Professional Documents
Culture Documents
Policy Based Routing
Policy Based Routing
Policy Based Routing
Question
Company Acan has two links which can take it to the Internet. The company policy demands that you use web traffic to be forwarded
only to Frame Relay link if available and other traffic can go through any links. No static or default routing is allowed.
Answer and Explanation:
Notice: The answer and explanation below are from PeterPan and Helper.Please say thank to them!
All the HTTP traffic from the EIGRP Network should go through Frame Relay link if available and all the other traffic should go
through either link.
The only router you are able to administrate is the Border Router, from the EIGRP Network you may only send HTTP traffic. As the
other people mentioned, actually it is not a BGP lab. You are not able to execute the command “router bgp 65001″
Note that the server was not directly connected to the Border Router. There were a lot of EIGRP routes on it. In the real exam you do
not know the exact IP address of the server in the EIGRP network so we have to use the source as “any” to catch all the source
addresses.
2) Route map that sets the next hop address to be ISP1 and permits the rest of the traffic:
BorderRouter(config)#route-map pbr permit 10
BorderRouter(config-route-map)#match ip address 101
BorderRouter(config-route-map)#set ip next-hop 10.1.101.1
BorderRouter(config-route-map)#exit
BorderRouter(config)#route-map pbr permit 20
(Notice: the route-map pbr permit 20 line allows other traffic than HTTP to be routed. Otherwise, other traffic will be dropped)
3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config-route-map)#exit
BorderRouter(config)#int fa0/0
BorderRouter(config-if)#ip policy route-map pbr
BorderRouter(config-if)#exit
BorderRouter(config)#exit
4) There is a “Host for Testing”, click on this host to open a box in which there is a button named “Generate HTTP traffic”. Click on
this button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the command “show route-map”.
BorderRouter#show route-map
In the output you will see the line “Policy routing matches: 9 packets…”. It means that the route-map we configured is working
properly.
OSPF Sim
EIGRP Simlet
Comments
1. mongolio
>BorderRouter(-route-map)#exit
>BorderRouter(config)#route-map pbr permit 20
What for is statement route-map pbr permit 20 ? PBR doesnt filter traffic.
2. ukk
3. mongolio
@ukk
PBR doesnt filters traffic, it will route traffic as normal if it denied in route map.
4. Vinch
5. KeN
Hi,
I created the lab on GNS3, but failed to route traffic (ICMP, ping) via FR(10.1.101.2, S1/0). It just route the ICMP packets to
another path (10.1.102.0). Anyone have idea? Actually, does GNS3 support PBR?
interface FastEthernet0/0
ip address 172.16.14.1 255.255.0.0
ip policy route-map testworkstation
interface FastEthernet2/0
ip address 10.1.102.1 255.255.255.0
interface Serial1/0
ip address 10.1.101.1 255.255.255.0
6. Anoni
7. Coco
Are you sure about the route map. I think i would configure like that:
Because the figure said other traffic via ISP2, so to be certain i would set the next-hop 10.1.102.1 for all no-http traffic.
8. digitaltut
The question requires other traffic can go through either ISP1 or ISP2 so we can’t “set ip next-hop 10.1.102.1″ because it will
forward all other traffic to 10.1.102.1
9. ukk
@ mongolio
@ Vinch
Route Maps are used in policy based routing (in addition to the manipulating of the routing updates) of traffic as well. Like an
access contrl list at the end of each route map there is an implicit deny, any traffic not matched with a route map statement is
denied so seq 20 needs to be inlcluded!
This is not correct, Ukk. As mentioned before, seq 20 is not needed. Traffic not matched is indeed denied, but for policy based
routing, a deny means it is not being policy based routed, it will be routed via the routing table instead.
With every route-map you need to consider its function, and what the consequences are of a deny. Policy-based routing has
nothing to do with filtering traffic, it dictates whether to use a policy to route traffic (1), or to use the routing table to route
traffic (2). A permit will do the first (1) , a deny will do the second (2).
