How to configure a list of Nexthops for Policy Based Routing in AOS?

Aruba Employee
Aruba Employee

PBR is used to route packets based on a certain policy. Unlike traditional destination IP based routing, ACLs are used to determine the routing path. ACL characterizes the packet on its source/destination IP address, L4 protocol and ports, and also the kind of application (appRF).


Feature introduced from AOS 6.4.3


Network Topology : 

rtaImage (1).jpg


A controller has multiple ways of reaching the internet. But different links may be required to be used for different set of users, basically source IP, which is not possible with traditional routing.


The nexthop list can be configured under:
(6.4.3-Beta-Master) (config) #ip nexthop-list ?
STRING Nexthop-list name
(6.4.3-Beta-Master) (config) #ip nexthop-list Branch-with-multiple-uplinks
(6.4.3-Beta-Master) (config-nexthop-list)#ip priority 10
(6.4.3-Beta-Master) (config-nexthop-list)#ip priority 20
(6.4.3-Beta-Master) (config-nexthop-list)#ip priority 30
(6.4.3-Beta-Master) (config-nexthop-list)#ip priority 40
(6.4.3-Beta-Master) (config-nexthop-list)#exit
(6.4.3-Beta-Master) (config) #



To verify if the nexthop list is properly populated, run the below command.

(6.4.3-Beta-Master) #show ip nexthop-list

Nexthop-List Entries
Nexthop-list Name             Nexthop-list Id  Preemptive Failover  Active IP  Nexthop IPs(Priority)
-----------------             ---------------  -------------------  ---------  ---------------------
Branch-with-multiple-uplinks                   Enabled                ,,,

(6.4.3-Beta-Master) #

The Next hops are displayed in the order of configured priority.


Check if Datapath Route-cache is populated with corresponding nexthop information.

(6.4.3-Beta-Master) #show datapath route-cache

Route Cache Entries

Flags: L - Local, P - Permanent,  T - Tunnel, I - IPsec,
       t - trusted, A - ARP, D - Drop, R - Routed across vlan
       O - Temporary, N - INactive, H - DHCP snooped

       IP              MAC             VLAN       Flags
---------------  -----------------  -----------  ------     00:1A:1E:01:2D:18            1  LP    00:1A:1E:01:2D:18          174  LP    00:0B:86:86:09:80          174  tA     00:1A:1E:01:2D:18          187  LP    00:0B:86:86:09:80          183  tA    00:1A:1E:01:2D:18          183  LP    00:1A:1E:01:2D:18          164  LP    00:1A:1E:09:15:C0          164  tA

(6.4.3-Beta-Master) #

Version history
Revision #:
1 of 1
Last update:
‎04-08-2015 05:06 AM
Updated by:

This article has been around for a while so hopefully it gets read.


Regarding 7000 series branch controllers as USB Cellular devices.  They may not be left in all the time.


My question is whether a nexthop-list is necessary for this configuration and if so, what's the proper way to set it up?


My thinking is you'd set the device default-gateway to your WAN nexthop.  Then add the same thing as highest priority then have a DHCP next-hop as a lower priority.



Search Airheads
Showing results for 
Search instead for 
Did you mean: