购买或续订
购买或续订
取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
搜索替代 
您的意思是: 
cancel
开始对话
1091
查看次数
0
有帮助
2
回复

7609这个版本是否支持数据引流到防火墙? 各位兄台需要帮助!

00u1kj6a8ryv9ufie5d7
Level 1
Level 1

发布时间 ‎08-26-2021 06:41 AM

我这里有台设备需要将终端数据引流到三层防火墙,现在7609设备的版本号如下:  

 

请问是否支持下列引流命令

intervlan 200

ip policy route-map tofw

 

 

access-list 1 permit host 192.168.200.99 any  将这台终端的数据流量引到10.2.2.9防火墙。

route-map tofw

match ip address 1

set ip next-hop 10.2.2.9

 

interface fastethernet0/1

ip policy route-map tofw

 

交换机版本号:

 

c7600rsp72043_rp Software (c7600rsp72043_rp-IPSERVICES-M), Version 15.2(2)S2, RELEASE SOFTWARE (fc1)

 

感谢了  兄台!

标签:
0 有帮助
2 条回复2

ilay
VIP
VIP

发布时间 ‎08-26-2021 10:20 PM

7609 ipservice 版本支持route-map,可以实现你的需求

建议写acl的时候将无需进行策略的地址deny一下

例如:

ip access-list extended TEST
 deny   ip host 10.1.159.125 10.0.0.0 0.255.255.255  <-------
 permit ip host 10.1.159.125 any
!
route-map temp-to-hk permit 10
 match ip address TEST
 set ip next-hop 10.2.1.223
!
interface Te7/2
ip policy route-map temp-to-hk
!
0 有帮助

Rps-Cheers
VIP
VIP

‎08-27-2021 03:06 AM - 编辑日期 ‎08-27-2021 03:11 AM

补充一些guidelines and restrictions:

 

  • The Policy Feature Card (PFC) and any Distributed Feature Cards (DFCs) provide hardware support for policy-based routing (PBR) for route-map sequences that use the match ip address, set ip next-hop, and ip default next-hop PBR keywords.

When configuring PBR, follow these guidelines and restrictions:

–The PFC provides hardware support for PBR configured on a tunnel interface.

 The PFC does not provide hardware support for PBR configured with the set ip next-hop keywords if the next hop is a tunnel interface.

If the MSFC address falls within the range of a PBR ACL, traffic addressed to the MSFC is policy routed in hardware instead of being forwarded to the MSFC. To prevent policy routing of traffic addressed to the MSFC, configure PBR ACLs to deny traffic addressed to the MSFC.

 Any options in Cisco IOS ACLs that provide filtering in a PBR route-map that would cause flows to be sent to the MSFC to be switched in software are ignored. For example, logging is not supported in ACEs in Cisco IOS ACLs that provide filtering in PBR route-maps.

 PBR traffic through switching module ports where PBR is configured is routed in software if the switching module resets. (CSCee92191)

 In Cisco IOS Release 15.2(1)S1 and later releases, for efficient use of hardware resources, enter the platform ipv4 pbr optimize tcam command in global configuration mode when configuring multiple PBR sequences (or a single PBR sequence with multiple ACLs) in which more than one PBR ACL contains DENY entries.
Starting from Cisco IOS Release 15.2(4)S4, the same global CLI optimizes the use of masks in the ACL TCAM when PBR is applied on MPLS interfaces and VPN-CAM is enabled.

 PBR is not supported with next-hop as MPLS labeled interface. If MPLS is not label imposing, then PBR works fine on hardware. It is not supported on both hardware and software. PBR does not do label imposition. So you cannot use PBR to forward VPN traffic to a remote PE. This applies to both IP PBR and IPv6 PBR.

 When PBR is configured on an interface where MPLS is enabled, and if that interface receives MPLS packets, PBR will not work on those MPLS packets. This restriction applies to both IPv4 and IPv6 PBR.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 有帮助
快捷链接

浏览社区快速链接并以您的母语获取个性化内容:

发布或浏览文章 分享想法或新闻 观看我们的所有视频
Customers Also Viewed These Support Documents