Refer to the exhibit. AS 111 must not be used as a transit AS, but ISP-1 is getting ISP-2 routes from AS 111. Which configuration stops Customer AS from being used as a transit path on ISP-1?
Refer to the exhibit. AS 111 must not be used as a transit AS, but ISP-1 is getting ISP-2 routes from AS 111. Which configuration stops Customer AS from being used as a transit path on ISP-1?
To stop AS 111 from being used as a transit AS, the configuration needs to ensure that only routes originating from AS 111 are permitted on ISP-1. The correct access-list should match the AS path that consists of only AS 111. The expression '^111$' means that the AS path starts and ends with AS 111, indicating that the route is both originated and sent from AS 111 without passing through any other AS. This prevents ISP-1 from receiving routes that merely transit through AS 111, achieving the desired result of not allowing AS 111 to be used as a transit path.
-solution C) if applied on customer edge -solution D) if applied on ISP1 -> in this case it is -from neighbor 192.168.11.111, receive only the routes originated from AS 111 (and no Internet routes) At the end: clear ip bgp x.x.x.x soft in https://community.cisco.com/t5/routing/bgp-using-as-path-filtering/td-p/1251694 https://www.ciscopress.com/articles/article.asp?p=169556
Makes sense. Very tricky one.
Given answer is correct! ISP-1 should receive from edge router (AS 111) only its locally originated route. To do that using regex, we use ^$.
_111$ - match prefixes originating in AS 111 ^111$ - match prefixes originated and sent from AS 111 ^111_ - match prefixes learned from AS 111 _111_ - match prefixes that transited AS 111 Correct answer is D
C is correct anwer
D is the Correct Answer. Because the question is about what can be done on the ISP-1 router so that it allows routes that originated in AS 111 ip as-path access-list 1 permit ^111$ - ^ matches beginging of the string 111 - is the string $ matches end of the string
since the router doing the configuration is the ISP the correct sintax would be *111$
D is correct.
The correct configuration to prevent Customer AS 111 from being used as a transit path on ISP-1 is option D: ip as-path access-list 1 permit ^111$. This configuration creates an access-list named "1" that permits only AS paths that consist of only AS 111. The "^" character matches the beginning of the AS path, the "$" character matches the end of the AS path, and the digits "111" match the AS number. Any other AS path, including those that pass through AS 111, will not match this access-list.
Also the configuration will be applied in ISP1 not customer edge.
Answer D Supposed to be -> ip as-path access-list 1 permit ^111$
The question is refer to configuration stops Customer AS from being used as a transit path on "ISP-1" not on CE
BGP Filtering Lab 2 (Prevent Transit AS) By default, BGP will advertise all prefixes to EBGP (External BGP) neighbors. This means that if you are multi-homed (connected to two or more ISPs) that you might become a transit AS https://learningnetwork.cisco.com/s/article/BGP-Zero-to-Hero-Part-8-BGP-filtering-methods Filter-list with AS PATH access-list R1(config)#ip as-path access-list 1 permit ^$ R1(config-router)#neighbor 192.168.12.2 filter-list 1 out R1(config-router)#neighbor 192.168.13.3 filter-list 1 out The ^$ regular expression ensures that we will only advertise locally originated prefixes. We will have to apply this filter to both ISPs' neighbors.
D is correct answer
Why not "B"?
C is right. The local routes stills do not have it's own AS in NLRI AS-Path attribute. I am sure it's C. you can check it in BGP table, just look the local routes there and you are going to see none ASN.
Configuration applied on ISP-1: "ip as-path access-list 1 permit ^$" = solution "C" means receive only networks originating in the local AS (AS 100) and no Internet routes. So, no routes from AS111 are received, which is not the intended result.
my friend you are worng , because the configuration is apply in ISP, not customer