You can download a new Product Documentation on support.huawei.com
the download link is:
http://support.huawei.com/enterprise/docinforeader.action?contentId=DOC1000057609&idPath=7919710|9856733|7923144|6691579
here is a PBR configuration example in the Documentation
Example for Configuring PBR Based on IP Addresses
Networking Requirements
As shown in Figure 1, the Switch on the aggregation layer serves as the Layer 3 forwarding device, and an LSW on the access layer serves as the user gateway. There is a reachable route between the Switch and LSW. The Switch is connected to two core routers through two links: low-speed link with the gateway 10.1.20.1/24 and high-speed link with the gateway 10.1.30.1/24.
The enterprise requires that the Switch forward packets from 192.168.100.0/24 and 192.168.101.0/24 to the core layer through the high-speed link and low-speed link, respectively.
Figure 1 Networking diagram for configuring PBR
http://localhost:7890/pages/DED1107D/03/DED1107D/03/resources/dc/images/fig_dc_cfg_pbr_004102.png
Configuration Roadmap
Implement PBR based on redirection to provide differentiated services. The configuration roadmap is as follows:
- Create VLANs and configure interfaces to implement interconnection between the company and external networks.
- Configure ACL rules to match packets with source IP addresses 192.168.100.0/24 and 192.168.101.0/24.
- Configure traffic classifiers to match ACL rules so that the switch can differentiate packets.
- Configure traffic behaviors to redirect the packets matching different rules to 10.1.20.1/24 or 10.1.30.1/24.
- Configure traffic policies, bind them to traffic classifiers and traffic behaviors, and apply the traffic policies to the inbound direction of GE0/0/3 to implement PBR.
Procedure
- Create VLANs and configure interfaces.
# Create VLANs 100 and 200 on the Switch.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 200
Configure GE0/0/1, GE0/0/2, and GE0/0/3 on the Switch as trunk interfaces, and add them to VLANs 100 and 200.
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type trunk
[Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet0/0/3] quit
# Create VLANIF 100 and VLANIF 200, and configure IP addresses for them.
[Switch] interface vlanif 100
[Switch-Vlanif100] ip address 10.1.20.2 24
[Switch-Vlanif100] quit
[Switch] interface vlanif 200
[Switch-Vlanif200] ip address 10.1.30.2 24
[Switch-Vlanif200] quit
- Configure ACL rules.
# On the Switch, create advanced ACLs 3001 and 3002 that respectively allow packets with source IP addresses 192.168.100.0/24 and 192.168.101.0/24 to pass through.
[Switch] acl 3001
[Switch-acl-adv-3001] rule permit ip source 192.168.100.0 0.0.0.255
[Switch-acl-adv-3001] quit
[Switch] acl 3002
[Switch-acl-adv-3002] rule permit ip source 192.168.101.0 0.0.0.255
[Switch-acl-adv-3002] quit
- Configure traffic classifiers.
# On the Switch, create traffic classifiers c1 and c2. Bind c1 to ACL 3001 and c2 to ACL 3002.
[Switch] traffic classifier c1 operator or
[Switch-classifier-c1] if-match acl 3001
[Switch-classifier-c1] quit
[Switch] traffic classifier c2 operator or
[Switch-classifier-c2] if-match acl 3002
[Switch-classifier-c2] quit
- Configure traffic behaviors.
# On the Switch, create traffic behaviors b1 and b2, which redirect traffic to 10.1.20.1/24 and 10.1.30.1/24, respectively.
[Switch] traffic behavior b1
[Switch-behavior-b1] redirect ip-nexthop 10.1.20.1
[Switch-behavior-b1] quit
[Switch] traffic behavior b2
[Switch-behavior-b2] redirect ip-nexthop 10.1.30.1
[Switch-behavior-b2] quit
- Configure traffic policies and apply them to the interfaces.
# On the Switch, create traffic policy p1 and bind it to the traffic classifiers and traffic behaviors.
[Switch] traffic policy p1
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] classifier c2 behavior b2
[Switch-trafficpolicy-p1] quit
# Apply p1 to the inbound direction of GE0/0/3.
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] traffic-policy p1 inbound
[Switch-GigabitEthernet0/0/3] return
- Verify the configuration.
# Check the ACL configurations.
<Switch> display acl 3001
Advanced ACL 3001, 1 rule
Acl's step is 5
rule 5 permit ip source 192.168.100.0 0.0.0.255 (match-counter 0)
<Switch> display acl 3002
Advanced ACL 3002, 1 rule
Acl's step is 5
rule 5 permit ip source 192.168.101.0 0.0.0.255 (match-counter 0)
# Check the traffic classifier configurations.
<Switch> display traffic classifier user-defined
User Defined Classifier Information:
Classifier: c2
Operator: OR
Rule(s) :if-match acl 3002
Classifier: c1
Operator: OR
Rule(s) : if-match acl 3001
Total classifier number is 2
# Check the traffic policy configurations.
<Switch> display traffic policy user-defined p1
User Defined Traffic Policy Information:
Policy: p1
Classifier: c1
Operator: OR
Behavior: b1
Redirect: no forced
Redirect ip-nexthop
10.1.20.1
Classifier: c2
Operator: OR
Behavior: b2
Redirect: no forced
Redirect ip-nexthop
10.1.30.1
Configuration Files
-
Configuration file of the Switch
#
sysname Switch
#
vlan batch 100 200
#
acl number 3001
rule 5 permit ip source 192.168.100.0 0.0.0.255
acl number 3002
rule 5 permit ip source 192.168.101.0 0.0.0.255
#
traffic classifier c1 operator or
if-match acl 3001
traffic classifier c2 operator or
if-match acl 3002
#
traffic behavior b1
redirect ip-nexthop 10.1.20.1
traffic behavior b2
redirect ip-nexthop 10.1.30.1
#
traffic policy p1 match-order config
classifier c1 behavior b1
classifier c2 behavior b2
#
interface Vlanif100
ip address 10.1.20.2 255.255.255.0
#
interface Vlanif200
ip address 10.1.30.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100 200
traffic-policy p1 inbound
#
return