350-401 · Question #529
When the "deny" statement is used within a route map that is used for policy-based routing, how is the traffic that matches the deny route-map line treated?
The correct answer is B. Traffic is returned to the normal forwarding behavior of the router.. When a 'deny' statement is matched within a route map used for policy-based routing, the traffic is not policy routed by that statement and instead reverts to the router's normal forwarding behavior based on its routing table.
Question
Options
- ATraffic is routed to the null 0 interface of the router and discarded.
- BTraffic is returned to the normal forwarding behavior of the router.
- CAn additional sequential route-map line is needed to divert the traffic to the router's normal
- DAn additional sequential route-map line is needed to policy route this traffic.
How the community answered
(32 responses)- B94% (30)
- C3% (1)
- D3% (1)
Why each option
When a 'deny' statement is matched within a route map used for policy-based routing, the traffic is not policy routed by that statement and instead reverts to the router's normal forwarding behavior based on its routing table.
Traffic matching a 'deny' statement in a PBR route-map is not discarded; it is merely excluded from policy routing and is then processed by normal routing mechanisms.
In policy-based routing, if a 'deny' statement in a route-map is matched, the router will not apply any policy routing actions defined within that specific route-map line. Instead, the traffic is passed to the next route-map line for evaluation; if no subsequent 'permit' statement matches and applies a 'set' action, or if the end of the route-map is reached, the traffic will be forwarded using the router's standard IP routing table.
While an additional line might be needed for different policy routing, the 'deny' action itself does not require a sequential line to revert to normal forwarding; it's the default behavior if no 'permit' match with 'set' action occurs.
A 'deny' statement explicitly prevents policy routing for the matching traffic by that specific line, thus an additional line for policy routing would only apply if the traffic matched a 'permit' statement.
Concept tested: Policy-Based Routing (PBR) deny statement behavior
Source: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/23769-pbr.html
Topics
Community Discussion
No community discussion yet for this question.