Policy Based Routing Sim
Question
Company Acan has two links which can take it to the Internet. The company policy demands that you use web traffic to be forwarded only to Frame Relay link if available and other traffic can go through any links. No static or default routing is allowed.
Answer and Explanation:
Notice: The answer and explanation below are from PeterPan and Helper.Please say thank to them!
All the HTTP traffic from the EIGRP Network should go through Frame Relay link if available and all the other traffic should go through either link.
The only router you are able to administrate is the Border Router, from the EIGRP Network you may only send HTTP traffic. As the other people mentioned, actually it is not a BGP lab. You are not able to execute the command “router bgp 65001″
1) Access list that catches the HTTP traffic:
BorderRouter#access-list 101 permit tcp any any eq www
Note that the server was not directly connected to the Border Router. There were a lot of EIGRP routes on it. In the real exam you do not know the exact IP address of the server in the EIGRP network so we have to use the source as “any” to catch all the source addresses.
2) Route map that sets the next hop address to be ISP1 and permits the rest of the traffic:
BorderRouter(config)#route-map pbr permit 10
BorderRouter(config-route-map)#match ip address 101
BorderRouter(config-route-map)#set ip next-hop 10.1.101.1
BorderRouter(config-route-map)#exit
BorderRouter(config)#route-map pbr permit 20
(Notice: the route-map pbr permit 20 line allows other traffic than HTTP to be routed. Otherwise, other traffic will be dropped)
3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config-route-map)#exit
BorderRouter(config)#int fa0/0
BorderRouter(config-if)#ip policy route-map pbr
BorderRouter(config-if)#exit
BorderRouter(config)#exit
4) There is a “Host for Testing”, click on this host to open a box in which there is a button named “Generate HTTP traffic”. Click on this button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the command “show route-map”.
BorderRouter#show route-map
In the output you will see the line “Policy routing matches: 9 packets…”. It means that the route-map we configured is working properly.
Other lab-sims on this site:
I miss butthead :(
i just took this lab in the route exam, its quite the same but careful as the IPs are not the same
heheh…. “route-map pbr permit 20″
Please answer me , I will enter the exam tomorrow isa
I think we can use ACL completely instead of Route-map
and it will give the same result
because we can use the command
#access-list 101 permit tcp any any eq www
# access-list 101 deny any
and apply it on s0/0/0 interface
and use the command
#access-list 102 deny tcp any any eq www
# access-list 102 permit any
and apply it on s0/0/1 interface
so the web traffic is forwarded using frame relay link and other traffic is forwarded using the other link
please what is difference between this solution and the route-map solution ?
please answer me as fast as possible
thanks in advance
@asmaa
GO BACK TO CCNA1 !!!
hi asmaa,
sorry for the late answer, but i am the first time at this site because i prepare for the exam too. your solution wont work because the router has only one “best” route in the routing table, so it will route everything to one next-hop. with route-map you may tell the router to do not use the best route.
with route-map you are really going to control where the traffic flows. if you just deny the www traffic on one interface via access-list, no client will be able to surf the internet. with route maps you can tell the router how to handle each packet. you cant configure that with a static access-list. hope that helps.
Hi everyone,
I passed 642-902 with 930 on 16/7/2011 . I used Test inside v 6.28 and all Q and Labs were from it without any change even IP addresses.you can download it from http://www.4shared.com/document/rjXsxC69/642-902V628.html.
-Best for All
@ahmed thanks for sharing, your great and congrats!
If any one can help me , that how to Generate HTTP traffic in GNS3 LAB.
or how we can test our lab. Thank you very much.
hey Tanveer,
i ve build the lab in GNS3 as shown up there but i set up a 4. router in this network. the 4. router had two uplinks to the ISP routers. i just picked it up into the EIGRP domain so that our “test-client” could ping the 4. router.
after i ve set up the route-map i pinged the 4. router and it matched one entry of the route-map as expected. the i made a telnet (telnet 172.16.1.1 80). this is the ip of my 4. router and telnet to hin on port 80. like i had expected i matched the route-map and was set to another next-hop ip as i was when i pinged my 4. router.
i hope this will solve your problem, let me know. :)
cheerz,
bLinDy*
How can we submit Lab…
@ahmed and others,Hope you people took note that in Ahmed’s link,they used “set ip next-hop 10.1.101.1″ but the exhibit provided was pointing to 10.1.100.2.can someone pls help check this out and clarify my doubts.Tkssss.Sallam.
