300-410 · Question #76
300-410 Question #76: Real Exam Question with Answer & Explanation
The correct answer is D: ip as-path access-list 1 permit ^$ neighbor bgp 45123 neighbor SP-Neighbors filter-list 1 out. To ensure the router advertises only its local networks and acts as a non-transit AS, an AS-path access-list matching an empty AS path (^$) must be applied outbound.
Question
After some changes in the routing policy, it is noticed that the router in AS 45123 is being used as a transit AS router for several service provides. Which configuration ensures that the branch router in AS 45123 advertises only the local networks to all SP neighbors?
Options
- Aip as-path access-list 1 permit ^45123 | neighbor bgp 45123 neighbor SP-Neighbors filter-list 1 out
- Bip as-path access-list 1 permit .* neighbor bgp 45123 neighbor SP-Neighbors filter-list 1 out
- Cip as-path access-list 1 permit ^45123$ neighbor bgp 45123 neighbor SP-Neighbors filter-list 1 out
- Dip as-path access-list 1 permit ^$ neighbor bgp 45123 neighbor SP-Neighbors filter-list 1 out
Explanation
To ensure the router advertises only its local networks and acts as a non-transit AS, an AS-path access-list matching an empty AS path (^$) must be applied outbound.
Common mistakes.
- A.
^45123|is an incomplete or malformed regex; if intended to match paths starting with 45123, it could permit routes that merely passed through AS 45123, not just locally originated ones. - B.
.*matches any AS path, including those with multiple AS numbers, which would permit transit traffic and defeat the purpose of being a non-transit AS. - C.
^45123$would match routes whose AS path consists solely of AS 45123, which is typically for routes received inbound from a peer after it prepends its AS, not for identifying locally originated routes for outbound filtering.
Concept tested. BGP AS-path filtering, non-transit AS
Topics
Community Discussion
No community discussion yet for this question.