Routing Concepts - Policy Based Routing Lab alternative (and more elegant?) solution

Networking CCIE Enterprise Infrastructure v1.0
, ,
1

Hi,

For your PBR LAB, you use a class-map and policy-map to identify telnet/ssh/http/https traffic then modify the dscp value (af11) on the interface for the route-map’s access-list to match against:

permit ip 155.1.5.0 0.0.0.255 155.1.7.0 0.0.0.255 dscp af11

But for my solution, I simply identified the necessary protocols directly in the extended access-list, see below:

10 permit tcp 155.1.5.0 0.0.0.255 155.1.7.0 0.0.0.255 eq telnet 22 www 443

Is my solution valid?

Thanks.

2

Hey Samirkhair,

This is just my opinion, so take it for the grain of salt it is worth. The goal of any lab is to complete it within the specified restrictions. When I took the lab, I did the same thing, using an access list. I did however rather like seeing the solution they provided, because on a CCIE test, I could easily see them putting in some weird restriction like not being able to specify a port in an access list, just to throw a wrench at you.

So, you accomplished the lab and followed all the requirements, therefore valid. I took their solution as a learning opportunity of a round about way I might not have thought of to get there.

1 Like
3

Thanks for the feedback, I am only just beginning my studies so it is appreciated.

I have been paying attention to how to interpret questions, which can sometimes be ambiguous - not sure if that is intentional or not but the EIGRP Classic Metric Calculation lab was another (which I have also posted a question about). Mentions Host 9 and Host 10 being able to communicate. However, my solution affects other hosts and INEs solution didn’t seem to work at all for me.

Thanks again.

4

Hey Samirkhair,

I know how you feel, I’m about half way through the IPv6 section now and I’ve encountered several where the wording can be difficult to interpret, I do believe it’s intentional as it’s a similar style to their old CCIE practice lab workbooks, which I always heard were some of the best study material for the CCIE Lab. I posted a question on here back in November but never got a response, one of the tasks for MPLS has a task that cannot be completed with the provided restrictions, and even their solution violates the stated requirements. So, it’s not perfect, but I’m still not certain if that was intentional.

5

Hi Samirkhair,

Not sure if this is a problem with the virtualisation but, I do not believe the solution provided actually works:

  • For traffic from hosts 8 and 10 to host 9, I had to use the “set ip next-hop verify-availability” command under the route map so the ip sla can trigger the failover.
  • For traffic from host 5 to host 7, I ended up doing the same thing you did: matching incoming traffic with an access list and using the “set ip next-hop verify-availability” command in the same route map.
  • I tried verifying the solution provided by INE using show commands and packet captures but, unfortunately, trafiic does not match the expected behaviour. I am unsure whether I am missing something when applying the solution but, I cannot simply get it to work.

Cheers.-