Configuring Forward Policies

Contents

1Overview
1.1Circuit-Based Forwarding
1.2Class-Based Forwarding
1.3Circuit- and Class-Based Forwarding
1.4Forward Policy Support Per Circuit Type

2

Configuration and Operations Tasks
2.1Configure a Forward Policy
2.2Apply a Policy ACL to a Forward Policy
2.3Operations Tasks

3

Configuration Examples
3.1Traffic Mirroring
3.2Layer 2 Mirroring for Attachment Circuits
3.3Traffic Redirect
3.4Traffic Drop
3.5Combination of Traffic Mirror, Redirect, and Drop in One Policy
Copyright

© Ericsson AB 2009–2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List
SmartEdge is a registered trademark of Telefonaktiebolaget LM Ericsson.

1   Overview

This document provides an overview of forwarding policy features supported by the SmartEdge® router and describes the tasks used to configure, monitor, and administer the forward policies. This document also provides configuration examples of forward policies.

A forward policy applies only to IP traffic. A forward policy can be a combination of three actions:

You can apply forward policies at one of two levels or at both levels simultaneously. One level applies to all packets on a circuit and is referred to as circuit-based forwarding. Another level applies only to a specific class of packets traveling across a circuit and is referred to as class-based forwarding.

These levels of forward policies are described in the following sections:

1.1   Circuit-Based Forwarding

When you attach a forward policy that does not include a policy access control list (ACL) to a circuit, all traffic traveling over the circuit is treated in one manner; that is, it is mirrored, redirected, or dropped.

1.2   Class-Based Forwarding

A policy ACL classifies packets using classification statements (rules). Each policy ACL supports up to eight unique classes. You can classify a packet according to its IP precedence value, protocol number, IP source and destination address, Internet Control Message Protocol (ICMP) attributes, Internet Group Management Protocol (IGMP) attributes, Transmission Control Protocol (TCP) attributes, and User Datagram Protocol (UDP) attributes.

Note:  
Class-based forwarding is only supported on Layer 3 circuits.

To configure class-based forwarding for a circuit, you apply a policy ACL to a forward policy, specify the action that you want the policy to take for each class, and then attach the forward policy to the circuit. For more information about policy ACLs, see Configuring ACLs.

Note:  
If you do not specify an action for a class that is defined in the policy ACL, the SmartEdge router considers the class to be the default class.

1.3   Circuit- and Class-Based Forwarding

You can combine circuit-based and class-based forwarding, so that a class of packets can be treated in one manner, dependent on a policy ACL, while all remaining packets traveling across the circuit are treated strictly according to the forward policy conditions.

1.4   Forward Policy Support Per Circuit Type

Forward policy support varies per circuit type. For example, Layer 3 circuits have a principle binding or application for forwarding IP packets, and are configured using the bind interface, bind subscriber, and bind auth commands. Layer 2 circuits have a principle binding or application for forwarding encapsulated frames which may be IP or other Layer 3 protocols. Examples of Layer 2 circuits are L2VPNs (Layer 2 VPNs, Layer 2 XC (cross-connected) circuits, VLAN bridged circuits, and L2TP (Layer 2 Tunneling Protocol) LAC (L2TP access concentrator) session circuits.

The following Layer 3 circuits and traffic support forwarding policies: all circuits that carry IP routed traffic. Operating system Release 6.1.4.2 and higher releases also allow the following Layer 2 circuits and traffic to support forwarding policies: attachment circuits of all L2VPN circuits and XC circuits.

Note:  
The following Layer 2 circuits and traffic do not currently support forwarding policies: all bridged or VPLS circuits and LAC session circuits.

See the syntax section of the mirror destination command reference page for the forward policy functionality available for Layer 2 and Layer 3 circuits.

2   Configuration and Operations Tasks

Note:  
In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, find and select the command in the Command List.

2.1   Configure a Forward Policy

To configure a forward policy for circuit-based forwarding, for class-based forwarding, or for circuit- and class-based forwarding, perform the tasks described in Table 1; enter all commands in forward policy configuration mode, unless otherwise noted.

