No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

FAQ-The Traffic Policy Does not Take Effect on an NE20E-X6 V600R008C10SPC300

Publication Date:  2019-04-30  |   Views:  264  |   Downloads:  0  |   Document ID:  EKB1100014023

Contents

Issue Description

The traffic policy for traffic in VPN instances does not take effect on an NE20E-X6V600R008C10SPC300.
Key configuration:
#
interface Vlanif100
 ip binding vpn-instance spi
 ip address 10.218.207.214 255.255.255.248
#
acl number 3123
 rule 1 permit ip vpn-instance spi source 10.218.207.210 0
#
traffic classifier a
 if-match acl 3123
#

traffic behavior a
 deny
#
traffic policy a
 classifier a behavior a
#
interface GigabitEthernet3/0/4
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 100 1000
 traffic-policy a inbound
#

Solution

Root Causes:

Data packets do not have the VPN attribute when a traffic policy is applied to a physical interface in the inbound direction.

Solution:

#
acl number 3123
 rule 1 permit ip source 10.218.207.210 0 //Remove the VPN attribute from the rule entry.
#
interface GigabitEthernet3/0/4
 portswitch
 undo shutdown
 port link-type trunk
 port trunk allow-pass vlan 100 1000
 traffic-policy a inbound vlan 100  //Reference a traffic policy and add it to a VLAN.
#