Versionen im Vergleich

Alte Version 3

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version 4

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.


Seiteneigenschaften



Notes Link


Description:
In scenarios with multiple Internet connections, it may be necessary to route certain traffic over a particular Internet connection. This can be realized with policy-based routing.
However, if the associated Internet connection fails, the data will continue to be routed over a connection that no longer exists. The communication therefore fails.
This document describes how to automatically deactivate a policy-based routing rule if the associated Internet connection fails and reactivate it when the Internet connection is established again.
This procedure is suitable for scenarios where a failure of the Internet connection used by policy-based routing reverts to the default route with routing tag 0. A typical scenario would feature two Internet connections.
After deactivating the policy-based routing rule, the traffic is transmitted via the Internet connection with routing tag 0. If this is not possible (e.g. because routing tag 0 was assigned to a load balancer with more than two Internet connections), the routing tag in the firewall rule must be rewritten by means of the Action Table instead of activating/deactivating the firewall rule. This is described in
the following article:
this Knowledge Base article.



Requirements:
  • LCOS as of version 8.00 (download latest version)
  • LANtools as of version 8.00 (download latest version)
  • Router with at least two configured and functional Internet connections
  • Previously configured and functional policy-based routing (see
DokumentlinksymbolImage Removed


Procedure:
1) Set up the Action Table to automatically activate/deactivate the policy-based routing rule:
1.1) Open the configuration for the router in LANconfig and switch to the menu item Communication
-> General -> Action
→ General → Action table.
Image Removed
Image Added
1.2) Create a new entry and enter the following information so that the firewall rule is automatically deactivated following the failure of the Internet connection.
  • Name: Enter a descriptive name.
  • Remote site: From the drop-down menu, set the Remote site to the Internet connection that the policy-based routing rule uses for routing the traffic.
  • Condition: Set the drop-down menu for Condition to End (disc. or broken).
  • Action: Enter the following command to deactivate the firewall rule:

    exec: set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} no
Image Removed
Image Added
1.3) Create an additional entry and enter the following information so that the firewall rule is automatically activated after the Internet connection is established.
  • Name: Enter a descriptive name.
  • Remote site: From the drop-down menu, set the Remote site to the Internet connection that the policy-based routing rule originally used for routing the traffic.
  • Condition: Set the drop-down menu for Condition to Establish.
  • Action: Enter the following command to activate the firewall rule:

    exec: set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} yes
Image Removed
Image Added
1.4) Write the configuration back to the router.


2) Optional: Testing the commands on the CLI
We recommend that you test the functionality of the commands saved in Step 1.2 and 1.3 in advance. 
Important:


Hinweis

From the CLI, the commands are specified without exec:

.


2.1) Connect to the router’s CLI and enter the following commands.
  • Deactivating the firewall rule:

    set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} no
Image Removed
Image Added
  • Activating the firewall rule:

    exec: set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} yes
Image Removed

  • Image Added