Eduardo, thank you for clarification!

Even carefully repeated reading uncovered this.

R.


On Fri, Aug 10, 2012 at 5:37 PM, Eduardo De Los Cobos <
[email protected]> wrote:

> Radim,
>
> The requirement ask for the second route-map on the manner you can have
> visibility of the non-matched traffic.
>
> If you have the second default route-map you can see the counters of the
> traffic not-matched in the first policy entry.
>
> It works anyway, but you have or have not visibility and accounting.
>
> Regards.
>
> Enviado desde mi iPhone
>
> El 10/08/2012, a las 09:51, Radim Jurica <[email protected]>
> escribió:
>
> Hi guys,
> I don't understand requirement in Yusuf's question 8.2 (lab2) for
> second/default route-map policy
>
> Part of the question is: Ensure that your solution does not impede any
> traffic, and all other traffic flows uninterrupted through R3.
>
> From explanation part:
> To mitigate the virus traffic, you need to configure PBR (route-map)—one
> route-map to match the TCP traffic
> based on the virus criteria, and a second route-map with no parameters
> (without match/set commands). This is
> similar to a default policy that matches all other traffic to pass through
> uninterrupted. A route-map configuration
> model has no default policy. Therefore, you need to explicitly configure
> the second route-map to mimic default
> policy, allowing all remaining traffic.
>
> I tested route-map functionality without that second/default route-map and
> it works! Or missing something?
>
>
> Design (not same as in book)
> ======
>
> R1 <---> (ip policy route-map) R2 <----> (192.168.1.2) R3
>
>
>
> Config
> =====
> route-map TEST permit 10
>  match ip address 100
>  set interface Null0
> !
> interface FastEthernet0/0
>  ip address 10.10.10.1 255.255.255.0
>  ip policy route-map TEST
>  duplex auto
>  speed auto
> !
> access-list 100 permit icmp any any
> access-list 100 permit tcp any any eq 22
> !
>
> Shows
> =====
> R2#sh route-map
> route-map TEST, permit, sequence 10
>   Match clauses:
>     ip address (access-lists): 100
>   Set clauses:
>     interface Null0
>   Policy routing matches: 13 packets, 1050 bytes
>
> R2#sh access-l 100
> Extended IP access list 100
>     10 permit icmp any any (5 matches)
>     20 permit tcp any any eq 22 (8 matches)
>
> Verification
> ============
> R1#pi 192.168.1.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
> R1#ssh -l c 192.168.1.2
>
> R1#192.168.1.2
> Trying 192.168.1.2 ... Open
>
>
> User Access Verification
>
> Username:c
>
>
> Thanks !!
>
> Radim
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
> Are you a CCNP or CCIE and looking for a job? Check out
> www.PlatinumPlacement.com
>
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to