Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 580

Advertising
background image

555

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 1/1/2 ms

Telnet uses TCP, and ping uses ICMP. The preceding results show that all TCP packets of SecPath

are forwarded via GigabitEthernet 0/1, and other packets are forwarded via GigabitEthernet

0/2. The PBR configuration is effective.

Configuring interface PBR based on packet type at the CLI

Network requirements

As shown in

Figure 315

, configure PBR on SecPath, so that TCP packets arriving on GigabitEthernet 0/1

are forwarded via GigabitEthernet 0/2 and other packets are forwarded according to the routing table.

Figure 315 Network diagram

Configuration procedure

NOTE:

In this example, static routes are configured to ensure the reachability among devices.

1.

Configure SecPath:
# Define ACL 3101 to match TCP packets.

<SecPath> system-view

[SecPath] acl number 3101

[SecPath-acl-adv-3101] rule permit tcp

[SecPath-acl-adv-3101] quit

# Define Node 5 of policy aaa so that TCP packets are forwarded via GigabitEthernet 0/2.

SecPath

GE0/1
10.110.0.10/24

GE0/2

1.1.2.1/24

GE0/3
1.1.3.1/24

Subnet

10.110.0.0/24

GE0/1
1.1.2.2/24

GE0/1

1.1.3.2/24

Router B

Router A

Host A

Host B

10.110.0.20/24

Gateway: 10.110.0.10

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS, H3C SecBlade LB Cards, H3C SecPath L1000-A Load Balancer

Popular Brands
Popular manuals