Table 1    Configure a Forward Policy

Step

Task

Root Command

Notes

1.

Create or select a policy and access forward policy configuration mode.

forward policy

Enter this command in global configuration mode.

2.

Redirect incoming packets not associated with a class with one of the following tasks:

   
 

To the specified output destination.

redirect destination circuit

 
 

To a next-hop IP address.

redirect destination next-hop

 

3.

Drop incoming packets not associated with a class.

drop (forward policy)

 

4.

Mirror specified incoming or outgoing packets not associated with a class to a specified output destination.

mirror destination

 

5.

Optional. Configure class-based forwarding for this policy.

 

See Section 2.2.

6.

Specify the destination circuit.

forward output (Circuit)

Enter this command in ATM PVC, Frame Relay PVC, GRE tunnel, or port configuration mode.


Select a different circuit from the circuits you have configured for the traffic being mirrored or redirected.

7.

Attach the policy to a circuit:

 

Enter either of these commands in ATM DS-3, ATM OC, ATM PVC, dot1q PVC, DS-0 group, DS-1, DS-3, E1, E3, Frame Relay PVC, port, or subscriber configuration mode.

 

To incoming traffic.

forward policy in

Only incoming packets can be redirected or dropped. Both incoming and outgoing packets can be mirrored.

 

To outgoing traffic.

forward policy out

 

2.2   Apply a Policy ACL to a Forward Policy

To apply a policy ACL to a forward policy for class-based forwarding, perform the tasks described in Table 2; enter all commands in policy group class configuration mode, unless otherwise noted.

Note:  
Policy ACL is only supported on Layer 3 circuits.

Table 2    Apply a Policy ACL to a Forward Policy

Step

Task

Root Command

Notes

1.

Apply a policy ACL to the forward policy, and access policy group configuration mode.

access-group

Enter this command in forward policy configuration mode.

2.

Specify a class and access policy group class configuration mode.

class

Enter this command in policy group configuration mode.


For class-based forwarding to occur, the class name must match one of the class names defined in the policy ACL.

3.

Optional. Redirect incoming packets associated with the class:

 
 
 

To the specified output destination.

redirect destination circuit

 

 

To a next-hop IP address.

redirect destination next-hop

 

4.

Optional. Drop incoming packets associated with the class.

drop (forward policy)

 

5.

Mirror specified packets associated with the class to a specified output destination.

mirror destination

 
Note:  
The redirect destination local command is used only for HTTP redirect and is described in Configuring HTTP Redirect.

2.3   Operations Tasks

To monitor, troubleshoot, and administer forward policies, perform the tasks described in Table 3. Enter the clear command in exec mode; enter the show commands in any mode.

Table 3    Forward Policy Operations Tasks

Task

Root Command

Clears information about ACLs used with forward policies that are attached to ports, channels, or circuits.

clear access-group

Display information about ACLs used with forward policies that are attached to ports, channels, or circuits.

show access-group

Display the configuration of forward policies.

show configuration forward

Display information about configured forward policies.

show forward policy

3   Configuration Examples

This section provides forward policy configuration examples.

3.1   Traffic Mirroring

The following example implements traffic mirroring for:

Traffic comes in through the interface, incoming_traffic, and leaves the router through the interface, normal_traffic.

Figure 1 displays the network topology for this example.

Figure 1   Basic Traffic Mirroring Network Topology (651)

The interface configuration is as follows:

[local]Redback#config

[local]Redback(config)#context local

[local]Redback(config-ctx)#interface e1

[local]Redback(config-if)#ip address 31.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface incoming_traffic

[local]Redback(config-if)#ip address 51.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface normal_traffic

[local]Redback(config-if)#ip address 41.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p1

[local]Redback(config-if)#ip address 21.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p2

[local]Redback(config-if)#ip address 22.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p3

[local]Redback(config-if)#ip address 23.1.1.1/24

The policy ACL configuration is as follows:

[local]Redback#config

[local]Redback(config)#context local

[local]Redback(config-ctx)#policy access-list PBR_ACL

[local]Redback(config-access-list)#seq 10 permit tcp any eq www any class WEB

[local]Redback(config-access-list)#seq 20 permit tcp any any eq www class WEB

[local]Redback(config-access-list)#seq 30 permit udp any class UDP

[local]Redback(config-access-list)#seq 40 permit ip any class IP

The forward policy configuration is as follows:

[local]Redback#config

[local]Redback(config)#forward policy MirrorPolicy

[local]Redback(config-policy-frwd)#mirror destination DroppedTraffic dropped sampling 3000

[local]Redback(config-policy-frwd)#access-group PBR_ACL local

[local]Redback(config-policy-group)#class WEB

[local]Redback(config-policy-group-class)#mirror destination WebTraffic all

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class UDP

[local]Redback(config-policy-group-class)#mirror destination UdpTraffic forwarded

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class IP

[local]Redback(config-policy-group-class)#mirror destination IpTraffic all

The following configuration attaches the forward policy to incoming circuits and defines the forward output destinations:

[local]Redback#config

[local]Redback(config)#port ethernet 4/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface e1 local

[local]Redback(config-port)#forward output DroppedTraffic

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 6/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface normal_traffic local

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 9/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface incoming_traffic local

[local]Redback(config-port)#forward policy MirrorPolicy in

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p1 local

[local]Redback(config-port)#forward output WebTraffic

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/2

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p2 local

[local]Redback(config-port)#forward output UdpTraffic

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/3

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p3 local

[local]Redback(config-port)#forward output IpTraffic

3.2   Layer 2 Mirroring for Attachment Circuits

The following examples implement traffic mirroring for:

The following example shows how to configure mirroring XC traffic onto a local circuit (applied on the port) is as follows:

[local]Redback#config

[local]Redback(config)#forward policy xc-policy

[local]Redback(config-policy-frwd)#mirror destination local-ckt1 all l2-frames

[local]Redback(config-policy-frwd)#port ethernet 2/1

[local]Redback(config-port)#encap dot1q

[local]Redback(config-port)#dot1q pvc 1

[local]Redback(config-dot1q-pvc)#bind bypass

[local]Redback(config-dot1q-pvc)#forward policy xc-policy in

[local]Redback(config-dotq1-pvc)#port ethernet 3/1

[local]Redback(config-port)#encap dot1q

[local]Redback(config-port)#dot1q pvc 100 encap 1qtunnel

[local]Redback(config-dot1q-pvc)#dot1q pvc 100:1

[local]Redback(config-dot1q-pvc)#bind bypass

[local]Redback(config-dot1q-pvc)#port ethernet 10/2

[local]Redback(config-port)#forward output local-ckt1

[local]Redback(config-port)#xc 2/1 vlan 1 to 3/1 vlan 100:1

[local]Redback(config)#end

In this configuration, traffic comes in through interface 2/1 vlan 1 interface, is forwarded to the 3/1 vlan 100:1 interface, and is also mirrored to the 10/2 port.

The following example show how to configure mirroring L2VPN VLL AC traffic onto a GRE tunnel:

[local]Redback#config

[local]Redback(config)#forward policy vll-policy

[local]Redback(config-policy-frwd)#mirror destination gre-tunnel1 all ip-datagrams

[local]Redback(config-policy-frwd)#end

[local]Redback(config)#

[local]Redback(config)#tunnel gre tunnel01

[local]Redback(config-tunnel)#peer-end-point local 1.1.1.10 remote 1.1.1.5

[local]Redback(config-tunnel)#bind interface if2 local

[local]Redback(config-tunnel)#forward output gre-tunnel1

[local]Redback(config-tunnel)#context local

[local]Redback(config-ctx)#l2vpn

[local]Redback(config-l2vpn)#xc-group 1

[local]Redback(config-l2vpn-xc-group)#xc 2/1 vlan 1 vc-id 10 peer 2.2.2.2

[local]Redback(config-l2vpn-xc-group)#port ethernet 2/1

[local]Redback(config-port)#dot1q pvc 1

[local]Redback(config-dot1q-pvc)#l2vpn local

[local]Redback(config-dot1q-pvc)#forward policy vll-policy out

[local]Redback(config-dot1q-pvc)#forward policy vll-policy in

In this configuration, the traffic that comes in through 2/1 vlan 1 port is forwarded to the vc-id 10 circuit and is mirrored to the tunnel01 GRE tunnel. The traffic that comes in through the vc-id 10 circuit is forwarded to the 2/1 vlan 1 port and is also mirrored to the tunnel01 GRE tunnel.

3.3   Traffic Redirect

The following example implements traffic redirection for:

This configuration allows all other traffic flow in the normal path. Traffic comes in through the interface, incoming_traffic, and leaves the router through the interface, normal_traffic. Figure 2 displays the network topology for this example.

Figure 2   Basic Traffic Redirect Network Topology (652)

Note:  
Traffic redirect is only supported on Layer 3 circuits.

The interface configuration is as follows:

[local]Redback#config

[local]Redback(config)#context local

[local]Redback(config-ctx)#interface e1

[local]Redback(config-if)#ip address 31.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface incoming_traffic

[local]Redback(config-if)#ip address 51.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface normal_traffic

[local]Redback(config-if)#ip address 41.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p1

[local]Redback(config-if)#ip address 21.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p2

[local]Redback(config-if)#ip address 22.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p3

[local]Redback(config-if)#ip address 23.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#ip route 100.1.1.0/24 21.1.1.2

[local]Redback(config-ctx)#ip route 100.1.1.0/24 22.1.1.2

The policy ACL configuration is as follows:

[local]Redback#config

[local]Redback(config)#context local

[local]Redback(config-ctx)#policy access-list PBR_Redirect_ACL

[local]Redback(config-access-list)#seq 10 permit tcp any eq www any class WEB

[local]Redback(config-access-list)#seq 20 permit tcp any any eq www class WEB

[local]Redback(config-access-list)#seq 30 permit tcp any class TCP

[local]Redback(config-access-list)#seq 40 permit udp any class UDP

[local]Redback(config-access-list)#seq 50 permit pim any class PIM

The forward policy configuration is as follows:

[local]Redback(config)#forward policy RedirectPolicy

[local]Redback(config-policy-frwd)#access-group PBR_Redirect_ACL local

[local]Redback(config-policy-group)#class WEB

[local]Redback(config-policy-group-class)#redirect destination next-hop 100.1.1.0

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class UDP

[local]Redback(config-policy-group-class)#redirect destination next-hop 100.1.1.0

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class PIM

[local]Redback(config-policy-group-class)#redirect destination circuit PIM_OUT

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class TCP

[local]Redback(config-policy-group-class)#redirect destination next-hop 
23.1.1.11 23.1.1.12 23.1.1.13 23.1.1.14

The following configuration attaches the forward policy to an incoming circuit and defines the forward output destinations:

[local]Redback(config)#port ethernet 4/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface e1 local

[local]Redback(config-port)#forward output PIM_OUT

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 6/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface normal_traffic local

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 9/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface incoming_traffic local

[local]Redback(config-port)#forward policy RedirectPolicy in

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p1 local

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/2

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p2 local

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/3

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p3 local

3.4   Traffic Drop

The following example implements traffic dropping for:

This configuration allows all other traffic flow in the normal path.

Traffic comes in through the interface, incoming_traffic, and leaves the router through the interface, normal_traffic. Figure 3 displays the network topology for this example.

