150.1.0.0
[SecPath-rip-1] network 151.1.0.0
[SecPath-rip-1] quit
# Define Node 10 of policy lab1, so that packets with a length of 64 to 100 bytes are forwarded
to the next hop 150.1.1.2, and packets with a length of 101 to 1000 bytes are forwarded to the
next hop 151.1.1.2.
[SecPath] policy-based-route lab1 permit node 10
[SecPath-pbr-lab1-10] if-match packet-length 64 100
[SecPath-pbr-lab1-10] apply ip-address next-hop 150.1.1.2
[SecPath-pbr-lab1-10] quit
[SecPath] policy-based-route lab1 permit node 20
[SecPath-pbr-lab1-20] if-match packet-length 101 1000
[SecPath-pbr-lab1-20] apply ip-address next-hop 151.1.1.2
[SecPath-pbr-lab1-20] quit
# Apply policy lab1 to GigabitEthernet 0/1.
[SecPath] interface GigabitEthernet 0/1
[SecPath-GigabitEthernet0/1] ip address 192.1.1.1 255.255.255.0
[SecPath-GigabitEthernet0/1] ip policy-based-route lab1
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer