Pbr classification, Configuring pbr, Creating a policy – H3C Technologies H3C SecPath F1000-E User Manual
Page 347
•
permit: Specifies the match mode of a policy node as permit. If a packet satisfies all the
if-match clauses on the policy node, the apply clause is executed. If not, the packet will go to
the next policy node.
•
deny: Specifies the match mode of a policy node as deny. When a packet satisfies all the
if-match clauses on the policy node, the packet will be rejected and will not go to the next policy
node.
A packet satisfying the match criteria on a node will not go to other nodes. If the packet does not satisfy
the match criteria of any node of the policy, the packet cannot pass the policy and will be forwarded
through the routing table.
PBR classification
PBR falls into two types: local PBR and interface PBR:
•
Local PBR applies to locally generated packets only.
•
Interface PBR applies to packets forwarded through the interface only.
To meet general forwarding and security requirements, interface PBR is used in most cases.
Configuring PBR
Complete these tasks to configure PBR:
Task Remarks
Required
Create a policy and configure the policy node.
By default, no policy or policy node is created.
Enabling
local PBR
Optional
Only one policy can be referenced when local PBR is enabled.
Local PBR is not configured by default.
IMPORTANT:
Unless otherwise required, you are not recommended to enable
local PBR.
Enabling
interface PBR
Required
Only one policy can be referenced when PBR is enabled on an
interface.
Interface PBR is not configured by default.
Creating a Policy
Select Network > Routing Management > Policy Routing from the navigation tree to enter the
default policy configuration page, as shown in
. Click Add to enter the policy configuration
page, as shown in
.