Traffic from the Source IP = 211.10.15.0/24, 211.10.16.0/24 network
blocks should be redirected into two routers: 192.168.2.2 and 192.168.2.3. The 192.168.2.2
router is preferred to 192.168.2.3. If router 192.168.2.2 is not reachable, 192.168.2.3
should be used. If both routers are not reachable, the default route is used.
-
Create a flow-redirect to keep next-hop IP address and
health check information.
create flow-redirect
premium_subscriber
config flow-redirect premium_subscriber
add next-hop 192.168.2.2 priority 200
config flow-redirect premium_subscriber
add next-hop 192.168.2.3 priority 100
-
Add an ACL entry with a flow-redirect name action to the
existing ACL policy
For example:
premium_user.pol:
entry premium_15 {
if match {
source-address 211.10.15.0/24;
} then {
permit;
redirect-name premium_subscriber;
}
}
entry premium_16 {
if match {
source-address 211.10.16.0/24;
} then {
permit;
redirect-name premium_subscriber;
}
}
-
Apply the modified ACL policy file or dynamic ACL into a
port, VLAN, or VLAN and Port.
For example: user1 VLAN: 192.168.1.0/30,
user2 VLAN:
192.168.1.4/30.
config access-list premium_user vlan user1 ingress
config access-list premium_user vlan user2 ingress
-
Finally, check the current flow-redirect status.
BD-8810.47 # show flow-redirect "premium_subscriber"
Name : premium_subscriber VR Name : VR-Default
NO-ACTIVE NH : FORWARD HC TYPE : PING
NH COUNT : 2 ACTIVE IP : 192.168.2.3
Index STATE Pri IP ADDRESS STATUS INTERVAL MISS
===========================================================================
0 ENABLED 200 192.168.2.2 DOWN 2 2
1 ENABLED 100 192.168.2.3 UP 2 2
BD-8810.48 # show flow-redirect
Flow-Redirect Name NH_CNT ACTIVE IP VR Name D/F HC
=======================================================================
premium_subscriber 2 192.168.2.3 VR-Default F PING