HP VPN Firewall Appliances Network Management Configuration Guide
550
Configuring Device B and Device C
Configure IP addresses of interfaces on Device B and Device C, and configure static routes to network
10.110.0.0/24. (Details not shown.)
Verifying the configuration
Configure the IP address of Host A as 10.110.0.20/24, and specify its gateway address as 10.110.0.10.
On Host A, Telnet to Device B. The operation succeeds.
On Host A, Telnet to Device C. The operation fails.
Ping Device C from Host A. The operation succeeds.
Telnet uses TCP and ping uses ICMP. The preceding results show that all TCP packets arriving on
GigabitEthernet 0/3 of Device A are forwarded to the next hop 1.1.2.2, and other packets are forwarded
through GigabitEthernet 0/2. The interface PBR configuration is effective.
Configuring PBR at the CLI
PBR configuration task list
Task Remarks
Configuring a policy
Creating a node
Required. Configuring match criteria for a node
Configuring actions for a node
Configuring PBR
Configuring local PBR
Required.
Perform one of the tasks.
Configuring interface PBR
Configuring a policy
Creating a node
Ste
p
Command
1. Enter system view.
system-view
2. Create a node for a policy and enter policy
node view.
policy-based-route policy-name [ deny | permit ] node
node-number
Configuring match criteria for a node
The if-match acl clause uses the specified ACL to match packets if the match mode is configured as permit.
If the specified ACL does not exist or the match mode is configured as deny, no packet can match the
criterion.
To configure match criteria for a node:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A