No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How to Configure PBR for Redirection in a Scenario with Two Egress Devices

How to Configure PBR for Redirection in a Scenario with Two Egress Devices

Networking Requirements

In Figure 29-30, an enterprise has two departments: DepartmentA and DepartmentB, which are dual-homed to the Internet through two interfaces GE1/0/0 and GE2/0/0 of RouterA. A host IP address of DepartmentA is 192.168.1.2/24 and that of DepartmentB is 192.168.2.2/24. The two IP addresses belong to two network segments 192.168.1.0/24 and 192.168.2.0/24 respectively. PBR needs to be configured to transmit packets of different network segments in the enterprise to the Internet over different links.

Figure 29-30  PBR with two egress devices

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure IP addresses for interfaces and configure routing protocols to ensure that enterprise users can access the Internet through RouterA.
  2. Configure traffic classifiers to classify packets based on the source IP address.
  3. Configure traffic behaviors to redirect DepartmentA and Department B's packets matching traffic classification rules to 192.168.3.2/24 and 192.168.4.2/24 respectively.
  4. Configure traffic policies, bind the configured traffic classifiers and traffic behaviors to them, and apply them to corresponding interfaces to implement PBR.

Procedure

  1. Configure devices to ensure that they can communicate.

    # Configure an IP address for each interface. The following example provides the configuration of RouterA. The configurations of other devices are similar to the configuration of RouterA and are not mentioned here.

    <Huawei> system-view
    [Huawei] sysname RouterA
    [RouterA] interface gigabitethernet 1/0/0
    [RouterA-GigabitEthernet1/0/0] ip address 192.168.1.1 24
    [RouterA-GigabitEthernet1/0/0] quit
    [RouterA] interface gigabitethernet 2/0/0
    [RouterA-GigabitEthernet2/0/0] ip address 192.168.2.1 24
    [RouterA-GigabitEthernet2/0/0] quit
    [RouterA] interface gigabitethernet 3/0/0
    [RouterA-GigabitEthernet3/0/0] ip address 192.168.3.1 24
    [RouterA-GigabitEthernet3/0/0] quit
    [RouterA] interface gigabitethernet 4/0/0
    [RouterA-GigabitEthernet4/0/0] ip address 192.168.4.1 24
    [RouterA-GigabitEthernet4/0/0] quit
    

    # Configure static routes between devices.

    [RouterA] ip route-static 192.168.7.0 255.255.255.0 192.168.3.2
    [RouterA] ip route-static 192.168.7.0 255.255.255.0 192.168.4.2
    [RouterA] ip route-static 192.168.5.0 255.255.255.0 192.168.3.2
    [RouterA] ip route-static 192.168.6.0 255.255.255.0 192.168.4.2
    [RouterB] ip route-static 192.168.7.0 255.255.255.0 192.168.5.1
    [RouterB] ip route-static 192.168.1.0 255.255.255.0 192.168.3.1
    [RouterB] ip route-static 192.168.2.0 255.255.255.0 192.168.3.1
    [RouterC] ip route-static 192.168.7.0 255.255.255.0 192.168.6.1
    [RouterC] ip route-static 192.168.1.0 255.255.255.0 192.168.4.1
    [RouterC] ip route-static 192.168.2.0 255.255.255.0 192.168.4.1
    [RouterD] ip route-static 192.168.1.0 255.255.255.0 192.168.5.2
    [RouterD] ip route-static 192.168.1.0 255.255.255.0 192.168.6.2
    [RouterD] ip route-static 192.168.2.0 255.255.255.0 192.168.5.2
    [RouterD] ip route-static 192.168.2.0 255.255.255.0 192.168.6.2
    [RouterD] ip route-static 192.168.3.0 255.255.255.0 192.168.5.2
    [RouterD] ip route-static 192.168.4.0 255.255.255.0 192.168.6.2

  2. Configure traffic classifiers.

    # Configure traffic classifiers vlan10 and vlan20 on RouterA to match packets with source IP addresses 192.168.1.0/24 and 192.168.2.0/24 respectively.

    [RouterA] acl number 2000
    [RouterA-acl-basic-2000] rule 10 permit source 192.168.1.0 0.0.0.255
    [RouterA-acl-basic-2000] quit
    [RouterA] acl number 2001
    [RouterA-acl-basic-2001] rule 20 permit source 192.168.2.0 0.0.0.255
    [RouterA-acl-basic-2001] quit
    [RouterA] traffic classifier vlan10
    [RouterA-classifier-vlan10] if-match acl 2000
    [RouterA-classifier-vlan10] quit
    [RouterA] traffic classifier vlan20
    [RouterA-classifier-vlan20] if-match acl 2001
    [RouterA-classifier-vlan20] quit
    

    # Configure traffic classifiers vlan10 and vlan20 on RouterD to match packets with destination IP addresses 192.168.1.0/24 and 192.168.2.0/24 respectively.

