NE20E-X6V600R008C10SPC300流策略不生效

发布时间:  2017-03-21 浏览次数:  117 下载次数:  0
问题描述

NE20E-X6V600R008C10SPC300对VPN实例流量做流策略不生效
配置如下:
#
interface Vlanif100
 ip binding vpn-instance spi
 ip address 10.218.207.214 255.255.255.248
#
acl number 3123
 rule 1 permit ip vpn-instance spi source 10.218.207.210 0
#
traffic classifier a
 if-match acl 3123
#

traffic behavior a
 deny
#
traffic policy a
 classifier a behavior a
#
interface GigabitEthernet3/0/4
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 100 1000
 traffic-policy a inbound
#

解决方案

根因:物理接口inbound方向做流策略时数据包还不具有vpn属性

解决方案:

#
acl number 3123
 rule 1 permit ip source 10.218.207.210 0 //rule条目去掉VPN属性
#
interface GigabitEthernet3/0/4
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 100 1000
 traffic-policy a inbound vlan 100  //调用流策略添加vlan
#

END