Configuring PBR
Context
After a redirection action is configured, a switch redirects packets matching traffic classification rules to a specified next-hop address.
A traffic policy containing the redirection action can only be used globally, on an interface, or in a VLAN in the inbound direction.
Pre-configuration Tasks
Configure IP addresses for interfaces and configure routing protocols to ensure connectivity.
Configure an ACL to classify traffic.
Procedure
Configure a traffic classifier.
For details about configuring a traffic classifier, see Configuring a Traffic Classifier in "MQC Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - QoS.
Configure a traffic behavior.
Run traffic behavior behavior-name
A traffic behavior is created, and the traffic behavior view is displayed, or the view of an existing traffic behavior is displayed.
Run the following commands as required.
Run redirect [ vpn-instance vpn-instance-name ] ip-nexthop { ip-address [ track-nqa admin-name test-name ] } &<1-4> [ forced | low-precedence ] *
The device is configured to redirect packets matching traffic classification rules to the specified next-hop IP address.
If multiple next-hop IP addresses are configured, the device redirects packets in active/standby mode. A maximum of four next-hop IP addresses can be configured in a traffic behavior. The device determines the primary path and backup paths according to the sequence in which next-hop IP addresses were configured. The next-hop IP address that was configured first has the highest priority and this next hop is used as the primary path. Other next hops are used as backup paths. When the primary path becomes Down, the next hop with a higher priority is used as the primary path. If the previous primary path recovers from the fault, traffic is switched back to the previous primary path.
![]()
NOTE: Configuring redirection can implement the PBR function.
If the low-precedence parameter is specified, redirection-based PBR has a lower priority than statically configured routes or routes generated by dynamic routing protocols. If this parameter is not specified, the former has a higher priority than the latter.
Run redirect [ vpn-instance vpn-instance-name ] ipv6-nexthop { ipv6-address | link-local link-local-address interface interface-type interface-number } &<1-4> [ forced ]
The device is configured to redirect IPv6 packets matching traffic classification rules to the configured next-hop address.
Run redirect [ vpn-instance vpn-instance-name ] ip-multihop { nexthop ip-address } &<2-4>
The device is configured to redirect packets matching traffic classification rules to one of the configured multiple next hops.
If multiple next hops are specified, the device redirects packets through equal-cost routes for load balancing.
If the outbound interface corresponding to a next-hop IP address becomes Down or a route changes, the device switches traffic to the outbound interface corresponding to an available next hop.
If the device has no ARP entry matching the specified next-hop IP address, the redirect ip-multihop command can be used but redirection does not take effect. The device still forwards packets to the original destination until the device has the corresponding ARP entry.
Run redirect [ vpn-instance vpn-instance-name ] ipv6-multihop { ipv6-address | link-local link-local-address interface interface-type interface-number } &<2-4>
The device is configured to redirect IPv6 packets matching traffic classification rules to one of the configured multiple next hops.
If multiple next hops are specified, the device redirects packets through equal-cost routes for load balancing.
(Optional) Run statistic enable
The traffic statistics collection function is enabled.
Run quit
Exit from the traffic behavior view.
Run quit
Exit from the system view.
![]()
NOTE: Only the S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2720EI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5720S-SI, S5720SI, S5730SI, S5730S-EI, S6720SI, S6720S-SI, S5720EI, S5720HI, S6720S-EI and S6720EI support the PBR. The S1720GW, S1720GWR, S1720X, S1720GW-E, S1720GWR-E, S1720X-E, S2720EI, S5720LI, S5720S-LI, S6720LI, S6720S-LI, S5720S-SI, S5720SI, S5730SI, S5730S-EI, S6720SI, S6720S-SI do not support the redirect ip-multihop and redirect ipv6-multihop commands.
Configure a traffic policy.
For details about configuring a traffic policy, see Configuring a Traffic Policy in "MQC Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - QoS.
Apply the traffic policy.
- Apply a traffic policy to an interface.
- Apply a traffic policy to a VLAN.
- Apply a traffic policy globally.
Verifying the Configuration
- Run the display traffic classifier user-defined [ classifier-name ] command to check the traffic classifier configuration.
- Run the display traffic behavior user-defined [ behavior-name ] command to check the traffic behavior configuration.
Run the display traffic policy user-defined [ policy-name [ classifier classifier-name ] ] command to check the user-defined traffic policy configuration.
Run the display traffic-applied [ interface [ interface-type interface-number ] | vlan [ vlan-id ] ] { inbound | outbound } [ verbose ] command to check information about ACL-based simplified and MQC-based traffic policies applied to the system, a VLAN, or an interface.
![]()
NOTE: Traffic policies can be applied to a sub-interface, but the display traffic-applied command cannot be used to check information about ACL-based simplified and MQC-based traffic policies applied to the sub-interface.
Run the display traffic policy { interface [ interface-type interface-number [.subinterface-number ] ] | vlan [ vlan-id ] | ssid-profile [ ssid-profile-name ] | global } [ inbound | outbound ] command to check the traffic policy configuration.
![]()
NOTE: Only the S5720EI, S5720HI, S6720EI, and S6720S-EI support sub-interfaces.
Only the S5720HI supports ssid-profile [ ssid-profile-name ].
Run the display traffic-policy applied-record [ policy-name ] command to check the application record of a specified traffic policy.
Previous
