HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 745
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Next, enter the source address and port and then the destination address
and port. Use the any keyword for the source and destination addresses
if you want to allow all traffic for the application. (Use the any keyword
for the source address, but enter a specific destination address, if you
want to allow all traffic to a specific server.)
Specify the application by entering the destination port after the destina-
tion address. Use the eq keyword to select a single port. You can enter
either the port's number or the keyword for a well-known port. (Use the
? help command for a complete list of keywords.) To enter a range of ports,
use the gt, lt, or range keyword. See Chapter 5: Applying Access Control
to Router Interfaces for more detailed instructions and for explanations
of the eq, gt, lt, range, and neq keywords.
Note that you can enter a source port for the application instead of, or in
addition to, the destination port.
3.
Move to the configuration mode context for the route map entry:
Syntax: route-map <mapname> <sequence number>
4.
Enter this command to apply the policy to traffic selected by the ACL:
Syntax: match ip address <ACL listname>
For example, you can configure an ACL to select all traffic to a remote
network's FTP server:
ProCurve(config)# ip access-list extended FTP
ProCurve(config-ext-nacl)# permit tcp any host 192.168.1.254 eq ftp
The permit keyword selects traffic for the route map, tcp specifies the
protocol, any indicates that traffic from any host is allowed, 192.168.1.254
gives the address of the FTP server, and eq ftp specifies the application.
Next, apply the ACL to the route map entry:
ProCurve(config)# route-map HighCost 10
ProCurve(config)# match ip address FTP
Next, you would configure the next hop or the forwarding interface for the
selected traffic with a set command. Finally, you would apply the map to the
router's Ethernet interfaces:
ProCurve(config)# int eth 0/1
ProCurve(config)# ip policy route-map HighCost
See "Setting the Routing Policy in a Route Map Entry" on page 13-136 and
"Assigning a Route Map to an Interface" on page 13-142 for more details.
IP Routing—Configuring RIP, OSPF, BGP, and PBR
Configuring Policy-Based Routing
13-131
Advertisement
Chapters
Table of Contents
Troubleshooting
