Support User Manuals

Cabletron Systems 9032578-05 Network Router User Manual

Open as PDF

of 398

SmartSwitch Router User Reference Manual 209

Chapter 15: IP Policy-Based Forwarding Configuration Guide

For example, the following command creates an IP policy called “p1” and specifies that

packets matching profile “prof1” are forwarded to next-hop gateway 10.10.10.10:

You can also set up a policy to prevent packets from being forwarded by an IP policy. For

example, the following command creates an IP policy called “p2” that prevents packets

matching prof1 from being forwarded using an IP policy:

Packets matching the specified profile are forwarded using dynamic routes instead.

Creating Multi-Statement IP Policies

An IP policy can contain more than one ip-policy statement. For example, an IP policy can

contain one statement that sends all packets matching a profile to one next-hop gateway,

and another statement that sends packets matching a different profile to a different next-

hop gateway. If an IP policy has multiple ip-policy statements, you can assign each

statement a sequence number that controls the order in which they are evaluated.

Statements are evaluated from lowest sequence number to highest.

For example, the following commands create an IP policy called “p3”, which consists of

two IP policy statements. The ip policy permit statement has a sequence number of 1,

which means it is evaluated before the ip policy deny statement, which has a sequence

number of 900.

Setting the IP Policy Action

You can use the action parameter with the ip-policy permit command to specify when to

apply the IP policy route with respect to dynamic or statically configured routes. The

options of the action parameter can cause packets to use the IP policy route first, then the

dynamic route if the next-hop gateway specified in the IP policy is unavailable; use the

dynamic route first, then the IP policy route; or drop the packets if the next-hop gateway

specified in the IP policy is unavailable.

For example, the following command causes packets that match the profile to use

dynamic routes first and use the IP policy gateway only if a dynamic route is not

available:

ssr(config)# ip-policy p1 permit acl prof1 next-hop-list 10.10.10.10

ssr(config)# ip-policy p2 deny acl prof1

ssr(config)# ip-policy p3 permit acl prof1 next-hop-list 10.10.10.10 sequence 1

ssr(config)# ip-policy p3 deny acl prof2 sequence 900

ssr(config)# ip-policy p2 permit acl prof1 action policy-last

previous next