R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

271

272

273

274

275

276

277

278

279

280

249

If the track module uses NQA to detect the reachability of the private network static route's next hop, the

VPN instance number of the static route's next hop must be identical to that configured in the NQA test

group.

If a static route needs route recursion, the associated track entry must monitor the next hop of the recursive

route instead of that of the static route. Otherwise, a valid route may be mistakenly considered invalid.

Do not specify the permanent keyword together with the bfd keyword and track keyword.

For the ip route-static dest-address { mask | mask-length } { next-hop-address [ bfd control-packet

[ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number

[ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance

d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag

tag-value ] [ permanent ] [ description description-text ] command, the following matrix shows the

argument and firewall compatibility:

Parameter F1000-A-EI/S-EI

F1000-E

F5000 Firewall module

bfd control-packet [ bfd-source

ip-address ]

No No Yes No

bfd { control-packet

[ bfd-source ip-address ] |

echo-packet }

No No Yes No

For the ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length }

{ next-hop-address [ public ] [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] |

interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] |

echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] }

[ preference preference-value ] [ tag tag-value ] [ permanent ] [ description description-text ] command ,

the following matrix shows the argument and firewall compatibility:

Parameter F1000-A-EI/S-EI

F1000-E

F5000 Firewall module

bfd control-packet

[ bfd-source ip-address ]

No No Yes No

bfd { control-packet

[ bfd-source ip-address ] |

echo-packet }

No No Yes No

Examples

# Configure a static route, whose destination address is 1.1.1.1/24, next hop address is 2.2.2.2, tag value

is 45, and description information is for internet & intranet.

<Sysname> system-view

[Sysname] ip route-static 1.1.1.1 24 2.2.2.2 tag 45 description for internet & intranet

# Configure a static route for a VPN instance named vpn1: the destination address is 1.1.1.1/16 and the

next hop address is 1.1.1.2, which is the address of this VPN instance.

<Sysname> system-view

[Sysname] ip route-static vpn-instance vpn1 1.1.1.1 16 vpn-instance vpn1 1.1.1.2

# Configure a static route: the destination address is 1.1.1.1/24, the outbound interface is GigabitEthernet

0/1, and the next hop address is 2.2.2.2, and enable BFD with the echo packet mode.

<Sysname> system-view

[Sysname] ip route-static 1.1.1.1 24 GigabitEthernet0/1 2.2.2.2 bfd echo-packet