Home > Policy Based Routing Sim

Policy Based Routing Sim

February 8th, 2015 in Lab Sim, LabSim Go to comments

Question

Company TUT has two links to the Internet. The company policy requires that web traffic must be forwarded only to Frame Relay link if available and other traffic can go through any links. No static or default routing is allowed.

BGP_Policy_Based_Routing_Sim.jpg

 

Answer and Explanation:

Notice: The answer and explanation below are from PeterPan and Helper.Please say thank to them!

All the HTTP traffic from the EIGRP Network should go through Frame Relay link if available and all the other traffic should go through either link.
The only router you are able to administrate is the Border Router, from the EIGRP Network you may only send HTTP traffic. As the other people mentioned, actually it is not a BGP lab. You are not able to execute the command “router bgp 65001”

1) Access list that catches the HTTP traffic:
BorderRouter(config)#access-list 101 permit tcp any any eq www

Note that the server was not directly connected to the Border Router. There were a lot of EIGRP routes on it. In the real exam you do not know the exact IP address of the server in the EIGRP network so we have to use the source as “any” to catch all the source addresses.

2) Route map that sets the next hop address to be ISP1 and permits the rest of the traffic:
BorderRouter(config)#route-map pbr permit 10
BorderRouter(config-route-map)#match ip address 101
BorderRouter(config-route-map)#set ip next-hop 10.1.101.1
BorderRouter(config-route-map)#exit

(Update: We don’t need the last command route-map pbr permit 20 to permit other traffic according to Cisco:

“If the packets do not meet any of the defined match criteria (that is, if the packets fall off the end of a route map), then those packets are routed through the normal destination-based routing process. If it is desired not to revert to normal forwarding and to drop the packets that do not match the specified criteria, then interface Null 0 should be specified as the last interface in the list by using the set clause.”

Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml)

Note: We don’t need to use IP SLA to track the next-hop IP address as the “set ip next-hop” did this. From this link: https://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/47121-pbr-cmds-ce.html
“The set ip next-hop command verifies the existence of the next hop specified, and…
+ If the next hop exists in the routing table, then the command policy routes the packet to the next hop.
+ If the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.”
So if the next-hop 10.1.101.1 goes down the PBR will use normal routing table.

3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config-route-map)#exit
BorderRouter(config)#int fa0/0
BorderRouter(config-if)#ip policy route-map pbr
BorderRouter(config-if)#exit
BorderRouter(config)#exit

4) There is a “Host for Testing”, click on this host to open a box in which there is a button named “Generate HTTP traffic”. Click on this button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the command “show route-map”.

BorderRouter#show route-map

In the output you will see the line “Policy routing matches: 9 packets…”. It means that the route-map we configured is working properly.

Note: We have posted a Policy Based Routing lab on GNS3 similar to this sim with detailed explanation, you can read it here.

Other lab-sims on this site:

EIGRP Stub Sim

OSPF Sim

EIGRP OSPF Redistribution Sim

IPv6 OSPF Virtual Link Sim

EIGRP Simlet

Comments
Comment pages
1 3 4 5 28
  1. Anonymous
    April 26th, 2019

    hello
    anyone send me the latest dump?
    thanks
    {email not allowed}

  2. Root
    April 27th, 2019

    Please someone who know valid dumbs

  3. netfrog
    May 3rd, 2019

    I prefer to use right ACL on simulation no echo.

    BorderRouter#
    ———————————————————————–

    access-list 101 permit tcp any any eq www
    telnet 10.1.101.1
    ————————————————————–
    Host_For_Testing#telnet 10.1.101.1 80
    Trying 10.1.101.1, 80 … Open

    ————————————————————
    BorderRouter#show route-map TT
    route-map TT, permit, sequence 10
    Match clauses:
    ip address (access-lists): 101
    Set clauses:
    ip next-hop 10.1.101.1
    Policy routing matches: 3 packets, 166 bytes

  4. Iam_next4routing_exam
    May 14th, 2019

    to:
    netfrog
    May 3rd, 2019

    I prefer to use right ACL on simulation no echo.

    BorderRouter#
    ———————————————————————–

    access-list 101 permit tcp any any eq www
    telnet 10.1.101.1
    ————————————————————–
    Host_For_Testing#telnet 10.1.101.1 80
    Trying 10.1.101.1, 80 … Open

    ————————————————————
    BorderRouter#show route-map TT
    route-map TT, permit, sequence 10
    Match clauses:
    ip address (access-lists): 101
    Set clauses:
    ip next-hop 10.1.101.1
    Policy routing matches: 3 packets, 166 bytes
    ————————————————————————> Is this a really a output? I tried but it didnt shows.
    I think SOMEONE could explain it better. THANKS

  5. Iam_next4routing_exam
    May 18th, 2019

    You guys can email for more discussion and exchange 300-101 DUMP as well.
    My email: ballking242(at)gmail(dot)com

  6. Pogboom
    June 17th, 2019

    Dumps are changed and updated today! Anyone have new updates?

