You are here: Home > CLI Commands > Just_CLI_Topics > ip nexthop-list

ip nexthop-list

ip nexthop-list <STRING>

ip {dhcp vlan <id> [priority <number>]|<A.B.C.D> [priority <number>]}

ipsec-map <map_name> [priority <number>]

no

preemptive-failover

Description

Define a next hop list for policy-based routing.

Syntax

Parameter

Description

<STRING>

Name of the next hop list.

ip

Next hop IP address.

dhcp vlan <id>

VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID of the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. used by the next hop device. If the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. gets an IP address using DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. , and the default gatewayGateway is a network node that allows traffic to flow in and out of the network. is determined by the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface, the gatewayGateway is a network node that allows traffic to flow in and out of the network. IP is used as the next hop IP address.

<A.B.D.C>

IP address of the next hop device.

ipsec-map <map_name>

Packets can be redirected over a VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnel by specifying the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. map name.

preemptive-failover

Enable or disable preemptive failover. If preemption is enabled and a higher priority next hop becomes reachable again, packets are again forwarded to the higher priority next hop.

Usage Guidelines

A next hop IP is the IP address of a adjacent router or device with layer-2 connectivity to the managed device. If the managed device uses policy-based routing to forwards packets to a next hop device and that device becomes unreachable, the packets matching the policy will not reach their destination. The next hop list provides redundancy for the next hop devices by forwarding the traffic to a backup next hop device in case of failures. If active next hop device on the list becomes unreachable, traffic matching a policy-based routing ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. is forwarded using the highest-priority active next hop on the list.

A maximum of 4 next hops can be added to a next hop list. Each next hop can be assigned a priority, which decides the order of selection of the next hop. If a higher priority next hop goes down, the next higher priority next hop which is active is chosen for forwarding. If all the next hops are configured with same priority, the order is determined based on the order in which they are configured. If all the next hops are down, traffic is passed regular destination based forwarding.

In a typical deployment scenario with multiple up-links, the default route only uses one of the uplink next-hops for forwarding packets. If a next hop becomes unreachable, the packets will not reach their destination. If your deployment uses policy-based routing based on a next hop list, any of the uplink next hops could be used for forwarding traffic. This requires a valid ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. entry (route-cache) in the system for all the policy-based routing next hops.

In a branch office managed device deployment, the site up-links can obtain their IP addresses and default gatewayGateway is a network node that allows traffic to flow in and out of the network. using DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. . In such deployments, the next hop-list configuration can use the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs of uplink VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. If the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. gets an IP address using DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. , and the default gatewayGateway is a network node that allows traffic to flow in and out of the network. is determined by the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface, the gatewayGateway is a network node that allows traffic to flow in and out of the network. IP is used as the next hop IP address. Branch deployments may also require policy-based redirection of traffic to different VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnels. The next hop list allows you to select an IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. map to redirect traffic through IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels.

Example

The following command configures a list of next hops:

(host) [mynode] (config) #ip nexthop-list list1

(host) ^[mynode] (config-submode)#ip 10.1.1.41 priority 1

(host) ^[mynode] (config-submode)#ip 172.21.18.170 priority 2

(host) ^[mynode] (config-submode)#ip 192.18.140.20 priority 3

Related Commands

Command

Description

show ip nexthop-list

Display next hop list settings for policy-based routing.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platform

License

Command Mode

All platforms

Available in the base operating system.

Config mode on Mobility Master.

/*]]>*/