Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

Page 297

Advertising
background image

281

Figure 99 Network diagram

Configuration procedure

1.

Configure IP addresses for the interfaces. (Details not shown.)

2.

Configure a local port mirroring group on Switch A.

<SwitchA> system-view

[SwitchA] mirroring-group 1 local

[SwitchA] mirroring-group 1 mirroring-port GigabitEthernet 3/0/2 inbound

[SwitchA] mirroring-group 1 monitor-port GigabitEthernet 3/0/1

3.

Configure BGP and a routing policy on Switch A:
# Create ACL 2000 that denies all routes.

[SwitchA] acl number 2000

[SwitchA-acl-basic-2000] rule 0 deny

[SwitchA-acl-basic-2000] quit

# Configure community list 1 so that the received routes matching community 1:1 are not

advertised to any BGP peer or out of the AS.

[SwitchA] ip community-list 1 permit 1:1 no-export no-advertise

# Configure routing policy guard-in, matching community list 1.

[SwitchA] route-policy guard-in permit node 0

[SwitchA-route-policy] if-match community 1

[SwitchA-route-policy] quit

# Enable BGP and establish a neighbor relationship with the Guard device.

[SwitchA] bgp 100

[SwitchA-bgp] peer 5.5.5.6 as-number 200

# Apply ACL 2000 to filter routes advertised to peer 5.5.5.6, namely, to deny all those routes.

[SwitchA-bgp] peer 5.5.5.6 filter-policy 2000 export

# Apply routing policy guard-in to filter routes received from peer 5.5.5.6 so that the received

routes matching community 1:1 are not advertised to any BGP peer or outside of the AS.

[SwitchA-bgp] peer 5.5.5.6 route-policy guard-in import

[SwitchA-bgp] quit

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals