Manualshelf

User Manual

ManualsBrandsCabletron ManualsCables & InterconnectsCabletron Tpfot-2 10BT Transceiver 1 RJ45 Utp to 1 St MMf
341342343344345346347348349350
Enterasys X-Pedition User Reference Manual 315
Configuring IP Policies
For example, the following command creates an IP policy called “p1” and specifies that packets
matching profile “prof1” are forwarded to next-hop gateway 10.10.10.10:
You can also set up a policy to prevent packets from being forwarded by an IP policy. For example,
the following command creates an IP policy called “p2” that prevents packets matching prof1 from
being forwarded using an IP policy:
Packets matching the specified profile are forwarded using dynamic routes instead.
Creating Multi-Statement IP Policies
An IP policy can contain more than one ip-policy statement. For example, an IP policy can contain
one statement that sends all packets matching a profile to one next-hop gateway, and another
statement that sends packets matching a different profile to a different next-hop gateway. If an IP
policy has multiple ip-policy statements, you can assign each statement a sequence number that
controls the order in which they are evaluated. Statements are evaluated from lowest sequence
number to highest.
For example, the following commands create an IP policy called “p3”, which consists of two IP
policy statements. The ip policy permit statement has a sequence number of 1, which means it is
evaluated before the ip policy deny statement, which has a sequence number of 900.
Setting the IP Policy Action
You can use the action parameter with the ip-policy permit command to specify when to apply the
IP policy route with respect to dynamic or statically configured routes. The options of the action
parameter can cause packets to use the IP policy route first, then the dynamic route if the next-hop
gateway specified in the IP policy is unavailable; use the dynamic route first, then the IP policy
route; or drop the packets if the next-hop gateway specified in the IP policy is unavailable.
Note: To ensure that a gateway for policy-based routing is available, use the ip-policy set
command and enable the pinger task.
For example, the following command causes packets that match the profile to use dynamic routes
first and use the IP policy gateway only if a dynamic route is not available:
xp(config)# ip-policy p1 permit acl prof1 next-hop-list 10.10.10.10
xp(config)# ip-policy p2 deny acl prof1
xp(config)# ip-policy p3 permit acl prof1 next-hop-list 10.10.10.10 sequence 1
xp(config)# ip-policy p3 deny acl prof2 sequence 900
xp(config)# ip-policy p2 permit acl prof1 action policy-last