Hi everyone!
I passed 642-902 with 988 today. in pbr simlab during exam was some problem. After enabling generation traffic on client, pbr counters (access-lists counters too) was all zero! I tried to check with access-lists “ip any any”, but without any changes. wrote to cisco comments this problem and click next… simlab 100%! My teacher said that there are many bugs in simlab during exam, so be very carefully. Thks to Sandy and Digitaltut ! in exam some new questions, but they are very easy.
Dear bLinDy,
Thank you very much for help, but when i telnet from router4 (consol) to ISP1 (10.1.101.1) at port 80 the connection was refused after trying .
May be we need somthing for port 80 at IPS1 router.
Just wrote my exams,passed with 976.tks to everyone here.”Copy run start” didnt work,so bi just dropped comments.
Tanveer, to generage HTTP traffic in GNS you can use telnet with port no. 80.
Example – if you attached a router insteed of host ( from fa0/0 of border router) you can type this command – telnet 10.1.101.1 80; this will go to frame-relay router using port no. 80, if this port is working, you will se ‘open’. it should not be seen in EoMPLS router.
JUST WROTE THE CCNP ROUTE AND WAS VERY GOOD..THANKS GUYS THE SIMS ARE STILL THE SAME
After 4 days i am going to take Routing exame please help me which dump is valid
WHY 9 PACKETS IN SHOW ROUTE-MAP COMMAND
thanks digital tut and Ali and all the guys who wrote comments here
gonna take my Route Exam in a couple hours, Ill let you guys know how it went
im wasted men just attended an after office to celebrate that ive passed with 898 the exam! just rolling some weed to celebrate coz im a CCIP now nigga JAJAJAJAJAJ hilarious
studied with the cisco press guide N INE videos which are great, the guy is an animal he just makes this whole feasible stubiness ipv6 bgp crazyness just simplier
best regards from argentina good luck to all on the exam
Thanks @ Ahmed. I wish I will sit for Route with in a month. Still long way to go…
i passed score 988 yesterday , p4s v4.11 is still valid 100%i got 4 simulators redisribution , PBR , ospf , IPv6 OSPF Virtual Link Sim, all are the same except some change in routres names , area IDs, the command distance eigrp 90 105 under R2 on the redistribtion sim is working 100%, i got 100% on all simulators, thanx very much
just took the route exam. on the pbr sim i was not able to enter the command
BorderRouter#access-list 101 permit tcp any any eq www
can anyone pls explain
Blue Ray, try typing config terminal first?
@TO EVERYONE
The question clearly says that
“forwarded only to Frame Relay link if available”
It means first we have to check if ISP 1 is alive that will be done by using
“IP SLA”
Can someone please confirm this
@Digitaltut
Please can you tell me that, do we have to create an access-list by ourselves in this lab…as its not created in the explanation given by ‘peterpan’ and ‘helper’
@Ali, @Blue Ray: We have to create the ACL with the command “access-list 101 permit tcp any any eq www”. Maybe the sim has a bug in Blue Ray’s exam.
Good News !!!
I have a updated dump contact me for it
kellysmith114@gmail.com
@vetoll, i wouldnt be here if i couldn’t try typing config terminal first, now would i? if u dont have anything creative to speak kindly keep ur mouth shut.
@digitaltut there was no option for tcp. worked only upto access-list 101 permit. and i configured it as any any and left it.
pbr permit 20 isn’t a big deal. use or don’t use it. same result.
about set ip next-hop verify-ability, we don’t need tracking so no need for verify-availability option. set ip next-hop (only) detects next-hop existence in routing table before doing policy routing. If tracking applied in this exam, i guess that action would reduce some point.
reference:
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml
quote:
The set ip next-hop command verifies the existence of the next hop specified, and…
if the next hop exists in the routing table, then the command policy routes the packet to the next hop.
if the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.
Please explain this ?
Why we need to go under F 0/0 in order to apply Route-map? in such a case; when command is available for the whole BORDER_ROUTER as explained in CBT Nuggets. In addition, it’s not working on my GNS3 Lab.
BORDER_ROUTER(config)#ip local policy route-map pbr
If you are using linked below configuration than ip Local policy command is working fine.
