Policy Based Routing Sim
Question
Company TUT has two links to the Internet. The company policy requires that web traffic must be forwarded only to Frame Relay link if available and other traffic can go through any links. No static or default routing is allowed.
Answer and Explanation:
Notice: The answer and explanation below are from PeterPan and Helper.Please say thank to them!
All the HTTP traffic from the EIGRP Network should go through Frame Relay link if available and all the other traffic should go through either link.
The only router you are able to administrate is the Border Router, from the EIGRP Network you may only send HTTP traffic. As the other people mentioned, actually it is not a BGP lab. You are not able to execute the command “router bgp 65001”
1) Access list that catches the HTTP traffic:
BorderRouter(config)#access-list 101 permit tcp any any eq www
Note that the server was not directly connected to the Border Router. There were a lot of EIGRP routes on it. In the real exam you do not know the exact IP address of the server in the EIGRP network so we have to use the source as “any” to catch all the source addresses.
2) Route map that sets the next hop address to be ISP1 and permits the rest of the traffic:
BorderRouter(config)#route-map pbr permit 10
BorderRouter(config-route-map)#match ip address 101
BorderRouter(config-route-map)#set ip next-hop 10.1.101.1
BorderRouter(config-route-map)#exit
(Update: We don’t need the last command route-map pbr permit 20 to permit other traffic according to Cisco:
“If the packets do not meet any of the defined match criteria (that is, if the packets fall off the end of a route map), then those packets are routed through the normal destination-based routing process. If it is desired not to revert to normal forwarding and to drop the packets that do not match the specified criteria, then interface Null 0 should be specified as the last interface in the list by using the set clause.”
Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml)
| Note: We don’t need to use IP SLA to track the next-hop IP address as the “set ip next-hop” did this. From this link: https://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/47121-pbr-cmds-ce.html “The set ip next-hop command verifies the existence of the next hop specified, and… + If the next hop exists in the routing table, then the command policy routes the packet to the next hop. + If the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.” So if the next-hop 10.1.101.1 goes down the PBR will use normal routing table. |
3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config-route-map)#exit
BorderRouter(config)#int fa0/0
BorderRouter(config-if)#ip policy route-map pbr
BorderRouter(config-if)#exit
BorderRouter(config)#exit
4) There is a “Host for Testing”, click on this host to open a box which includes a button named “Generate HTTP traffic”. Click on this button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the command “show route-map”.
BorderRouter#show route-map
In the output you will see the line “Policy routing matches: 9 packets…”. It means that the route-map we configured is working properly.
Note: We have posted a Policy Based Routing lab on GNS3 similar to this sim with detailed explanation, you can read it here.
Other lab-sims on this site:
hello kristen hellin
Could you send me the dumps please?
Thank you very much
{email not allowed}
hello kristen hellin
Could you send me the dumps please?
Thank you very much
mpolvoratjp @ gmail.com
Anyone who took the exam recently can confirm which are the SIMs in the exam?????
I’m gonna take it early next week.
Please respond asap.
taking Exam Tomorrow, will provide feedback, have no idea which drag and drops will appear and have not studied any
@SILVER STAR, Please check the drag and drop in digitaltut site itself. Hope this would suffice.
BGP states, Nat64, NPT64, CEF adjacency types…
Host_For_Testing>en
Host_For_Testing#telnet 10.1.101.1 80
Trying 10.1.101.1, 80 …
% Destination unreachable; gateway or host down
Host_For_Testing#telnet 10.1.102.1 80
Trying 10.1.102.1, 80 … Open
^C
same commands as above , i am practicing in GNS3 labs here in this site. but it shows the opposite output. Can anybody help.
Hello everyone. Can anyone help me by telling that 462q are still valid or not ?
Response awaited.
Hello Lemo,
Congratulation, could you please send your 300-101 Dump ( {email not allowed} )
Thank you
Hello Lemo,
Congratulation, could you please send your 300-101 Dump (oceanman2000 @ gmail.com)
Thank you
Passed with 918/1000.
For valid dump, please contact on jknishant87 @ gmail . com
Hey Elmo kindly share the dump with me on “{email not allowed}” congrats hope you ready for the next task.
Hi Please send me a copy of update Dumps.
Hi Please sent to me VCE Update Dumps. Thx guy.
{email not allowed}
Tried this in GNS3 and it works:
– The first ‘set’ tries the 10.1.100.2 ISP 1 interface, and takes to the other if it’s not there.
– The second ‘set’ sends all non TCP80 traffic to ISP 2
You can see what happens at the various routers with
– access-list 1 permit 172.16.14.2
– debug ip pack 1
Config on R1:
access-list 101 permit tcp any any eq www
!
route-map PBR permit 10
match ip address 101
set ip next-hop 10.1.100.2 10.1.101.2
!
route-map PBR permit 20
set ip next-hop 10.1.101.2
!
int f0/0
ip policy route-map PBR
This is the accompanying output of a ‘debug ip policy’ on the Border Router that indicates what happens as soon as the link to ISP1 becomes unavailable. It uses CEF’s FIB to address any next-hop issues.
