This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Enterprise
Community Forums Switches
S9700 switch traffic poli...

S9700 switch traffic policy redirect action does not work

Latest reply: May 8, 2019 21:35:05 646 3 1 0
display all floors #1

1 Issue Description: S9700 switch traffic policy redirect action does not work.

(1)In order to statistic the traffic from the access network, configured the traffic policy “wifi-combined” on the inside logic eth-trunk.
A. The configuration to statistic the traffic from the access network:
#
acl number 3001                                                                
 rule 10 permit ip source 192.168.1.0 0.0.0.255
 rule 15 permit ip source 192.200.2.0 0.0.0.255
 ……                                                                     
#                       
traffic classifier port operator or precedence 50                              
 if-match acl 3001        
#  
traffic behavior port                                                          
 permit                                                                        
 statistic enable     
#                                                                                                                                 
traffic policy wifi-combined match-order auto                               
 classifier port behavior port
#      

B. Configure the traffic policy on every inside logic eth-trunk
#
interface Eth-Trunk104
 port link-type trunk
 port trunk allow-pass vlan 892
 traffic-policy wifi-combined inbound
#

(2)Configurethe redirect traffic policy on the vlan
A. Configure the redirection traffic policy:
#
acl name match-guest-traffic 3901 
 rule 10 permit ip source 192.168.1.0 0.0.0.255
#
traffic classifier match-pfsense-traffic operator or
 if-match acl match-guest-traffic
#
traffic behavior punt-pfsense-traffic
 redirect ip-nexthop 100.0.0.1
 statistic enable
#
traffic policy punt-pfsense-traffic
 classifier match-pfsense-traffic behavior punt-pfsense-traffic
#

B. Configure the traffic policy on the access VLAN:
#
vlan 892
 traffic-policy punt-pfsense-traffic inbound
#

(3)Since the priority on the port is higher than on the VLAN and configured the conflicted action on the port and on the VLAN, the action on the VLAN will not take effect.

(4)Delete the policy on the vlan. Add new configuration classifier and behavior pair in traffic policy “wifi-combined” and the new pair priority must be higher than the original. It works normally.

#
acl number 3001                                                                
 rule 10 permit ip source 192.168.1.0 0.0.0.255
 rule 15 permit ip source 192.200.2.0 0.0.0.255
 ……                                                                            
#
acl match-guest-traffic 3901 
 rule 10 permit ip source 192.168.1.0 0.0.0.255
#
traffic classifier port operator or precedence 50
 if-match acl 3001
#
traffic classifier redirect operator or precedence 20           // let Redirect classifier priority higher than other classifier priority (the smaller the value , the higher the classifier priority)
 if-match acl match-guest-traffic
#
traffic behavior port
 permit
 statistic enable
#
traffic behavior punt-pfsense-traffic
 permit
 redirect ip-nexthop 100.0.0.1
 statistic enable
#
traffic policy wifi-combined match-order auto
 classifier redirect behavior punt-pfsense-traffic  // add new classifier and behavior pair
 classifier port behavior port        // Original access control     
#

 

2 Root Cause:
Since the traffic behavior permit on the traffic policy “wifi-combined” conflicted with the traffic behavior redirect on the traffic policy “punt-pfsense-traffic”, and the priority on the port is higher than on the VLAN, the redirection action on the VLAN will not take effect.

 

3 Solution:
Add new configuration classifier and behavior pair in traffic policy “wifi-combined” and the new pair priority must be higher than the original.

  • x
  • convention:

Helpful (1) Favorite(0) Share Report
StarOfWest
Created May 21, 2018 08:12:54 Helpful(0) Helpful(0)

good one S9700 switch traffic policy redirect action does not work-2668785-1S9700 switch traffic policy redirect action does not work-2668785-2S9700 switch traffic policy redirect action does not work-2668785-3
  • x
  • convention:
“We only get answers to the questions that we ask.” physicist Werner Heisenberg
SupperRobin
Created May 26, 2018 03:04:37 Helpful(0) Helpful(0)

Thanks for the help!S9700 switch traffic policy redirect action does not work-2672297-1
  • x
  • convention:
user_3398187
Created May 8, 2019 21:35:05 Helpful(0) Helpful(0)

s6vi8shs8s
  • x
  • convention:
Back to list

Comment

Reply
Advanced
B Color Image Link Quote Code Smilies
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy Terms of Use
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

APP