HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

551

552

553

554

555

556

557

558

559

560

530

4. Configure different attribute values for the route 1.0.0.0/8 to make Firewall give priority to the

route learned from Router C:

{ (Method I.) Specify a higher MED value for the route 1.0.0.0/8 advertised to 192.1.1.2 to make

Firewall give priority to the route learned from Router C.

# Define ACL 2000 to permit the route 1.0.0.0/8

[RouterA] acl number 2000

[RouterA-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255

[RouterA-acl-basic-2000] quit

# Define routing policy apply_med_50 that sets the MED value of route 1.0.0.0/8 to 50, and

routing policy apply_med_100 that sets the MED value of route 1.0.0.0/8 to 100.

[RouterA] route-policy apply_med_50 permit node 10

[RouterA-route-policy] if-match acl 2000

[RouterA-route-policy] apply cost 50

[RouterA-route-policy] quit

[RouterA] route-policy apply_med_100 permit node 10

[RouterA-route-policy] if-match acl 2000

[RouterA-route-policy] apply cost 100

[RouterA-route-policy] quit

# Apply routing policy apply_med_50 to the route advertised to 193.1.1.2 (Router C), and

apply routing policy apply_med_100 to the route advertised to 192.1.1.2 (Router B).

[RouterA] bgp 100

[RouterA-bgp] peer 193.1.1.2 route-policy apply_med_50 export

[RouterA-bgp] peer 192.1.1.2 route-policy apply_med_100 export

[RouterA-bgp] quit

# Display the BGP routing table on Firewall.

[Firewall] display bgp routing-table

Total Number of Routes: 2

BGP Local router ID is 194.1.1.1

Status codes: * - valid, ^ - VPNv4 best, > - best, d – damped,

h – history, i – internal, s – suppressed, S – Stale

Origin : i – IGP, e – EGP, ? – incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

*>i 1.0.0.0 193.1.1.1 50 100 0 100i

* i 192.1.1.1 100 100 0 100i

The route 1.0.0.0/8 learned from Router C is the optimal.

{ (Method II.) Specify different local preferences for route 1.0.0.0/8 on Router B and C to make

Firewall give priority to the route learned from Router C.

# Define ACL 2000 to permit the route 1.0.0.0/8 on Router C.

[RouterC] acl number 2000

[RouterC-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255

[RouterC-acl-basic-2000] quit

# Define routing policy localpref on Router C to set the local preference of route 1.0.0.0/8 to

200 (the default is 100).

[RouterC] route-policy localpref permit node 10