Question

EXOS "default next-hop" alternative for PBR

  • 18 August 2019
  • 1 reply
  • 103 views

Hello,

I can't seem to find out how to do a default next-hop instead of a next-hop when performing PBR. The default next-hop functions differently than next-hop alone.

Here is the difference. Can someone help?

https://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/47121-pbr-cmds-ce.html

1 reply

This is what I came up with.

code:
entry PBR-LOCAL_1{
if match all {
source-address 10.0.0.0/8 ;
destination-address 172.16.0.0/12 ;
}
then {
permit ;
count pbr-local ;
}
}
entry PBR-LOCAL_2 {
if match all {
source-address 10.0.0.0/8 ;
destination-address 10.0.0.0/8 ;
}
then {
permit ;
count pbr-local ;
}
}
entry PBR-LOCAL_3 {
if match all {
source-address 10.0.0.0/8 ;
destination-address 192.168.0.0/16 ;
}
then {
permit ;
count pbr-local ;
}
}
entry PBR-LOCAL_4{
if match all {
source-address 192.168.0.0/16 ;
destination-address 172.16.0.0/12 ;
}
then {
permit ;
count pbr-local ;
}
}
entry PBR-LOCAL_5 {
if match all {
source-address 192.168.0.0/16 ;
destination-address 10.0.0.0/8 ;
}
then {
permit ;
count pbr-local ;
}
}
entry PBR-LOCAL_6 {
if match all {
source-address 192.168.0.0/16 ;
destination-address 192.168.0.0/16 ;
}
then {
permit ;
count pbr-local ;
}
}
entry PBR-LOCAL_7{
if match all {
source-address 172.16.0.0/12 ;
destination-address 172.16.0.0/12 ;
}
then {
permit ;
count pbr-local ;
}
}
entry PBR-LOCAL_8 {
if match all {
source-address 172.16.0.0/12 ;
destination-address 10.0.0.0/8 ;
}
then {
permit ;
count pbr-local ;
}
}
entry PBR-LOCAL_9 {
if match all {
source-address 172.16.0.0/12 ;
destination-address 192.168.0.0/16 ;
}
then {
permit ;
count pbr-local ;
}
}
entry PBR-FortiGate_1 {
if match all {
source-address 10.0.0.0/8 ;
}
then {
redirect-name FortiGate ;
count pbr-fortigate ;
}
}
entry PBR-FortiGate_2 {
if match all {
source-address 192.168.0.0/16 ;
}
then {
count pbr-fortigate ;
redirect-name FortiGate ;
}
}
entry PBR-FortiGate_3 {
if match all {
source-address 172.16.0.0/12 ;
}
then {
redirect-name FortiGate ;
count pbr-fortigate ;
}
}


code:
create flow-redirect FortiGate
configure flow-redirect FortiGate add nexthop 172.16.1.3 priority 100

Reply