The ‘Host for testing’, a GNS3 VPCS, generates TCP80 traffic by pinging a non-local ip address by using the following command: ping 1.1.1.1 -p 80 -3 -t
As you can see at first this traffic is policy-based routed towards ISP1. As soon as CEF discovers that the next-hop ip address (ISP1 via interface S2/0 in my setup) is not reachable anymore, the ISP2 next-hop ip address 10.1.101.2 is chosen instead.
*Nov 26 10:34:32.100: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, FIB policy match
*Nov 26 10:34:32.100: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, PBR Counted
*Nov 26 10:34:32.100: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, g=10.1.100.2, len 60, FIB policy routed
R1#
*Nov 26 10:34:33.101: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, FIB policy match
*Nov 26 10:34:33.101: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, PBR Counted
*Nov 26 10:34:33.101: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, g=10.1.100.2, len 60, FIB policy routed
R1#
*Nov 26 10:34:34.352: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down
R1#
*Nov 26 10:34:35.102: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, FIB policy match
*Nov 26 10:34:35.102: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, PBR Counted
*Nov 26 10:34:35.102: CEF-IP-POLICY: fib for addr 10.1.100.2 is Not Attached; Nexthop rejected
*Nov 26 10:34:35.102: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, g=10.1.101.2, len 60, FIB policy routed
*Nov 26 10:34:36.103: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, FIB policy match
*Nov 26 10:34:36.104: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, PBR Counted
*Nov 26 10:34:36.104: CEF-IP-POLICY: fib for addr 10.1.100.2 is Not Attached; Nexthop rejected
You can see the TCP80 traffic arriving at ISP1 or ISP2 routers by using a ‘debug ip packet 1’ command, whereas ‘1’ is a standard access-list that permits traffic from the Testing Host at 172.16.14.2.
When non-TCP80 traffic is generated, all traffic goes to ISP2.
Also you can use the ‘show ip policy’- command on the Border Router to see counters incrementing on hits.
If you omit the ‘set ip next-hop 10.1.101.2’, in the ‘route-map PBR permit 20’, non-TCP80 is not explicitly routed to ISP2 anymore but follows normal forwarding rules, as you would probably want :)
Config now reads:
route-map PBR permit 10
match ip address 101
set ip next-hop 10.1.100.2 10.1.101.2
!
route-map PBR permit 20
!
!
access-list 101 permit tcp any any eq www
!
When i generate some non-TCP80 traffic i see the following in a debug ip policy on the Border Router:
*Nov 26 11:06:38.748: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, FIB policy match
*Nov 26 11:06:38.748: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, PBR Counted
*Nov 26 11:06:38.748: IP: s=172.16.14.2 (Ethernet0/1), d=11.1.1.1, len 60, FIB policy rejected – normal forwarding
Look at the incrementing counters of the ‘show ip policy’-command on the Border Router. Using the ‘debug ip policy’ command first, gives some nice extra output about Nexthop Tracking on the ‘show ip policy’-command, that you wouldn’t get without the debug command.
R1#sh route-map
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 10.1.100.2 10.1.101.2
Nexthop tracking current: 0.0.0.0
10.1.100.2, fib_nh:0,oce:0,status:0
10.1.101.2, fib_nh:0,oce:0,status:0
Policy routing matches: 196 packets, 14504 bytes
route-map PBR, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 84 packets, 6216 bytes
how can we measure network ip in this lab cany anyone explain please
2018 latest CCIE Dumps
freeciscodumps dot com rs-ccie dot php
@Erol, why we need route-map permit 20 at the end of route-map? pleeeeeeeease someone explain im really confused
since this is the frame-relay link u cant know rechibility of next-hop with policy base routing, imaging link between frame-relay cloud and ISP fail, ur router wont be able to detect next-hop failure bcoz it’s receiving keepalive fram frame-relay switch ……
u can lab it in gns3 ad u will see the result
so u need configure ip sla and verify rechibility with icmp-echo
Hello Team,
I would like to thank you for the advises and that you share your experience, I recently pass the route exam :D….
I study with the Official cert Kevin Wallace, CBT nuggets (nothing that you cannt find for your own in a torrent) and with this site.
I can say that I found a couple of new questions and a new Frame relay drag and drop that is not here:
SVC —— A circuit that provides temporary on-demand connections between DTEs
DLCI—— A locally significant ID
PVC ——-A logical connection comprising two endpoints and CIR
LMI ——- A signaling mechanism for frame relay devices
FECN—– An indicator of congestion on the network.
But this does not mean you will not pass the exam for 2 questions.
Please do not pay for dumps or believe in guys who post “new dump” or “I have the new dump”, or “I failed the exam”, those guys should be rape and kill!!!!!!
Anyway, hope you pass the exam and share your real experience for the other exams..
