Policy Based Routing Sim
Question
Company TUT has two links to the Internet. The company policy requires that web traffic must be forwarded only to Frame Relay link if available and other traffic can go through any links. No static or default routing is allowed.
Answer and Explanation:
Notice: The answer and explanation below are from PeterPan and Helper.Please say thank to them!
All the HTTP traffic from the EIGRP Network should go through Frame Relay link if available and all the other traffic should go through either link.
The only router you are able to administrate is the Border Router, from the EIGRP Network you may only send HTTP traffic. As the other people mentioned, actually it is not a BGP lab. You are not able to execute the command “router bgp 65001”
1) Access list that catches the HTTP traffic:
BorderRouter(config)#access-list 101 permit tcp any any eq www
Note that the server was not directly connected to the Border Router. There were a lot of EIGRP routes on it. In the real exam you do not know the exact IP address of the server in the EIGRP network so we have to use the source as “any” to catch all the source addresses.
2) Route map that sets the next hop address to be ISP1 and permits the rest of the traffic:
BorderRouter(config)#route-map pbr permit 10
BorderRouter(config-route-map)#match ip address 101
BorderRouter(config-route-map)#set ip next-hop 10.1.101.1
BorderRouter(config-route-map)#exit
(Update: We don’t need the last command route-map pbr permit 20 to permit other traffic according to Cisco:
“If the packets do not meet any of the defined match criteria (that is, if the packets fall off the end of a route map), then those packets are routed through the normal destination-based routing process. If it is desired not to revert to normal forwarding and to drop the packets that do not match the specified criteria, then interface Null 0 should be specified as the last interface in the list by using the set clause.”
Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml)
| Note: We don’t need to use IP SLA to track the next-hop IP address as the “set ip next-hop” did this. From this link: https://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/47121-pbr-cmds-ce.html “The set ip next-hop command verifies the existence of the next hop specified, and… + If the next hop exists in the routing table, then the command policy routes the packet to the next hop. + If the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.” So if the next-hop 10.1.101.1 goes down the PBR will use normal routing table. |
3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config-route-map)#exit
BorderRouter(config)#int fa0/0
BorderRouter(config-if)#ip policy route-map pbr
BorderRouter(config-if)#exit
BorderRouter(config)#exit
4) There is a “Host for Testing”, click on this host to open a box which includes a button named “Generate HTTP traffic”. Click on this button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the command “show route-map”.
BorderRouter#show route-map
In the output you will see the line “Policy routing matches: 9 packets…”. It means that the route-map we configured is working properly.
Note: We have posted a Policy Based Routing lab on GNS3 similar to this sim with detailed explanation, you can read it here.
Other lab-sims on this site:
Cleared Exam Today … !!!!
149Q +Tagwa 41 Qs are still valid.
Got the followng Labs+Sim in exam
OSPF Evaluation
EIGRP OSPF Redistribution
Policy Based Routing
OSPFv3 Virtual Link
Thanks DigitalTut and all those who shares their knowledge and useful stuff.
Others who are preparing or ready to take exam — Best Of Luck —
Lots of new question on the exam good luck to everyone. Labs are slightly different. I can’t remember what, but they were easy
Labs were almost the same as 9tut. Wording has change. PBR still the same. New questions on the exam, if you read through CCNP Cisco Press you can eliminate the answers and go with the best one.
149Q +Tagwa 41 Qs PLEASE HELP taking the exam on the 21th THANK YOU southern.kick16 @ gmail.com
please send dumps (149Q +Tagwa 41 Qs)
telgin1980 -at- gmail -dot- com
I pass my exam today with 947 marks. 149 + 41 are 100% valid. All questions from these two dumps nothing else.
OSPF V3
OSPF Evaluation
Redistribution
PBR
OSPF V2
CHAP Drag and Drop
Hello everyone, I have a question that is below.
1) have a two internet connection in one router.
