Implementing Pbr According To Application - HP 7102dl - ProCurve Secure Router Configuration Manual
Procurve secure router 7000dl series - advanced management and configuration guide
Hide thumbs
Also See for 7102dl - ProCurve Secure Router:
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
IP Routing—Configuring RIP, OSPF, BGP, and PBR
Configuring Policy-Based Routing
N o t e s
15-132
Note that you enter the deny statement first. This prevents the router from
matching student traffic to the permit statement before it has a chance to
match it to the deny statement.
See Chapter 5: Applying Access Control to Router Interfaces for more
information on configuring ACLs.
After you have configured the ACL, move to the route map entry and enter
this command:
Syntax: match ip address <ACL listname>
For example:
ProCurve(config)# route-map PBR 10
ProCurve(config-route-map)# match ip address students
Implementing PBR According to Application
Your organization's policies may specify that traffic for certain applications
be routed over a different path than that indicated in your router's routing
table. For example, your organization may have a connection that it only wants
to use when an FTP server transmits files to a server at a remote site. Or your
organization may want to reserve a connection from real-time traffic.
You classify traffic according to its application or protocol by configuring an
extended ACL. In this ACL, you specify either the source port of the protocol
or the destination port or both. You can also specify particular addresses for
the source and destination. Alternatively, you can allow all traffic for that
application or all traffic for that application destined to a specific server.
You can also deny traffic for a particular application. For example, you could
bar Telnet traffic from a high-cost connection.
Follow these steps to select the traffic for the route map entry:
1.
From the global configuration mode, create the extended ACL:
Syntax: ip access-list extended <listname>
2.
Use this command to select traffic for the application:
Syntax: [permit | deny] <protocol> [any | host <A.B.C.D> | <A.B.C.D> <wildcard
bits>] [eq <port> | gt <port> | lt <port> | range <first port> <last port> | neq <port>]
[any | host <A.B.C.D> | <A.B.C.D> <wildcard bits>] [eq <port> | gt <port> | lt <port>
| range <first port> <last port> | neq <port>]
For the protocol, enter the application's protocol, such as TCP or UDP.
- Quick Links:
- Procurve Secure Router
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
