F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

551

552

553

554

555

556

557

558

559

560

535

Table 60 Priorities and meanings of apply clauses

Clause Meanin

Priorit

apply

output-interface and

apply ip-address

next-hop

Sets the output interface and

sets the next hop.

The apply output-interface clause takes precedence

over the apply ip-address next-hop clause. Only the

apply output-interface clause is executed when both

are configured.

apply

output-interface

ip-address next-hop

dhcpc

Sets the output interface and

next hop (the next hop

address is the gateway

address learned through

DHCP).

For a point to point (P2P) link, the next hop address is

the peer address, so you only need to specify the output

interface by using the apply output-interface

command.

For a non-P2P link, specify both the output interface and

the next hop. If the output interface obtains an IP

address through DHCP, you can use the apply

output-interfac ip-address next-hop dhcpc command to

specify the gateway address learned through DHCP as

the next hop.

Support for the apply output-interface ip-address

next-hop dhcpc command depends on the device

model. For more information, see Network

Management Command Reference.

apply default

output-interface and

apply ip-address

default next-hop

Sets the default output

interface and sets the default

next hop.

The apply default output-interface clause takes

precedence over the apply ip-address default next-hop

clause. Only the apply default output-interface clause

is executed when both are configured.

They take effect only when no output interface or next

hop is set or the output interface and next hop are

invalid, and the packet does not match any route in the

routing table.

1546BRelationship between the match mode and clauses on a node

Does a packet match all the

if-match clauses on the node?

Match mode

ermit

den

Yes

PBR executes the apply clause on

the node.

The packet is forwarded according

to the routing table.

PBR matches the packet against

the next node.

PBR matches the packet against the

next node.

All packets can match a node where no if-match clauses are configured.

If a permit-mode node has no apply clause, packets matching all the if-match clauses of the node are

forwarded according to the routing table.

If a node has no if-match or apply clauses configured, all packets can match the node and are

forwarded according to the routing table.