  7. Iam_next4routing_exam
    June 17th, 2019

    @Pogboom: I do have them. Email me for more discussions

  8. Anonymous
    June 25th, 2019

    Dear All,

    “Iam_next4routing_exam ” is fake trying to sell outdated dumps

    you will find such type of insects around the globe just ignore them

  9. Anonymous
    June 25th, 2019

    Dear All,

    “Iam_next4routing_exam ” is fake trying to sell outdated dumps

    you will find such type of insects around the globe just ignore them

  10. Anonymous
    June 25th, 2019

    Dear All,

    @ Iam_next4routing_exam

    what are you doing you are also updating with user ” Pogboom ” asking question and then answer

    Dear All

    dont believe user ” Iam_next4routing_exam ”

    you will find such type of insects around the globe just ignore them

  11. qalandar
    June 25th, 2019

    @ Iam_next4routing_exam

    what are you doing you are also updating with user ” Pogboom ” asking question and then answer by yourself with other user ??????

    Dear All

    dont believe user ” Iam_next4routing_exam ”

    you will find such type of insects around the globe just ignore them

  12. DDDddddpppp
    June 26th, 2019

    Much thank’s to PeterPan and Helper

  13. Stan
    June 26th, 2019

    Hi all,
    The lab exam says… “if available”.
    Also no ip sla or track are available and the option verify-availability is not available.
    Do you think that this configuration is 100% correct?

  14. anyone
    June 26th, 2019

    HELLO:

    Could you help me ? what is the first configuration in te routers before the answers.

    thanks!!!

  15. qalandar
    July 2nd, 2019

    contact me for real valid dump: muhamadawan1988 @ gmaiil . com

  16. xela
    July 6th, 2019

    I’m testing it in gns3 with the sim that put 9tut and the pbr does not work well. if you match in route-map when I make a telnet 10.1.101.1 80 simulating as if it were http traffic, but when I ping 10.1.101.1 it also increases the match, when I understand that it should only increase the match when sending HTTP traffic and not in other cases.
    Something escapes I believe in this configuration

  17. xela
    July 6th, 2019

    sh run …
    interface FastEthernet0/0
    ip address 192.168.1.254 255.255.255.0
    ip policy route-map pbr
    duplex auto
    speed auto
    access-list 101 permit tcp any any eq www
    !
    route-map pbr permit 10
    set ip next-hop 10.1.101.1

    testing host for testing

    telnet 10.1.101.1 80 simulating htttp trafic

    see border router ….

    route-map pbr, permit, sequence 10
    Match clauses:
    Set clauses:
    ip next-hop 10.1.101.1
    Policy routing matches: 36 packets, 2845 bytes

    I now run a 10.1.101.1 ping from the testing pc and the match in the border router increases … when in theory it should not increase since the http traffic is not ping.

    I do another show route-map in the border-route and …….

    route-map pbr, permit, sequence 10
    Match clauses:
    Set clauses:
    ip next-hop 10.1.101.1
    Policy routing matches: 41 packets, 3415 bytes

    can you tell me why no fuction ok ?

  18. Lime
    July 8th, 2019

    @xela,

    I think you forgot to use the match command in your route map?

    route-map pbr permit 10
    match ip address 101
    set ip next-hop 10.1.101.1

  19. PE
    July 14th, 2019

    In the question they have said ” if available”. Shouldn’t we use track object and command –
    set ip next-hop verify-availability “next-hop-ip” trac-object

  20. Lime
    July 14th, 2019

    @PE,

    “However, if the PBR
    route (as defined in the set command) is not working—because the outgoing interface is
    down or the next hop is unreachable using a connected route—Cisco IOS next tries to
    route the packet using the normal destination-based IP routing process.”

    -CCNP ROUTE OCG page 488

  21. Anonymous
    July 18th, 2019

    Anyone looking to pass with a high score, email me

    I have summarized:
    Official Study Guide – cisco
    Rene Molenaar Master book
    Chris Bryant’s whole book and video collection’
    All Cbtnuggets videos, hands on labs (i pay for the website)

    If you want to skip having to read all this stuff,
    I have the books already summarized, notes on all the videos, and explanations of all the labs for
    CBTNUGGETS – labs
    Rene Molenaar’s – labs

    I will have for Switch as well.

    Email me for samples:

    apkey (tech) at gmail.com

    PS: I also have 400 of the most population questions from different versions of test(route, switch)

    Oh, and be sure I am not stealing someone else’s work. I have summarized all 3 major books:
    Molenaar’
    CIsco official guide
    Chris Bryant
    All in my own words. I bet no one else has these summarized.

  22. zenoss
    July 20th, 2019

    thanks PeterPan and Helper

  23. bodo1111
    July 24th, 2019

    Passed today with 840. The PBR sim is the same. There is no possibility to generate other type of traffic than http on the test workstation. Maybe debug route-map to see the path that http traffic goes. Traceroute command is not available on the border router

  24. Shawaf
    July 24th, 2019

    Hello @bodo1111 please share with us which labs provided in your exam ?

  25. LAB SETUP
    August 24th, 2019

    Anyone could, please, post the Initial configurations for ISP1, ISP2, Border Router ad EIGRP Network (simulated with a single router)?
    Thanks!

Comment pages
1 3 4 5 28
  1. No trackbacks yet.