Refer to the exhibit. AS 111 must not be used as a transit AS, but ISP-1 is getting ISP-2 routes from AS 111. Which configuration stops Customer AS from being used as a transit path on ISP-1?
-solution C) if applied on customer edge
-solution D) if applied on ISP1 -> in this case it is
-from neighbor 192.168.11.111, receive only the routes originated from AS 111 (and no Internet routes)
At the end: clear ip bgp x.x.x.x soft in
https://community.cisco.com/t5/routing/bgp-using-as-path-filtering/td-p/1251694
https://www.ciscopress.com/articles/article.asp?p=169556
_111$ - match prefixes originating in AS 111
^111$ - match prefixes originated and sent from AS 111
^111_ - match prefixes learned from AS 111
_111_ - match prefixes that transited AS 111
Correct answer is D
BGP Filtering Lab 2 (Prevent Transit AS)
By default, BGP will advertise all prefixes to EBGP (External BGP) neighbors. This means that if you are multi-homed (connected to two or more ISPs) that you might become a transit AS
https://learningnetwork.cisco.com/s/article/BGP-Zero-to-Hero-Part-8-BGP-filtering-methods
Filter-list with AS PATH access-list
R1(config)#ip as-path access-list 1 permit ^$
R1(config-router)#neighbor 192.168.12.2 filter-list 1 out
R1(config-router)#neighbor 192.168.13.3 filter-list 1 out
The ^$ regular expression ensures that we will only advertise locally originated prefixes.
We will have to apply this filter to both ISPs' neighbors.
D is the Correct Answer.
Because the question is about what can be done on the ISP-1 router so that it allows routes that originated in AS 111
ip as-path access-list 1 permit ^111$ -
^ matches beginging of the string
111 - is the string
$ matches end of the string
C is right.
The local routes stills do not have it's own AS in NLRI AS-Path attribute. I am sure it's C. you can check it in BGP table, just look the local routes there and you are going to see none ASN.
Configuration applied on ISP-1: "ip as-path access-list 1 permit ^$" = solution "C" means receive only networks originating in the local AS (AS 100) and no Internet routes. So, no routes from AS111 are received, which is not the intended result.
The correct configuration to prevent Customer AS 111 from being used as a transit path on ISP-1 is option D: ip as-path access-list 1 permit ^111$.
This configuration creates an access-list named "1" that permits only AS paths that consist of only AS 111. The "^" character matches the beginning of the AS path, the "$" character matches the end of the AS path, and the digits "111" match the AS number. Any other AS path, including those that pass through AS 111, will not match this access-list.
The question is refer to configuration stops Customer AS from being used as a transit path on "ISP-1" not on CE
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.300-410 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HungarianDish_111
Highly Voted 2 years agod740f62
1 year, 1 month agoKeegom
Highly Voted 1 year, 1 month ago[Removed]
Most Recent 10 months ago[Removed]
10 months, 1 week ago[Removed]
10 months, 2 weeks agoBroekie
12 months agoZamanR
1 year, 5 months agoMJM1973
1 year, 6 months agoaqwsdfghjklp
1 year, 6 months agoMuste
1 year, 10 months agoMalasxd
2 years agoHungarianDish_111
2 years agointeldarvid
1 year, 10 months agoTypovy
2 years, 1 month agosasasan12345
2 years, 2 months agoTitini
2 years, 3 months agoTitini
2 years, 3 months agoellen_AA
2 years, 4 months agoshoo83
2 years, 4 months agoHermin
2 years, 3 months ago