* Int.X460-Core.4 # edit policy police_vlan8_pbr
entry permit_local_00 {
if {
source-address 192.168.0.0/16;
destination-address 192.168.0.0/16;
} then {
permit;
}
}
entry permit_local_01 {
if {
source-address 192.168.0.0/16;
destination-address 10.0.0.0/8;
} then {
permit;
}
}
entry permit_local_02 {
if {
source-address 192.168.0.0/16;
destination-address 172.168.0.0/12;
} then {
permit;
}
}
entry redirect_local_00 {
if {
source-address 192.168.253.0/24;
} then {
redirect 10.255.255.41;
}
}
configure access-list police_vlan8_pbr vlan "VLAN8_USERS-NEW" ingress
unconfigure access-list police_vlan8_pbr ingress
===
===
An example.
We want to redirect all traffic from 10.91.0.48/28 to address 10.91.0.234
create flow-redirect redir1
configure flow-redirect redir1 add nexthop 10.91.0.234 priority 100
configure flow-redirect redir1 nexthop 10.91.0.234 ping health-check interval 60 miss 3
Create an ACL:
entry subnet1 {
if match all {
source-address 10.91.0.48/28 ;
} then {
permit;
redirect-name redir1;
}
}
configure access-list redir1 vlan "vlan_name" ingress
That will redirect traffic in this vlan only from subnet 10.91.0.48/28 to 10.91.0.234.
https://community.extremenetworks.com/extreme/topics/help_required_for_l3_policy_based_redirect_summit_x460_24t_exos_12_5-mb5hr
entry permit_local_00 {
if {
source-address 192.168.0.0/16;
destination-address 192.168.0.0/16;
} then {
permit;
}
}
entry permit_local_01 {
if {
source-address 192.168.0.0/16;
destination-address 10.0.0.0/8;
} then {
permit;
}
}
entry permit_local_02 {
if {
source-address 192.168.0.0/16;
destination-address 172.168.0.0/12;
} then {
permit;
}
}
entry redirect_local_00 {
if {
source-address 192.168.253.0/24;
} then {
redirect 10.255.255.41;
}
}
configure access-list police_vlan8_pbr vlan "VLAN8_USERS-NEW" ingress
unconfigure access-list police_vlan8_pbr ingress
===
Policy-Based Redirection Redundancy
Multiple Next-hop Support
As discussed above, Layer 3 and Layer 2 policy-based redirect support only one next-hop for one
policy-based entry. Multiple next-hops with different priorities can be configured. A higher priority is
denoted with a higher number; for example, “priority 5” has a higher precedence than “priority 1.” When
a high priority next-hop becomes unreachable, another preconfigured next-hop, based on priority,
replaces the first. This is done by first creating a flow-redirect name that is used to hold next-hop
information. User-created flow-redirect names are not case-sensitive.
Use the following command:
create flow-redirect flow_redirect_name
To delete the flow-redirect name, use:
delete flow-redirect flow_redirect_name
Then information for each next-hop, including a defined priority, is added one by one to the new flowredirect
name. Use the following command:
configure flow-redirect flow_redirect_name add nexthop ipaddress priority number
===
An example.
We want to redirect all traffic from 10.91.0.48/28 to address 10.91.0.234
create flow-redirect redir1
configure flow-redirect redir1 add nexthop 10.91.0.234 priority 100
configure flow-redirect redir1 nexthop 10.91.0.234 ping health-check interval 60 miss 3
Create an ACL:
entry subnet1 {
if match all {
source-address 10.91.0.48/28 ;
} then {
permit;
redirect-name redir1;
}
}
configure access-list redir1 vlan "vlan_name" ingress
That will redirect traffic in this vlan only from subnet 10.91.0.48/28 to 10.91.0.234.
https://community.extremenetworks.com/extreme/topics/help_required_for_l3_policy_based_redirect_summit_x460_24t_exos_12_5-mb5hr
Комментариев нет:
Отправить комментарий