Ruijie Community

Title: How to configure PBR and RNS on Ruijie Switch via CLI Command? [Print this page]

---

Author: linyonghang1@ru    Time: 2023-8-15 13:21
Title: How to configure PBR and RNS on Ruijie Switch via CLI Command?
1. Applied scenarios & Requirements:

One Ruijie Switch is connected to 2 Ruijie gateway devices, R1 and R2.

Normally, we want users on vlan 10 to go to gateway R1 when accessing the Internet, and users on vlan 20 to go to gateway R2 when accessing the Internet.

When failure occurs on gateway R1, vlan 10 will go to gateway R2.

2. Topology：



3. Configurations：

3.1 Basic IP and VLAN Configuration

SW1:

SW1#config

SW1(config)#vlan 10

SW1(config-vlan)#vlan 20

SW1(config-vlan)#int vlan 10

SW1(config-if-VLAN 10)#ip add 172.10.10.254 24

SW1(config-if-VLAN 10)#int vlan 20

SW1(config-if-VLAN 20)#ip add 172.20.20.254 24

SW1(config-if-VLAN 20)#int g0/0

SW1(config-if-GigabitEthernet 0/0)#no switchport

SW1(config-if-GigabitEthernet 0/0)#ip add 192.168.100.10 24

SW1(config-if-GigabitEthernet 0/0)#int g0/1

SW1(config-if-GigabitEthernet 0/1)#no switchport

SW1(config-if-GigabitEthernet 0/1)#ip add 192.168.200.20 24

SW1(config-if-GigabitEthernet 0/1)#int g0/2

SW1(config-if-GigabitEthernet 0/2)#switchport mode access

SW1(config-if-GigabitEthernet 0/2)#switchport access vlan 10

SW1(config-if-GigabitEthernet 0/2)#int g0/3

SW1(config-if-GigabitEthernet 0/3)#switchport mode access

SW1(config-if-GigabitEthernet 0/3)#switchport access vlan 20

R1：

R1#conf

R1(config)#int g0/0

R1(config-if-GigabitEthernet 0/0)#ip add 192.168.100.11 24

R1(config-if-GigabitEthernet 0/0)#int g0/1

R1(config-if-GigabitEthernet 0/1)#ip add 100.10.20.10 24

R2:

R2#conf

R2(config)#int g0/1

R2(config-if-GigabitEthernet 0/1)#ip add 192.168.200.21 24

R2(config-if-GigabitEthernet 0/1)#int g0/2

R2(config-if-GigabitEthernet 0/2)#ip add 200.10.20.20 24

3.2 Routing configuration

SW1：

SW1(config)#ip route 0.0.0.0 0.0.0.0 192.168.100.11

SW1(config)#ip route 0.0.0.0 0.0.0.0 192.168.200.21

R1:

R1(config)#ip route 0.0.0.0 0.0.0.0 100.10.20.1

R1(config)#ip route 172.0.0.0 255.0.0.0 192.168.100.10

R2：

R2(config)#ip route 0.0.0.0 0.0.0.0 200.10.20.1

R2(config)#ip route 172.0.0.0 255.0.0.0 192.168.200.20

3.3 NAT configuration on Ruijie gateway

R1：

R1(config)#ip access-list standard 23

R1(config-std-nacl)#permit any

R1(config-std-nacl)#int g0/0

R1(config-if-GigabitEthernet 0/0)#ip nat inside

R1(config-if-GigabitEthernet 0/0)#int g0/1

R1(config-if-GigabitEthernet 0/1)#ip nat outside

R1(config-if-GigabitEthernet 0/1)#exit

R1(config)#ip nat inside source list 23 interface g0/1 overload

R2：

R2(config)#ip access-list standard 23

R2(config-std-nacl)#permit any

R2(config-std-nacl)#int g0/1

R2(config-if-GigabitEthernet 0/1)#ip nat inside

R2(config-if-GigabitEthernet 0/1)#int g0/2

R2(config-if-GigabitEthernet 0/2)#ip nat outside

R2(config-if-GigabitEthernet 0/2)#exi

R2(config)#ip nat inside source list 23 interface g0/2 overload

3.4 PBR + RNS configuration on Ruijie Switch

SW1(config)#ip rns 10

SW1(config-ip-rns)#icmp-echo 192.168.100.11

SW1(config-ip-rns-icmp-echo)#timeout 5000

SW1(config-ip-rns-icmp-echo)#frequency 45000   //Send an ICMP message every 45s, if no response is received in 5s, the query is considered failed

SW1(config-ip-rns-icmp-echo)#exi

SW1(config)#ip rns 20

SW1(config-ip-rns)#icmp-echo 192.168.200.21

SW1(config-ip-rns-icmp-echo)#timeout 5000

SW1(config-ip-rns-icmp-echo)#frequency 45000

SW1(config-ip-rns-icmp-echo)#exi

SW1(config)#ip rns schedule 10 start-time now life forever    //Enable RNS function

SW1(config)#ip rns schedule 20 start-time now life forever

SW1(config)#track 10 rns 10   //Configure track to follow up the RNS

SW1(config-track)#exi

SW1(config)#track 20 rns 20

SW1(config-track)#exi

SW1(config)#ip access-list extended 110

SW1(config-ext-nacl)#10 deny ip 172.10.10.0 0.0.0.255 172.0.0.0 0.255.255.255  //Deny intranet traffic. Make sure the intranet connectivity is normal

SW1(config-ext-nacl)#20 permit ip 172.10.10.0 0.0.0.255 any  

SW1(config-ext-nacl)#exi

SW1(config)#ip access-list extended 120

SW1(config-ext-nacl)#10 deny ip 172.20.20.0 0.0.0.255 172.0.0.0 0.255.255.255

SW1(config-ext-nacl)#20 permit ip 172.20.20.0 0.0.0.255 any

SW1(config-ext-nacl)#exi

SW1(config)#route-map PatriTest permit 10

SW1(config-route-map)#match ip address 110      //Match the VLAN 10 traffic

SW1(config-route-map)#set ip next-hop verify-availability 192.168.100.11 track 10  //Forced setting of the ip next-hop to R1, and call the track object

SW1(config-route-map)#exi

SW1(config)#route-map PatriTest permit 20

SW1(config-route-map)#match ip address 120

SW1(config-route-map)#set ip next-hop verify-availability 192.168.200.21 track 20

SW1(config-route-map)#exi

SW1(config)#int vlan 10

SW1(config-if-VLAN 10)#ip policy route-map PatriTest   //PBR is effective only in the inbound of traffic

SW1(config-if-VLAN 10)#int vlan 20

SW1(config-if-VLAN 20)#ip policy route-map PatriTest

SW1(config)#ip route 0.0.0.0 0.0.0.0 192.168.100.11 track 10  //Modify the default route on Ruijie Switch, call the track object

SW1(config)#ip route 0.0.0.0 0.0.0.0 192.168.200.21 track 20

3.5 Save all the configurations

SW1/R1/R2：

Ruijie(config)#end

Ruijie#wr

4. Verification：

4.1 Traceroute on the PC when gateway A and B are working normally





4.2 Traceroute on the PC when gateway A fails but B is working normally

---

Welcome to Ruijie Community (https://community.ruijienetworks.com/)

Powered by Discuz! X3.2