BORDER_ROUTER#show route-map
route-map pbr, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop verify-availability 10.1.101.1 10 track 222 [up]
Policy routing matches: 21 packets, 1260 bytes
route-map pbr, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 37 packets, 2272 bytes
Question and answer 100% same. They just change the IP address only.
hi all
i cleared my route exam today. The Labs were – EIGRP – OSPF Redistribution Sim – Policy Based Routing Sim – IPv6 OSPF Virtual Link Sim – OSPF Sim
CAUTION – Do not memorize this brain dump and just start typing. Cisco will and has changed the addresses on the sim. If you type route-map 10 permit, ip next hop 10.1.101.1 YOU WILL FAIL. WATCH OUT. THEY HAVE CHANGED THE IP ADDRESSING. WATCH OUT FOR IT.
Thanks to this site, scored 1000 over 1000.
The IP’s yes have changed – My next hop was 10.1.100.2
I passed exam with 100% marks. There were a few new questions e.g. EIGRP authentication (key-chain authentication —> Ans: R1 can communicated R2 and R3) and RIP passive interface —-> Ans: Router RIP; Passive interface f0/0; neighbor .
All Lab questions were from http://www.digitaltut.com/.
Thanks to all who contributed in these websites!!! :)
I Passed yesterday with score 965 , thanks guys and digitaltut :) all labs from here
Anyone care to share gns3 files for all the ccnp route simulations? Thanks.
passed with 988/1000. all labs from here
http://www.4shared.com/file/MNxMccev/GNS3_642-902_Test_Sims.html
all labs from digitaltut.com in GNS3 format with IOS. Its not my work, i am just sharing
Thanks for sharing ccnp. Congratz for passing. Cheeeerrrsss!!!!!!!!!!!
the question has been asked to solve by using BGP attribute, pls give me a right solution for this as soon as possible( full commands)
BDP solution needed………….
Thank you in advanced
Hey Dharsh, what are you talking about?
@ Osama just passed with 976. tnx digitaltut and all
Harsh.. BGP??? which question u r talking abt?
Thanks….to digitaltul Today i cleard ma exam with 950marks…. lab is same ….
this dumps is valid ……http://www.4shared.com/document/rjXsxC69/642-902V628.html.
Hi everybody.. Please help me I can’t use GNS3. How I can install it???
Than u peterpan & Helper
Hi All,
Are the GNS3 *.net files available for all these labs on digitaltut? Or do we have to make our own?
sorry my mistake… got the files.. thanks CCNP
BorderRouter#access-list 101 permit tcp any any eq www
is mistake >>> not inside priv
in side conf
Hi every1, the pbr string for the route-map; can i use any string or a specific one from the simlab. I would like to know because the question did not specify.
e . g route-map pbr permit 10 (popular sting in this command)
or router-map simlab permit 10 (chosen string in this command)
thanks.
pdeji.
Hi Everyone,Can you please send me ccnp study guide and videos. I am planning to take exam on december. This is my email address chris_thugs06@yahoo.com
This is the correct way of doing this below:
R3#sho ip access-lists
Standard IP access list othertraf
10 permit any (61 matches)
Extended IP access list webtraf
10 permit tcp any any eq telnet (34 matches)
R3#sho route
R3#sho route-map
route-map webtraffic, permit, sequence 10
Match clauses:
ip address (access-lists): webtraf
Set clauses:
ip next-hop 10.1.101.1
Policy routing matches: 34 packets, 2058 bytes
route-map webtraffic, permit, sequence 20
Match clauses:
ip address (access-lists): othertraf
Set clauses:
ip next-hop 10.1.102.1
Policy routing matches: 49 packets, 3756 bytes
do not mind the telnet part of it i just wasnt bothered cinfiguring http
Ok Ok Ok the router will prefer the Eompls route because it will have a better cost so the example above is perfect. But this is the way it should be done if you get a test with two exact same cost links to the cloud…
Going to take the exam next week
ummm, there are at least 6 different ways to filter traffic. I believe the sim is looking for a policy based solution.
“IT policy requires that all outbound HTTP traffic use the frame relay line when it is available. All other traffic may use either link. No static or default routing is allowed. Choose and configure the apporpriate path selection feature to accomplich this task.”
