SmartSwitch Router User Reference Manual 213Chapter 15: IP Policy-Based Forwarding Configuration GuideTraffic from the premium customer is load balanced across two next-hop gateways in thehigh-cost, high-availability network. If neither of these gateways is available, then packetsare forwarded based on dynamic routes learned via routing protocols.Traffic from the standard customer always uses one gateway (200.1.1.1). If for some reasonthat gateway is not available, packets from the standard customer are dropped.The following is the IP policy configuration for the Policy Router in Figure 21:Authenticating Users through a FirewallYou can define an IP policy that authenticates packets from certain users via a firewallbefore accessing the network. If for some reason the firewall is not responding, the packetsto be authenticated are dropped. Figure 22 illustrates this kind of configuration.Figure 22. Using an IP Policy to Authenticate Users Through a Firewallinterface create ip premium-customer address-netmask 10.50.1.1/16 portet.1.1interface create ip standard-customer address-netmask 11.50.1.1/16 portet.1.2acl premium-customer permit ip 10.50.0.0/16 any any any 0acl standard-customer permit ip 11.50.0.0/16 any any any 0ip-policy p1 permit acl premium-customer next-hop-list "100.1.1.1100.1.1.2" action policy-first sequence 20ip-policy apply interface premium-customerip-policy p2 permit acl standard-customer next-hop-list 200.1.1.1action policy-only sequence 30ip-policy apply interface standard-customerfull-timers10.50.2.0/24ServersRoutFirewallPolicyRouterRoutercontractors10.50.1.0/2411.1.1.112.1.1.1