This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Enterprise
Community Forums Switches
S5700-EI PBR Support

S5700-EI PBR Support

Latest reply: Aug 12, 2015 06:28:40 1761 1 0 0
display all floors #1

Hi,

We are planning to configure PBR (policy based routing) on 2x S5700-28C-PWR-EI switches (interconnected with Ethernet Stack Interface Card) to redirect the traffic on 2 different peers based on VLAN/ IP range but could not get through as the documentation doesn't specify detailed configuration for PBR.

Can you please share the detailed guide for PBR configuration on S5700-EI models and confirm if it is supported?

Regards,
Vikas Shukla
+91-9999853600

  • x
  • convention:

Helpful (0) Favorite(0) Share Report
Busy_with_lazy_mind
Created Aug 12, 2015 06:28:40 Helpful(0) Helpful(0)

You can download a new Product Documentation on  support.huawei.com

the download link is:

 http://support.huawei.com/enterprise/docinforeader.action?contentId=DOC1000057609&idPath=7919710|9856733|7923144|6691579

here is a  PBR configuration example in the Documentation

 

Example for Configuring PBR Based on IP Addresses

Networking Requirements

As shown in Figure 1, the Switch on the aggregation layer serves as the Layer 3 forwarding device, and an LSW on the access layer serves as the user gateway. There is a reachable route between the Switch and LSW. The Switch is connected to two core routers through two links: low-speed link with the gateway 10.1.20.1/24 and high-speed link with the gateway 10.1.30.1/24.

The enterprise requires that the Switch forward packets from 192.168.100.0/24 and 192.168.101.0/24 to the core layer through the high-speed link and low-speed link, respectively.

Figure 1 Networking diagram for configuring PBR
http://localhost:7890/pages/DED1107D/03/DED1107D/03/resources/dc/images/fig_dc_cfg_pbr_004102.png

Configuration Roadmap

Implement PBR based on redirection to provide differentiated services. The configuration roadmap is as follows:
  1. Create VLANs and configure interfaces to implement interconnection between the company and external networks.
  2. Configure ACL rules to match packets with source IP addresses 192.168.100.0/24 and 192.168.101.0/24.
  3. Configure traffic classifiers to match ACL rules so that the switch can differentiate packets.
  4. Configure traffic behaviors to redirect the packets matching different rules to 10.1.20.1/24 or 10.1.30.1/24.
  5. Configure traffic policies, bind them to traffic classifiers and traffic behaviors, and apply the traffic policies to the inbound direction of GE0/0/3 to implement PBR.

Procedure

  1. Create VLANs and configure interfaces.

    # Create VLANs 100 and 200 on the Switch.

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 200

    Configure GE0/0/1, GE0/0/2, and GE0/0/3 on the Switch as trunk interfaces, and add them to VLANs 100 and 200.

    [Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type trunk
[Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet0/0/3] quit

    # Create VLANIF 100 and VLANIF 200, and configure IP addresses for them.

    [Switch] interface vlanif 100
[Switch-Vlanif100] ip address 10.1.20.2 24
[Switch-Vlanif100] quit
[Switch] interface vlanif 200
[Switch-Vlanif200] ip address 10.1.30.2 24
[Switch-Vlanif200] quit

  2. Configure ACL rules.

    # On the Switch, create advanced ACLs 3001 and 3002 that respectively allow packets with source IP addresses 192.168.100.0/24 and 192.168.101.0/24 to pass through.

    [Switch] acl 3001
[Switch-acl-adv-3001] rule permit ip source 192.168.100.0 0.0.0.255
[Switch-acl-adv-3001] quit
[Switch] acl 3002
[Switch-acl-adv-3002] rule permit ip source 192.168.101.0 0.0.0.255
[Switch-acl-adv-3002] quit

  3. Configure traffic classifiers.

    # On the Switch, create traffic classifiers c1 and c2. Bind c1 to ACL 3001 and c2 to ACL 3002.

    [Switch] traffic classifier c1 operator or
[Switch-classifier-c1] if-match acl 3001
[Switch-classifier-c1] quit
[Switch] traffic classifier c2 operator or
[Switch-classifier-c2] if-match acl 3002
[Switch-classifier-c2] quit

  4. Configure traffic behaviors.

    # On the Switch, create traffic behaviors b1 and b2, which redirect traffic to 10.1.20.1/24 and 10.1.30.1/24, respectively.

    [Switch] traffic behavior b1
[Switch-behavior-b1] redirect ip-nexthop 10.1.20.1
[Switch-behavior-b1] quit
[Switch] traffic behavior b2
[Switch-behavior-b2] redirect ip-nexthop 10.1.30.1
[Switch-behavior-b2] quit

  5. Configure traffic policies and apply them to the interfaces.

    # On the Switch, create traffic policy p1 and bind it to the traffic classifiers and traffic behaviors.

    [Switch] traffic policy p1
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] classifier c2 behavior b2
[Switch-trafficpolicy-p1] quit

    # Apply p1 to the inbound direction of GE0/0/3.

    [Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] traffic-policy p1 inbound
[Switch-GigabitEthernet0/0/3] return

  6. Verify the configuration.

    # Check the ACL configurations.

    <Switch> display acl 3001
Advanced ACL 3001, 1 rule
Acl's step is 5
 rule 5 permit ip source 192.168.100.0 0.0.0.255 (match-counter 0)
    <Switch> display acl 3002
Advanced ACL 3002, 1 rule
Acl's step is 5
 rule 5 permit ip source 192.168.101.0 0.0.0.255 (match-counter 0)

    # Check the traffic classifier configurations.

    <Switch> display traffic classifier user-defined
  User Defined Classifier Information:
    Classifier: c2
     Operator: OR
     Rule(s) :if-match acl 3002
        
    Classifier: c1
      Operator: OR
      Rule(s) : if-match acl 3001

Total classifier number is 2

    # Check the traffic policy configurations.

    <Switch> display traffic policy user-defined p1
  User Defined Traffic Policy Information:
  Policy: p1
   Classifier: c1
    Operator: OR
     Behavior: b1
      Redirect: no forced
        Redirect ip-nexthop
        10.1.20.1
   Classifier: c2
    Operator: OR
     Behavior: b2
      Redirect: no forced
        Redirect ip-nexthop
        10.1.30.1

Configuration Files

  • Configuration file of the Switch

    #
sysname Switch
#
vlan batch 100 200 
#
acl number 3001
 rule 5 permit ip source 192.168.100.0 0.0.0.255
acl number 3002
 rule 5 permit ip source 192.168.101.0 0.0.0.255
#
traffic classifier c1 operator or
 if-match acl 3001
traffic classifier c2 operator or
 if-match acl 3002
#
traffic behavior b1
 redirect ip-nexthop 10.1.20.1
traffic behavior b2
 redirect ip-nexthop 10.1.30.1
#
traffic policy p1 match-order config
 classifier c1 behavior b1
 classifier c2 behavior b2
#
interface Vlanif100
 ip address 10.1.20.2 255.255.255.0
#
interface Vlanif200
 ip address 10.1.30.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 100 200
 traffic-policy p1 inbound
#
return
  • x
  • convention:
Back to list

Comment

Reply
Advanced
B Color Image Link Quote Code Smilies
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy Terms of Use
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

APP