Policy Based Routing CCNP Route Sim
Question:
First you need to create an access-list, which allows all HTTP traffic.
BorderRouter(config)#route-map blockftp permit 10
BorderRouter(config-route-map)#match ip address 111
BorderRouter(config-route-map)#set ip next-hop 13.13.13.2
BorderRouter(config-route-map)#exit
BorderRouter(config)#route-map blockftp permit 20
Question:
Company Route.com has two links which can take it to the Internet. The company policy demands that you use web traffic to be forwarded only to Frame Relay link if available and other traffic can go through any links. No static or default routing is allowed.
I have created above lab in GNS3. BorderRouter and R1 are configured with EIGRP 11. I have used a cloud for generating HTTP Traffic. I connect the e3/0 interface with PC’s NIC using cloud and assigned the following IP.
And also add a manual route for 13.13.13.2 so that my PC can access internal R1 Router.
For this go to Run\cmd (make sure you have admin rights) and use the following command.
Route add 13.13.13.2 mask 255.255.255.255 14.14.14.1 –p
You can use “Route print” command to verify. In testing part I will show you how I generate HTTP traffic from using GNS3 cloud.
GNS3 Configurations:
To made communication between R1 and Borderrouter I use the EIGRP, in real exam lab you don’t have any concerned with routing protocol for this Sim you just need to create ACL and Route map in real exam.
BorderRouter Configurations:
R3#config t
R3(config)#hostname Borderrouter
Borderrouter(config)#interface e3/0
Borderrouter(config-if)# ip address 14.14.14.1 255.255.255.0
Borderrouter(config-if)#no shut
Borderrouter(config)#interface s1/0
Borderrouter(config-if)# ip address 13.13.13.1 255.255.255.0
Borderrouter(config-if)#no shut
Borderrouter(config)#router eigrp 11
Borderrouter(config-router)#network 13.13.13.0 0.0.0.255
Borderrouter(config-router)#network 14.14.14.0 0.0.0.255
Borderrouter(config)#ip default-gateway 13.13.13.2
R1 Configurations:
R1#config t
R1(config)#interface s1/0
R1(config-if)# ip address 13.13.13.2 255.255.255.0
R1(config-if)#no shut
R1(config-if)# network 13.13.13.0 0.0.0.255
Configurations that you needs in real Exam:
First you need to create an access-list, which allows all HTTP traffic.
BorderRouter#access-list 111 permit tcp any any eq www
Secondly you need to create route-map to send the traffic through Frame-relay interface.
BorderRouter(config)#route-map blockftp permit 10
BorderRouter(config-route-map)#match ip address 111
BorderRouter(config-route-map)#set ip next-hop 13.13.13.2
BorderRouter(config-route-map)#exit
BorderRouter(config)#route-map blockftp permit 20
(Notice: blockftp is just name of route-map, u can use any name. The route-map blockftp permit 20 line allows other traffic than HTTP to be routed. Otherwise, other traffic will be dropped)
3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config-route-map)#exit
BorderRouter(config)#int e3/0
BorderRouter(config-if)#ip policy route-map blockftp
BorderRouter(config-if)#exit
BorderRouter(config-route-map)#exit
BorderRouter(config)#int e3/0
BorderRouter(config-if)#ip policy route-map blockftp
BorderRouter(config-if)#exit
Testing and Verification:
In Real Examthere is a “Host for Testing”, click on that. Then click on this “Generate HTTP traffic” button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the command “show route-map”.
BorderRouter#show route-map
You will see that 9 packets matches which verify that your configurations is correct.
Testing in GNS3:
To test your configurations in GNS3 you just type “http://13.13.13.2” in web browser. Result will be “cannot fine this page” but this will pass some http packets to frame-relay ISP.
Now type the command “show route-map”.
BorderRouter#show route-map
You will see packets matches.
No comments:
Post a Comment