No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Implementing Policy-Based Routing for Different Subnets by USG2200

Publication Date:  2012-07-17 Views:  108 Downloads:  0

Issue Description

Policy-based routing is a common way to control routing; however, implementing policy-based routing for different subnets requires extra techniques.

Alarm Information


Handling Process

Configure the USG2200 as follows:
                                Step 1     Set the IP addresses of the interfaces, define routing polices, and add routes to the routing table.
interface GigabitEthernet0/0/0
ip address
interface GigabitEthernet0/0/1
ip address
interface GigabitEthernet0/0/2
ip address 
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/1
add interface GigabitEthernet0/0/2  
policy interzone trust untrust outbound
policy 0
action permit
policy source
policy source
ip route-static
ip route-static
                                Step 2     Configure policy-based routing.
acl number 3001
rule 0 permit ip source
acl number 3002
rule 0 permit ip source
traffic classifier class2
if-match acl 3002
traffic classifier class1
if-match acl 3001
traffic behavior behavior1
remark ip-nexthop output-interface GigabitEthernet0/0/1
traffic behavior behavior2
remark ip-nexthop output-interface GigabitEthernet0/0/2
qos policy huawei
classifier class1 behavior behavior1
classifier class2 behavior behavior2
                                Step 3     Apply the QoS policy on the Trust zone.
firewall zone trust
qos apply policy mypolicy outbound

Root Cause

Networking in lab environment:
As shown in the following figure, traffic from private network to network is forwarded to interface on a USG2200 router, traffic from private network to network is forwarded to interface on another USG2200 router, and the two links back up for each other.


The configuration is made on WAN links. A good practice is to issue the following commands to detect link failure.
ip-link check enable
ip-link 1 destination mode icmp
ip-link 2 destination mode icmp