Filter
Top Products
SmartSwitch Router User Reference Manual 211
Chapter 13: IP Policy-Based Forwarding Configuration Guide
cause packets matching a defined profile to be forwarded to a next-hop gateway, enter the
following command in Configure mode:
For example, the following command creates an IP policy called “p1” and specifies that
packets matching profile “prof1” are forwarded to next-hop gateway 10.10.10.10:
You can also set up a policy to prevent packets from being forwarded by an IP policy. To
prevent packets matching a defined profile from being forwarded by an IP policy to a
next-hop gateway, enter the following command in Configure mode:
Packets matching the specified profile are forwarded using dynamic routes instead.
For example, the following command creates an IP policy called “p2” that prevents
packets matching prof1 from being forwarded using an IP policy:
Creating Multi-statement IP Policies
An IP policy can contain more than one ip-policy statement. For example, an IP policy can
contain one statement that sends all packets matching a profile to one next-hop gateway,
and another statement that sends packets matching a different profile to a different next-
hop gateway. If an IP policy has multiple ip-policy statements, you can assign each
statement a sequence number that controls the order in which they are evaluated.
Statements are evaluated from lowest sequence number to highest.
To specify the order in which IP policy statements are evaluated by an IP policy, enter the
following command in Configure mode:
For example, the following commands create an IP policy called “p3”, which consists of
two IP policy statements. The ip policy permit statement has a sequence number of 1,
Forward packets matching a
profile to a next-hop gateway.
ip-policy <name> permit acl <profile> next-
hop-list
<ip-addr-list>
ssr(config)# ip-policy p1 permit acl prof1 next-hop-list 10.10.10.10
Prevent packets matching a
profile from being forwarded
by an IP policy.
ip-policy <name> deny acl <profile>
ssr(config)# ip-policy p2 deny acl prof1
Specify a sequence number
for IP policy statements
ip-policy <name> permit|deny acl <profile>
sequence <num>