Hey there could be multiple ways to do it. The cleanest is using PBR, less code and less router resources. It also puts the filter closer to the source, a cisco ideal. ;)
“Notice: the route-map pbr permit 20 line allows other traffic than HTTP to be routed. Otherwise, other traffic will be dropped”
This is not correct. When dealing with policy routing, if there’s not match, the packet does not get dropped. It simply does not get policy routed….but it is still routed through the normal process.
Can anyone help me , my exam is tomorrow
i try to do this lab on gns3 but replace WWW traffic by echo traffic but i can ping on two ISP and this is my configuration :
enable
config t
access-list 101 permit tcp any any eq echo
route-map pbr permit 10
match ip add 101
set ip next-hop 10.1.101.1
route-map pbt permit 20
exit
int f0/0
ip policy route-map pbr
end
sorry this is config:-
enable
config t
access-list 101 permit tcp any any eq echo
route-map pbr permit 10
match ip add 101
set ip next-hop 10.1.101.1
route-map pbr permit 20
exit
int f0/0
ip policy route-map pbr
end
My friends
we dont have to set next hop for route-map pbr permit 20
route-map pbr permit 20
set ip 10.1.102.1
@abdullah
add access-list 101 permit icmp any any echo
please ….in the real exam .do i must to know about the >>> prifex list and destribute list <<>>>>>>>>>>>>>> THANX
i think
the answer is
ip access-list extended web
permit tcp any any eq www
!
route-map pbr permit 10
match ip address web
set ip next-hop 10.1.101.1
set ip default next-hop 10.1.102.1
!
route-map pbr permit 20
!
int f0/0
ip policy route-map pbr
otherwise ,when the FR interface down,the http traffic will stop forward.
my email senton_lth@126.com
talk with gays , i will very happy.
haha..
Hi, can anybody help me with the PBR Simulator and coreect answer.Plz provide me latest dumps for 642902 (Route)
Which are the Lab coming in Exam ? and plz provide with solution
i pass 965 scores yestoday, 4 labs:EIGRP OSPF Redistribution- Policy Based Routing -OSPF -IPv6 OSPF Virtual Link,no OSPF Hotspot question
Dear All please some one help me. I will take the exam tomorrow ! could any one send me the latest Dumps:eroj_cse_143@yahoo.com also any change the Question! please help me ……………
Passed today with 965/1000 , all simulation are from digitaltut exactly , still REV7 is tottaly valid 100 % .. 2 new question MCQ , simulations are OSF,IPV6,Redistribution ,PBR .
Thanks to digitaltut and all of you those who posted comments here….
Really its great site……cheers…
A week before I was not sure about the comments posted on this website. But now I can say thanks to Digitaltut website and people who post the updates.
I passed 642-902 exam with 965/100. Labs are exact same as shown above.
In Policy based routing exam, they have asked that www traffic should use frame relay circuit/path for exit. I configured the access list same as above however while creating route-map there was no set command option in simulator to define next hop for www traffic.
I have checked every thing but no luck to set next hop for www traffic. So I decided to set default next hop for www traffic but that command was not available in route map command options.
I have stopped playing with route-map and configured rest of the config. Then generated www traffic from Simulator and checked my route-map for packets hits.
It was showing 9 packets matched to policy. I have not set next hop for www traffic and completed the lab.
I dont know what went wrong or there was any issues with simulator or may be CISCO was looking for access list and match statement under route-map.
I cleared the exam with 965 marks so it means that I got full marks for that LAB.
Guys I would like to thanks to ” DIGITALTUT” and all the people who shared their updates on this website.
Guys don’t forget to update this forum once you are done with your exams.
Many Many thanks for all who posted valuable information so that we could complete the exam.
Yogesh Kashid
Guys forgive me for above comments . I was missing IP word next to Set command.
I was trying Set Next hop in the policy based routing LAB.
I should put command Set IP next-hop X.X.X.X
Thanks
Hi, I see a 504 Gateway Timeout error when I view your website. This usually means the server did not receive a response. I thought yuo may want to know. Best wishes Jim
Guys, I am unable to configure “route-map” under conf t in PacketTracer. Can someone pls advise how to go about solving this? Thanks!
