Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 2513
    Add page 1061 to Favourites
    image text
    Enable zoom 
    							 372 
# Configure IP prefix list prefix-a to permit route 172.17.1.0/24. 
[SwitchB] ip ip-prefix prefix-a index 10 permit 172.17.1.0 24 
5. Configure a routing policy: 
[SwitchB] route-policy isis2ospf permit node 10 
[SwitchB-route-policy] if-match ip-prefix prefix-a 
[SwitchB-route-policy] apply cost 100 
[SwitchB-route-policy] quit 
[SwitchB] route-policy isis2ospf permit node 20 
[SwitchB-route-policy] if-match acl 2002 
[SwitchB-route-policy] apply tag 20 
[SwitchB-route-policy] quit 
[SwitchB] route-policy isis2ospf permit node 30 
[SwitchB-route-policy] quit 
6. Apply the routing policy to route redistribution: 
# On Switch B, apply the routing po licy when redistributing routes. 
[SwitchB] ospf  
[SwitchB-ospf-1] import-route isis 1 route-policy isis2ospf 
[SwitchB-ospf-1] quit 
# Display the OSPF routing table on Switch A.  The cost of route 172.17.1.0/24 is 100, the tag 
of route 172.17.1.0/24 is 20. 
[SwitchA] display ospf routing 
 
          OSPF Process 1 with Router ID 192.168.1.1 
                   Routing Tables 
 
 Routing for Network 
 Destination        Cost     Type    NextHop         AdvRouter     Area \
 192.168.1.0/24       1     Transit    192.168.1.1     192.168.1.1   0.0\
.0.0 
 
 Routing for ASEs 
 Destination        Cost     Type    Tag         NextHop       AdvRouter\
 
 172.17.1.0/24      100      Type2   1           192.168.1.2   192.168.2\
.2 
 172.17.2.0/24      1        Type2   20          192.168.1.2   192.168.2\
.2 
 172.17.3.0/24      1        Type2   1           192.168.1.2   192.168.2\
.2 
 192.168.2.0/24     1        Type2   1           192.168.1.2   192.168.2\
.2 
 
 Total Nets: 5 
 Intra Area: 1  Inter Area: 0  ASE: 4  NSSA: 0 
Applying a routing policy to IPv6 route redistribution 
Network requirements 
As shown in  Figure 120: 
•   Ena
ble RIPng on Switch A and Switch B.  
•   On Switch A, configure three static routes, and appl y a routing policy to static route redistribution 
to permit routes 20::0/32 and 40::0/32, and deny route 30::0/32. 
•   Display RIPng routing table information on Switch B to verify the configuration.
    Add page 1062 to Favourites
    image text
    Enable zoom 
    							 373 
Figure 120 Network diagram 
 
 
Configuration procedure 
1. Configure Switch A: 
# Configure IPv6 addresses for VLAN-int erface 100 and VLAN-interface 200. 
 system-view 
[SwitchA] ipv6 
[SwitchA] interface vlan-interface 100 
[SwitchA-Vlan-interface100] ipv6 address 10::1 32 
[SwitchA-Vlan-interface100] quit 
[SwitchA] interface vlan-interface 200 
[SwitchA-Vlan-interface200] ipv6 address 11::1 32 
[SwitchA-Vlan-interface200] quit 
# Enable RIPng on VLAN-interface 100. 
[SwitchA] interface vlan-interface 100 
[SwitchA-Vlan-interface100] ripng 1 enable 
[SwitchA-Vlan-interface100] quit 
# Configure three static routes—with next hop  11::2—and make sure that they are active. 
[SwitchA] ipv6 route-static 20:: 32 11::2 
[SwitchA] ipv6 route-static 30:: 32 11::2 
[SwitchA] ipv6 route-static 40:: 32 11::2 
# Configure a routing policy. 
[SwitchA] ip ipv6-prefix a index 10 permit 30:: 32 
[SwitchA] route-policy static2ripng deny node 0 
[SwitchA-route-policy] if-match ipv6 address prefix-list a 
[SwitchA-route-policy] quit 
[SwitchA] route-policy static2ripng permit node 10 
[SwitchA-route-policy] quit 
# Enable RIPng and apply the routing policy to static route redistribution. 
[SwitchA] ripng 
[SwitchA-ripng-1] import-route static route-policy static2ripng 
2. Configure Switch B: 
# Configure the IPv6 address for VLAN-interface 100. 
[SwitchB] ipv6 
[SwitchB] interface vlan-interface 100 
[SwitchB-Vlan-interface100] ipv6 address 10::2 32 
# Enable RIPng on VLAN-interface 100. 
[SwitchB-Vlan-interface100] ripng 1 enable 
[SwitchB-Vlan-interface100] quit
    Add page 1063 to Favourites
    image text
    Enable zoom 
    							 374 
# Enable RIPng. 
[SwitchB] ripng 
# Display RIPng routing table information. 
[SwitchB-ripng-1] display ripng 1 route 
   Route Flags: A - Aging, S - Suppressed, G - Garbage-collect 
 ---------------------------------------------------------------- 
 
 Peer FE80::7D58:0:CA03:1  on Vlan-interface 100 
 Dest 10::/32, 
     via FE80::7D58:0:CA03:1, cost  1, tag 0, A, 18 Sec 
 Dest 20::/32, 
     via FE80::7D58:0:CA03:1, cost  1, tag 0, A, 8 Sec 
 Dest 40::/32, 
     via FE80::7D58:0:CA03:1, cost  1, tag 0, A, 3 Sec   
Applying a routing policy to filter received BGP routes 
Network requirements 
As shown in Figure 121, all the switches run BGP. Switch C establishes eBGP connections with other 
switches. 
Configure a routing policy on Switch D to reject routes from AS 200. 
Figure 121  Network diagram 
 
 
Configuration procedure 
1. Configure IP addresses for the in terfaces. (Details not shown.) 
2. Configure BGP: 
# Configure Switch A. 
 system-view 
[SwitchA] bgp 100 
[SwitchA-bgp] router-id 1.1.1.1 
[SwitchA-bgp] peer 1.1.1.2 as-number 300
    Add page 1064 to Favourites
    image text
    Enable zoom 
    							 375 
# Configure Switch B. 
 system-view 
[SwitchB] bgp 200 
[SwitchB-bgp] router-id 2.2.2.2 
[SwitchB-bgp] peer 1.1.2.2 as-number 300 
# Configure Switch C. 
 system-view 
[SwitchC] bgp 300 
[SwitchC-bgp] router-id 3.3.3.3 
[SwitchC-bgp] peer 1.1.1.1 as-number 100 
[SwitchC-bgp] peer 1.1.2.1 as-number 200 
[SwitchC-bgp] peer 1.1.3.2 as-number 400 
# Configure Switch D. 
 system-view 
[SwitchD] bgp 400 
[SwitchD-bgp] router-id 4.4.4.4 
[SwitchD-bgp] peer 1.1.3.1 as-number 300 
[SwitchD-bgp] quit 
# On Switch A, inject routes 4.4.4.4/24, 5.5.5.5/24, and 6.6.6.6/24 to BGP.  
[SwitchA-bgp] network 4.4.4.4 24 
[SwitchA-bgp] network 5.5.5.5 24 
[SwitchA-bgp] network 6.6.6.6 24 
# On Switch B, inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 to BGP.  
[SwitchB-bgp] network 7.7.7.7 24 
[SwitchB-bgp] network 8.8.8.8 24 
[SwitchB-bgp] network 9.9.9.9 24 
# Display the BGP routing table information of Switch D. 
[SwitchD-bgp] display bgp routing-table 
 
 Total Number of Routes: 6 
 
 BGP Local router ID is 4.4.4.4 
 Status codes: * - valid, > - best, d - damped, 
               h - history,  i - internal, s - suppressed, S - Stale 
               Origin : i - IGP, e - EGP, ? - incomplete 
     Network            NextHop         MED        LocPrf     PrefVal Pa\
th/Ogn 
 
 *>  4.4.4.0/24         1.1.3.1                               0       30\
0 100i 
 *>  5.5.5.0/24         1.1.3.1                               0       30\
0 100i 
 *>  6.6.6.0/24         1.1.3.1                               0       30\
0 100i 
 *>  7.7.7.0/24         1.1.3.1                               0       30\
0 200i 
 *>  8.8.8.0/24         1.1.3.1                               0       30\
0 200i 
 *>  9.9.9.0/24         1.1.3.1                               0       30\
0 200i 
The output shows that Switch D has learned routes 4.4.4.0/24, 5.5. 5.0/24, and 6.6.6.0/24 
from AS 100 and 7.7.7.0/24, 8.8.8. 0/24, and 9.9.9.0/24 from AS 200. 
3. Configure Switch D to reject routes from AS 200: 
# Configure AS_PATH list 1.
    Add page 1065 to Favourites
    image text
    Enable zoom 
    							 376 
[SwitchD] ip as-path 1 permit .*200.* 
# Create routing policy rt1 with node 1, and specify the match mode as  deny to deny routes from 
AS 200.  
[SwitchD] route-policy rt1 deny node 1 
[SwitchD-route-policy] if-match as-path 1 
[SwitchD-route-policy] quit 
# Create routing policy  rt1 with node 10, and specify the match mode as  permit to permit routes 
from other ASs. 
[SwitchD] route-policy rt1 permit node 10 
[SwitchD-route-policy] quit 
# On Switch D, specify routing policy  rt1 to filter routes received from peer 1.1.3.1. 
[SwitchD] bgp 400 
[SwitchD-bgp] peer 1.1.3.1 route-policy rt1 import 
# Display the BGP routing table information of Switch D. 
[SwitchD-bgp] display bgp routing-table 
 
 Total Number of Routes: 3 
 
 BGP Local router ID is 4.4.4.4 
 Status codes: * - valid, > - best, d - damped, 
               h - history,  i - internal, s - suppressed, S - Stale 
               Origin : i - IGP, e - EGP, ? - incomplete 
     Network            NextHop         MED        LocPrf     PrefVal Pa\
th/Ogn 
 
 *>  4.4.4.0/24         1.1.3.1                               0       30\
0 100i 
 *>  5.5.5.0/24         1.1.3.1                               0       30\
0 100i 
 *>  6.6.6.0/24         1.1.3.1                               0       30\
0 100i 
The output shows that Switch D has learne d only routes 4.4.4.0/24, 5.5.5.0/24, and 
6.6.6.0/24 from AS 100. 
Troubleshooting routing policy configuration 
IPv4 routing information filtering failure 
Symptom 
The routing protocol is running properly,  but filtering routing information failed. 
Analysis 
At least one item of the IP prefix list must be configured as permit mode, and at least one node in the 
routing policy must be configured as permit mode. 
Solution 
1. Use the  display ip ip-prefix  command to display IP prefix list information. 
2. Use the  display route-policy command to display routing policy information.
    Add page 1066 to Favourites
    image text
    Enable zoom 
    							 377 
IPv6 routing information filtering failure 
Symptom 
The routing protocol is running properly, but filtering routing information failed. 
Analysis 
At least one item of the IPv6 prefix list must be configured as permit mode, and at least one node of the 
routing policy must be configured as permit mode. 
Solution 
1. Use the  display ip ipv6-prefix  command to display IP prefix list information. 
2. Use the  display route-policy command to display routing policy information. 
Configuring policy-based routing 
Hardware compatibility 
The HP 5500 SI Switch Series does not support PBR.  
Introduction to PBR 
Policy-based routing (PBR) is a routing mechanism ba sed on user-defined policies. Different from the 
traditional destination-based routing mechanism, PBR enables you to use a policy (based on the source 
address or other criteria) to route packets. 
In general, PBR takes precedence over destination-ba sed routing. PBR is applied to the packets matching 
the specified criteria, and other packets are forwarded through destination-based routing. 
This Switch Series supports the following PBR implementation methods: 
•   Using a PBR policy  
The PBR policy allows you to specify the next hop, priority, and default next hop to guide the forwarding 
of packets that match specific ACLs. Only IPv4 unicast PBR is supported.  
You can modify ACL rules to implement flexible service control.  
 
  NOTE: 
•  If the configured next hop in the PBR policy does not exist, the matching packet is forwarded accordin
g
to the routing table.  
•   If a default next hop is configured in the PBR policy, destination-based routing takes precedence over 
PBR. 
 
•  Using a QoS policy 
The QoS policy uses QoS traffic classification to defi ne matching criteria, and uses the redirection action 
of traffic behavior to guide packet forwarding. This  implementation method supports both IPv4 and IPv6 
unicast PBR.
    Add page 1067 to Favourites
    image text
    Enable zoom 
    							 378 
PBR modes 
According to the objects to which the PBR applies, PBR involves local PBR and interface PBR. 
•   Local PBR applies to locally generated packets only, such as the ICMP packets generated by using 
the ping  command. 
•   Interface PBR applies to packets forwarded through the interface only. 
In most cases, interface PBR is implemented to  meet the forwarding and security requirements. 
 
 NOTE: 
The term interface in this chapter refers to Layer  3 interfaces, including VLAN interfaces and route mode
(or Layer 3) Ethernet ports. You  can set an Ethernet port to operate in route mode by using the  port 
link-mode  route  command (see 
Layer 2—LAN Switching Configuration Guide).  
Concepts 
Policy 
A policy is used to route IP packets. A poli cy can consist of one or multiple nodes. 
Node 
A node is identified by a node number. The node with the smallest node number has the highest priority.   
A policy node consists of if-match and apply  clauses. An  if-match clause specifies a match criterion on 
a node, and an  apply clause specifies an action to be taken on packets. 
The action to be taken on matched packets  depends on the match mode, which can be  permit or deny . 
if-match clause 
This Switch Series supports the  if-match acl clause.  
You can specify only one  if-match clause of each type in a policy node. 
apply clause 
This Switch Series supports the following  apply clauses:  apply ip-precedence , apply ip-address next-hop , 
and apply ip-address default next-hop .  
 
 NOTE: 
The apply ip-address default next-hop  command takes effect only when no next hop is defined, or the 
defined next hop is invalid and the destination addre ss does not match any route in the routing table. 
 
Relationship between the match mode and clauses 
 
If a packet… Then… 
In permit mode In deny mode 
Matches all the 
if-match clauses 
on a policy node  The 
apply  clause is executed, and 
the packet will not go to the next 
policy node for a match.  The 
apply  clause is not executed, the 
packets will not go to the next policy 
node for a match, and will be 
forwarded according to the routing 
table.
    Add page 1068 to Favourites
    image text
    Enable zoom 
    							 379 
If a packet… Then… 
In permit mode In deny mode 
Fails to match an 
if-match clause 
on the policy node  The 
apply  clause is not executed, 
and the packet will go to the next 
policy node for a match.  The 
apply  clause is not executed, 
and the packet will go to the next 
policy node for a match. 
 
The nodes of a policy are in an OR relationship. If a packet matches a node, it passes the policy; if the 
packet does not match any node of the policy, it fail s to pass the policy and is forwarded according to 
the routing table. 
QoS mode 
The QoS policy uses QoS traffic classification to defi ne matching criteria, and uses the redirection action 
of traffic behavior to guide packet forwarding  in order to implement flexible routing.  
PBR takes precedence over destination-based routing.  If a packet meets the match criteria, PBR applies; 
otherwise, destination-based routing applies. 
For more information about QoS policies, see  ACL and QoS Configuration Guide. 
Configuring PBR (using a PBR policy) 
Defining a policy 
Follow these guidelines when you define a policy:  
•  If an ACL match criterion is defined, packets are matched against the ACL rules, whereas the permit 
or deny action and the time range of the specified ACL are ignored. If the specified ACL does not 
exist, no packet is matched. 
•   You can configure two next hops by using the  apply ip-address next-hop command twice (first case) 
or once (second case). After that, executing the  apply ip-address next-hop command with a new 
next hop will replace the earlier configured next hop in the first case, or will replace the second next 
hop specified in the second case. To remove both next hops, execute the  apply ip-address next-hop 
command again by specifying two next hops.  
•   If a policy has a node with no  if-match clause configured, all packets can pass the policy node. 
However, an action is taken according to the match mode, and the packets will not go to the next 
policy node for a match. 
•   If a policy has a node with the  permit match mode but no  apply clause configured, all packets 
matching all the  if-match clauses can pass the policy node. However, no action is taken, the packets 
will not go to the next policy node for a match, and will be forwarded according to the routing 
table. 
•   If a policy has a node with no  if-match or apply  clauses configured, all packets can pass the policy 
no de. However, no  action is  taken; the  packets  wi l l   not go to the next policy node for a match, and 
will be forwarded according to the routing table.  
To define a policy:  
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A
    Add page 1069 to Favourites
    image text
    Enable zoom 
    							 380 
Step Command Remarks 
2.  Create a policy or policy 
node and enter PBR policy 
node view.  policy-based-route
 policy-name 
[ deny  | permit  ] node  
node-number   N/A 
3.
  Define an ACL match 
criterion.  if-match acl
 acl-number   Optional. 
4.  Set an IP precedence 
type/value.  apply
 ip-precedence  { type  | 
value }   Optional. 
5.
  Set next hops.  apply ip-address next-hop 
ip-address
 [ direct ] [ track 
track-entry-number  ] [ ip-address 
[ direct ]  [ track 
track-entry-number  ] ]  Optional. 
You can specify two next hops at a 
time. 
•
 For local PBR, both the two next 
hops take effect to implement 
load sharing. 
• For interface PBR, the first next 
hop serves as the main next 
hop and the second one serves 
as the backup next hop.  
6.   Set default next hops.  apply ip-address default next-hop
 
ip-address  [ track 
track-entry-number  ] [ ip-address 
[ track  track-entry-number  ] ]   Optional. 
You can specify two next hops at a 
time. 
•
 For local PBR, both the two next 
hops take effect to implement 
load sharing. 
• For interface PBR, the first next 
hop serves as the main next 
hop and the second one serves 
as the backup next hop.  
 
Configuring local PBR 
Only one policy can be referenced for local PBR. 
To configure local PBR: 
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A 
2.  Configure local PBR based on a 
policy.  ip local policy-based-route 
policy-name
  Not configured by default. 
 
 
NOTE: 
If the specified policy does not exist, the local PBR co nfiguration succeeds, but it takes effect only when the
policy is created.  
 
Configuring interface PBR 
Only one policy can be referenced  by an interface for interface PBR.
    Add page 1070 to Favourites
    image text
    Enable zoom 
    							 381 
To configure interface PBR:  
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Enter interface view.  interface
 interface-type 
interface-number   N/A 
3.
  Configure interface PBR 
based on a policy.  ip policy-based-route 
policy-name Not configured by default. 
 
  NOTE: 
If the specified policy does not exist, the interface PBR configuration succeeds, but it takes effect only when
the policy is created.  
 
PBR and track 
Associated with a Track object, PBR can sense topo logy changes faster. You can associate PBR with a 
track entry when configuring the outgoing interface,  default outgoing interface, next hop, and default 
next hop to dynamically determine link reachability. The PBR configuration takes effect when the status of 
the associated Track object is  Pos i t ive or Invalid .  
For more information about track-PBR collaboration, see  High Availability Configuration Guide. 
Configuring PBR (using a QoS policy) 
Before you configure PBR, complete the following tasks:  
•  Configure a QoS policy by configuring the match criteria and a redirection action for PBR.  
•   Apply the QoS policy by defining the occasion to which the PBR applies.  
Configuring a QoS policy 
To configure a QoS policy:  
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Create a class and enter 
class view.  traffic classifier 
tcl-name [ operator  { and  | 
or  } ]   N/A 
3.
  Configure the match 
criteria.  if-match 
match-criteria   N/A 
4.  Exit class view. 
quit  N/A 
5.  Create a behavior and 
enter behavior view.  traffic behavior 
behavior-name N/A 
6.  Configure a traffic 
redirection action.  redirect next-hop
 { ipv4-add1 
[  ipv4-add2  ] | ipv6-add1  [ interface-type 
interface-number  ] [ ipv6-add2 
[ interface-type interface-number  ] ] } 
[ fail-action  { discard  | forward  } ]  Optional. 
The default option for the 
fail-action
 is forward .
    All HP manuals Comments (0)

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide