Home > Policy Based Routing Sim

Policy Based Routing Sim

May 8th, 2014 in Lab Sim, LabSim Go to comments

Question

Company TUT has two links to the Internet. The company policy requires that web traffic must be forwarded only to Frame Relay link if available and other traffic can go through any links. No static or default routing is allowed.

BGP_Policy_Based_Routing_Sim.jpg

 

Answer and Explanation:

Notice: The answer and explanation below are from PeterPan and Helper.Please say thank to them!

All the HTTP traffic from the EIGRP Network should go through Frame Relay link if available and all the other traffic should go through either link.
The only router you are able to administrate is the Border Router, from the EIGRP Network you may only send HTTP traffic. As the other people mentioned, actually it is not a BGP lab. You are not able to execute the command “router bgp 65001”

1) Access list that catches the HTTP traffic:
BorderRouter(config)#access-list 101 permit tcp any any eq www

Note that the server was not directly connected to the Border Router. There were a lot of EIGRP routes on it. In the real exam you do not know the exact IP address of the server in the EIGRP network so we have to use the source as “any” to catch all the source addresses.

2) Route map that sets the next hop address to be ISP1 and permits the rest of the traffic:
BorderRouter(config)#route-map pbr permit 10
BorderRouter(config-route-map)#match ip address 101
BorderRouter(config-route-map)#set ip next-hop 10.1.101.1
BorderRouter(config-route-map)#exit

(Update: We don’t need the last command route-map pbr permit 20 to permit other traffic according to Cisco:

“If the packets do not meet any of the defined match criteria (that is, if the packets fall off the end of a route map), then those packets are routed through the normal destination-based routing process. If it is desired not to revert to normal forwarding and to drop the packets that do not match the specified criteria, then interface Null 0 should be specified as the last interface in the list by using the set clause.”

Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml)

3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config-route-map)#exit
BorderRouter(config)#int fa0/0
BorderRouter(config-if)#ip policy route-map pbr
BorderRouter(config-if)#exit
BorderRouter(config)#exit

4) There is a “Host for Testing”, click on this host to open a box in which there is a button named “Generate HTTP traffic”. Click on this button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the command “show route-map”.

BorderRouter#show route-map

In the output you will see the line “Policy routing matches: 9 packets…”. It means that the route-map we configured is working properly.

Note: We have posted a Policy Based Routing lab on GNS3 similar to this sim with detailed explanation, you can read it here.

Other lab-sims on this site:

EIGRP Stub Sim

OSPF Sim

EIGRP OSPF Redistribution Sim

IPv6 OSPF Virtual Link Sim

EIGRP Simlet

Comments
Comment pages
1 2 3 4 28
  1. mgday
    April 6th, 2017

    Hi Everyone,

    Please share this dumps 149q+41q+15q or any latest valid dumps if available.

    gokdin @ hotmail.com

  2. s0laris
    April 7th, 2017

    Hi everyone,
    I am sharing 252q+149q+41q+15q dump files as below. Good luck

    https://mega.nz/#F!PA0HwLLJ!6K7RQ6Lu1O2BoNx3eDg5tA

  3. KienNT
    April 14th, 2017

    Hi guy
    Please share this dumps VCE 149+41+15+183+56+82+32+8
    thanks
    ngocthanhkien9200 @ gmail com

  4. Anonymous
    April 14th, 2017

    guys help me

    In which scenario can asymmetric routing occur.
    1. active/active firewall setup
    2. reduntant routers running VRRp
    3. active/standby firewall setup
    4. simple path in and out of the network

  5. jZ
    April 15th, 2017

    the answer is 1. active/active firewall setup

  6. Don
    April 18th, 2017

    Hi JZ,

    what about the question on how to mitigate asymmetric routing using active/active firewall setup?

    Is it thru using a layer 3 device or router? Forgot the other options.

  7. Maksym
    April 20th, 2017

    Thanks S0laris!
    The best one!

  8. DAN
    April 25th, 2017

    Hi network brains
    which ones from lab are inn the exam ?????????
    waiting your kind response

  9. Ayesha Mumtaz
    May 8th, 2017

    Get Latest Exams Dumps at http://www.pass4surekey.com/

  10. Chaka
    May 20th, 2017

    BorderRouter(config)#route-map pbr permit 10
    BorderRouter(config-route-map)#match ip address 101
    BorderRouter(config-route-map)#set ip next-hop 10.1.101.1
    BorderRouter(config-route-map)#exit
    I think this is wrong “match ip address 101”
    It have to be “match policy-list 101”
    IsnĀ“t it?

  11. ANAroute
    May 21st, 2017

    Compilation of exams and including April and May.
    h t t p : / / c o r n e e y . c o m / q D 4 e y d
    the pass is
    !aAyefgyn-7nP18rSvGvzPPv5FJbO_e8AmeieWSZZtTk
    delete the spaces

  12. PBR route-maps
    May 22nd, 2017

    Can somebody please reply as if 2nd statement is needed or not to allow all other traffic==>#route-map PBR permit 20.

    Cisco press documentation said “There is always an implicit deny statement at the end of a route map” http://www.ciscopress.com/articles/article.asp?p=2273507&seqNum=12 .

    But also they mention that “The policy routing process proceeds through the route map until a match is found. If no match is found in the route map, or the route map entry is made a deny instead of a permit, then normal destination-based routing of the traffic ensues”. on http://www.cisco.com/en/US/products/ps6599 products_white_paper09186a00800a4409.shtml

    Please advise if following is correct or not:
    #####################
    #route-map PBR permit 10
    ()#match ip address 101
    ()#set ip address 10.1.101.1

    #route-map PBR permit 20
    ####################
    thank you

  13. PBR route-maps
    May 22nd, 2017

    @ Chaka: “match ip address” is the way to go, since you are trying to match with an ACL, that is the right statement when filtering for either ACLs or prefix list.

  14. Yrsillar
    May 26th, 2017

    Can someone please share/eail the new/updated dumps. im planning to take the exam this june.
    Thanks and more power to digitaltut.

    dlinuxuser1 @ gmail com

  15. hardik
    May 26th, 2017

    Request you please share latest dumps
    hardik.patira28 @ gmail .com
    thanks in advance

  16. Anonymous
    May 27th, 2017

    pass ccnp route exam today..

Comment pages
1 2 3 4 28
  1. No trackbacks yet.