Wired Intelligent Edge

last person joined: 23 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

aruba 2930F PBR query

This thread has been viewed 4 times

  • 1.  aruba 2930F PBR query

    Posted Dec 04, 2019 11:39 AM

    Hi this is the first time diving into PBR on switching so here goes.  I have read the doco and think I have have a handle on what to do.

     

    My goal is to have any http or https traffic using vlan 1 to be directed to a web filtering appliance which will act as a gateway.  Below is how I plan to configure the switch. Have I got this right?  I want to check before I start messing with traffic on the switch.  I also put in a second hop incase the first gateway is not active and will then send the traffic out to the secondary gateway

     

    :Traffic class defined
    switch(config)#: class ipv4 http
    switch(config-class)#: match tcp any any eq 80
    switch(config-class)#: match tcp any any eq 443
    switch(config-class)#: exit
    :PBR policy created
    switch(config)#: policy pbr http_https_gateway
    switch(policy-pbr)#: class ipv4 http
    switch(policy-pbr-class)#: action ip next-hop 10.38.24.12
    switch(policy-pbr-class)#: action ip next-hop 10.38.24.1
    switch(policy-pbr-class)#: exit
    switch(policy-pbr)#: exit
    :PBR Appied to vlan
    switch(config)#: vlan 1
    Switch(vlan-1)# service-policy http_https_gateway in


    #2930F


  • 2.  RE: aruba 2930F PBR query
    Best Answer

    MVP GURU
    Posted Dec 05, 2019 12:29 AM

    Hi,

     

    Look good but not sure if there is a check if the first next hop is not available...



  • 3.  RE: aruba 2930F PBR query

    Posted Dec 05, 2019 12:41 AM

    Thanks for having a look.

    If the next hop (10.38.24.1) is not availabale there would be no gateways at all as that is the current one we use.  My understanding is it will attempt to send traffic to the fist hop.  If there is no responce it will send to the next hop.  Am I correct?  Will it bounce past the first hop if there is a delay?  As it is a web filtering system I would prefer it to go there and move on as a failover. Hope this make sence.



  • 4.  RE: aruba 2930F PBR query

    MVP GURU
    Posted Dec 05, 2019 12:52 AM
    @S_D wrote:

    Thanks for having a look.

    If the next hop (10.38.24.1) is not availabale there would be no gateways at all as that is the current one we use.  My understanding is it will attempt to send traffic to the fist hop.  If there is no responce it will send to the next hop.  Am I correct?  Will it bounce past the first hop if there is a delay?  As it is a web filtering system I would prefer it to go there and move on as a failover. Hope this make sence.

    Need to check...