Config iproute by origen
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-17-2017 05:50 PM
Hi, I have a switch X450e-48p with image ExtremeXOS version 12.0.3.16 and my question is if can i configure various routes by origen?
I need configure various routes to internet in different gateways but separate depend of equipment inside the LAN.
regards
I need configure various routes to internet in different gateways but separate depend of equipment inside the LAN.
regards
20 REPLIES 20
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-18-2017 11:50 AM
Hi Daniel,
You have to use different entries for different SrcIPs as follows:
edit policy PBR.pol
entry PBR_WAN2-Host1 {
if {
source-address 192.168.100.x/32; (host1)
}
then {
redirect 192.168.100.253; (Gateway to WAN2)
}
}
entry PBR_WAN2-Host2 {
if {
source-address 192.168.100.x/32; (host2)
}
then {
redirect 192.168.100.253; (Gateway to WAN2)
}
}
All the traffic that does not hit the ACL will be routed through default route.
The "refresh policy" command is used only when you have changed the policy file and need to update to the switch memory without needing to unconfig/config the ACL to the vlan or port.
Also, diffserv examination is not needed here, unless you are working with DSCP marking to perform QoS.
You have to use different entries for different SrcIPs as follows:
edit policy PBR.pol
entry PBR_WAN2-Host1 {
if {
source-address 192.168.100.x/32; (host1)
}
then {
redirect 192.168.100.253; (Gateway to WAN2)
}
}
entry PBR_WAN2-Host2 {
if {
source-address 192.168.100.x/32; (host2)
}
then {
redirect 192.168.100.253; (Gateway to WAN2)
}
}
All the traffic that does not hit the ACL will be routed through default route.
The "refresh policy" command is used only when you have changed the policy file and need to update to the switch memory without needing to unconfig/config the ACL to the vlan or port.
Also, diffserv examination is not needed here, unless you are working with DSCP marking to perform QoS.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-18-2017 11:50 AM
Hi Henrique... so the policy maybe can i configure like this?
edit policy PBR.pol
entry TRAFIC_TO_WAN2 {
if {
source-address 192.168.100.x/32; (host1)
source-address 192.168.100.x/32; (host2)
}
then {
redirect 192.168.100.253; (Gateway to WAN2)
}
}
config access-list TRAFIC_TO_WAN2 vlan default ingress
enable diffserv examination port X (inside LAN port)
refresh policy PBR
configure iproute add default 192.168.100.254 (gateway to WAN1)
And the rest of the traffic can be configured a default route? Does the default route not affect the PBR policy?
thanks
Regards
edit policy PBR.pol
entry TRAFIC_TO_WAN2 {
if {
source-address 192.168.100.x/32; (host1)
source-address 192.168.100.x/32; (host2)
}
then {
redirect 192.168.100.253; (Gateway to WAN2)
}
}
config access-list TRAFIC_TO_WAN2 vlan default ingress
enable diffserv examination port X (inside LAN port)
refresh policy PBR
configure iproute add default 192.168.100.254 (gateway to WAN1)
And the rest of the traffic can be configured a default route? Does the default route not affect the PBR policy?
thanks
Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-18-2017 11:50 AM
Thanks Henrique
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-17-2017 09:12 PM
"You may want to create a static ARP entry for the redirect IP address, so that there will always be a cache entry."
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-17-2017 06:07 PM
I think he asking about Source based routing yes you can do it just be aware its a really easy way to generate routing loops
here is an example policy
The redirect entry is the one you need.
* CoreRouter1.113 # show policy REDIRECT
Policies at Policy Server:
Policy: REDIRECT
entry Exception {
if match any {
destination-address 172.27.237.244/30 ;
}
then {
count EXCEPTION ;
permit ;
}
}
entry redirect {
if match all {
source-address 172.27.237.248/30 ;
}
then {
redirect 172.27.237.242 ;
count REDIRECT_HIT ;
}
}
entry catch_all {
if match all {
}
then {
permit ;
count CATCHALL ;
}
}
here is an example policy
The redirect entry is the one you need.
* CoreRouter1.113 # show policy REDIRECT
Policies at Policy Server:
Policy: REDIRECT
entry Exception {
if match any {
destination-address 172.27.237.244/30 ;
}
then {
count EXCEPTION ;
permit ;
}
}
entry redirect {
if match all {
source-address 172.27.237.248/30 ;
}
then {
redirect 172.27.237.242 ;
count REDIRECT_HIT ;
}
}
entry catch_all {
if match all {
}
then {
permit ;
count CATCHALL ;
}
}
