Using Access Control Lists (ACLs)

The <ACL-num> parameter specifies a standard or extended ACL number or name.

Syntax: set ip [default] next hop <ip-addr>

This command sets the next-hop IP address for traffic that matches a match statement in the route map.

If you specify default, the route map sets the next-hop gateway only if the routing switch does not already have explicit routing information for the traffic.

Syntax: set [default] interface null0

This command redirects the traffic to the specified interface. You can send the traffic to the null0 interface, which is the same as dropping the traffic.

If you specify default, the route map redirects the traffic to the specified interface only if the routing switch does not already have explicit routing information for the traffic.

Enabling PBR

After you configure the ACLs and route map entries, you can enable PBR globally, on individual interfaces, or both as described in this section. To enable PBR, you apply a route map you have configured for PBR globally or locally.

Enabling PBR Globally

To enable PBR globally, enter a command such as the following at the global CONFIG level:

HP9300(config)# ip policy route-map test-route

This command applies a route map named “test-route” to all interfaces on the device for PBR.

Syntax: ip policy route-map <map-name>

Enabling PBR Locally

To enable PBR locally, enter commands such as the following:

HP9300(config)# interface ve 1

HP9300(config-vif-1)# ip policy route-map test-route

The commands in this example change the CLI to the Interface level for virtual interface 1, then apply the “test­ route” route map to the interface. You can apply a PBR route map to Ethernet ports or virtual interfaces.

Syntax: ip policy route-map <map-name>

Configuration Examples

The following sections provide configuration examples for the following uses of PBRs:

Setting the next hop

Setting the next hop, if the routing switch does not have an explicit next hop configured for the traffic

Discarding traffic by sending it to a null interface

Setting the Next Hop

The following commands configure the routing switch to apply PBR to traffic from IP sub-nets 209.157.23.x, 209.157.24.x, and 209.157.25.x. In this example, route maps specify the next-hop gateway for packets from each of these sub-nets.

Packets from 209.157.23.x are sent to 192.168.2.1.

Packets from 209.157.24.x are sent to 192.168.2.2.

Packets from 209.157.25.x are sent to 192.168.2.3.

The following commands configure three standard ACLs. Each ACL contains one of the ACLs listed above. Make sure you specify permit instead of deny in the ACLs, so that the routing switch permits the traffic that matches the

3 - 27