The answers provided in this section are not necessarily the only possible answers to the questions. The questions are designed to test your knowledge and to give practical exercise in certain key areas. This section is intended to test and to exercise skills and concepts detailed in the body of this chapter.
If your answer is different, ask yourself whether it follows the tenets explained in the answers provided. Your answer is correct not if it matches the solution provided in the book, but rather if it has included the principles of design laid out in the chapter.
In this way, the testing provided in these scenarios is deeper: It examines not only your knowledge, but also your understanding and ability to apply that knowledge to problems.
If you do not get the correct answer, refer back to the text and review the subject tested . Be certain to also review your notes on the question to ensure that you understand the principles of the subject.
Scenario 18-1 Answers
1:
The hospital policy states that the FTP traffic from the X-ray department (201.77.11.0/24) should be forwarded to the Biggun Server at 201.77.12.79 and that it should be sent across the leased line, which is a T1 connection. What would the configuration look like?
A1:
The configuration would be as follows:
Router(config)# interface e0 Router(config-if)# ip address 201.77.11.1 255.255.255.0 Router(config-if)# ip policy route-map xray Router(config)# access-list 101 permit tcp 201.77.11.0 0.0.0.255 any eq ftp Router(config)# access-list 101 permit tcp 201.77.11.0 0.0.0.255 eq ftp-data any Router(config)# route-map xray permit 10 Router(config)# match ip address 101 Router(config)#set ip next-hop 201.77.10.2
2:
The Telnet sessions and e-mail connections should be sent across the Frame Relay link. This traffic is from the same department (201.77.11.0.0/24) and is connecting to the same server. What would the configuration look like?
A2:
The configuration would be as follows:
Router(config)# interface e0 Router(config-if)# ip address 201.77.11.1 255.255.255.0 Router(config-if)# ip policy route-map xray Router(config)# access-list 101 permit tcp 201.77.11.0 0.0.0.255 any eq ftp Router(config)# access-list 101 permit tcp 201.77.11.0 0.0.0.255 eq ftp-data any Router(config)# access-list 106 permit tcp 201.77.11.0 0.0.0.255 any eq smtp Router(config)# access-list 106 permit tcp 201.77.11.0 0.0.0.255 any eq telnet Router(config)# route-map xray permit 10 Router(config-route-map)# match ip address 101 Router(config-route-map)# set ip next-hop 201.77.10.2 Router(config)# route-map xray permit 20 Router(config-route-map)# match ip address 106 Router(config-route-map)# set ip next-hop 201.77.18.5
Remember that if there is no match or the match is a deny, the packet is not discarded but sent to the routing process to be routed by destination. If, however, the routing table has no entry for the destination, the packet will at this point be dropped. This is not a function of route maps but rather of the normal routing process.
3:
What commands would you use to verify that the policy-based routing is configured correctly and operating normally?
A3:
The commands that should be used to verify the policy-based routing are as follows: