Description: In scenarios with multiple Internet connections, it may be necessary to route certain traffic over a particular Internet connection. This can be realized with policy-based routing. However, if the associated Internet connection fails, the data will continue to be routed over a connection that no longer exists. The communication therefore fails. This document describes how to automatically deactivate a policy-based routing rule if the associated Internet connection fails and reactivate it when the Internet connection is established again. This procedure is suitable for scenarios where a failure of the Internet connection used by policy-based routing reverts to the default route with routing tag 0. A typical scenario would feature two Internet connections. After deactivating the policy-based routing rule, the traffic is transmitted via the Internet connection with routing tag 0. If this is not possible (e.g. because routing tag 0 was assigned to a load balancer with more than two Internet connections), the routing tag in the firewall rule must be rewritten by means of the Action Table instead of activating/deactivating the firewall rule. This is described in this Knowledge Base article.
Requirements:- LCOS as of version 8.00 (download latest version)
- LANtools as of version 8.00 (download latest version)
- Router with at least two configured and functional Internet connections
- Previously configured and functional policy-based routing (see )
- Tool for accessing the router CLI (e.g. PuTTY)
Procedure: 1) Set up the Action Table to automatically activate/deactivate the policy-based routing rule: 1.1) Open the configuration for the router in LANconfig and switch to the menu item Communication → General → Action table. 1.2) Create a new entry and enter the following information so that the firewall rule is automatically deactivated following the failure of the Internet connection. - Name: Enter a descriptive name.
- Remote site: From the drop-down menu, set the Remote site to the Internet connection that the policy-based routing rule uses for routing the traffic.
- Condition: Set the drop-down menu for Condition to End (disc. or broken).
- Action: Enter the following command to deactivate the firewall rule:
exec: set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} no
1.3) Create an additional entry and enter the following information so that the firewall rule is automatically activated after the Internet connection is established. - Name: Enter a descriptive name.
- Remote site: From the drop-down menu, set the Remote site to the Internet connection that the policy-based routing rule originally used for routing the traffic.
- Condition: Set the drop-down menu for Condition to Establish.
- Action: Enter the following command to activate the firewall rule:
exec: set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} yes
1.4) Write the configuration back to the router.
2) Optional: Testing the commands on the CLI We recommend that you test the functionality of the commands saved in Step 1.2 and 1.3 in advance.
Hinweis |
---|
From the CLI, the commands are specified without exec: |
2.1) Connect to the router’s CLI and enter the following commands. - Deactivating the firewall rule:
set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} no
- Activating the firewall rule:
exec: set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} yes
|