1 defining an acl profile, 2 associating the profile with an ip policy, Defining an acl profile -2 – Riverstone Networks WICT1-12 User Manual

20-2 Riverstone Networks RS Switch Router User Guide Release 8.0

Configuring IP Policies

IP Policy-Based Forwarding Configuration

20.1.1

Defining an ACL Profile

An ACL profile specifies the criteria packets must meet to be eligible for IP policy routing. You define profiles with
the

acl

command. For IP policy routing, the RS uses the packet-related information from the

acl

command and

ignores the other fields.

For example, the following

acl

command creates a profile called “prof1” for telnet packets going from network

9.1.0.0 to network 15.1.0.0:

See the Riverstone RS Switch Router Command Line Interface Reference Manual for complete syntax information for
the

acl

command.

Note

ACLs for non-IP protocols cannot be used for IP policy routing.

20.1.2

Associating the Profile with an IP Policy

Once you have defined a profile with the

acl

command, you associate the profile with an IP policy by entering one or

more

ip-policy

statements. An

ip-policy

statement specifies the next-hop gateway (or gateways) where packets

matching a profile are forwarded. (See the Riverstone RS Switch Router Command Line Interface Reference Manual
for complete syntax information for the

ip-policy

command.)

For example, the following command creates an IP policy called “p1” and specifies that packets matching profile
“prof1” are forwarded to next-hop gateway 10.10.10.10:

You can also set up a policy to prevent packets from being forwarded by an IP policy. For example, the following
command creates an IP policy called “p2” that prevents packets matching prof1 from being forwarded using an IP
policy:

Packets matching the specified profile are forwarded using dynamic routes instead.

rs(config)#

acl prof1 permit ip 9.1.0.0/16 15.1.0.0/16 any any telnet 0

rs(config)#

ip-policy p1 permit acl prof1 next-hop-list 10.10.10.10

rs(config)#

ip-policy p2 deny acl prof1