Owner's Manual
Chapter 13. ACLs | 341
NETGEAR 8800 User Manual
Policy-Based Redirection Redundancy
This section consists of the following topics:
• Multiple Nexthop Support on page 341
• Health Checking for ARP and Ping on page 342
• Packet Forward/Drop on page 342
• Example—Network Diagram on page 343
Multiple Nexthop Support
As discussed above, Layer 3 and Layer 2 policy-based redirect support only one nexthop for
one policy-based entry. Multiple nexthops with different priorities can be configured. A higher
priority is denoted with a higher number; for example, “priority 5” has a higher precedence
that “priority 1.” When a high priority nexthop becomes unreachable, another preconfigured
nexthop, based on priority, replaces the first. This is done by first creating a flow-redirect
name that is used to hold nexthop information.
Use the following command:
create flow-redirect <flow-redirect-name>
To delete the flow-redirect name, use
delete flow-redirect <flow-redirect-name>
Then information for each nexthop including a defined priority is added one by one to the new
flow-redirect name. Use the following command:
configure flow-redirect <flow-redirect-name> add nexthop <ipaddress> priority
<number>
To delete the nexthop, use the following command:
configure flow-redirect <flow-redirect-name> delete nexthop <ipaddress>
Because an ACL does not recognize the virtual routing concept, one policy-based routing is
used for multiple virtual routing entries when a VLAN-based virtual router is used for one port.
Configuring a virtual router into a flow-redirect allows policy-based routing to work for only
one specific virtual router. Use the following command:
configure flow-redirect <flow-redirect-name> vr <vr-name>
Note: Configuring the virtual router parameter is not supported on
NETGEAR 8800 series switches.
Finally, a new action modifier, redirect-name, is used to specify the flow-redirect name in an
ACL rule entry.
entry redirect_redundancy {
if match all {