    [RouterD] acl number 3000
    [RouterD-acl-adv-3000] rule 10 permit ip destination 192.168.1.0 0.0.0.255
    [RouterD-acl-adv-3000] quit
    [RouterD] acl number 3001
    [RouterD-acl-adv-3001] rule 20 permit ip destination 192.168.2.0 0.0.0.255
    [RouterD-acl-adv-3001] quit
    [RouterD] traffic classifier vlan10
    [RouterD-classifier-vlan10] if-match acl 3000
    [RouterD-classifier-vlan10] quit
    [RouterD] traffic classifier vlan20
    [RouterD-classifier-vlan20] if-match acl 3001
    [RouterD-classifier-vlan20] quit
    

  3. Configure traffic behaviors.

    # Configure a traffic behavior vlan10 on RouterA to redirect packets to the next-hop address 192.168.3.2/24.

    [RouterA] traffic behavior vlan10
    [RouterA-behavior-vlan10] redirect ip-nexthop 192.168.3.2
    [RouterA-behavior-vlan10] quit
    

    # Configure a traffic behavior vlan20 on RouterA to redirect packets to the next-hop address 192.168.4.2/24.

    [RouterA] traffic behavior vlan20
    [RouterA-behavior-vlan20] redirect ip-nexthop 192.168.4.2
    [RouterA-behavior-vlan20] quit
    

    # Configure a traffic behavior vlan10 on RouterD to redirect packets to the next-hop address 192.168.5.2/24.

    [RouterD] traffic behavior vlan10
    [RouterD-behavior-vlan10] redirect ip-nexthop 192.168.5.2
    [RouterD-behavior-vlan10] quit
    

    # Configure a traffic behavior vlan20 on RouterD to redirect packets to the next-hop address 192.168.6.2/24.

    [RouterD] traffic behavior vlan20
    [RouterD-behavior-vlan20] redirect ip-nexthop 192.168.6.2
    [RouterD-behavior-vlan20] quit
    

  4. Configure traffic policies and apply them to interfaces.

    # Configure traffic policies vlan10 and vlan20 on RouterA and bind the configured traffic classifiers and traffic behaviors to the traffic policies.

    [RouterA] traffic policy vlan10
    [RouterA-trafficpolicy-vlan10] classifier vlan10 behavior vlan10
    [RouterA-trafficpolicy-vlan10] quit
    [RouterA] traffic policy vlan20
    [RouterA-trafficpolicy-vlan20] classifier vlan20 behavior vlan20
    [RouterA-trafficpolicy-vlan20] quit
    

    # Apply the traffic policy vlan10 to incoming packets on GE1/0/0 and the traffic policy vlan20 to incoming packets on GE2/0/0.

    [RouterA] interface gigabitethernet 1/0/0
    [RouterA-GigabitEthernet1/0/0] traffic-policy vlan10 inbound
    [RouterA-GigabitEthernet1/0/0] quit
    [RouterA] interface gigabitethernet 2/0/0
    [RouterA-GigabitEthernet2/0/0] traffic-policy vlan20 inbound
    [RouterA-GigabitEthernet2/0/0] quit
    

    # Configure a traffic policy vlan10 on RouterD and bind the configured traffic classifiers and traffic behaviors to this traffic policy.

    [RouterD] traffic policy vlan10
    [RouterD-trafficpolicy-vlan10] classifier vlan10 behavior vlan10
    [RouterD-trafficpolicy-vlan10] classifier vlan20 behavior vlan20
    [RouterD-trafficpolicy-vlan10] quit
    

    # Apply the traffic policy vlan10 to the inbound direction of GE3/0/0.

    [RouterD] interface gigabitethernet 3/0/0
    [RouterD-GigabitEthernet3/0/0] traffic-policy vlan10 inbound
    [RouterD-GigabitEthernet3/0/0] quit
    

  5. Verify the configuration.

    # Check the traffic policy configuration.

    [RouterA] display traffic policy user-defined
      User Defined Traffic Policy Information:                                      
      Policy: vlan10                                                                
       Classifier: vlan10                                                           
        Operator: OR                                                                
         Behavior: vlan10                                                           
          Redirect:                                                                 
            Redirect ip-nexthop 192.168.3.2                                         
                                                                                    
      Policy: vlan20                                                                
       Classifier: vlan20                                                           
        Operator: OR                                                                
         Behavior: vlan20                                                           
          Redirect:                                                                 
            Redirect ip-nexthop 192.168.4.2                                         
                                                                                    