Passed today with 976 …
Exactly the same Concept … but take care IP is changed, Fast Ethernet interface is different but the same concept
Thanks to Digitaltut. I passed my ccnp route with 925 the day b4 yesterday (16/11). The labs were the same but few changes in IP add, router names/locations. For those that are yet to take, this is d right site for u. Pls understand and concentrate on the given parameters. For this particular lab, pls take note of the given next-hop add, mine was 10.1.101.2. Good-luck.
Hi Anonymous November 13th, 2011
Packet tracer will not support route-map as its for basic configuration. Go ahead with GNS3 simulator. Its best for routing.
HI GUYS I NEED NEW PASS FOR SOUR 642
HAMODY_AB@HOTMAIL.COM
I took my exam yesterday the simulations are ospf, PBR routing, ipv6 and Eigrp stub there are about 10 new questions i don’t remember it specifically. on the simulation there is an ip change so u need to becarefull. and i would like to thank digitaltut… its the best site !
For those of u who didnt took the exam GD luck!
once you are done with the configuration and checking with route-map on the border route, must the Policy routing matches be exactly 9 packets or can the packet be any number?.
Please, i need to know this as i will be taking the exam in the next 3 hours.
Thanks
Mayot,
it can be any number different than 0.
Basically it says X packet matches condition in your route-map (in our case 9 packets was generated and those 9 times matches statement of our route-map). In real world you would the number of “matches” should increment every time you push “generate HTTP traffic” button. However not sure about the accuracy of their sim…
Taking ROUTE in 3 days ;)
hi everybody.. does anybody know the enable password of the routers in the sims which @ccnp shared above? the link was:
http://www.4shared.com/file/MNxMccev/GNS3_642-902_Test_Sims.html
@Mayor, hi! how was your experience on that 26/11 and hope u got it right? My policy routing matched exactly 9 packets as obtained in this lab but I don’t know about others.
@David, u may not be asked for enable password for this particular lab but u have to watchout for d given parameters and tasks u re asked to do.
@david, same problem with u, i cant access the router host 4 testing..
@david @kumarluvsu …. b4 starting the lab delete the password from the config notepad which is given seperately and then start it …
Guys there is this new mcq : In which state will the DR and the BDR form an adjacency with other ospf routers?
OPTIONS:
1. Escert
2. Loading
3. Init
4. Learning
I was confused and did not know what to choose
Nako – seems to be Exstart as per cisco.com
Wrote ROUTE today…sim in exam…..exactly as is…..
NOTE:
IP policy route-map must be applied to fa0/1 not fa0/0
I applied to fa0/0 and recieved no matches under show route-map.
(Notice: the route-map pbr permit 20 line allows other traffic than HTTP to be routed. Otherwise, other traffic will be dropped). I desagree.
From Cisco Press Book: “Note that for each packet entering F0/0, PBR either matches the packet with a route map permit clause, or matches the packet with a route map deny clause. All route maps have an implicit deny clause at the end that matches all packets not already matched by the route map. PBR processes packets that match a permit clause using the defined set command. For packets matched by a deny clause, PBR lets the packet go through to the normal IP routing process.”
Which means all packets other than http would just be routed normally, nor dropped.
Comments are welcome
from Cisco press site:
If the route map has a deny statement, normal forwarding is used, as specified in the route/forwarding table. The set statements will not be applied to the packet.
At the end of all the route map instances, an implicit route map will deny all packets. If the packet has not found a match in the previous route map instances, the packet will hit the implicit deny route map instance. When this occurs, the packet will be forwarded by the router following the normal route table.
@sunil I donot see the note pad can you be more specific
anybody know the password for the host router 4 testing
I took my exam yesterday… passed my exam…trololololol….same lab simulations….7 new questions from dumps…. o.O …. ty digitaltut and the person who has provided test lab sims…. ty all :D :D…
ya and i cracked the md5 … @me the password is shawn :D
@AdikL0z
THANKS!!!!!!!!
i passed routing exam yesterday and there some changes in this question but same configuration take care
hi guys, i think the configuration miss a line.
BorderRouter(config)#route-map pbr permit 20
BorderRouter(config)#set ip next-hop 10.1.101.2
otherwise “other traffic” can have as next-hop both ISPs.
what do you reckon?
sorry, i only saw the picture and didn’t read carefully the task! :D
I did exactly like above and got 86% of pbr; so maybe route-map pbr permit 20 is not needed?