Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4148U-ON

591

592

593

594

595

596

597

598

599

600

track track-id

OS10(config)# track 200

2 Congure reachability of the next-hop address through the VRF instance.

ip ip-address reachablility vrf vrf-name

OS10(conf-track-200)#

OS10(conf-track-200)# ip 1.1.1.1 reachability vrf red

OS10(conf-track-200)#exit

3 Congure the route-map.

route-map route-map-name

OS10(config-route-map)#

OS10(config-route-map)# match ip address acl1

4 Set the track ID congured in step 1 to the route-map.

set ip vrf vrf-name nexy-hop next-hop-address track-id track-id-number

OS10(config-route-map)# set ip vrf red next-hop 1.1.1.1 track-id 200

5 Apply the route-map to the interface where trac is ingressing on the VRF instance.

interface interface-type

ip policy route-map route-map-name

OS10(config)# interface vlan 40

OS10(conf-if-vl-40)#

OS10(conf-if-vl-40)# ip policy route-map test

OS10(conf-if-vl-40)# show configuration

NOTE

: Ensure you congure next-hop IP address tracking and PBR next-hop with the same VRF instance. For next-hop

reachability in the same VRF instance, you must congure both PBR per VRF and object tracking. Missing either the

next-hop IP address tracking or PBR next-hop conguration in a VRF instance results in an erroneous conguration.

However, the system does not display an error message indicating problems in the conguration.

Use PBR to permit and block specic trac

This section explains how to permit specic trac through an interface using PBR.

Congure the interface

1 Create a VLAN interface.

OS10(Config)# interface vlan999

2 Enable the interface.

OS10(Conf-if-999)# no shutdown

3 Enter an IP address to the interface.

OS10(Conf-if-999)# ip address 10.99.0.251/16

Dene the PBR parameters

• Create an ACL and dene what should be enabled for PBR processing.

ip access-list TEST-ACL

seq 10 permit tcp any any eq 80

seq 20 permit tcp any any eq 443

seq 30 permit tcp any any eq 21

seq 40 permit icmp any any

• Create an ACL and dene what should be excluded from PBR processing.

ip access-list TEST-ACL-DENY

seq 10 deny tcp 10.99.0.0/16 10.0.0.0/8 eq 80

seq 20 deny tcp 10.99.0.0/16 10.0.0.0/8 eq 443

598

Layer 3