Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
871872873874875876877878879880
848
Telnet uses TCP, and ping uses ICMP. The preceding results show that all TCP packets received on
GigabitEthernet 0/3 of Firewall are forwarded to the next hop 1::2, and other packets are
forwarded GigabitEthernet 0/2. The IPv6 interface PBR configuration is effective.
975BConfiguring IPv6 interface PBR based on packet length
1783BNetwork requirements
As shown in 3009HFigure 404, configure IPv6 interface PBR to guide the forwarding of packets received on
GigabitEthernet 0/3 of Firewall as follows:
Forwards packets with a length of 64 to 100 bytes to the next hop 150::2/64.
Forwards packets with a length of 101 to 1000 to the next hop 151::2/64.
All other packets are forwarded according to the routing table.
Figure 404 Network diagram
1784BConfiguration procedure
1. Configure Firewall:
# Configure RIPng.
<Firewall> system-view
[Firewall] ipv6
[Firewall] ripng 1
[Firewall-ripng-1] quit
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] ipv6 address 150::1 64
[Firewall-GigabitEthernet0/1] ripng 1 enable
[Firewall-GigabitEthernet0/1] quit
[Firewall] interface gigabitethernet 0/2
[Firewall-GigabitEthernet0/2] ipv6 address 151::1 64
[Firewall-GigabitEthernet0/2] ripng 1 enable
[Firewall-GigabitEthernet0/2] quit
# Configure Node 10 for policy lab1 to forward IPv6 packets with a length of 64 to 100 to the
next hop 150::2/64, and IPv6 packets with a length of 101 to 1000 bytes to the next hop
151::2/64.
[Firewall] ipv6 policy-based-route lab1 permit node 10
[Firewall-pbr6-lab1-10] if-match packet-length 64 100
[Firewall-pbr6-lab1-10] apply ipv6-address next-hop 150::2
[Firewall-pbr6-lab1-10] quit
[Firewall] ipv6 policy-based-route lab1 permit node 20