Controller Based WLANs

How to configure a list of Nexthops for Policy Based Routing in AOS?

by on ‎04-08-2015 05:06 AM

PBR is used to route packets based on a certain policy. Unlike traditional destination IP based routing, ACLs are used to determine the routing path. ACL characterizes the packet on its source/destination IP address, L4 protocol and ports, and also the kind of application (appRF).

 

Feature introduced from AOS 6.4.3

 

Network Topology : 

rtaImage (1).jpg

 

A controller has multiple ways of reaching the internet. But different links may be required to be used for different set of users, basically source IP, which is not possible with traditional routing.

 

The nexthop list can be configured under:
(6.4.3-Beta-Master) (config) #ip nexthop-list ?
STRING Nexthop-list name
(6.4.3-Beta-Master) (config) #ip nexthop-list Branch-with-multiple-uplinks
(6.4.3-Beta-Master) (config-nexthop-list)#ip 10.17.164.254 priority 10
(6.4.3-Beta-Master) (config-nexthop-list)#ip 10.17.169.193 priority 20
(6.4.3-Beta-Master) (config-nexthop-list)#ip 10.17.168.193 priority 30
(6.4.3-Beta-Master) (config-nexthop-list)#ip 10.17.170.33 priority 40
(6.4.3-Beta-Master) (config-nexthop-list)#exit
(6.4.3-Beta-Master) (config) #

 

 

To verify if the nexthop list is properly populated, run the below command.

(6.4.3-Beta-Master) #show ip nexthop-list

Nexthop-List Entries
--------------------
Nexthop-list Name             Nexthop-list Id  Preemptive Failover  Active IP  Nexthop IPs(Priority)
-----------------             ---------------  -------------------  ---------  ---------------------
Branch-with-multiple-uplinks                   Enabled                          10.17.170.40(40), 10.17.168.200(30), 10.17.169.200(20), 10.17.164.254(10)

(6.4.3-Beta-Master) #

The Next hops are displayed in the order of configured priority.

 

Check if Datapath Route-cache is populated with corresponding nexthop information.

(6.4.3-Beta-Master) #show datapath route-cache

Route Cache Entries
-------------------

Flags: L - Local, P - Permanent,  T - Tunnel, I - IPsec,
       t - trusted, A - ARP, D - Drop, R - Routed across vlan
       O - Temporary, N - INactive, H - DHCP snooped

       IP              MAC             VLAN       Flags
---------------  -----------------  -----------  ------
172.16.0.254     00:1A:1E:01:2D:18            1  LP
10.17.168.200    00:1A:1E:01:2D:18          174  LP
10.17.168.193    00:0B:86:86:09:80          174  tA
10.17.170.40     00:1A:1E:01:2D:18          187  LP
10.17.169.193    00:0B:86:86:09:80          183  tA
10.17.169.200    00:1A:1E:01:2D:18          183  LP
10.17.164.230    00:1A:1E:01:2D:18          164  LP
10.17.164.254    00:1A:1E:09:15:C0          164  tA

(6.4.3-Beta-Master) #

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.