某局点S10508X-V策略路由无法下发

不涉及

客户使用S10508-V设备，版本为R7577，发现下发策略路由时设备提示不支持。

%Mar  5 12:49:25:276 2020 NDSGAJ_HeXin_H3C-S10508X-V PBR4/4/PBR_HARDWARE_BIND_ERROR: -MDC=1; Failed to apply the policy DMZ-To-Access_Area to interface Vlan-interface150 because of unsupported operations.

%Mar  5 12:49:25:619 2020 NDSGAJ_HeXin_H3C-S10508X-V PBR4/4/PBR_HARDWARE_BIND_ERROR: -MDC=1-Chassis=1-Slot=1; Failed to apply the policy DMZ-To-Access_Area to interface Vlan-interface150 because of unsupported operations.

（1）        看客户配置的的策略路由下发下一跳时匹配了VPN实例

#

policy-based-route DMZ-To-Access_Area permit node 11

 description 两个服务器网段互访的流量主走FW2，备走FW1

 if-match acl 3006

 apply next-hop vpn-instance vpn-dmz 35.231.129.229

 apply default-next-hop vpn-instance vpn-dmz 35.231.129.237 track 2

#

policy-based-route DMZ-To-Access_Area permit node 20

 description 策略路由主走FW1，备走FW2

 if-match acl 3001

 apply next-hop vpn-instance vpn-dmz 35.231.129.237

 apply default-next-hop vpn-instance vpn-dmz 35.231.129.229 track 1

#

policy-based-route DMZ-To-Access_Area permit node 30

 description 策略路由主走FW2，备走FW1

 if-match acl 3002

 apply next-hop vpn-instance vpn-dmz 35.231.129.229

 apply default-next-hop vpn-instance vpn-dmz 35.231.129.237 track 2

#

（2）        看设备的日志，也是在客户下发完策略路由的动作后提示的不支持

%Mar  5 11:56:48:162 2020 NDSGAJ_HeXin_H3C-S10508X-V SHELL/6/SHELL_CMD: -Line=aux1/0-IPAddr=**-User=**; Command is apply default-next-hop vpn-instance vpn-dmz 35.231.129.237 track 2

%Mar  5 11:56:48:164 2020 NDSGAJ_HeXin_H3C-S10508X-V PBR4/4/PBR_HARDWARE_ERROR: Failed to update the policy DMZ-To-Access_Area because of unsupported operations.

（3）        官网配置指导中有写，apply default-next-hop后面跟VPN参数时，配置会不生效。

（4）        经过确认，客户使用的版本较老，apply default-next-hop命令不支持带VPN参数。

apply default-next-hop后跟VPN参数只有到759X版本才支持，该版本现在为受限版本，使用前需要评估后方可使用。