Re: Policy route question on e5400 K.15.03.0007 (446 Views)
Reply
Occasional Collector
jf500
Posts: 1
Registered: ‎09-28-2011
Message 1 of 4 (476 Views)

Policy route question on e5400 K.15.03.0007

Thanks in advance for any and all input.

 

I am the IT manager for a school district.  I am also the WAN Manager for our Municipal fiber optic WAN for the entire city.  3 of our school buildings have police substations with a computer in each building that is part of each schools network.  We use ACLs to deny all traffic with the exception of these police PCs to the police station so that the officers can access servers housed in the police station.  They get Internet access through the school department ISP.

 

They now need to access a state web servers to run criminal history information.  These webservers are not accessible by just anyone.  By accessible, I mean that anyone attempting to access them will get a 'page cannot be displayed' error if their public IP not on the state's allowed list.

 

So...  What I hoped to be able to do is create a route policy based upon both Host IP AND destination network and route just the matched traffic to the state's router at the police department.  I want all typical Internet traffic to go through our ISP.

 

The source part is easy, I can't find anything that allows destination matching.  Is there a way to do this?

Honored Contributor
cenk sasmaztin
Posts: 1,435
Registered: ‎04-02-2008
Message 2 of 4 (453 Views)

Re: Policy route question on e5400 K.15.03.0007

hi

 you need policy base routing

but 5400 series switches do not support policy base routing

 

please look at new 3800 series switch 

cenk

Trusted Contributor
Antonio Milanese
Posts: 104
Registered: ‎06-23-2006
Message 3 of 4 (448 Views)

Re: Policy route question on e5400 K.15.03.0007

Hello,

 

a good news for all of us..PBR has been implemented in K.15.06 as an extensiont to traffic policies using an expanded "match / class action" (not to be confused with route maps "match/set").

 

Regards,

 

Antonio

 




Honored Contributor
cenk sasmaztin
Posts: 1,435
Registered: ‎04-02-2008
Message 4 of 4 (446 Views)

Re: Policy route question on e5400 K.15.03.0007

woooww very good this switch is looks great new software

 

6in4 Tunneling

Enhancement (PR_0000072668) - IPv6 over IPv4 tunneling is a way to establish point-to-point tunnels by

encapsulating IPv6 packets within IPv4 headers so that they can be carried over the IPv4 routing infrastructure. IPv6

over IPv4 tunneling provides a mechanism for utilizing the existing IPv4 routing infrastructure to carry IPv6 traffic

between IPv6 networks. For information on configuring tunnels, see the “IPv6 Tunneling Over IPv4 Using Manually

Configured Tunnels” chapter in the

IPv6 Configuration Guide.

OSPFv3 over 6in4 Tunnels

Enhancement (PR_0000072702) - Both VLANS and tunnels can be assigned to areas and may be collectively

referred to as an IP routing interface. For information on configuring tunnels, see the “IPv6 Tunneling Over IPv4 Using

Manually Configured Tunnels” chapter in the

IPv6 Configuration Guide.

98

Enhancements

Version K.15.06.0006 Enhancements

Policy Based Routing (PBR)

Enhancement (PR_0000072658) - PBR provides the ability to manipulate a packet’s path based on attributes of

the packet. Traffic with the same destination can be routed over different paths, so that different types of traffic, such

as VOIP or traffic with special security requirements, can be better managed. For more information, see the "Classifier-

Based Software Configuration" chapter in the

Advanced Traffic Management Guide for your switch.

BGPv4

Enhancement (PR_0000073705) - Border Gateway Protocol (BGP) support has been added. For more information,

see the “BGP (Border Gateway Protocol)” chapter in the

Multicast and Routing Guide for your switch.

cenk

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.