不涉及
客户使用S10508-V设备,版本为R7577,发现下发策略路由时设备提示不支持。
%Mar 5 12:49:25:276 2020 NDSGAJ_HeXin_H3C-S10508X-V PBR4/4/PBR_HARDWARE_BIND_ERROR: -MDC=1; Failed to apply the policy DMZ-To-Access_Area to interface Vlan-interface150 because of unsupported operations.
%Mar 5 12:49:25:619 2020 NDSGAJ_HeXin_H3C-S10508X-V PBR4/4/PBR_HARDWARE_BIND_ERROR: -MDC=1-Chassis=1-Slot=1; Failed to apply the policy DMZ-To-Access_Area to interface Vlan-interface150 because of unsupported operations.
(1) 看客户配置的的策略路由下发下一跳时匹配了VPN实例
#
policy-based-route DMZ-To-Access_Area permit node 11
description 两个服务器网段互访的流量主走FW2,备走FW1
if-match acl 3006
apply next-hop vpn-instance vpn-dmz 35.231.129.229
apply default-next-hop vpn-instance vpn-dmz 35.231.129.237 track 2
#
policy-based-route DMZ-To-Access_Area permit node 20
description 策略路由主走FW1,备走FW2
if-match acl 3001
apply next-hop vpn-instance vpn-dmz 35.231.129.237
apply default-next-hop vpn-instance vpn-dmz 35.231.129.229 track 1
#
policy-based-route DMZ-To-Access_Area permit node 30
description 策略路由主走FW2,备走FW1
if-match acl 3002
apply next-hop vpn-instance vpn-dmz 35.231.129.229
apply default-next-hop vpn-instance vpn-dmz 35.231.129.237 track 2
#
(2) 看设备的日志,也是在客户下发完策略路由的动作后提示的不支持
%Mar 5 11:56:48:162 2020 NDSGAJ_HeXin_H3C-S10508X-V SHELL/6/SHELL_CMD: -Line=aux1/0-IPAddr=**-User=**; Command is apply default-next-hop vpn-instance vpn-dmz 35.231.129.237 track 2
%Mar 5 11:56:48:164 2020 NDSGAJ_HeXin_H3C-S10508X-V PBR4/4/PBR_HARDWARE_ERROR: Failed to update the policy DMZ-To-Access_Area because of unsupported operations.
(3) 官网配置指导中有写,apply default-next-hop后面跟VPN参数时,配置会不生效。
apply default-next-hop [ vpn-instance vpn-instance-name ] { ip-address [ direct ] [ track track-entry-number ] }&<1-2> |
用户可以同时配置多个缺省下一跳(通过一次或多次配置本命令实现),起到主备的作用 每个节点最多可以配置2个缺省下一跳 vpn-instance vpn-instance-name 参数配置后不生效 |
(4) 经过确认,客户使用的版本较老,apply default-next-hop命令不支持带VPN参数。
apply default-next-hop后跟VPN参数只有到759X版本才支持,该版本现在为受限版本,使用前需要评估后方可使用。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作