Apply clause, Relationship between the match mode and clauses, Configuring pbr – H3C Technologies H3C SecBlade NetStream Cards User Manual
Page 94: Defining a policy
79
apply clause
The following types of apply clauses are available: apply ip-precedence, apply output-interface, apply
ip-address next-hop, apply default output-interface, and apply ip-address default next-hop.
For the priorities of the apply clauses in a policy node, see
.
Table 10 Priorities of the apply clauses in a policy node
Clause Meaning Priority
apply ip-precedence Sets an IP precedence
If configured for public network forwarding, that is, the
apply access-vpn vpn-instance clause is not
configured, this clause will always be executed.
apply
output-interface and
apply ip-address
next-hop
Sets the outgoing interface
and next hop
The apply output-interface clause takes precedence
over the apply ip-address next-hop clause. This means
that only the apply output-interface clause will be
executed when both are configured.
apply default
output-interface and
apply ip-address
default next-hop
Sets the default outgoing
interface and default next
hop
The apply default output-interface clause takes
precedence over the apply ip-address default next-hop
clause. This means that only the apply default
output-interface clause is executed when both are
configured.
They take effect only when no outgoing interface or
next hop is defined for packets, or the defined outgoing
interface or next hop is invalid and the destination
address does not match any route in the routing table.
Relationship between the match mode and clauses
If a packet…
Then…
In permit mode
In deny mode
Matches all the if-match clauses
on a policy node
The apply clause is executed, and
the packet will not go to the next
policy node for a match.
The apply clause is not executed, the
packet will not go to the next policy
node for a match, and will be
forwarded according to the routing
table.
Fails to match an if-match clause
on the policy node
The apply clause is not executed,
and the packet will go to the next
policy node for a match.
The apply clause is not executed,
and the packet will go to the next
policy node for a match.
The nodes of a policy are in an OR relationship. If a packet matches a node, it passes the policy; if the
packet does not match any node of the policy, it fails to pass the policy and is forwarded according to
the routing table.
Configuring PBR
Defining a policy
Follow these steps to define a policy: