Policy Based Routing
A policy-based routing rule is an ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. that can forward traffic as normal, or route traffic over a VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnel specified by an IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. map, routed to a next-hop router on a next-hop list, or redirected over an L3 GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel or tunnel group.
ArubaOS now also supports IPv6 address in policy-based routing rule.
|
A Policy Based Routing rule does not become active until it is applied to a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface or user role. |
Associating PBR Rule with Managed Device
The following procedure describes how to associate a policy based routing rule with a managed device:
- In the node hierarchy, navigate to the tab.
- Expand the accordion.
- Click below the table to create a new policy.
- Enter the in the pop-up window and click .
- The policy type (route) is predefined in this window.
- Select the policy created in the table.
- The table is displayed.
- Click to add a new policy.
- The pop-up window opens.
- Select one of the following rule types:
- TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. /UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port or range of ports. Applies the rule to all traffic, or traffic using a specific service, protocol, or
- : Applies a rule to a traffic for an application or application category.
The
rule type is not supported for IPv6 traffic.- Configure the rule parameters.
Field |
Description |
|
Select either or from the drop-down list to specify whether the policy applies to IPv4 or IPv6 traffic. |
|
Source of the traffic, which can be one of the following: : Acts as a wildcard and applies to any source address. : This refers to traffic from the wireless client. : This refers to traffic from a specific host. When this option is chosen, you must configure the IP address of the host. subnet Subnet is the logical division of an IP network. of IP addresses. When this option is chosen, you must configure the IP address and network mask of the subnet Subnet is the logical division of an IP network.. : This refers to a traffic that has a source IP from a: This refers to using an alias for a host or network. You configure the alias by navigating to the page. When you select option in the field, only , , and options are available as source of the traffic. You cannot configure IPv6 multicast, link-local, unspecified, loopback, and subnet Subnet is the logical division of an IP network. anycast addresses as IPv6 source addresses. |
|
Destination of the traffic, which can be configured in the same manner as source. When you select option in the field, only , , and options are available as destination of the traffic. You cannot configure IPv6 multicast, link-local, unspecified, loopback, and subnet Subnet is the logical division of an IP network. anycast addresses as IPv6 destination addresses. |
|
(Optional) Enter the IPv6 address to associate the policy to IPv6 traffic. This field is visible only when you select under or fields. |
|
(Optional) Enter the subnet Subnet is the logical division of an IP network. mask for the IPv6 address. This field is visible only when you select under or fields. |
|
If you are creating an rule, select a type of traffic, which can be one of the following:protocol: Using this option, you specify a different layer 4 protocol (other than TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. /UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received.) by configuring the IP protocol value. : This option specifies that this rule applies to any type of traffic. service: Using this option, you use one of the pre-defined services (common protocols such as HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection., HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands., and others) as the protocol to match for the rule to be applied. You can also specify a network service that you have manually configured. For details, see Creating a Network Service Alias. tcp: A range of TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. port(s) that must be used by the traffic in order for the rule to be applied. udp: A range of UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port(s) hat must be used by the traffic in order for the rule to be applied. : When you select option in the field, only option is available as Service/App Short form for application. It generally refers to the application that is downloaded and used on mobile devices. of the traffic. |
|
If you are creating an rule, select a type of traffic, which can be one of the following:application: Create a rule that applies to a specific application type. Click the drop-down list and select an application type.application category: Create a rule that applies to a specific application category. Click the drop-down list and select a category type. |
|
The action that you want the controller to perform on a packet that matches the specified criteria. This can be one of the following: : Packets are forwarded to their next destination without any changes. IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel defined by the specified IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. map. You must specify the position of the forwarding or routing rule. (1 is first, default is last) : Packets are forwarded through anUplink Routing using Next-hop Lists : packets are forwarded to the highest priority active device on the selected next hop list. You must also specify the position of the forwarding or routing rule (1 is first, default is last). For more information on next-hop lists, seeGRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnels, see GRE Tunnels. : Packets are forwarded through the tunnel with the specified tunnel ID. You must also specify the position of the forwarding or routing rule (1 is first, default is last). For more information onGRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel group. You must also specify the position of the forwarding or routing rule (1 is first, default is last). For more information on tunnel groups, see GRE Tunnel Groups. : Packets are forwarded through the active tunnel in aWhen you select option in the field, only , and options are available. |
|
(Optional) Define a position for the rule in the ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port.. Rules are processed according to their position numbers, and new rules are added at the end of an ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. by default. A position of 1 puts the rule at the top of the list. The position that you select for an ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. rule is relative to either IPv4 or IPv6 policies. |
- Click .
- Click .
- In the window, select the check box and click .