© 2025 Junovan Fantin

[SWITCH HPE] Policy Based Routing PBR

ACI BIG-IP Certificado Cisco Compactar Converter Crypto Debian DNS Docker EasyRSA FortiGate FWaaS GPG IKE IPSec Linux MikroTik MySQL Netflow NSX OpenSSL OpenVPN Password Python RouterOS RSTP Script Scrum Shell ShellScript SolarWinds Spanning Tree SQLite SSL STP StrongSwan Ubuntu Upgrade VMWARE VPN VXLAN Windows ZIP ZTNA

Latest Comments

Nenhum comentário para mostrar.
junovan - 21 fevereiro 2022 - 20:14

How to configure Policy Based Routing (PBR) on an HP Procurve 3800

I recently had to configure PBR on an HP 3800, its really simple..! If you’re looking for how to do this on Comware switches, I wrote another guide you can find here

This also works on HP 5400zl v2 and 8200 Series switches.

First, you create a class, then you create a policy and then you apply it to a port or VLAN. Note that you can only apply PBR in an INBOUND direction.

CLASS – Match traffic based on this (Source IP to Destination IP)

POLICY – What to do with traffic once its matched

VLAN /PORT – Assign a policy under the VLAN or Interface Port configuration

The scenario below, allows traffic from 192.168.10.0/24 to go to 10.0.0.0/24 via one gateway (2.2.2.2), and all other traffic to go via another gateway address. This allows local traffic to hit one gateway, and internet traffic to hit another.

Policy Based Routing Example

Class Config

This is set to match on particular traffic.

 class ipv4 "CLASS-192.168-LOCAL-BREAKOUT"
  5 match ip 192.168.10.0 0.0.0.255 10.0.0.0 0.0.0.255
   exit
 class ipv4 "CLASS-192.168-INTERNET-BREAKOUT"
  5 match ip 192.168.10.0 0.0.0.255 0.0.0.0 255.255.255.255
   exit

Policy Config

This defines the next hop address. See my ‘IMPORTANT’ section below.

policy pbr "POLICY-INTERNET-BREAKOUT"
 5 class ipv4 "CLASS-192.168-LOCAL-BREAKOUT"
  action ip next-hop 2.2.2.1
  exit
 6 class ipv4 "CLASS-192.168-INTERNET-BREAKOUT"
  action ip next-hop 1.1.1.1
  exit
 exit

Interface Config

And finally, you set it up on a particular VLAN interface.

vlan 10
 name "192.168.10.0-VLAN"
 ip address 192.168.10.254 255.255.255.0
 service-policy "POLICY-INTERNET-BREAKOUT" in
 exit

!!! IMPORTANT !!!!

The Provision switch does something I find a little crazy – if you have other locally connected networks on the local HP Switch, then you should set the next hop IP to itself… eg.

policy pbr “POLICY-INTERNET-BREAKOUT”

 5 class ipv4 "CLASS-192.168-LOCAL-BREAKOUT"
  action ip next-hop 192.168.10.254
  exit
 6 class ipv4 "CLASS-192.168-INTERNET-BREAKOUT"
  action ip next-hop 1.1.1.1
  exit
 exit

Otherwise, traffic that matches the PBR gets sent purely to the PBR next-hop gateway, it doesn’t use locally connected routes!

My default gateway is as follows, and using the config snippet above ensures inter VLAN routing continues to work.

ip route 0.0.0.0 0.0.0.0 2.2.2.1

Without setting the next hop to itself, traffic won’t be able locally / intervlan routed on the HP switch when using PBR

REFERENCE: Network Tasks – Policy Based Routing PBR

CATEGORIES:

Network

Tags:

No tags
Previous
Next

Comments are closed

© 2025 Junovan Fantin – Todos os direitos reservados.