Policy Based Routing Sim
Question
Company Acan has two links which can take it to the Internet. The company policy demands that you use web traffic to be forwarded only to Frame Relay link if available and other traffic can go through any links. No static or default routing is allowed.
Answer and Explanation:
Notice: The answer and explanation below are from PeterPan and Helper.Please say thank to them!
All the HTTP traffic from the EIGRP Network should go through Frame Relay link if available and all the other traffic should go through either link.
The only router you are able to administrate is the Border Router, from the EIGRP Network you may only send HTTP traffic. As the other people mentioned, actually it is not a BGP lab. You are not able to execute the command “router bgp 65001″
1) Access list that catches the HTTP traffic:
BorderRouter#access-list 101 permit tcp any any eq www
Note that the server was not directly connected to the Border Router. There were a lot of EIGRP routes on it. In the real exam you do not know the exact IP address of the server in the EIGRP network so we have to use the source as “any” to catch all the source addresses.
2) Route map that sets the next hop address to be ISP1 and permits the rest of the traffic:
BorderRouter(config)#route-map pbr permit 10
BorderRouter(config-route-map)#match ip address 101
BorderRouter(config-route-map)#set ip next-hop 10.1.101.1
BorderRouter(config-route-map)#exit
(Update: We don’t need the last command route-map pbr permit 20 to permit other traffic according to Cisco:
“If the packets do not meet any of the defined match criteria (that is, if the packets fall off the end of a route map), then those packets are routed through the normal destination-based routing process. If it is desired not to revert to normal forwarding and to drop the packets that do not match the specified criteria, then interface Null 0 should be specified as the last interface in the list by using the set clause.”
Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml)
3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config-route-map)#exit
BorderRouter(config)#int fa0/0
BorderRouter(config-if)#ip policy route-map pbr
BorderRouter(config-if)#exit
BorderRouter(config)#exit
4) There is a “Host for Testing”, click on this host to open a box in which there is a button named “Generate HTTP traffic”. Click on this button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the command “show route-map”.
BorderRouter#show route-map
In the output you will see the line “Policy routing matches: 9 packets…”. It means that the route-map we configured is working properly.
Other lab-sims on this site:
@AmauryRS
don’t bother with the last line. it only works if the next-hop router is also running cisco IOS. verify-availability works in conjunction with CDP (a cisco only feature)
i was able to perform the lab but not able to telnet … can someone send me the lab on gns plzzzzzzzzzzzz
type : PDF
Price :Free : )
update date 15 MAR
http://www.2shared.com/document/YWw6jX-r/642-902qa358.html
and dont Forg8 5 labs
1-OSPF EIGRP Redistribute Lab
2-OSPF Sim
3-IPv6 OSPF Virtual Link Sim
4-EIGRP Simleter
5-Policy Based Routing Sim
for Lab
I’m gonna answer my own question. I took the test yesterday and “debug ip policy” does not work to verify the matches in real time.
these sim tests are dumb. :(
anyhow on the redistribution router “show route-map” should show the 9 packets generated by the host, which is a dumb host that has a button called “generate http traffic” and nothing else.
I almost scored 900. The points I lost were mainly due to IPv6 and tunneling questions. There were around 15-18 of them
Should need the following in the route map:
route-map pbr permit 20 (with no match and no set statement)
This way all other traffice besides http doesn’t hit the implicit deny.
هذه اخر الاسئلة لاتنسوني من الدعاء
type : PDF
Price :Free : )
update date 15 MAR
http://www.2shared.com/document/YWw6jX-r/642-902qa358.html
and dont Forg8 5 labs
1-OSPF EIGRP Redistribute Lab
2-OSPF Sim
3-IPv6 OSPF Virtual Link Sim
4-EIGRP Simleter
5-Policy Based Routing Sim
for Lab
No anom. You don’t need “route-map pbr permit 20″
And it doesn’t deny the traffic, it forwards it through the fastest link because it didn’t match the first clause.
This is expected behavior
Thank you, PeterPan and Helper for your contribution(s).
I partly agree with Anonymous here. Something is missing here to prevent non http traffic from being dropped. Anyone?
@anonymous I think “route-map pbr permit 20″ is not necesaarily to be added. You are talking about implicit statement of “Deny all”, that would be done in access list 10 which is called/aplied in “route-map pbr permit 10″. As about “route-map pbr permit 20″ there is no access list created that should deny the traffic coming in otherwise.
هذه اخر الاسئلة لاتنسوني من الدعاء
type : PDF
Price :Free : )
update date 15 MAR
http://www.2shared.com/document/YWw6jX-r/642-902qa358.html
and dont Forg8 5 labs
1-OSPF EIGRP Redistribute Lab
2-OSPF Sim
3-IPv6 OSPF Virtual Link Sim
4-EIGRP Simleter
5-Policy Based Routing Sim
for Lab
Just imagine this: when you enable policy based route-map, the router create small buffer just before routing table. This buffer operates on the principle of route-map just created. When match clauses occured – the packed will be forwarded to its destination based on PBR WITHOUT intervention of general routing policy..When there is NO match clauses, the packet is NOT dropped – it simply forwarded to routing table of router. Therefore we not need route-map pbr permit 20.
Labs are relavent…. passed! !
thanks Anony
Passed today with 880 marks
All the Labs are valid but in the Policy based routing lab
i have done the same config but no matches are found on the Route map.
#route-map pbr permit 10,why we use 10 here???
what is the purpose of this command??
@Meerab :
10 is just the sequence number for a route map…
10 will be executed before 20 … take it this way ..
@route map
thanks for reply
#route-map pbr permit 20,should we use this command or not???
and also m not able to verify this lab on gns3 ,how can i verify the lab on gns3 ?ply reply soon