2) Router configuration for LAN, may be create two VLANs (eg:Manager and Staff). So ManagerVlan use only one internet connection and StaffVlan also use other.
*How to configure policy-based routing.
If u have the same design, plz send me{ heinkyaw.phk add gmail. com }
Plz, Let me know any suggestions…
Who passed exam? Please share your practice and about dumps.
Hi Guys,
From following link CCNP Labs +149Q +Tagwa 41 Qs can be downloaded.
Note: Remove (total 8)”$” from the link to work
ht$$tps:$$//1drv.ms/f/$$s!Aq7EzlPsYq2YgSN-WUs6kzGVn2V9K$$
Please share the dump {email not allowed}
ramachandra100 @ gmail.com
Folks iğ sla not necesray in this exam
Just needed in real life :)
True the next step with policy based is implementing
set ip next-hop verify-availability 10.1.101.1 1 track 1 with the lifetime kicker
ip sla monitor schedule 1 life forever start-time now
I took the exam on January the 23rd and 149, 41 are still valid
@help for pbr
You don’t need the permit 20 entry, it is explained at the beginning of the page.
All,
You can test this like you would in the exam if you would have dug back into this forum’s pages to find out how. However, I will help the lazy just because so no one can say I did not make it easy on them.
DO the sim as it says on here meaning do not change www to echo. You do not need to do that to test the result in GNS3. To test, type “telnet 10.1.101.1 80”. Run the show route-map command to see the results. Done…
Now, get on with it!
Cheers!
@metastabil, you are right brother. I wonder why the site owner doesn’t update the solution with the correct configs.
IP SLA / path control via PBR if* next hop is available.
FYI: The lab SIMs I found have different IPs going to the “HTTP Traffic” cloud and “All other traffic” cloud, so don’t get confused as you go through their explanation. I was scratching my head saying “wft???”
Guys, do not overcomplicate things.
We don’t need neither IP SLA nor a 2nd pbr statement. The EIGRP protocol running on the Border Router will install the EoMPLS path in the routing table, which is used as a default route towards public destinations because of the lower distance (FastEthernet Vs. Serial, FastEthernet wins). If the Serial interface fails, its route will be simply removed from the topology, that’s it. The EoMPLS route will still be the one still installed in the routing table and it will be used to route *all* traffic, HTTP included. Regardless, IP SLA is not supported by the exam simulator. The 2nd pbr statement is not needed either because route maps do NOT work like ACLs, whatever doesn’t match it’s routed through normal forwarding, it’s NOT dropped as you may think.
You have to understand that the lab is only a tiny part of a more complex real life scenario. If you want to proper test how the whole thing works in the GNS3 lab you need another router connected to both ISP1 and ISP2. Set up a loopback on it, advertise its address, enable the http server on the router and telnet to the loopback on port 80 from the EIGRP_Network router while debug ip policy is active on the Border router. See the difference when you telnet to different ports and when you shut the Serial down on either the Border or the HTTP_Traffic router. Telnetting to ISP1 on port 80 is NOT a reliable test because those packets will be forwarded through the Serial path regardless of PBR. When you generate HTTP traffic in the exam simulator you are actually sending packets *beyond* the ISP1 router (HTTP_Traffic in GNS3), which is why you need a further router to test the lab in GNS3.
TL;DR: the correct answer is as follows.
Border(config)#access-list 101 permit tcp any any eq www
Border(config)#route-map pbr permit 10
Border(config-route-map)#match ip address 101
Border(config-route-map)#set ip next-hop 10.1.101.1
Border(config-route-map)#interface FastEthernet0/0
Border(config-if)#ip policy route-map pbr
@CoolGuy the link you posted is NOT working
I completed this lab using GNS3 and it would ping even before the configs were completed. Also noticed that the route map showed packets matching pbr 20. This could lead back to where you should not have to enter an empty route map for pbr 20.
@theonlyprincess its working. i have just downloaded now. remove the $$$$$$$
Thanks @coolguy
???
