Owner's Manual
Chapter 13. ACLs | 339
NETGEAR 8800 User Manual
To configure Policy-Based Routing, you configure an ACL on your switch. You can apply an
ACL policy file, or use a dynamic ACL.
The following is an example ACL rule entry that redirects any TCP traffic with a destination
port of 81 to the device at IP address 3.3.3.2:
entry redirect_port_81 {
if {
protocol tcp;
destination-port 81;
} then {
redirect 3.3.3.2;
}
}
Use the following procedure:
1. Issue the following command to prevent the redirect IP address from clearing from the
IP ARP table due to a timeout:
enable iparp refresh
2. Configure the ACL, either applying an ACL policy file similar to the example, or a Dynamic
ACL.
3. Ping or send traffic so that the redirect IP adjacency is resolved.
You may want to create a static ARP entry for the redirect IP address, so that there will
always be a cache entry.
Layer 2 Policy-Based Redirect
This feature allows matching packets to override the normal forwarding decision and be
Layer
2 switched to the specified physical port. This is accomplished via an additional packet
ACL lookup. While similar to the “Layer
3 Policy-Based Redirect” feature described above, it
differs in that the packet is not modified for Layer
3 routing based on a new IP redirect
nexthop. Instead, the packet uses the packet format based on the forwarding decision. When
the packet was Layer
2-switched, the packet egresses the redirect port unmodified. When
the packet was Layer
3-switched, the packet egresses with the Layer 3 packet modifications
of the nexthop found by the normal Layer
3 forwarding lookups. This feature applies to
unicast, multicast, and broadcast traffic.
redirect-port <port number>
The <port number> argument must be specified in the format <slot>:<port>. For example,
consider the following ACL policies.
The policy shown below redirects any TCP traffic with source Layer 4 port 81 to physical port
3:2.
entry one {
if {
protocol tcp;