Policy Based Routing Sim
Question
Company TUT has two links to the Internet. The company policy requires that web traffic must be forwarded only to Frame Relay link if available and other traffic can go through any links. No static or default routing is allowed.
Answer and Explanation:
Notice: The answer and explanation below are from PeterPan and Helper.Please say thank to them!
All the HTTP traffic from the EIGRP Network should go through Frame Relay link if available and all the other traffic should go through either link.
The only router you are able to administrate is the Border Router, from the EIGRP Network you may only send HTTP traffic. As the other people mentioned, actually it is not a BGP lab. You are not able to execute the command “router bgp 65001”
1) Access list that catches the HTTP traffic:
BorderRouter(config)#access-list 101 permit tcp any any eq www
Note that the server was not directly connected to the Border Router. There were a lot of EIGRP routes on it. In the real exam you do not know the exact IP address of the server in the EIGRP network so we have to use the source as “any” to catch all the source addresses.
2) Route map that sets the next hop address to be ISP1 and permits the rest of the traffic:
BorderRouter(config)#route-map pbr permit 10
BorderRouter(config-route-map)#match ip address 101
BorderRouter(config-route-map)#set ip next-hop 10.1.101.1
BorderRouter(config-route-map)#exit
(Update: We don’t need the last command route-map pbr permit 20 to permit other traffic according to Cisco:
“If the packets do not meet any of the defined match criteria (that is, if the packets fall off the end of a route map), then those packets are routed through the normal destination-based routing process. If it is desired not to revert to normal forwarding and to drop the packets that do not match the specified criteria, then interface Null 0 should be specified as the last interface in the list by using the set clause.”
Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml)
| Note: We don’t need to use IP SLA to track the next-hop IP address as the “set ip next-hop” did this. From this link: https://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/47121-pbr-cmds-ce.html “The set ip next-hop command verifies the existence of the next hop specified, and… + If the next hop exists in the routing table, then the command policy routes the packet to the next hop. + If the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.” So if the next-hop 10.1.101.1 goes down the PBR will use normal routing table. |
3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config-route-map)#exit
BorderRouter(config)#int fa0/0
BorderRouter(config-if)#ip policy route-map pbr
BorderRouter(config-if)#exit
BorderRouter(config)#exit
4) There is a “Host for Testing”, click on this host to open a box which includes a button named “Generate HTTP traffic”. Click on this button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the command “show route-map”.
BorderRouter#show route-map
In the output you will see the line “Policy routing matches: 9 packets…”. It means that the route-map we configured is working properly.
Note: We have posted a Policy Based Routing lab on GNS3 similar to this sim with detailed explanation, you can read it here.
Other lab-sims on this site:
hello
anyone send me the latest dump?
thanks
{email not allowed}
Please someone who know valid dumbs
I prefer to use right ACL on simulation no echo.
BorderRouter#
———————————————————————–
access-list 101 permit tcp any any eq www
telnet 10.1.101.1
————————————————————–
Host_For_Testing#telnet 10.1.101.1 80
Trying 10.1.101.1, 80 … Open
————————————————————
BorderRouter#show route-map TT
route-map TT, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 10.1.101.1
Policy routing matches: 3 packets, 166 bytes
to:
netfrog
May 3rd, 2019
—
I prefer to use right ACL on simulation no echo.
BorderRouter#
———————————————————————–
access-list 101 permit tcp any any eq www
telnet 10.1.101.1
————————————————————–
Host_For_Testing#telnet 10.1.101.1 80
Trying 10.1.101.1, 80 … Open
————————————————————
BorderRouter#show route-map TT
route-map TT, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 10.1.101.1
Policy routing matches: 3 packets, 166 bytes
————————————————————————> Is this a really a output? I tried but it didnt shows.
I think SOMEONE could explain it better. THANKS
You guys can email for more discussion and exchange 300-101 DUMP as well.
My email: ballking242(at)gmail(dot)com
Dumps are changed and updated today! Anyone have new updates?
@Pogboom: I do have them. Email me for more discussions
Dear All,
“Iam_next4routing_exam ” is fake trying to sell outdated dumps
you will find such type of insects around the globe just ignore them
Dear All,
“Iam_next4routing_exam ” is fake trying to sell outdated dumps
you will find such type of insects around the globe just ignore them
Dear All,
@ Iam_next4routing_exam
what are you doing you are also updating with user ” Pogboom ” asking question and then answer
Dear All
dont believe user ” Iam_next4routing_exam ”
you will find such type of insects around the globe just ignore them
@ Iam_next4routing_exam
what are you doing you are also updating with user ” Pogboom ” asking question and then answer by yourself with other user ??????
Dear All
dont believe user ” Iam_next4routing_exam ”
you will find such type of insects around the globe just ignore them
Much thank’s to PeterPan and Helper
Hi all,
The lab exam says… “if available”.
Also no ip sla or track are available and the option verify-availability is not available.
Do you think that this configuration is 100% correct?
HELLO:
Could you help me ? what is the first configuration in te routers before the answers.
thanks!!!
contact me for real valid dump: muhamadawan1988 @ gmaiil . com
I’m testing it in gns3 with the sim that put 9tut and the pbr does not work well. if you match in route-map when I make a telnet 10.1.101.1 80 simulating as if it were http traffic, but when I ping 10.1.101.1 it also increases the match, when I understand that it should only increase the match when sending HTTP traffic and not in other cases.
Something escapes I believe in this configuration
sh run …
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip policy route-map pbr
duplex auto
speed auto
access-list 101 permit tcp any any eq www
!
route-map pbr permit 10
set ip next-hop 10.1.101.1
testing host for testing
telnet 10.1.101.1 80 simulating htttp trafic
see border router ….
route-map pbr, permit, sequence 10
Match clauses:
Set clauses:
ip next-hop 10.1.101.1
Policy routing matches: 36 packets, 2845 bytes
I now run a 10.1.101.1 ping from the testing pc and the match in the border router increases … when in theory it should not increase since the http traffic is not ping.
I do another show route-map in the border-route and …….
route-map pbr, permit, sequence 10
Match clauses:
Set clauses:
ip next-hop 10.1.101.1
Policy routing matches: 41 packets, 3415 bytes
can you tell me why no fuction ok ?
@xela,
I think you forgot to use the match command in your route map?
route-map pbr permit 10
match ip address 101
set ip next-hop 10.1.101.1
In the question they have said ” if available”. Shouldn’t we use track object and command –
set ip next-hop verify-availability “next-hop-ip” trac-object
@PE,
“However, if the PBR
route (as defined in the set command) is not working—because the outgoing interface is
down or the next hop is unreachable using a connected route—Cisco IOS next tries to
route the packet using the normal destination-based IP routing process.”
-CCNP ROUTE OCG page 488
Anyone looking to pass with a high score, email me
I have summarized:
Official Study Guide – cisco
Rene Molenaar Master book
Chris Bryant’s whole book and video collection’
All Cbtnuggets videos, hands on labs (i pay for the website)
If you want to skip having to read all this stuff,
I have the books already summarized, notes on all the videos, and explanations of all the labs for
CBTNUGGETS – labs
Rene Molenaar’s – labs
I will have for Switch as well.
Email me for samples:
apkey (tech) at gmail.com
PS: I also have 400 of the most population questions from different versions of test(route, switch)
Oh, and be sure I am not stealing someone else’s work. I have summarized all 3 major books:
Molenaar’
CIsco official guide
Chris Bryant
All in my own words. I bet no one else has these summarized.
thanks PeterPan and Helper
Passed today with 840. The PBR sim is the same. There is no possibility to generate other type of traffic than http on the test workstation. Maybe debug route-map to see the path that http traffic goes. Traceroute command is not available on the border router
Hello @bodo1111 please share with us which labs provided in your exam ?
Anyone could, please, post the Initial configurations for ISP1, ISP2, Border Router ad EIGRP Network (simulated with a single router)?
Thanks!
Hello friends,
Would you send me the last dump 300-101? My exam will arrive soon and ask me if we can find a reliable source of landfills and if you can share it, please. Thank you
extreme_z3r0 @ hotmail . com
Anyone with the latest dumps, email me please? Thank you in advanced!
n4bz0r @ hotmail . com
Hi All, I have just passed 300-101 , this question was there but the ISP1 ip address was not the same as this dump. The rest was exactly the same.
PeterPan and Helper..Thank you very much
hi, thanks very much.
i set another acl to redirect all traffic to the second isp because in this way it’s balance.
access-list 101 permit tcp any any eq www
access-list 102 permit ip any any
!
route-map HTTP permit 10
match ip address 101
set ip next-hop 10.1.101.1
!
route-map HTTP permit 20
match ip address 102
set ip next-hop 10.1.102.1
!
what do you think?
@lello Why put in additional work when the lab provided works just fine on the ecam? Keep it simple.
Do we need to use (route-map pbr permit 20) anymore or not
Hi,
Could you please send me the latest dumps for CCNP Route?
{email not allowed}
ricky.rich19999 @ gmail . com
Thanks!
Ricky
Lello
Hi.
acl 102 will announce everything to the address 10.1.102.1 , is a silent action because eigrp and serial and fE links.
