Aruba AOS-CX Policy Based Routing, PBR
In this post we are going to outline the configuration required for policy based routing in Aruba AOS-CX switches.
For this setup, I wanted to ensure that all traffic originating from 10.199.0.0/16 subnet would be sent to a firewall as the next hop, to go over a VPN tunnel, rather than through the default route to SDWAN. The purpose of this was a quick and easy way route a sites traffic temporarily via a remote office for provisioning.
Since a standard route will only match based on destination, we classify the traffic, create an action, create a policy to apply the action to the classified traffic, then apply the policy to the vlan interface
1. Classify the source traffic. Use format "class ip <name-of-class>". I put "class" explicitly in the name to keep it clearer. I am also matching for traffic destined to 10.0.0.0/8
2. Create an action. Our action is going to be simple, set the next hop, but there are other actions. Same as with class, I put "action" explicitly in the name for simplicity
3. Create the policy. This is the part that instructs the router to take the classified traffic in step 1, and apply the routing policy defined in step 2.
4. Apply it to the vlan interface. We use "routed-in" to specify that we want to match on traffic coming into the vlan interace
5. Verify the configuration from the switch. Or of course you could simply do a traceroute from inside the subnet, where we would see 10.20.30.2 as the next hop after the switch.
https://arubanetworking.hpe.com/techdocs/AOS-CX/10.09/HTML/ip_route_4100i-6000-6100-6200/Content/Chp_PBR/pol-bas-rou-pbr.htm
https://community.arubanetworks.com/discussion/aruba-cx-6300m-policy-based-routing