Comware 7 Policy Based Routing - PBR

How to configure policy based routing (PBR) on an HP Comware 7 Switch

The setup is identical to my Provision guide see the picture below.

The router in the picture above (.254) has a default gateway of 2.2.2.1. However, I want traffic sourced from the 192.168.10.0 to.

1. Only use the switches default gateway for any traffic to 10.0.0.0/8

2. Use 1.1.1.1 (the firewall) for any traffic to the internet.

Configuration Steps

Create a PBR Node called CUSTOMER01-PBR, and match it on ACL 3001 - note the 'deny' statement.

policy-based-route CUSTOMER01-PBR deny node 10

 if-match acl 3001

quit

Create a PBR Node called CUSTOMER01-PBR, and match it on ACL 3002 - note the 'permit' statement, and the new next hop

policy-based-route CUSTOMER01-PBR permit node 11

 if-match acl 3002

 apply next-hop 1.1.1.1

 quit

Now create the ACL's - this first ACL matches on any internal traffic to 10.0.0.0/8 or 192.168.0.0/16

acl number 3001 name CUSTOMER01-PBR-INTERNAL-TRAFFIC

 rule permit ip source 192.168.10.0 0.0.0.255 destination 10.0.0.0 0.255.255.255

 rule permit ip source 192.168.10.0 0.0.0.255 destination 192.168.0.0 0.0.255.255

All other networks (including 172.16.0.0/12 - so make sure you don't need that network internally!)

acl number 3002 name CUSTOMER01-PBR-EXTERNAL-TRAFFIC

 rule permit ip destination 0.0.0.0 255.255.255.255

And here's where the magic happens, apply the PBR to the VLAN interface.

interface vlan 10

ip policy-based-route CUSTOMER01-PBR

Note you can also apply this to an actual switchport interface if you prefer.

interface Gi1/0/10

ip policy-based-route CUSTOMER01-PBR