R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
389
Figure 197 Network diagram for interface PBR based on packet type
2. Configuration procedure
NOTE:
In this example, static routes are configured to ensure the reachability among devices.
a. Configure Firewall
# Define ACL 3101 to match TCP packets.
<Firewall> system-view
[Firewall] acl number 3101
[Firewall-acl-adv-3101] rule permit tcp
[Firewall-acl-adv-3101] quit
# Define Node 5 of policy aaa so that TCP packets are forwarded via GigabitEthernet 0/3.
[Firewall] policy-based-route aaa permit node 5
[Firewall-pbr-aaa-5] if-match acl 3101
[Firewall-pbr-aaa-5] apply output-interface GigabitEthernet 0/3
[Firewall-pbr-aaa-5] quit
# Apply the policy aaa to GigabitEthernet 0/1.
[Firewall] interface GigabitEthernet 0/1
[Firewall-GigabitEthernet0/1] ip address 10.110.0.10 255.255.255.0
[Firewall-GigabitEthernet0/1] ip policy-based-route aaa
[Firewall-GigabitEthernet0/1] quit
# Configure the IP addresses of the serial ports.
[Firewall] interface GigabitEthernet 0/3
[Firewall-GigabitEthernet0/3] ip address 1.1.2.1 255.255.255.0
[Firewall-GigabitEthernet0/3] quit
[Firewall] interface GigabitEthernet 0/2
Firewall
GE0/1
10.110.0.10/24
GE0/3
1.1.2.1/24
GE0/2
1.1.3.1/24
Subnet
10.110.0.0/24
GE0/1
1.1.2.2/24
GE0/1
1.1.3.2/24
Router A Router B
Host A Host B
10.110.0.20/24
Gateway: 10.110.0.10