понедельник, 8 июня 2015 г.

PBR in Extreme summit switch

* Int.X460-Core.4 # edit policy police_vlan8_pbr
entry permit_local_00 {
if {
   source-address 192.168.0.0/16;
   destination-address 192.168.0.0/16;
   } then {
     permit;
}
}

entry permit_local_01 {
if {
   source-address 192.168.0.0/16;
   destination-address 10.0.0.0/8;
   } then {
     permit;
}
}

entry permit_local_02 {
if {
   source-address 192.168.0.0/16;
   destination-address 172.168.0.0/12;
   } then {
     permit;
}
}

entry redirect_local_00 {
if {
   source-address 192.168.253.0/24;
   } then {
   redirect 10.255.255.41;
}
}


configure access-list police_vlan8_pbr vlan "VLAN8_USERS-NEW" ingress 
unconfigure access-list police_vlan8_pbr ingress

===

Policy-Based Redirection Redundancy
Multiple Next-hop Support
As discussed above, Layer 3 and Layer 2 policy-based redirect support only one next-hop for one
policy-based entry. Multiple next-hops with different priorities can be configured. A higher priority is
denoted with a higher number; for example, “priority 5” has a higher precedence than “priority 1.” When
a high priority next-hop becomes unreachable, another preconfigured next-hop, based on priority,
replaces the first. This is done by first creating a flow-redirect name that is used to hold next-hop
information. User-created flow-redirect names are not case-sensitive.
Use the following command:
create flow-redirect flow_redirect_name
To delete the flow-redirect name, use:
delete flow-redirect flow_redirect_name
Then information for each next-hop, including a defined priority, is added one by one to the new flowredirect
name. Use the following command:
configure flow-redirect flow_redirect_name add nexthop ipaddress priority number

===

An example.
We want to redirect all traffic from 10.91.0.48/28 to address 10.91.0.234

create flow-redirect redir1
configure flow-redirect redir1 add nexthop 10.91.0.234 priority 100
configure flow-redirect redir1 nexthop 10.91.0.234 ping health-check interval 60 miss 3

Create an ACL:
entry subnet1 {
if match all {
source-address 10.91.0.48/28 ;
} then {
permit;
redirect-name redir1;
}
}

configure access-list redir1 vlan "vlan_name" ingress


That will redirect traffic in this vlan only from subnet 10.91.0.48/28 to 10.91.0.234.

https://community.extremenetworks.com/extreme/topics/help_required_for_l3_policy_based_redirect_summit_x460_24t_exos_12_5-mb5hr

Комментариев нет:

Отправить комментарий