Configuring and applying PBR
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a policy node and enter policy node view. | policy-based-route policy-name { deny | permit } node node-number | By default, no policy nodes exist. |
3. Configure match criteria for the node. | See Layer 3—IP Routing Configuration Guide. | By default, no match criterion is configured. All packets match the criteria for the node. This step matches packets from the multirole host. |
4. Specify the VPN instances for forwarding the matching packets. | apply access-vpn vpn-instance vpn-instance-name&<1-n> | By default, no VPN instance is specified. You must specify multiple VPN instances for the node. The first one is the VPN instance to which the multirole host belongs, and others are the VPN instances to be accessed by the multirole host. A matching packet is forwarded according to the routing table of the first VPN instance that has a matching route for that packet. The value for n is 4. |
5. Return to system view. | quit | N/A |
6. Enter the view of the interface connected to the CE. | interface interface-type interface-number | N/A |
7. Apply the policy to the interface. | ip policy-based-route policy-name | By default, no policy is applied to the interface. |