I think yousuf meant by second route-map is that to create new RMap for virus and not modify the the default?
On Saturday, August 11, 2012, Kingsley Charles wrote: > That is not required. > > With regards > Kings > CCNA,CCSP,CCNP,CCIP,CCIE 35914 (Security) > > > On Fri, Aug 10, 2012 at 8:21 PM, Radim Jurica > <[email protected]<javascript:_e({}, 'cvml', '[email protected]');> > > wrote: > >> Hi guys, >> I don't understand requirement in Yusuf's question 8.2 (lab2) for >> second/default route-map policy >> >> Part of the question is: Ensure that your solution does not impede any >> traffic, and all other traffic flows uninterrupted through R3. >> >> From explanation part: >> To mitigate the virus traffic, you need to configure PBR (route-map)—one >> route-map to match the TCP traffic >> based on the virus criteria, and a second route-map with no parameters >> (without match/set commands). This is >> similar to a default policy that matches all other traffic to pass >> through uninterrupted. A route-map configuration >> model has no default policy. Therefore, you need to explicitly configure >> the second route-map to mimic default >> policy, allowing all remaining traffic. >> >> I tested route-map functionality without that second/default route-map >> and it works! Or missing something? >> >> >> Design (not same as in book) >> ====== >> >> R1 <---> (ip policy route-map) R2 <----> (192.168.1.2) R3 >> >> >> >> Config >> ===== >> route-map TEST permit 10 >> match ip address 100 >> set interface Null0 >> ! >> interface FastEthernet0/0 >> ip address 10.10.10.1 255.255.255.0 >> ip policy route-map TEST >> duplex auto >> speed auto >> ! >> access-list 100 permit icmp any any >> access-list 100 permit tcp any any eq 22 >> ! >> >> Shows >> ===== >> R2#sh route-map >> route-map TEST, permit, sequence 10 >> Match clauses: >> ip address (access-lists): 100 >> Set clauses: >> interface Null0 >> Policy routing matches: 13 packets, 1050 bytes >> >> R2#sh access-l 100 >> Extended IP access list 100 >> 10 permit icmp any any (5 matches) >> 20 permit tcp any any eq 22 (8 matches) >> >> Verification >> ============ >> R1#pi 192.168.1.2 >> >> Type escape sequence to abort. >> Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: >> ..... >> Success rate is 0 percent (0/5) >> R1#ssh -l c 192.168.1.2 >> >> R1#192.168.1.2 >> Trying 192.168.1.2 ... Open >> >> >> User Access Verification >> >> Username:c >> >> >> Thanks !! >> >> Radim >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > > -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
