Make TSM test, the customer network data communication devices are all H3C, which convergence layer is S7503, make the terminal flow diversion to SACG, configure the flow redirection. Test in terminal, found that even the gateway can not PING passably (note, terminal diversion is the gateway device);
Because it is temporary test, SACG use transparent mode to access;
1 Terminal ping impassably gateway; From the point of configuration, after terminal flow from the E2/0/1 interface to E2/0/7 interface, is lost; The redirection configuration is as follows:
[H3C] acl number 2000
[H3C-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255
[H3C] interface Ethernet2/0/1
[H3C-qosb-Ethernet2/0/1] traffic-redirect inbound ip-group 2000 interface
Ethernet 2/0/7 //pull-in interconnect SACG flow
2 check H3C product manual, found that the flow redirection can have two kinds of configuration mode, one is as above configuration, in the interface QOS mode; the second one is as follows, can directly configure under the VLAN.
[H3C S7500] vlan 2
[H3C S7500-vlan2] traffic-redirect inbound ip-group 2000 rule 0 next-hop
22.214.171.124 slot 5
But the difference between these two kinds of configuration is that the QOS view can only configure the out interface, can't configure NEXT - hop IP; And in the VLAN configuration, can configure the next-hop IP but must also configure SLOT.
3 in the customer site SW, remove the QOS configuration of interface, and change to configure in the VLAN, but SLOT parameter is the must configuration items, options is SLOT (1-3), we configure SLOT1, SLOT 2 or SLOT 3 all prompt Invalid SLOT;
4 configuration command must be no problem, then check the product manual find a piece of original text is as follows:
"At the moment LS81VSNP board of S7500 series switch can realize PBR function, to easy to descript, called service processing board in manual. "
Can basic affirm that the SW lack hardware board card, then and H3C technology hotline confirms it. If SW does not buy the kind board, the NAT, PBR and so on can not deal with.
5 let customer network engineer login core switch, found that also the same, couldn't configure SLOT slots when configure redirection, that proved the customer all SW do not buy this service board card at present, cannot realize SACG bypass; Can only use transparent mode to access customer network;
1 attached: service processing board (no service interface) - LS81VSNP brief introduction:
LS81VSNP service processing board support XGbus high-speed bus, with high performance NP (Network Processor, Network processors) and CPU, can help the other service processing board provide the following features:
??????? policy routing
??????? NAT (Network Address Translation)
The board does not provide interface to outside.
2 notify the company market personnel, avoid after winning the bid project can't deliver deployment, dodge the risk in advance.