Hi,
Could you please send me the latest dumps for CCNP Route?
mohamad.hamdan1 hotmail.com
Hi All i am just going for this exam after 2 days is there any update or any one want to share change material so please share, Advance thanks
I built this lab in GNS3 using a router for the HOST. There is not a good way to test this, so I decided to use IP SLA. Boarder router now shows http matches on the pbr route-map. Here is the config.
ISP1:
ip sla responder
HOST_For_Testing:
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip sla 1
http get http://10.1.101.1
ip sla schedule 1 life forever start-time now
Guys, urgent. Does anyone have GNS3 configs for this PBR route map lab? I need to practice.
Please send to my email or share link download mediafire.
ubergrabbies at gmail dot com
Please anyone
Guys, a friend of mine took Route today and passed; for some labs, copy run start/wr works, while some does not (involved config change). If it does not work, you marks won’t get deducted (as they meant the exam to be like that). ‘Pipe’ does not work. Thankfully ‘tabbing’ works. For some commands that does not work, you have to find another way to verify (sh run etc – Cisco did this to ensure you know how to verify thru configs instead of IOS command). There’s one command ‘sh ip eigrp topology’ does not work, but ‘sh ip eigrp 1 topology’ works. So please state the process id if it does not work. He said labs are fine, the objectives quite hard.
Below is his comments;
THANKS EHAB/DIGITALTUT; DUMP VALID
But please do not memorize dumps cause some questions they changed something – please ensure u understand it.
If some commands does not work and you were not meant to use it, the error message will say ‘Command not implemented etc…’ when you executed the IOS command.
There’s always another way to verify/troubleshoot it (sh run etc…)
13th Oct; Passed with 839/1000
LAB EXAMS:
———-
EIGRP Evaluation Sim – comments below;
—————————————-
-command ‘sh ip route’ on R6 does not work; i can only do ‘sh run’
-why do i need to use ‘sh ip route’? Because there’s 2 loopback configured at R6, i need to know
which one should i choose
-so i guess Cisco purposely disable it to make my life hard; they want us to verify routing via configs
-from ‘sh run’ at R6, i can see that 172.16.6.6 is configured, but it was not advertised out because there’s
‘distribute-list 1 out’ being configured, where the ACL denied loopback IP 172.16.6.6.
-another simpler way to verify is that ‘172.16.6.6’ loopback is not shown in R1 routing table (sh ip route); thus we can say that loopback ip that we should use is 150.1.6.6
-another thing to take note is that ‘show ip eigrp topology’ command does not work in R1 (not sure on other router, i haven’t tested it out) – per suggested on Digitaltut, we should use the EIGRP process ID. Then it works like charms. I’ve executed ‘sh ip eigrp 1 topology’ and it works. Luckiliy i read this part from Digitaltut. However, if this happens and you don’t have any idea on this, i guess ‘tab’ or ‘tabbing’ will give you an idea (tabbing works in Exam labs)
OSPF Sim – comments below;
—————————
-everything the same except the IP. no surprises here. easy.
-tabbing works, and copy running-config startup-config works. I did ‘wr’ command too and it works.
IPv6 OSPF Virtual Link Sim – comments below;
——————————————-
-copy run start/copy running-config startup-config/wr does not work – so just ignore it (you marks won’t get deducted)
-everything is the same
-in this scenario, i can see the loopback ip from R1 after added and remove virtual links, so i don’t have to make any changes on the
loopback ip (that has to be in area interfaces)
you guys who needs updated dump for ROUTE 300-101 can contact me: philipsmeloo @ gmail . com
Thank you,
Why does the acl only include http port? The scenario says web traffic, so, should the https port include in the acl as well?
Answer & explanations for why you don’t need IP SLA is wrong.
If the next-hop “goes down”, then Border Router would still have an entry in its routing table for the network, since it’s a directly connected network. Thus, the Route-map would continue matching.
You can try this yourself by doing a “shut” on ISP1’s interface. You will see the route-map will keep matching.
I will be configuring IP SLA, Track, and verify-availability.
access-list 100 permit tcp any any eq www
route-map SPLIT permit 10
match ip address 100
set ip next-hop verify-availability 10.1.101.1 1 track 1
ip sla 1
icmp-echo 10.1.101.1
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability
… Then apply the route-map fa0/0.
is there any one to answer this question?
which feature can automatically assign ip addresses in a pppoe environment?
ip address negotiate
Dears I failed yesterday there is many new question is add in the exam they also add new lab exam
@liaqat: ppp
@laqat PPP
@X
I think you’re right if it was an Ethernet interface, but generally the line protocol would with the connected route lost when unreachable for this case because it’s a serial link.
Probably a safe bet though, nevertheless, so I’ll be using ip sla tracking if I can remember the commands…
dumps are valid??? did anyone make an attempt recently