Manualshelf

R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
391392393394395396397398399400
387
PBR configuration examples
Configuring local PBR based on packet type
1. Network requirements
As shown in Figure 196, c
onfigure PBR on Firewall, so that all TCP packets are forwarded via GE0/1 and
other packets are forwarded according to the routing table.
Firewall is directly connected to Router A and Router B. Router A and Router B are unreachable to each
other.
Figure 196 Network diagram for local PBR based on packet type
2. Configuration procedure
a. Configure Firewall
# Define ACL 3101 to match TCP packets.
<Firewall> system-view
[Firewall] acl number 3101
[Firewall-acl-adv-3101] rule permit tcp
[Firewall-acl-adv-3101] quit
# Define Node 5 of policy aaa, so that TCP packets are forwarded via GigabitEthernet0/1.
[Firewall] policy-based-route aaa permit node 5
[Firewall-pbr-aaa-5] if-match acl 3101
[Firewall-pbr-aaa-5] apply output-interface GigabitEthernet 0/1
[Firewall-pbr-aaa-5] quit
# Apply policy aaa to Firewall.
[Firewall] ip local policy-based-route aaa
# Configure the IP addresses of the serial ports.
[Firewall] interface GigabitEthernet 0/1
[Firewall-GigabitEthernet0/1] ip address 1.1.2.1 255.255.255.0
[Firewall-GigabitEthernet0/1] quit
[Firewall] interface GigabitEthernet 0/2
[Firewall-GigabitEthernet0/2] ip address 1.1.3.1 255.255.255.0
b. Configure Router A
# Configure the IP address of the serial port.
<RouterA> system-view
[RouterA] interface GigabitEthernet 0/1
[RouterA-GigabitEthernet0/1] ip address 1.1.2.2 255.255.255.0
[RouterA-GigabitEthernet0/1] quit
c. Configure Router B