Creating Classifier Groups and Policy Rules ! 33
Chapter 2: Creating Policies
Rules That Provide Routing Solutions
The next interface, next hop, filter, and forward rules provide routing solutions for
traffic matching a classifier. A classifier can have only one action that provides a
routing solution.
If you configure two routing solution rules, such as filter and forward, in the same
classifier group, the router displays a warning message, and the rule configured last
replaces the previous rule.
For IP policy lists, policy rules are available to enable you to make a forwarding
decision that includes the next interface and next hop:
! Forward next interface—Causes an interface to forward all packets that satisfy
the classification associated with that rule to the next interface specified
! Forward next hop—Causes an interface to forward all packets that satisfy the
classification associated with that rule to the next-hop address specified
For example, you can route packets arriving at IP interface ATM 0/0.0 so that they
area handled as indicated:
! Packets from source 1.1.1.1 are forwarded out of interface ATM 0/0.1.
! Packets from source 2.2.2.2 are forwarded out of interface ATM 2/1.1.
! All other packets are dropped.
To configure this routing policy, issue the following commands:
host1(config)#ip classifier-list claclA ip host 1.1.1.1 any
host1(config)#ip classifier-list claclB ip host 2.2.2.2 any
host1(config)#ip policy-list IpPolicy100
host1(config-policy-list)#classifier-group claclA
host1(config-policy-list-classifier-group)#forward interface atm 0/0.1
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#classifier-group claclB
host1(config-policy-list-classifier-group)#forward interface atm 2/1.1
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#classifier-group *
host1(config-policy-list-classifier-group)#filter
host1(config-policy-list-classifier-group)#exit
host1(config)#interface atm 0/0.0
host1(config-subif)#ip policy input IpPolicy100 statistics enabled
Security
You can configure policy management to provide a level of network security by
using policy rules that selectively forward or filter packet flows:
! Forward—Causes the packet flows that satisfy the classification associated with
the rule to be routed by the virtual router
! Filter—Causes the interface to drop all packets of the packet flow that satisfy
the classification associated with the rule
To Next Page
Loading...
Need help?
General
