MER Routers

Policy-Based Routing Configuration Examples (Web)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Contents

Introduction· 3

Prerequisites· 3

Example: Configuring PBR·· 3

Network configuration· 3

Software versions used· 4

Procedure· 4

Logging in to the Web management interface· 4

Configuring network access settings· 4

Configuring PBR policy settings· 7

Verifying the configuration· 9

 

Introduction

The following information provides examples for configuring policy-based routing (PBR) through the Web interface.

PBR uses user-defined policies to route packets. A policy can specify parameters for packets that match specific criteria such as source address, destination address, IP precedence, and protocol type.

Prerequisites

Procedures and information in the examples might be slightly different depending on the software or hardware version of the products.

The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

The following information is provided based on the assumption that you have basic knowledge of PBR.

Example: Configuring PBR

Network configuration

As shown in Figure 1, Router serves as the enterprise's egress gateway and connects to the Internet through interfaces WAN1 and WAN2 whose connection mode is fixed address. The IP address of WAN1 is 20.1.1.1/24, and its gateway address is 20.1.1.254. The IP address of WAN2 is 20.1.2.1/24, and its gateway address is 20.1.2.254. Department 1 of the enterprise use IP addresses in the range of 192.168.1.10 to 192.168.1.30. Department 2 of the enterprise use IP addresses in the range of 192.168.1.50 to 192.168.1.70.

To separate service traffic during work hours (8:30 to 18:00 PM on Monday to Friday), configure the router to meet the following requirements:

·     Forwards network access traffic from department 1 through interface WAN1.

·     Forwards network access traffic from department 2 through interface WAN2.

Figure 1 Network diagram

 

Software versions used

This example is applicable to MER series routers of the H3C Comware 7 platform. This document takes version R6749P14 of the H3C MER8300 product as an example. The specific operations might differ by product model and software version.

Procedure

Logging in to the Web management interface

Connect the device and PCs as shown in Figure 1. After connection, enter https://192.168.1.1 in the browser address bar to enter the device Web login page. Enter the username and password (both are admin by default) to log in to the device Web management interface, as shown in Figure 2.

Figure 2 Web management interface

 

Configuring network access settings

In this example, specify the WAN access scenario for the router as multi-WAN scenario, select line 1 and line 2 for WAN outgoing interfaces, and specify the connection mode of the WAN interfaces as fixed IP. Configure network access settings as follows.

Configure network access settings for department 1

1.     Navigate to the Network > WAN Settings page.

2.     Click the Scene tab, select Multi-WAN scenario.

3.     Select WAN1 for Line1. Select WAN2 for Line2.

4.     Click Apply.

Figure 3 Configuring the WAN access scenario

 

5.     Click the WAN Settings tab to enter the WAN configuration page.

6.     Click the Edit icon in the Actions column for WAN1 to enter the Modify WAN configuration page.

7.     Select Fixed IP for Connection mode.

8.     Enter 20.1.1.1 for IP address.

9.     Enter 255.255.255.0 for Subnet mask.

10.     Enter 20.1.1.254 for Gateway. Use default settings for other parameters.

11.     Click Apply.

Figure 4 Configuring parameters for interface WAN1

 

Configure network access settings for department 2

1.     Click the Edit icon in the Actions column for WAN2 to enter the Modify WAN configuration page.

2.     Select Fixed IP for Connection mode.

3.     Enter 20.1.2.1 for IP address.

4.     Enter 255.255.255.0 for Subnet mask.

5.     Enter 20.1.2.254 for Gateway. Use default settings for other parameters.

6.     Click Apply.

Figure 5 Configuring parameters for interface WAN2

 

Configuring PBR policy settings

Configuring PBR policy settings for department 1

1.     Navigate to the Advanced Settings > Policy-Based Routing page.

2.     Click Add.

3.     In the Match rule area, configure the matching criteria as needed:

¡     Select IP for Protocol type.

¡     Enter 192.168.1.10-192.168.1.30 for Source address range.

¡     Enter 0.0.0.0-255.255.255.255 (all addresses) for Destination address range.

¡     Specify 08:00 to 18:00 from Monday to Friday for Valid period.

4.     Select WAN1 for Output interface, and enter gateway address 20.1.1.254 of interface WAN1 for Next hop.

5.     Enter a description to facilitate usage.

6.     Click Apply to return to the PBR policy configuration page.

Figure 6 Configuring PBR policy settings for department 1

 

Configuring PBR policy settings for department 2

1.     Click Add.

2.     In the Match rule area, configure the configure rule settings as follows:

¡     Select IP for Protocol type.

¡     Enter 192.168.1.50-192.168.1.70 for Source address range.

¡     Enter 0.0.0.0-255.255.255.255 (all addresses) for Destination address range.

¡     Specify 08:00 to 18:00 from Monday to Friday for Valid period.

3.     Select WAN2 for Output interface, and enter gateway address 20.1.2.254 of interface WAN2 for Next hop.

4.     Enter a description to facilitate usage.

5.     Click Apply.

Figure 7 Configuring PBR policy settings for department 2

 

Verifying the configuration

1.     Log in to the Web interface on the PC of department 1, perform a tracert to target IP address 200.1.1.1, and view the routing path. (Details not shown.)

2.     Log in to the Web interface on the PC of department 2, perform a tracert to target IP address 200.1.1.1, and view the routing path. (Details not shown.)

The routing paths show that department 1 accesses the Internet through the gateway of interface WAN1, and department 2 accesses the Internet through the gateway of interface WAN2. The PBR policy is configured successfully.