Manualshelf

User Manual

ManualsBrandsCabletron ManualsCables & InterconnectsCabletron Tpfot-2 10BT Transceiver 1 RJ45 Utp to 1 St MMf
331332333334335336337338339340
Configuring IP Policies
314 Enterasys X-Pedition User Reference Manual
For example, you can set up an IP policy to send packets originating from a certain network
through a firewall, while letting other packets bypass the firewall. Sites that have multiple Internet
service providers can use IP policies to assign user groups to particular ISPs. You can also create IP
policies to select service providers based on various traffic types.
Configuring IP Policies
To implement an IP policy, you first create a profile for the packets to be forwarded using an IP
policy. For example, you can create a profile defined as “all telnet packets going from network
9.1.0.0/16 to network 15.1.0.0/16”. You then associate the profile with an IP policy. The IP policy
specifies what to do with the packets that match the profile. For example, you can create an IP
policy that sends packets matching a given profile to next-hop gateway 100.1.1.1.
Configuring an IP policy consists of the following tasks:
Defining a profile
Associating the profile with a policy
Applying the IP policy to an interface
Defining an ACL Profile
An ACL profile specifies the criteria packets must meet to be eligible for IP policy routing. You
define profiles with the acl command. For IP policy routing, the XP uses the packet-related
information from the acl command and ignores the other fields.
For example, the following acl command creates a profile called “prof1” for telnet packets going
from network 9.1.1.5 to network 15.1.1.2:
See the Enterasys X-Pedition Command Line Interface Reference Manual for complete syntax
information for the acl command.
Note: ACLs for non-IP protocols cannot be used for IP policy routing.
Associating the Profile with an IP Policy
Once you have defined a profile with the acl command, you associate the profile with an IP policy
by entering one or more ip-policy statements. An ip-policy statement specifies the next-hop
gateway (or gateways) where packets matching a profile are forwarded. (See the Enterasys X-
Pedition Command Line Interface Reference Manual for complete syntax information for the ip-
policy command.)
xp(config)# acl prof1 permit ip 9.1.0.0/16 15.1.0.0/16 any any telnet 0