Traffic from the Source IP = 211.10.15.0/24, 211.10.16.0/24 network blocks should be redirected into tworouters: 192.168.2.2 and 192.168.2.3. The 192.168.2.2 router is preferred to 192.168.2.3. If router 192.168.2.2 is not reachable, 192.168.2.3 should be used. If both routers are not reachable, the default route is used.
1) Create a flow-redirect to keep next-hop IP address and health check information.
create flow-redirect premium_subscriber
config flow-redirect premium_subscriber add next-hop 192.168.2.2
priority 200
config flow-redirect premium_subscriber add next-hop 192.168.2.3
priority 100
2) Add an ACL entry with a flow-redirect name action to the existing ACL policy
(For example: premium_user.pol).
entry premium_15 {
if match {
source-address 211.10.15.0/24;
} then {
permit;
redirect-name premium_subscriber;
}
}
entry premium_16 {
if match {
source-address 211.10.16.0/24;
} then {
permit;
redirect-name premium_subscriber;
}
}
3) Apply the modified ACL policy file or dynamic ACL into a port, VLAN, or VLAN and Port.
(For example: user1 VLAN: 192.168.1.0/30, user2 VLAN: 192.168.1.4/30.)config access-list premium_user vlan user1 ingress
config access-list premium_user vlan user2 ingress