Configuring PBR To Redirect Traffic On S7700 Doesn't Take Effect - Science/Technology - Nairaland
Nairaland Forum / Science/Technology / Configuring PBR To Redirect Traffic On S7700 Doesn't Take Effect (306 Views)
SAP Analytics Cloud : Configuring The Dropdown Feature In Analytic Designer / Configuring NTP Server On A Mikrotik Router. / How To Fix An Iphone That Doesn't Take Screenshot (2) (3) (4)
(1) (Reply)
| Configuring PBR To Redirect Traffic On S7700 Doesn't Take Effect by jorna: 4:37am On Oct 26, 2018 |
After configured PBR on Huawei S7700(V200R010C00SPC600), tracert results show PBR not taking effect. To solve this problem,here we offer a method to troubleshoot this problem. First of all,making sure that traffic-policy is configured correctly,also ACL and applying traffic-policy in the appropriate interface.Especially the direction used in traffic-policy,inbound direction only effect the traffic enter the port,outbound only influence the traffic forwarded out of the interface. eg: # acl 3001 rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 10.1.1.0 0.0.0.255 traffic classifier to_inbound if-match acl 3001 traffic behavior to_inbound redirect ip-nexthop 172.16.1.1 traffic policy to_inbound classifier to_inbound behavior to_inbound int g0/0/1 traffic-policy to_inbound inbound # this configuration will redirect traffic,those from 192.168.1.0/24 to 10.1.1.0/24,to 172.16.1.1, But if the traffic-policy is used as : int g0/0/1 traffic-policy to_inbound outbound this wouldn't help anything. Particularly, when configured with outbound,but swap the source IP address and destination IP address in ACL,this may be valid,just like acl 3001 rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 traffic classifier to_inbound if-match acl 3001 traffic behavior to_inbound redirect ip-nexthop 172.16.1.1 traffic policy to_inbound classifier to_inbound behavior to_inbound int g0/0/1 traffic-policy to_inbound outbound Althrough this two scenarios may have same result,but in fact,they work completely differently. In the first situation,traffics are inspected before traveling through device. In the second secnario,traffics are inspected when the forward out of the device,in some situation,this may happen when traffic on their return trip. After checking the configuration,we'd better test if the redirected IP address is accessible. We can do the test by ping or checking if the device has learned the MAC address of the redirected address. Then,we can inspect the interface configuration,checking if there is other command that will influence the traffic forwarding. eg: traffic-filter traffic-filter is added from V200R002C00 when traffic-filter and traffic-policy both configured under the very same interface,traffic-filter will take effect first. When traffic matches traffic-filter,it wouldn't check if it matches traffic-policy. This problem is quite concealed. What's more, when traffic-filter configured,if the traveling traffic doesn't match any rules in traffic-filter,it will be forwarded as usual,quite different with ACL. |
(1) (Reply)
Uphold Cryptocurrency Phone Number Uphold Support -uphold Buy Sell And Send Btc / Google Call Screening Transcriptions Start Rolling Out To Pixel Owners / Whatspp Keeps Closing
(Go Up)
| Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 19 |