The company policy requires that web traffic must be forwarded only to Frame Relay link if available ===========
if link available ? or traffic available ?
Border(config)#access-list 101 permit tcp any any eq www ===== all web traffic
Border(config)#access-list 101 permit tcp any any eq 443 ===== all web traffic
Border(config)#route-map pbr permit 10
Border(config-route-map)#match ip address 101
Border(config-route-map)#set ip next-hop 10.1.101.1 ==== send to frame relay if interface is UP
Border(config-route-map)#set ip next-hop 10.1.102.1 ====== in case failure frame relay
Border(config-route-map)#exi
Border(config)#route-map pbr permit 20 ==== for all other traffic
Border(config-route-map)#set ip next-hop 10.1.102.1
Border(config-route-map)#interface FastEthernet0/0
Border(config-if)#ip policy route-map pbr
This command:
Border(config)#route-map pbr permit 20 ==== for all other traffic
is not necessary.
hi to all
may i have 15q please
merter.metro (at) gmail . com
For exams do we need to add “any any eq www” ? or something else? thanks a lot
Plz sen me a latest dumps
michel.darcho (at) gmail . com
@avi u need to add any any eq www
u need to give same command as given above
hello guys ,can someone send me the valid dumps for 300-101
i’m writting my exam within four days.
tsafongromuald at gmail dot com
regards
i need new 15 q in ccnp route in valid dump
Pass with good marks on March 2nd. Q149/Q41/Q15 still valid. Labs OSPF Eval + PBR + OSPF Virtual Link + Route Distribution + EIGRP Stub – all on exam.
Hello,
CoNgRaTs to all who just passed the exam. Hope we all do great !
Kindly email me the latest dumps?
Email: soso – 44000 @ hotmail . com
Thanks in advance,
Can someone send me the 15q please on:
hazem.ahmed.abuelfotoh@ g m a i l . c o m
Please sent Q149/Q41/Q15 still valid… ahkmad[dot]saprudin[at]gmail[dot]com
All I have ccnp routing 300-101 exam tomorrow, can any one please send new 15Q for me in {email not allowed}
Hi All I have ccnp routing 300-101 exam tomorrow, can any one please send new 15Q for me in meta4london[at][gmail][dot]com.
Many Thanks
Anyone with verifiable Dumps please email to jfuentessenior GMAIL COM……testing on March 17……..any help for the 149+15……most appreciated!!
Which dumps valid for 300-101?
Please help me.
any updates Jrouter? did you pass the exam?
Hi Everyone,
Please share this dumps 149q+41q+15q or any latest valid dumps if available.
san242721 @ gmail com
i had done this lab but what is the way to test the simulation that is it working properly or nottttt
Guys i have a question about this . Once you have configured this and you do a
show route-map
if its correct In the output you will see the line “Policy routing matches: 9 packets…”. It means that the route-map we configured is working properly.
Do we then have to do anything else in this eg trace route or prove which link its going over etc ? If so what ?
Just to clarify on my last comment i meant in the exam ?
Hi,
Please, Anyone with Dumps validated please send to email {email not allowed}…… 15 New questions !!!
Thanks
Hi Everyone,
Please share this dumps 149q+41q+15q or any latest valid dumps if available.
{email not allowed}
Hi Everyone,
Please share this dumps 149q+41q+15q or any latest valid dumps if available.
gokdin @ hotmail.com
Hi everyone,
I am sharing 252q+149q+41q+15q dump files as below. Good luck
https://mega.nz/#F!PA0HwLLJ!6K7RQ6Lu1O2BoNx3eDg5tA
Hi guy
Please share this dumps VCE 149+41+15+183+56+82+32+8
thanks
ngocthanhkien9200 @ gmail com
guys help me
In which scenario can asymmetric routing occur.
1. active/active firewall setup
2. reduntant routers running VRRp
3. active/standby firewall setup
4. simple path in and out of the network