HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 797
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
3.
If the router will be routing traffic according to source and destination IP
address or application data, you must create an extended ACL.
a.
Create the ACL.
Syntax: ip access-list extended <listname>
b. Use permit statements to specify allowed traffic and deny statements
to exclude traffic.
Syntax: [deny | permit] ip [any | host <A.B.C.D> | <A.B.C.D> <wildcard bits>]
[any | host <A.B.C.D> | <A.B.C.D> <wildcard bits>]
For the first address, enter the source of traffic to be routed using
PBR. For the second address, enter the traffic's ultimate destination.
c.
If the router should route packets based on application data, then the
permit statement that you enter must include the protocol for the
application and source or destination port, or both. Use this com-
mand:
Syntax: [permit | deny] <protocol> [any | host <A.B.C.D> | <A.B.C.D> <wild-
card bits>] [eq <port> | gt <port> | lt <port> | range <first port> <last port> |
neq <port>] [any | host <A.B.C.D> | <A.B.C.D> <wildcard bits>] [eq <port> |
gt <port> | lt <port> | range <first port> <last port> | neq <port>]
4.
Create a route map entry. From the global configuration mode context,
enter:
Syntax: route-map <mapname> <sequence number>
5.
Specify the traffic that the router should use PBR to route. Use match
commands to configure the criteria you determined in step 1. If you enter
more than one type of match command, then traffic must match all the
criteria. If you do not enter a match command, then all traffic will match
the route map entry.
a.
To route traffic based on source IP address, source and destination
address, or application data, specify the ACL that you configured in
step 2 or step 3.
Syntax: match ip address <listname>
b. To route traffic based on IP precedence value, enter this command:
Syntax: match ip precedence [critical | flash | flash-override | immediate |
internet | network | priority | routine | <0-7>]
Select the value by number or by keyword. Packets should be already
marked with the value by devices within your LAN.
IP Routing—Configuring RIP, OSPF, BGP, and PBR
Quick Start
13-183
Advertisement
Chapters
Table of Contents
Troubleshooting
