nerdexam
Cisco

350-401 · Question #630

An engineer must configure a router to leak routes between two VRFs. Which configuration must the engineer apply? A. B. C. D.

The correct answer is B. ip access-list extended acl-to-red permit ip 10.1.1.0 0.0.0.255 any route-map rm-to-red permit 10 match ip address acl-to-red ip vrf RED rd 1:1 import ipv4 unicast map rm-to-red. Option B is correct because all three components are properly configured: the ACL correctly matches the source network (10.1.1.0 0.0.0.255 as the source, any as destination), the route-map references the ACL by its correct name (acl-to-red), and the VRF import statement uses the

Submitted by kev92· Mar 6, 2026Infrastructure

Question

An engineer must configure a router to leak routes between two VRFs. Which configuration must the engineer apply? A. B. C. D.

Exhibits

350-401 question #630 exhibit 1
350-401 question #630 exhibit 2
350-401 question #630 exhibit 3
350-401 question #630 exhibit 4
350-401 question #630 exhibit 5
350-401 question #630 exhibit 6
350-401 question #630 exhibit 7
350-401 question #630 exhibit 8

Options

  • Aip access-list extended acl-to-red permit ip any 10.1.1.0 0.0.0.255 route-map rm-to-red permit 10 match ip address 50 ip vrf RED rd 1:1 import ipv4 unicast map rm-to-red
  • Bip access-list extended acl-to-red permit ip 10.1.1.0 0.0.0.255 any route-map rm-to-red permit 10 match ip address acl-to-red ip vrf RED rd 1:1 import ipv4 unicast map rm-to-red
  • Cip access-list extended acl-to-red permit ip 10.1.1.0 0.0.0.255 any route-map rm-to-red permit 10 match ip address acl-to-red ip vrf RED rd 1:1 import ipv4 unicast route-map acl-to-red
  • Dip access-list extended acl-to-red permit ip 10.1.1.0 0.0.0.255 any route-map rm-to-red permit 10 match ip address acl-to-red ip vrf RED rd 1:1 import ipv4 unicast acl-to-red

How the community answered

(47 responses)
  • A
    4% (2)
  • B
    72% (34)
  • C
    15% (7)
  • D
    9% (4)

Explanation

Option B is correct because all three components are properly configured: the ACL correctly matches the source network (10.1.1.0 0.0.0.255 as the source, any as destination), the route-map references the ACL by its correct name (acl-to-red), and the VRF import statement uses the proper syntax import ipv4 unicast map rm-to-red - where map is the required keyword preceding the route-map name.

Option A is wrong on two counts: the ACL has the source and destination reversed (any source, specific destination), and the route-map matches on access-list number 50 instead of the named ACL acl-to-red.

Option C is wrong because the VRF import statement uses route-map acl-to-red - referencing the ACL name where the route-map name should be, and the keyword should be map, not route-map.

Option D is wrong because the map keyword is missing entirely from the import statement; import ipv4 unicast acl-to-red is not valid syntax - you cannot reference a policy object directly without the map keyword.

Memory tip: Think "Source first, MAP to import" - the ACL always lists the source network first (not destination), and the VRF import command always uses the keyword map before the route-map name, not route-map.

Topics

#VRF#Route Leaking#Route-map#Access Control List

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice