Controller Based WLANs

How to configure a list of Nexthops for Policy Based Routing in AOS?

Aruba Employee

PBR is used to route packets based on a certain policy. Unlike traditional destination IP based routing, ACLs are used to determine the routing path. ACL characterizes the packet on its source/destination IP address, L4 protocol and ports, and also the kind of application (appRF).

 

Feature introduced from AOS 6.4.3

 

Network Topology : 

rtaImage (1).jpg

 

A controller has multiple ways of reaching the internet. But different links may be required to be used for different set of users, basically source IP, which is not possible with traditional routing.

 

The nexthop list can be configured under:
(6.4.3-Beta-Master) (config) #ip nexthop-list ?
STRING Nexthop-list name
(6.4.3-Beta-Master) (config) #ip nexthop-list Branch-with-multiple-uplinks
(6.4.3-Beta-Master) (config-nexthop-list)#ip 10.17.164.254 priority 10
(6.4.3-Beta-Master) (config-nexthop-list)#ip 10.17.169.193 priority 20
(6.4.3-Beta-Master) (config-nexthop-list)#ip 10.17.168.193 priority 30
(6.4.3-Beta-Master) (config-nexthop-list)#ip 10.17.170.33 priority 40
(6.4.3-Beta-Master) (config-nexthop-list)#exit
(6.4.3-Beta-Master) (config) #

 

 

To verify if the nexthop list is properly populated, run the below command.

(6.4.3-Beta-Master) #show ip nexthop-list

Nexthop-List Entries
--------------------
Nexthop-list Name             Nexthop-list Id  Preemptive Failover  Active IP  Nexthop IPs(Priority)
-----------------             ---------------  -------------------  ---------  ---------------------
Branch-with-multiple-uplinks                   Enabled                          10.17.170.40(40), 10.17.168.200(30), 10.17.169.200(20), 10.17.164.254(10)

(6.4.3-Beta-Master) #

The Next hops are displayed in the order of configured priority.

 

Check if Datapath Route-cache is populated with corresponding nexthop information.

(6.4.3-Beta-Master) #show datapath route-cache

Route Cache Entries
-------------------

Flags: L - Local, P - Permanent,  T - Tunnel, I - IPsec,
       t - trusted, A - ARP, D - Drop, R - Routed across vlan
       O - Temporary, N - INactive, H - DHCP snooped

       IP              MAC             VLAN       Flags
---------------  -----------------  -----------  ------
172.16.0.254     00:1A:1E:01:2D:18            1  LP
10.17.168.200    00:1A:1E:01:2D:18          174  LP
10.17.168.193    00:0B:86:86:09:80          174  tA
10.17.170.40     00:1A:1E:01:2D:18          187  LP
10.17.169.193    00:0B:86:86:09:80          183  tA
10.17.169.200    00:1A:1E:01:2D:18          183  LP
10.17.164.230    00:1A:1E:01:2D:18          164  LP
10.17.164.254    00:1A:1E:09:15:C0          164  tA

(6.4.3-Beta-Master) #

Version history
Revision #:
1 of 1
Last update:
‎04-08-2015 05:06 AM
Updated by:
 
Contributors
Comments
cafnetmatt

This article has been around for a while so hopefully it gets read.

 

Regarding 7000 series branch controllers as USB Cellular devices.  They may not be left in all the time.

 

My question is whether a nexthop-list is necessary for this configuration and if so, what's the proper way to set it up?

 

My thinking is you'd set the device default-gateway to your WAN nexthop.  Then add the same thing as highest priority then have a DHCP next-hop as a lower priority.

 

Correct?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.