Figure 3   Basic Traffic Drop Network Topology (653)

The interface configuration is as follows:

[local]Redback(config)#context local

[local]Redback(config-ctx)#interface e1

[local]Redback(config-if)#ip address 31.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface incoming_traffic

[local]Redback(config-if)#ip address 51.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface normal_traffic

[local]Redback(config-if)#ip address 41.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p1

[local]Redback(config-if)#ip address 21.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p2

[local]Redback(config-if)#ip address 22.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p3

[local]Redback(config-if)#ip address 23.1.1.1/24

The policy ACL configuration is as follows:

[local]Redback(config)#context local

[local]Redback(config-ctx)#policy access-list PBR_Drop_ACL

[local]Redback(config-access-list)#seq 10 permit icmp host 51.1.1.2 class ICMP

[local]Redback(config-access-list)#seq 20 permit pim any class PIM

The forward policy configuration is as follows:

[local]Redback(config)#forward policy DropPolicy

[local]Redback(config-policy-frwd)#access-group PBR_Drop_ACL local

[local]Redback(config-policy-group)#class ICMP

[local]Redback(config-policy-group-class)#drop

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class PIM

[local]Redback(config-policy-group-class)#drop

The following configuration attaches the forward policy to an incoming circuit and binds interfaces to output ports:

[local]Redback(config)#port ethernet 4/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface e1 local

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 6/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface normal_traffic local

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 9/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface incoming_traffic local

[local]Redback(config-port)#forward policy DropPolicy in

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p1 local

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/2

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p2 local

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/3

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p3 local

3.5   Combination of Traffic Mirror, Redirect, and Drop in One Policy

The following example implements these functions:

Traffic comes in through the interface, incoming_traffic, and leaves the box through the interface, normal_traffic. Figure 4 displays the network topology for the configuration example with traffic mirroring, redirect, and drop conditions in one policy.

Figure 4   Basic Network Topology for Mirroring, Redirect, and Drop in One Policy (653)

The interface configuration is as follows:

[local]Redback#config

[local]Redback(config)#context local

[local]Redback(config-ctx)#interface e1

[local]Redback(config-if)#ip address 31.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface incoming_traffic

[local]Redback(config-if)#ip address 51.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface normal_traffic

[local]Redback(config-if)#ip address 41.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p1

[local]Redback(config-if)#ip address 21.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p2

[local]Redback(config-if)#ip address 22.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface p3

[local]Redback(config-if)#ip address 23.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#ip route 100.1.1.0/24 21.1.1.2

The policy ACL configuration is as follows:

[local]Redback#config

[local]Redback(config)#context local

[local]Redback(config-ctx)#policy access-list PBR_ACL

[local]Redback(config-access-list)#seq 10 permit tcp any eq www any class WEB

[local]Redback(config-access-list)#seq 20 permit tcp any any eq www class WEB

[local]Redback(config-access-list)#seq 30 permit udp any class UDP

[local]Redback(config-access-list)#seq 40 permit icmp host 50.1.1.2 class ICMP

[local]Redback(config-access-list)#seq 50 permit pim any class PIM

[local]Redback(config-access-list)#seq 60 permit ip any class IP

The forward policy configuration is as follows:

[local]Redback(config)#forward policy GeneralPolicy

[local]Redback(config-policy-frwd)#mirror destination DroppedTraffic dropped sampling 3000

[local]Redback(config-policy-frwd)#access-group PBR_ACL local

[local]Redback(config-policy-group)#class WEB

[local]Redback(config-policy-group-class)#redirect destination next-hop 100.1.1.2

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class UDP

[local]Redback(config-policy-group-class)#mirror destination UdpTraffic forwarded

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class ICMP

[local]Redback(config-policy-group-class)#drop

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class PIM

[local]Redback(config-policy-group-class)#drop

[local]Redback(config-policy-group-class)#exit

[local]Redback(config-policy-group)#class IP

[local]Redback(config-policy-group-class)#mirror destination IpTraffic all

The following configuration applies the policy to an incoming circuit and defines the output destinations:

[local]Redback(config)#port ethernet 4/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface e1 local

[local]Redback(config-port)#forward output DroppedTraffic

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 6/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface normal_traffic local

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 9/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface incoming_traffic local

[local]Redback(config-port)#forward policy GeneralPolicy in

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p1 local

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/2

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p2 local

[local]Redback(config-port)#forward output UdpTraffic

[local]Redback(config-port)#exit

[local]Redback(config)#port pos 13/3

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface p3 local

[local]Redback(config-port)#forward output IpTraffic