Uplink Routing using Next-hop Lists

Add a name for the new next-hop list.

NOTE:You cannot use the same name for both IPv4 and IPv6 next-hop lists.

Select eitherIPv4orIPv6from the drop-down list, which you want to assign for the new next-hop list.

IPv4 or IPv6 address of the next-hop device or theVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.ID of theVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.used by the next-hop device. If theVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.gets an IPv4 address usingDHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network., and the defaultgatewayGateway is a network node that allows traffic to flow in and out of the network.is determined by theVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.接口,gatewayGateway is a network node that allows traffic to flow in and out of the network.IP is used as the next-hop IP address.

Click+to open theAdd IPv4 NextHoppop-up window, if you selectedIPv4option in theIP versionfield. In theAdd IPv4 NextHoppop-up window, select one of the following radio buttons:

IP— Enter the IPv4 address and priority of the next-hop device In theIP addressandPriorityfields respectively.

DHCP— Enter theVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.ID and priority of the next-hop device In theVLAN IDandPriorityfields respectively.

Click+to open theAdd IPv6 NextHoppop-up window, if you selectedIPv6option in theIP versionfield.

In theAdd IPv6 NextHoppop-up window, enter the IPv6 address and priority of the next-hop device in theIPv6 addressandPriorityfields.

Use the optionalPriorityfield to assign priority to next-hop device. The range is 1-255 and default value is 128.

NOTE:You can configure a maximum of 16 next-hop devices for a next-hop list, and a maximum of 32 next-hop lists are currently supported.

NOTE:You cannot configure IPv6 multicast, link-local, unspecified, loopback, andsubnetSubnet is the logical division of an IP network.anycast addresses as IPv6 next-hop addresses.

A next-hop list may require policy-based redirection of traffic to differentVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.tunnels. Select anIPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session.map to redirect traffic throughIPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session.tunnels.

Click+to open theAdd New IPsec Mappop-up window. Select eitherUsing site-to-site IPSecorUsing IPSec Tunnel to VPNCoption from the drop-down list ofForward Settingsfield, and specify the priority in thePriorityfield.

NOTE:For IPv6 address, onlyUsing site-to-site IPSecoption is supported underForward Settingsfield.

If amanaged deviceterminates a secure tunnel on aVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.concentrator, you can issue thevpn-peer peer-maccommand on theVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.concentrator configuration to enable load balancing on secure uplinks between theVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.concentrator and amanaged device.

The following example enables uplinks between amanaged devicewith theMACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.address 01:00:5E:00:00:FF and aVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.concentrator, this automatically enables load balancing:

(host)[node](config) #vpn-peer peer-mac 01:00:5E:00:00:FF cert-auth factory-cert

NOTE:If the peer device is an x86 server, then configure theMACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.address of the management interface of themanaged device. However, if the peer device is a hardware platform, you must provide theMACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.address of theVLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.interface of themanaged device