Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lantm
Explorer

MHO security group PBR

Hi Guys,

I'm using MHO solution: 2 MHO 140 + 2 6800 CP GW. I have configure PBR for management interface but it doesn't work. Anyone has encountered this problem yet ?

My configuration:

set pbr table Mgmt static-route default nexthop gateway address 172.17.10.1 priority 1

set pbr rule priority 10 match from 172.17.10.216/32 to 172.16.0.68/32
set pbr rule priority 10 action table Mgmt

Best regards.

0 Kudos
5 Replies
Anatoly
Employee
Employee

Hi,

It looks like you're creating pbr on orchestrator itself.

 

I guess you should do it on Security Group from its Global Clish. Mgmt interface of the orchestrator is not related to the policy.

 

Management interfaces of Security Group are eth1-Mgmt1, eth1-Mgmt2, etc...

0 Kudos
Lantm
Explorer

Hi,

I created pbr on Security group

Output when i show configuration pbr on security group, it pushed to 2 GW 6800.

[Global] FW-SRV-MC-ch01-01 > show configuration pbr
1_01:
set pbr table Mgmt static-route 172.16.0.68/32 nexthop gateway logical eth1-Mgmt 1 on
set pbr rule priority 10 match from 172.17.10.0/24 to 172.16.0.68/32
set pbr rule priority 10 action table Mgmt

1_02:
set pbr table Mgmt static-route 172.16.0.68/32 nexthop gateway logical eth1-Mgmt 1 on
set pbr rule priority 10 match from 172.17.10.0/24 to 172.16.0.68/32
set pbr rule priority 10 action table Mgmt

Best regards.

 

 

 

 

 

 

 

 

0 Kudos
Anatoly
Employee
Employee

So, that is what it should be. Does it work for you?

0 Kudos
Lantm
Explorer

Hi,
It doesn't work.
If i want to connect from 172.16.0.68/32 to MGT interface of security group, i must add static route to 172.16.0.68/32 via eth1-Mgmt 1. Only 1 routing table for both data and management.
0 Kudos
Anatoly
Employee
Employee

Correct, there's only one routing table here.

0 Kudos