CCIE R&S v5 Advanced Technology Labs - IP Routing- Policy Routing

The question asks:

  • Access-list FROM_R4 should match all IPv4 traffic sourced from R4's Ethernet segment.
  • Access-list FROM_R6 should match all IPv4 traffic sourced from R6's Ethernet segment.

The solution defines an access list specific to R4's interface (permit ip host any) and R6' interface (permit ip host any) on the access-list. 

Is this question specific enough? It is asking about "all IPv4 tracffic sourced from the router's Ethernet segment", but not all IPv4 tracffic sourced from the router's interface. 

Can someone please clarify if this question is implying that the access-list should specify the host ip address and that a "permit ip any" solution would not be an acceptable solution? How could a persone figure out that we need to use a specific host ip address on the acces-list?

A second question is that each of these routers has more than 1 interfaces connected to an Ethernet segment. How can we determine which one the question is asking about?

Thanks for the assistance



  • hello,

    yes this question is pretty specific in my opinion. it jst takes a close and some ip forwarding logic to really interpret what the task asks.

    first of all your question about if the question is specific enough since it asks for all ipv4 traffic sourced from the router's ethernet segment bt not all from the router's (i assume other) interface, well remember the router's have a default route pointing to r1's ip add on the shared segment, so pretty much all its traffic would be sourced from the shared segment, after configuring the default route you can do a sh ip cef x.x.x.x (for any ip) to check which egress interface the router will source its ip off and you will discover for all routes for which it doesnt have a longer prefix it would source it off the ip on the shared segment since its default route points out the ip on that interface.


    for the specific host ip address on the acl on r1 well thats pretty obvious if r1 receives 2 packets from .4 and .6 and needs to apply 2 different policies to the packets a wc acl wouldnt help now would it. you need an acl that can differentiate between both because r1 sends .4 packets one way and .6 packets another

  • senatoredu's comment makes sense. We have to use a specific ip access-list otherwise R1 wouldn't be able to differentiate which packet is coming from .4 or .6 in order to apply the route-map

    The question and the solution make sense.

    thanks for the help,

Sign In or Register to comment.