Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
861862863864865866867868869870
845
318B
IPv6 PBR configuration examples
973BConfiguring IPv6 local PBR based on packet type
1779BNetwork requirements
As shown in 3007HFigure 402, configure IPv6 local PBR on Firewall to forward all locally generated TCP
packets through GigabitEthernet 0/1. Router A forwards other IPv6 packets according to the routing
table.
Figure 402 Network diagram
1780BConfiguration procedure
1. Configure Firewall:
# Configure ACL 3001 to match TCP packets.
<Firewall> system-view
[Firewall] ipv6
[Firewall] acl ipv6 number 3001
[Firewall-acl6-adv-3001] rule permit tcp
[Firewall-acl6-adv-3001] quit
# Configure Node 5 of policy aaa, so that TCP packets are forwarded via GigabitEthernet 0/1.
[Firewall] ipv6 policy-based-route aaa permit node 5
[Firewall-pbr6-aaa-5] if-match acl6 3001
[Firewall-pbr6-aaa-5] apply ipv6-address next-hop 1::2
[Firewall-pbr6-aaa-5] quit
# Configure IPv6 local PBR by applying policy aaa on Firewall.
[Firewall] ipv6 local policy-based-route aaa
# Configure the IPv6 addresses for the GigabitEthernet interfaces.
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] ipv6 address 1::1 64
[Firewall-GigabitEthernet0/1] quit
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet 0/2] ipv6 address 2::1 64
2. Configure IPv6 address for the GigabitEthernet interface of Router A.
<RouterA> system-view
[RouterA] ipv6
[RouterA] interface gigabitethernet 0/1
[RouterB-GigabitEthernet0/1] ipv6 address 1::2 64
3. Configure IPv6 address for the GigabitEthernet interface of Router B.
<RouterC> system-view