Hi All, Passed today 905 pts.
About 5 newer questions then on digital.tut.
On Policy Based Routing Sim there was no automtic filling commands (TAB) during creating ACL, so you can learn it in details.
Command: ()#access-list 105 permit tcp any any eq 80 works fine.
I learnt from digitaltut and IT Libraries dated 07.2017 (417q) and CBT.
Thanks all for sharing experience.
Przemek, could you share your IT Libraries dump to my email skinhead-(at)mail(dot)ru ?
please Przemek, could you share your IT Libraries dump to my email jemn40(at)yahoo(dot)com.thanks in advance.
please Przemek, could you share your IT Libraries dump to my email {email not allowed} .thanks in advance.
please Przemek, could you share your IT Libraries dump to my email nurwanreza79(at)gmail
(dot)com.thanks in advance.
please Przemek, could you share your IT Libraries dump to jemn40(at)yahoo(dot)com.thanks in advance.
latest ccie 400-101 dumps
dumpspro.com/ccie-dump
Hi, Passed my CCNP route 300-101 today. score 8xx. Thing is very few practise questions, not even one from BGP. So please focus on the theory. there was a question from PPPoE regarding the states PADI, PADR, PADO. Thankfully Lab Sims were as on this site, PBR, EIGRP Stub and OSPF n EIGRP redistribution. Few new drag and drop questions were there including functions of global address, multicast address, address registration, virtual address. I feel if you work well on the lab sims you can pass. Good luck.
The company policy requires that web traffic
DOes this means we need to enable http and https?
The answer given only enable http(www=80). Am I right
Dear How to generate HTTP traffic ?
Hi guys any latest dumps for 300-101.
my exam is in next month.
this is my email id :- shriramtrimal19 at gmail dot com
thank you
Hi guys same thing as Shri, any latest dumps for 300-101.
my exam is in next month.
this is my email id : univernet at free dot com
thank you
How I can to test the route-map? It’s possible generate a traffic HTTP directly of HOST_FOR_TESTING?
Iam so confuse i made ping from host -for-testing to 10.1.101.1 and successful although i made all right steps ! Any help ?
Trick situation, well the question says
Forward traffic to Frame relay if its AVAILABLE. not REACHABLE.
IP SLA will check if the destination is reachable, CEF cannot do that. CEF isnt that intelligent.
But since we are asked to forward traffic to links that are AVAILABLE then IP SLA isn’t needed.
You can still have connection problems in an UP/UP state maybe due to Firewall from ISP, and only IP SLA can save your ass. But the question says AVAILABILITY, so PBR alone works just fine.
Hi all,
I think we need to add into route map another sequence (20),so we can redirect the remaining traffic
BorderRouter(config)#route-map pbr permit
BorderRouter(config-route-map)#set ip next-hop 10.1.102.1
BorderRouter(config-route-map)#exit
thanks,
Hi
Took exam early March, got 930 or something, can’t remeber but 60% percent of questions valid on here, also got sim above and some new drag and drops that not on here.
@tea soup yes.
Its true that if A route doesn’t match the PBR policy it reverts to its NORMAL routing operation.
BUT how do we know that there is w route forwarding traffic to isp2? Its gamble to just set next hop to ISP 1 and stop.
You have to check the routing table to see if there is an already configured route pointing to the ISP2 , so that all non HTTP traffic would be forwarded there.
If there is none, then we must set another next hop command under a second permit route-map command.
Please don’t assume that there is a route point to all traffic to isp2, check the routing table. If there is then we don’t need a second permit statement with a next hop.
Don’t just cram commands, understand what you are doing.
2018 new exam ccnp dumps
dumpspro.com/ccnp_dumps.php
Hello to all !
Please, can you send me the the 539q dumps ?
My address email is adnan255 @ hotmail . com !
Thank you for your support !!!
Hello can you please send me latest dumps my exam tomorrow
ccnp 300-101 route
thank you
{email not allowed}
Hello can you please send me latest dumps my exam tomorrow
ccnp 300-101 route
thank you
papputonton at gmail.com
Can any one please send me the practice questions or dump for 300-101 exam ?
My email is jigar231@gmaildotcom
Hello,Can any one send me the latest vce software file with latest dumps?
Exam code:300-101
Email ID: {email not allowed}
Thank you.
Hello,Can any one send me the latest vce software file with latest dumps?
Exam code:300-101
Email ID: salauddin_ete at yahoo.com
Thank you.
Guys, on the route-map, I could use set interface se0/0/0, which is the out interface to the frame relay, couldn’t I? Sure setting the next hop IP seems more accurate, but I think setting the interface where traffic should be going to is another way to configure it… Has anyone done this and failed?
Hello,Can any one send me the latest pdf dumps?
Exam code:300-101
Email ID: {email not allowed}
Thank you.
Hello to all,
Can you please send me the dumps 539q?
Email :kasali_temitayo @ yahoo.com