Packet type-based local PBR configuration example
Network requirements
As shown in Figure 15, configure PBR on Switch A to forward all TCP packets to the next hop 1.1.2.2. Switch A forwards other packets according to the routing table.
Figure 15: Network diagram
Configuration procedure
Configure Switch A:
# Create VLAN 10 and VLAN 20.
<SwitchA> system-view [SwitchA] vlan 10 [SwitchA-vlan10] quit [SwitchA] vlan 20 [SwitchA-vlan20] quit
# Configure the IP addresses of VLAN-interface 10 and VLAN-interface 20.
[SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] ip address 1.1.2.1 24 [SwitchA-Vlan-interface10] quit [SwitchA] interface vlan-interface 20 [SwitchA-Vlan-interface20] ip address 1.1.3.1 24 [SwitchA-Vlan-interface20] quit
# Configure ACL 3101 to match TCP packets.
[SwitchA] acl number 3101 [SwitchA-acl-adv-3101] rule permit tcp [SwitchA-acl-adv-3101] quit
# Configure Node 5 for policy aaa to forward TCP packets to next hop 1.1.2.2.
[SwitchA] policy-based-route aaa permit node 5 [SwitchA-pbr-aaa-5] if-match acl 3101 [SwitchA-pbr-aaa-5] apply next-hop 1.1.2.2 [SwitchA-pbr-aaa-5] quit
# Configure local PBR by applying policy aaa to Switch A.
[SwitchA] ip local policy-based-route aaa
Configure Switch B:
# Create VLAN 10.
<SwitchB> system-view [SwitchB] vlan 10 [SwitchB-vlan10] quit
# Configure the IP address of VLAN-interface 10.
[SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ip address 1.1.2.2 24
Configure Switch C:
# Create VLAN 20.
<SwitchC> system-view [SwitchC] vlan 20 [SwitchC-vlan20] quit
# Configure the IP address of VLAN-interface 20.
[SwitchC] interface vlan-interface 20 [SwitchC-Vlan-interface20] ip address 1.1.3.2 24
Verifying the configuration
# Telnet to Switch B on Switch A. The operation succeeds.
# Telnet to Switch C on Switch A. The operation fails.
# Ping Switch C from Switch A. The operation succeeds.
Telnet uses TCP and ping uses ICMP. The results show the following:
All TCP packets sent from Switch A are forwarded to the next hop 1.1.2.2.
Other packets are forwarded through VLAN-interface 20.
The local PBR configuration is effective.