11. sotfgine
@ukk, Read this from “CCNP ROUTE 642-902 Official Certification Guide”, chapter 11, page 369
“All route maps have an implicit deny clause at the end that matches all packets not already matched by the route map. PBR
processes packets that match a permit clause using the defined set command. For packets matched by a deny clause, PBR lets
the packet go through to the normal IP routing process.”
12. xxx
@sotfgine ,
I agere with you~~~
“For packets matched by a deny clause, PBR lets the packet go through to the normal IP routing process”
13. LORD
September 1st, 2010
http://www.4shared.com/file/ZHu4r-4E/PBR_ROUTE_EXAM.html
14. Blurp
I had this on my exam, did everything except the Permit 20 and it worked fine
15. LORD
@ALL
Adding Permit 20 or not… will not going to change anything..
But actually adding the Permit 20 route-map.. u can see that the HTTP Traffic is not going to any other destination rather than
over Frame relay link.. if u “telnet 10.1.102.1 www” u won’t see the changes in route-map permit 20.. But u can see the
packets are changing in Permit 10.
Permit 20 is just for the checking propose.
16. siddharth
even me and my friend had this lab but both of us could not do it.
17. E.Poosa
September 12th, 2010
Isn’t there any way to get this as a acceptance ? I mean same result should be when try to ISP-2. **** but u r config is exactly
correct for Border router…..
on my last ROUTE exam it was requiered that non http traffic should have routed through the second link. How do you route
it? is the EoMPLS route the default route for traffic so you just have to reroute http traffic though frame relay link?
thanks in advance
19. Cvetelina
Hi All,
I have one question and will be very happy if someone have an answer :)))
I have to pass the 642-902 but I don’t know are labs the same like 642-901. Please if someone know what is the difference
between two exams (I mean labs.).
Thank you in advance
20. Kamalakar Patil
Hey Guys,
Does anybody have latest CCNP Route (642-902) dumps. I am preparing for the exam. If yes, please reply on the following
mail id: Kamalakar.Patil@techmahindra.com, patilkamlakar99@yahoo.co.in. Many thanks in advance.
21. msxy
guys not typing route-map pbr permit 20 worked fine with u because there is no other traffic then http but if there is it will be
drop on the new cbt nuggets he configured the same good luck!
22. kemot
what will happen when the FR link fails? if ‘next-hop 10.1.101.1′ won’t be reachable, http traffic will be dropped, so maybe
we should consider to use ip sla monitor?
23. hussam
???????
24. jamil
25. TEE
26. TEE
Question team why isn’t there a sequence to permit ip any any in the access-list wouldn’t the implicit deny at the bottom of the
access-list block all other traffic?
For all of you who are still confused, PRB is not filtering, permit 20 not needed yet not causing any error, permit 20 match all
but SETS NOTHING so it’ll forward by the ROUTING TABLE normaly.
Good luck,
28. TEE
I think the example is close but the route-map pbr should be applied to S0/0/0
@:mongolio
If you don’t use the statement route-map pbr permit 20, other traffic (except http), will be routed via two interfaces, so it will
lead looping. Please use traceroute command, you will see it.
30. Tshoot
Confirm if Http service is running on both routers ISP1 & 2. if not, issue the command “ip http server” global configuration.
Gudluck
1. No trackbacks yet.
Add a Comment
Name
Website (not required)
Submit Comment
ROUTE 642-902
• LabSim
• OSPF Hotspot
• EIGRP Questions
• EIGRP Simlet
• OSPF Questions
• BGP Questions
• IPv6 Questions
• Drag and Drop Questions
• Operations Questions
• Share your ROUTE Experience
Network Resources
• CCNA Website
• BSCI/ROUTE Website
• BCMSN/SWITCH Website
• ISCW/ONT/TSHOOT Website
Support Digitaltut
Top
Copyright © 2010 ROUTE 642-902 Questions and Answers
Privacy Policy. Valid XHTML 1.1 and CSS 3.