Configuration Files

  • RouterA configuration file

    #
     sysname RouterA
    #                                                                               
    acl number 2000                                                                                                                     
     rule 10 permit source 192.168.1.0 0.0.0.255                                                                                                
    acl number 2001                                                                                                                     
     rule 20 permit source 192.168.2.0 0.0.0.255  
    #                                                                               
    traffic classifier vlan10 operator or                                           
     if-match acl 2000
    traffic classifier vlan20 operator or                                           
     if-match acl 2001
    #                                                                               
    traffic behavior vlan10                                                         
     redirect ip-nexthop 192.168.3.2                                                
    traffic behavior vlan20                                                         
     redirect ip-nexthop 192.168.4.2                                                
    #                                                                               
    traffic policy vlan10                                                           
     classifier vlan10 behavior vlan10                                              
    traffic policy vlan20                                                           
     classifier vlan20 behavior vlan20                                              
    #                                                                               
    interface GigabitEthernet1/0/0
     ip address 192.168.1.1 255.255.255.0                                           
     traffic-policy vlan10 inbound                                                  
    #                                                                               
    interface GigabitEthernet2/0/0
     ip address 192.168.2.1 255.255.255.0                                           
     traffic-policy vlan20 inbound                                                  
    #
    interface GigabitEthernet3/0/0
     ip address 192.168.3.1 255.255.255.0                                           
    #                                                                               
    interface GigabitEthernet4/0/0
     ip address 192.168.4.1 255.255.255.0                                           
    #
    ip route-static 192.168.5.0 255.255.255.0 192.168.3.2                           
    ip route-static 192.168.6.0 255.255.255.0 192.168.4.2                           
    ip route-static 192.168.7.0 255.255.255.0 192.168.3.2                           
    ip route-static 192.168.7.0 255.255.255.0 192.168.4.2                           
    #                                                                               
    return
  • RouterB configuration file

    #
     sysname RouterB
    #                                                                               
    interface GigabitEthernet1/0/0
     ip address 192.168.3.2 255.255.255.0    
    interface GigabitEthernet2/0/0
     ip address 192.168.5.2 255.255.255.0    
    # 
    ip route-static 192.168.1.0 255.255.255.0 192.168.3.1    
    ip route-static 192.168.2.0 255.255.255.0 192.168.3.1
    ip route-static 192.168.7.0 255.255.255.0 192.168.5.1    
    # 
    return
  • RouterC configuration file

    #
     sysname RouterC
    #                                                                               
    interface GigabitEthernet1/0/0
     ip address 192.168.4.2 255.255.255.0    
    interface GigabitEthernet2/0/0
     ip address 192.168.6.2 255.255.255.0    
    # 
    ip route-static 192.168.1.0 255.255.255.0 192.168.4.1    
    ip route-static 192.168.2.0 255.255.255.0 192.168.4.1
    ip route-static 192.168.7.0 255.255.255.0 192.168.6.1    
    # 
    return
  • RouterD configuration file

    #
     sysname RouterD
    #
    acl number 3000
     rule 10 permit ip destination 192.168.1.0 0.0.0.255
    acl number 3001
     rule 20 permit ip destination 192.168.2.0 0.0.0.255
    #
    traffic classifier vlan10 operator or
     if-match acl 3000
    traffic classifier vlan20 operator or
     if-match acl 3001
    #
    traffic behavior vlan10
     redirect ip-nexthop 192.168.5.2
    traffic behavior vlan20
     redirect ip-nexthop 192.168.6.2
    #
    traffic policy vlan10
     classifier vlan10 behavior vlan10
     classifier vlan20 behavior vlan20
    #                                                                               
    interface GigabitEthernet1/0/0
     ip address 192.168.5.1 255.255.255.0    
    interface GigabitEthernet2/0/0
     ip address 192.168.6.1 255.255.255.0    
    interface GigabitEthernet3/0/0
     ip address 192.168.7.1 255.255.255.0    
     traffic-policy vlan10 inbound
    # 
    ip route-static 192.168.1.0 255.255.255.0 192.168.5.2
    ip route-static 192.168.1.0 255.255.255.0 192.168.6.2
    ip route-static 192.168.2.0 255.255.255.0 192.168.5.2
    ip route-static 192.168.2.0 255.255.255.0 192.168.6.2
    ip route-static 192.168.3.0 255.255.255.0 192.168.5.2                           
    ip route-static 192.168.4.0 255.255.255.0 192.168.6.2                           
    #                                                                               
    return
Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 445600

Downloads: 4299

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next