Topic: 300-410 topic 1 question 276

An engineer must override the normal routing behavior of a router for Telnet traffic that is destined to 10.10.10.10 from 10.10.1.0/24 via a next hop of 10.4.4.4, which is directly connected to the router that is connected to the 10.1.1.0/24 subnet. Which configuration reroutes traffic according to this requirement?

A.
access-list 100 deny tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 ! route-map POLICY permit 10 match ip address 100 set ip next-hop 10.4.4.4 route-map POLICY permit 20
B.
access-list 100 permit tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 ! route-map POLICY permit 10 match ip address 100 set ip next-hop 10.4.4.4 route-map POLICY permit 20
C.
access-list 100 permit tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 ! route-map POLICY permit 10 match ip address 100 set ip next-hop recursive 10.4.4.4 route-map POLICY permit 20
D.
access-list 100 permit tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 ! route-map POLICY permit 10 match ip address 100 set ip next-hop recursive 10.4.4.4

Re: 300-410 topic 1 question 276

no need to config recursive

----
The recursive next-hop IP address is installed in the routing table and can be a subnet that is not directly connected. If the recursive next-hop IP address is not available, packets are routed using a default route.
---
https://www.cisco.com/en/US/docs/ios/iproute_pi/configuration/guide/iri_prb_rec_next_hop_external_docbase_0900e4b1810fe58b_4container_external_docbase_0900e4b181525fed.html

Re: 300-410 topic 1 question 276

B = correct..
Fully agree, you do NOT need recursive option in this example. It clearly state "directly connected", it can just reach the next hop as it has an interface in the subnet where the next hop resides.  Also "the Permit 20 does not harm in route map." however it is not required in this use case.

Re: 300-410 topic 1 question 276

I believe the 10.4.4.4 is not directly connected to this router, but is connected to a router behind 10.1.1.0/24 subnet. So recursive would be necessary. In that case I would go for answer D.

Re: 300-410 topic 1 question 276

the question states "which is directly connected to the router", so i do not see any requirement for recursive lookups here...

Re: 300-410 topic 1 question 276

D is the correct answer because the next-hop is not directly connected then "recursive" is necessary and "Policy 20" is not needed.

Re: 300-410 topic 1 question 276

Why are so many people voting D when then question clearly states "via a next hop of 10.4.4.4, which is DIRECTLY CONNECTED to the router" ?

Re: 300-410 topic 1 question 276

D is correct.
route-map POLICY permit 20 is not used in PBR.
If you do not match packets on a route-map during PBR, PBR does not take any action on that packet, and is routed normally per the routing table/FIB/etc.

Re: 300-410 topic 1 question 276

There are 4 Devices 1. LAN PC 10.10.1.X/24 -- > Router directly connected to 10.10.1.X -->Router with IP 10.4.4.4 --> destination 10.10.10.10.

Just understand there are 4 nodes.
1.Client 10.10.1.X/24
2. Router connected to 10.10.1.X
3 Router we choose as next hop (10.4.4.4)
4. Destination 10.10.10.10
You are configuring node 2 and choosing node 3 as next hop. No recursive needed. Permit 20 does not harm in route map.

Re: 300-410 topic 1 question 276

D is the best answer.
At first I thought it was C, but I went back to my notes, a PBR does NOT require a second statement for traffic that is supposed to follow the RIB programming.
But Recursive keyword is required. Based on the wording of the problem it sounds like the router is not directly connected to 10.4.4.4.

"...override the normal routing behavior of a router...via next hop of 10.4.4.4 which is directly connected to the router that is connected to the 10.1.1.0/24 subnet..."

Re: 300-410 topic 1 question 276

team for me correct is "C", because the next hop (recursive) is remote and not connect directly and its necessary continue route map with seq "20", because block or deny rest traffic

Re: 300-410 topic 1 question 276

For me D is the correct answer, because in this case u need the recursive command, the 10.4.4.4 is NOT directly connected to the router.

Re: 300-410 topic 1 question 276

draw a chema and you know that is not directly connected. Therefore must be recursive. co C or D, for me C is right, should be permit any at the end

Re: 300-410 topic 1 question 276

I try to picture the path, but it's still not clear whether the "next-hop 10.4.4.4" is directly connected to the router with PBR or not.
Source: 10.10.1.0/24 || PBR || -> ??? -> next-hop 10.4.4.4 ->  10.1.1.0/24  -> destination: 10.10.10.10
B or D. Depends on the topology.

Re: 300-410 topic 1 question 276

B because it is directly connected, the option "recursive" does not need to be used.

Re: 300-410 topic 1 question 276

Next hop router is connected to 10.1.1.0/24 but there is no info if it is directly connected to router on which we are configuring PBR. Since last permit is not needed in PBR the answer should be D

Re: 300-410 topic 1 question 276

read the question again mate. they explicity say 10.4.4.4 is directly connected.

  • JoeyT
  • New member
  • Offline

Re: 300-410 topic 1 question 276

wrong. ... directly connected to the router that is connected to 10.1.1.0/24... means NOT directly connected...

Re: 300-410 topic 1 question 276

Why is permit 20 not needed in PBR?

Re: 300-410 topic 1 question 276

Ask cisco not me mate big_smile

Re: 300-410 topic 1 question 276

No need of recursive option

Re: 300-410 topic 1 question 276

Since it is not directly connected to this router C is the best option. We need also a permit 20 statement in the route map for the rest of the traffic. Sorry for the confusion.

Re: 300-410 topic 1 question 276

Answer is B, Key work is "directly connected to the router"

Re: 300-410 topic 1 question 276

PBR does not need a default permit

Re: 300-410 topic 1 question 276

I never had to configure a default permit policy for PBR... I think D is good enough