HP 7102dl - ProCurve Secure Router Configuration Manual page 856
Procurve secure router 7000dl series - advanced management and configuration guide
Hide thumbs
Also See for 7102dl - ProCurve Secure Router:
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
IP Routing—Configuring RIP, OSPF, BGP, and PBR
Configuring Policy-Based Routing
15-130
When you use a standard ACL, the router routes all traffic from a source
according to the policy you configure in the route map. You should be certain
that the route applies to all traffic.
For example, if you are configuring a policy to forward external traffic from
certain sources to a device for further processing, you might not want the
router to send local traffic to that device. You can address such an issue in one
of two ways:
Configure an extended ACL, instead of a standard ACL, to select traffic
from certain hosts. Deny traffic destined to local networks from this ACL.
If external traffic is normally routed with a default route, you can config-
ure a default policy in the route map. When you enter a set command to
establish the route map policy, use a command with the default keyword.
This keyword forces the router to search its routing table before forward-
ing a packet selected by the route map. If the routing table includes an
explicit route to the packet's destination (for example, to a local network),
the router uses that route instead of the routing policy specified in the
map.
To configure an ACL to route traffic according to its source only, complete
these steps:
1.
From the global configuration mode, create a standard ACL:
Syntax: ip access-list standard <listname>
2.
If necessary, remove a specific source from the list:
Syntax: deny [host <A.B.C.D> | <A.B.C.D> <wildcard bits>]
3.
Permit traffic from the host, network, or range of networks that you want
to route using PBR:
Syntax: permit [any | host <A.B.C.D> | <A.B.C.D> <wildcard bits>]
Use the host keyword to select the IP address of a single host.
Use wildcard bits to select an entire network or a range of networks. The
IP address you enter is the first address in the range. You can verify the
last address in the range by adding the wildcard bits to this address.
For example, your local network uses four /24 networks, 10.1.0.0 /24,
10.1.1.0 /24, 10.1.2.0 /24, and 10.1.3.0 /24. Traffic from two of these net-
works (10.1.0.0 /24 and 10.1.1.0 /24) must be routed to a security device
instead of directly over a WAN connection. Enter:
ProCurve(config-std-nacl)# permit 10.1.0.0 0.0.1.255
The any keyword selects all traffic.
- Quick Links:
- Procurve Secure Router
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
