Spoofing. After you configure an IP address for the demand interface, its
status should change to "up (spoofing)," and it should be listed as a directly
connected interface in the routing table. To check the status of the demand
interface, enter:
ProCurve(config-demand 1)# do show interface demand 1
To view the routing table, enter:
ProCurve(config-demand 1)# do show ip route
Figure 3-6 shows a routing table that includes demand interface 1, a directly
connected interface.
C
10.2.2.0/30 is directly connected, ppp 1
C
10.3.3.0/30 is directly connected, demand 1
C
192.168.20.0/24 is directly connected, eth 0/1
Figure 3-6. A Routing Table That Includes a Demand Interface
Matching the Interesting Traffic
To finish defining the interesting traffic that will trigger a dial-up connection,
you must associate the ACL you created with the demand interface. From the
demand interface configuration mode context, enter:
Syntax: match-interesting [list | reverse list] <listname > [in | out]
Include the list option if you want the ProCurve Secure Router to use standard
matching logic for the ACL. That is, the router will try to match the packet's
source address to the source address that is defined in the extended ACL.
Likewise, the router will try to match the packet's destination address with
the destination address that is defined in the extended ACL.
Include the reverse list option if you want the ProCurve Secure Router to
use reverse matching logic when processing the ACL. This option eliminates
the need to create another ACL for return traffic. The router will try to match
the packet's source address with the destination address that is defined in the
ACL. The router will then try to match the packet's destination address with
the source address that is defined in the ACL.
Replace <listname> with the ACL that you created to define the interesting
traffic. You can specify only extended ACLs.
Configuring Backup WAN Connections
Configuring Demand Routing for Backup Connections
3-23