Using Policy Rules To Provide Routing Solutions; Configuring Policies To Provide Network Security - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual
Software for e series broadband services routers policy management configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04:
- Reference manual (284 pages) ,
- Configuration manual (632 pages)
Table of Contents
Advertisement
Using Policy Rules to Provide Routing Solutions
Configuring Policies to Provide Network Security
Copyright © 2010, Juniper Networks, Inc.
The next-interface, next-hop, filter, and forward rules provide routing solutions for traffic
matching a classifier. A classifier can have only one action that provides a routing solution.
If you configure two routing solution rules, such as filter and forward, in the same classifier
group, the router displays a warning message, and the rule configured last replaces the
previous rule.
For IP policy lists, policy rules are available to enable you to make a forwarding decision
that includes the next interface and next hop:
Forward next interface—Causes an interface to forward all packets that satisfy the
classification associated with that rule to the next interface specified
Forward next hop—Causes an interface to forward all packets that satisfy the
classification associated with that rule to the next-hop address specified
For example, you can route packets arriving at IP interface ATM 0/0.0 so that they area
handled as indicated:
Packets from source 1.1.1.1 are forwarded out of interface ATM 0/0.1.
Packets from source 2.2.2.2 are forwarded out of interface ATM 2/1.1.
All other packets are dropped.
To configure this routing policy, issue the following commands:
host1(config)#ip classifier-list claclA ip host 1.1.1.1 any
host1(config)#ip classifier-list claclB ip host 2.2.2.2 any
host1(config)#ip policy-list IpPolicy100
host1(config-policy-list)#classifier-group claclA
host1(config-policy-list-classifier-group)#forward interface atm 0/0.1
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#classifier-group claclB
host1(config-policy-list-classifier-group)#forward interface atm 2/1.1
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#classifier-group *
host1(config-policy-list-classifier-group)#filter
host1(config-policy-list-classifier-group)#exit
host1(config)#interface atm 0/0.0
host1(config-subif)#ip policy input IpPolicy100 statistics enabled
You can configure policy management to provide a level of network security by using
policy rules that selectively forward or filter packet flows:
Forward—Causes the packet flows that satisfy the classification associated with the
rule to be routed by the virtual router
Filter—Causes the interface to drop all packets of the packet flow that satisfy the
classification associated with the rule
Chapter 4: Creating Classifier Groups and Policy Rules
31
Advertisement
Table of Contents
Need help?
Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 and is the answer not in the manual?
Questions and answers