Policy Based Routing Questions
Here you will find answers to Policy Based Routing Questions
Question 1
Refer to the exhibit. Based upon the configuration, you need to understand why the policy routing match counts are not increasing. Which would be the first logical step to take?
A. Confirm if there are other problematic route-map statements that precede divert.
B. Check the access list for log hits.
C. Check the routing table for 212.50.185.126.
D. Remove any two of the set clauses. (Multiple set clause entries will cause PBR to use the routing table.)
Answer: B
Explanation
First we should check the access-list log, if the hit count does not increase then no packets are matched the access-list -> the policy based routing match counts will not increase.
Question 2
When policy-based routing (PBR) is being configured, which three criteria can the set command specify? (Choose three)
A. all interfaces through which the packets can be routed
B. all interfaces in the path toward the destination
C. adjacent next hop router in the path toward the destination
D. all routers in the path toward the destination
E. all networks in the path toward the destination
F. type of service and precedence in the IP packets
Answer: A C F
Explanation
The set command specifies the action(s) to take on the packets that match the criteria. You can specify any or all of the following:
* precedence: Sets precedence value in the IP header. You can specify either the precedence number or name.
* df: Sets the “Don’t Fragment” (DF) bit in the ip header.
* vrf: Sets the VPN Routing and Forwarding (VRF) instance.
* next-hop: Sets next hop to which to route the packet.
* next-hop recursive: Sets next hop to which to route the packet if the hop is to a router which is not adjacent.
* interface: Sets output interface for the packet.
* default next-hop: Sets next hop to which to route the packet if there is no explicit route for this destination.
* default interface: Sets output interface for the packet if there is no explicit route for this destination.
Question 3
Refer to the exhibit. Which command would verify if PBR reacts to packets sourced from 172.16.0.0/16?
A. show ip route
B. show policy-map
C. show access-lists
D. show route-map
Answer: D
Explanation
The “show route-map “route-map name” displays the policy routing match counts so we can learn if PBR reacts to packets sourced from 172.16.0.0/16 or not.
Question 4
A policy needs to be implemented on Router B so that any traffic sourced from 172.16.11.0/24 will be forwarded to Router C. Which configuration on Router B will achieve the desired effect?
A. access-list 1 permit 172.16.11.0 0.0.0.255
!
interface s0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.12.3
B. access-list 1 permit 172.16.11.0 0.0.0.255
!
interface e0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.12.2
C. access-list 1 permit 172.16.11.0 0.0.0.255
!
interface e0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.14.4
D. access-list 1 deny 172.16.11.0 0.0.0.255
!
interface s0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.12.2
Answer: A
Explanation
The “next-hop” IP address should be the E1 interface of router C (172.16.12.3) -> A is correct.
1- LSA type 1 : 3R3# sh ip ospf dsaabateLink ID ADV Router Age Seq# Checksum Link count2.2.2.2 2.2.2.2 1148 0 80000004 0x00778A 43.3.3.3 3.3.3.3 1326 0 80000003 0 000893 37.7.7.7 7.7.7.7 1141 0 80000004 0x00CB66 3net link : 1 -2Link ID ADV Router Age Seq# Checksum22.22.22.2 2.2.2.2 1147 0 80000001 0x00D7F1 R3#sh ip ospf dsaabate router 3.3.3.3 3 Link connected to: a Stub Network (Link ID) Network/subnet number: 3.3.3.3 (Link Data) Network Mask: 255.255.255.255 Number of TOS metrics: 0 TOS 0 Metrics: 1 Link connected to: another Router (point-to-point) (Link ID) Neighboring Router ID: 2.2.2.2 (Link Data) Router Interface address: 33.33.33.3 Number of TOS metrics: 0 TOS 0 Metrics: 64 Link connected to: a Stub Network (Link ID) Network/subnet number: 33.33.33.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metrics: 64R2#sh ip ospf dsaabate router 2.2.2.2 Link connected to: a Stub Network (Link ID) Network/subnet number: 2.2.2.2 (Link Data) Network Mask: 255.255.255.255 Number of TOS metrics: 0 TOS 0 Metrics: 1 Link connected to: another Router (point-to-point) (Link ID) Neighboring Router ID: 3.3.3.3 (Link Data) Router Interface address: 33.33.33.2 Number of TOS metrics: 0 TOS 0 Metrics: 64 Link connected to: a Stub Network (Link ID) Network/subnet number: 33.33.33.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metrics: 64R1#sh ip ospf dsaabate router 7.7.7.7Link connected to: a Stub Network (Link ID) Network/subnet number: 7.7.7.7 (Link Data) Network Mask: 255.255.255.255 Number of TOS metrics: 0 TOS 0 Metrics: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 22.22.22.2 (Link Data) Router Interface address: 22.22.22.7 Number of TOS metrics: 0 TOS 0 Metrics: 10 Link connected to: a Stub Network (Link ID) Network/subnet number: 77.77.77.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metrics: 10
it should be great idea to update more questions ab Policy Base Routing.it is a hard part of topic.
All very easy questions :D
Billy, I actually find PBR very easy, but of course, to each their own.
Good on you Marco you sick cat
In Q.4 I feel option A is correct only if policy map is applied on E0 interface.
Secondly,access-list uses subnet mask (not the wildcard mask)
Please, can someone tell us if there is questions about configuring IPsec, IPV6 Tunneling and DSL configuring ?
Thanks
@rajendra
for Q4, the policy map should be applied on incoming interface so s/0 is correct and access-list supports wild card mask not subnet mask.
tx
on the ACL in Q4, doesn’t the use of “host” imply a wildcard of 0.0.0.0 ?
Shouldn’t it read: access-list permit 100 ip 172.16.0.0 0.0.255.255 any ?
** access-list permit 101
Is there any labs for CCNP SECURE 642-637
thanks