No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Implementing Policy-Based Routing for Different Subnets by USG2200

Publication Date:  2012-07-17 Views:  38 Downloads:  0
Issue Description
Policy-based routing is a common way to control routing; however, implementing policy-based routing for different subnets requires extra techniques.
Alarm Information
None.
Handling Process
Configure the USG2200 as follows:
                                Step 1     Set the IP addresses of the interfaces, define routing polices, and add routes to the routing table.
interface GigabitEthernet0/0/0
ip address 10.1.3.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 2.2.2.1 255.255.255.0
interface GigabitEthernet0/0/2
ip address 1.1.1.1 255.255.255.0 
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/1
add interface GigabitEthernet0/0/2  
policy interzone trust untrust outbound
policy 0
action permit
policy source 10.1.1.0 0.0.0.255
policy source 10.1.2.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 202.168.10.1
ip route-static 0.0.0.0 0.0.0.0 202.169.10.1
                                Step 2     Configure policy-based routing.
acl number 3001
rule 0 permit ip source 10.1.1.0 0.0.0.255
acl number 3002
rule 0 permit ip source 10.1.2.0 0.0.0.255
traffic classifier class2
if-match acl 3002
traffic classifier class1
if-match acl 3001
#
traffic behavior behavior1
remark ip-nexthop 1.1.1.2 output-interface GigabitEthernet0/0/1
traffic behavior behavior2
remark ip-nexthop 2.2.2.2 output-interface GigabitEthernet0/0/2
#
qos policy huawei
classifier class1 behavior behavior1
classifier class2 behavior behavior2
                                Step 3     Apply the QoS policy on the Trust zone.
firewall zone trust
qos apply policy mypolicy outbound
Root Cause
Networking in lab environment:
As shown in the following figure, traffic from private network 10.1.1.0 to network 2.2.2.0 is forwarded to interface 2.2.2.2 on a USG2200 router, traffic from private network 10.1.2.0 to network 1.1.1.0 is forwarded to interface 1.1.1.2 on another USG2200 router, and the two links back up for each other.
Suggestions
The configuration is made on WAN links. A good practice is to issue the following commands to detect link failure.
ip-link check enable
ip-link 1 destination 1.1.1.2 mode icmp
ip-link 2 destination 2.2.2.2 mode icmp

END