Tweet
ROUTE (642-902): Policy Based Routing Questions
Question 1
Refer to the exhibit. Based upon the configuration, you need to understand why the policy routing match counts are not increasing. Which would be the first logical step to take?
A. Confirm if there are other problematic route-map statements that precede divert.
B. Check the access list for log hits.
C. Check the routing table for 212.50.185.126.
D. Remove any two of the set clauses. (Multiple set clause entries will cause PBR to use the routing table.)
Answer: B
Explanation
First we should check the access-list log, if the hit count does not increase then no packets are matched the access-list -> the policy based routing match counts will not increase.
Question 2
When policy-based routing (PBR) is being configured, which three criteria can the set command specify? (Choose three)
A. all interfaces through which the packets can be routed
B. all interfaces in the path toward the destination
C. adjacent next hop router in the path toward the destination
D. all routers in the path toward the destination
E. all networks in the path toward the destination
F. type of service and precedence in the IP packets
Answer: A C F
Explanation
The set command specifies the action(s) to take on the packets that match the criteria. You can specify any or all of the following:
* precedence: Sets precedence value in the IP header. You can specify either the precedence number or name.
* df: Sets the “Don’t Fragment” (DF) bit in the ip header.
* vrf: Sets the VPN Routing and Forwarding (VRF) instance.
* next-hop: Sets next hop to which to route the packet.
* next-hop recursive: Sets next hop to which to route the packet if the hop is to a router which is not adjacent.
* interface: Sets output interface for the packet.
* default next-hop: Sets next hop to which to route the packet if there is no explicit route for this destination.
* default interface: Sets output interface for the packet if there is no explicit route for this destination.
Question 3
Refer to the exhibit. Which command would verify if PBR reacts to packets sourced from 172.16.0.0/16?
A. show ip route
B. show policy-map
C. show access-lists
D. show route-map
Answer: D
Explanation
The “show route-map “route-map name” displays the policy routing match counts so we can learn if PBR reacts to packets sourced from 172.16.0.0/16 or not.
Question 4
A policy needs to be implemented on Router B so that any traffic sourced from 172.16.11.0/24 will be forwarded to Router C. Which configuration on Router B will achieve the desired effect?
A. access-list 1 permit 172.16.11.0 0.0.0.255
!
interface s0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.12.3
B. access-list 1 permit 172.16.11.0 0.0.0.255
!
interface e0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.12.2
C. access-list 1 permit 172.16.11.0 0.0.0.255
!
interface e0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.14.4
D. access-list 1 deny 172.16.11.0 0.0.0.255
!
interface s0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.12.2
Answer: A
Explanation
The “next-hop” IP address should be the E1 interface of router C (172.16.12.3) -> A is correct.
Refer to the exhibit. Based upon the configuration, you need to understand why the policy routing match counts are not increasing. Which would be the first logical step to take?
A. Confirm if there are other problematic route-map statements that precede divert.
B. Check the access list for log hits.
C. Check the routing table for 212.50.185.126.
D. Remove any two of the set clauses. (Multiple set clause entries will cause PBR to use the routing table.)
Answer: B
Explanation
First we should check the access-list log, if the hit count does not increase then no packets are matched the access-list -> the policy based routing match counts will not increase.
Question 2
When policy-based routing (PBR) is being configured, which three criteria can the set command specify? (Choose three)
A. all interfaces through which the packets can be routed
B. all interfaces in the path toward the destination
C. adjacent next hop router in the path toward the destination
D. all routers in the path toward the destination
E. all networks in the path toward the destination
F. type of service and precedence in the IP packets
Answer: A C F
Explanation
The set command specifies the action(s) to take on the packets that match the criteria. You can specify any or all of the following:
* precedence: Sets precedence value in the IP header. You can specify either the precedence number or name.
* df: Sets the “Don’t Fragment” (DF) bit in the ip header.
* vrf: Sets the VPN Routing and Forwarding (VRF) instance.
* next-hop: Sets next hop to which to route the packet.
* next-hop recursive: Sets next hop to which to route the packet if the hop is to a router which is not adjacent.
* interface: Sets output interface for the packet.
* default next-hop: Sets next hop to which to route the packet if there is no explicit route for this destination.
* default interface: Sets output interface for the packet if there is no explicit route for this destination.
Question 3
Refer to the exhibit. Which command would verify if PBR reacts to packets sourced from 172.16.0.0/16?
A. show ip route
B. show policy-map
C. show access-lists
D. show route-map
Answer: D
Explanation
The “show route-map “route-map name” displays the policy routing match counts so we can learn if PBR reacts to packets sourced from 172.16.0.0/16 or not.
Question 4
A policy needs to be implemented on Router B so that any traffic sourced from 172.16.11.0/24 will be forwarded to Router C. Which configuration on Router B will achieve the desired effect?
!
interface s0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.12.3
B. access-list 1 permit 172.16.11.0 0.0.0.255
!
interface e0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.12.2
C. access-list 1 permit 172.16.11.0 0.0.0.255
!
interface e0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.14.4
D. access-list 1 deny 172.16.11.0 0.0.0.255
!
interface s0
ip policy route-map policy
!
route-map policy permit 10
match ip address 1
set ip next-hop 172.16.12.2
Answer: A
Explanation
The “next-hop” IP address should be the E1 interface of router C (172.16.12.3) -> A is correct.