300-410 : Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) : Part 02
-
An associate of yours configured a PPPoE connection. You have been alerted by a vulnerability tester that by using a sniffer, he was able to learn the connection credentials.What type of authentication must your associate have configured on the connection?
- PAP
- 802.1x
- CHAP
- IPsec
Explanation:
The method used must have been Password Authentication Protocol (PAP). This method transmits the credentials in clear text, which makes it a poor choice. There are only two methods available to authenticate a PPP connection, PAP and Challenge-Handshake Authentication Protocol (CHAP). CHAP never sends the password across the link. Rather, the authenticating end of the connection sends random text and other information to the requester. The requester encrypts this data with its password and sends it back. The authenticating end of the connection reverses the encryption using the same password and compares the result with what was originally sent. If it matches, the authenticating end of the connection is assured that the requesting end knows the password. The connection could not have used either 802.1x or IPsec, as neither method would transmit the credentials in clear text.The connection could not have used CHAP. If it had, the credentials could not have been captured with a sniffer.
Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify PPP -
Examine the output of the show frame-relay map command:
300-410 Part 02 Q02 012 Which of the following statements is true of the configuration of R1?
- Neither PVC is up
- A frame-relay map statement was used to manually map the IP address to the DLCI on both PVCs
- The DLCIs for both PVCs were learned using inverse ARP
- Broadcast traffic is not allowed on either PVCs
Explanation:
The output shows that the Data Link Connection identifiers (DLCI) for both PVCs were learned using inverse ARP. In a Frame Relay topology, Layer 2 addresses are called DLCSI. Each end of a Frame Relay circuit can learn the DLCI of the other end through manual configuration, using the frame-relay map command, or it can be learned dynamically, using a process called inverse ARP. When the addresses are learned using inverse ARP, the output of the show frame-relay map command will indicate that by designating the circuit as dynamic.Both PVCs are up, as indicated by the word active in the output for both PVCs.A frame-relay map statement not was used to manually map the IP addresses to the DLCI on both PVCs. Were that the case, the output would indicate static in the place where it says dynamic.Broadcast and multicast traffic are both allowed across both PVCs, as indicated by the word broadcast after each entry.Objective:
Layer 2 Technologies
Sub-Objective:
Explain Frame Relay -
You have a Frame Relay topology that is currently a hub and spoke using a single physical serial interface on the hub router with the default network type. OSPF is also running on the interface.
You execute the following command:
ip ospf network point-to-point
What would be the effect of executing this command on the serial interface of the hub router?
- The hello interval for OSPF will change to 30 seconds
- The dead interval for OSPF will change to 40 seconds
- There will now be a DR election
- The hub router must now be configured with a router ID
Explanation:
The dead interval for OSPF will change to 40 seconds. By default, a Frame Relay connection that uses a physical interface is designated a non-broadcast network for purposes of determining the OSPF hello and dead intervals. There are four possible network types for Frame Relay, and they use different values for the OSPF hello and dead intervals. The values are shown below:
300-410 Part 02 Q03 013 When the ip ospf network point-to-point command is executed, it will change the network type from the default of non-broadcast to point-to-point. This alteration will change the hello and dead intervals to 10 and 40 seconds, respectively.
The hello interval for OSPF will not change to 30 seconds. That is the value for non-broadcast and point-to-multipoint networks.
There will not be a designated router (DR) election. DRs are not elected on a point-to-point network.
The hub router does not need to be configured with a router ID. In OSPF for IPv4, the router can create its own by using one of the IP addresses of its interfaces.
Objective:
Layer 2 Technologies
Sub-Objective:
Explain Frame Relay -
An associate configured a serial connection on Router1 to use PPP with authentication. You execute the debug ppp negotiation command on the router and receive the following output:
300-410 Part 02 Q04 014 Which of the following statements are true? (Choose all that apply.)
- the credentials are being sent in clear text
- the connection failed
- the peer’s name is Router2
- the authentication failed
Explanation:
The peer router’s name is Router2 and the authentication method is PAP, which transmits the credentials in clear text. The peer name can be seen in the following line of output:
*Mar 3 00:06:17.536: Se1/1 PAP: Authenticating peer ROUTER2The authentication protocol used is seen in the following line of output:
*Mar 3 00:06:16.868: Se1/1 LCP: AuthProto PAP (0x0304C023)The connection process and authentication process are two separate processes and in this case both succeeded. First the connection completed as indicated by the following line of output:
*Mar 3 00:06:17.260: Se1/1 LCP: State is OpenThen later the authentication succeeded, as indicated by this line at the end of the output:
*Mar 3 00:06:17.584: Se1/1 PPP: Phase is UPObjective:
Layer 2 Technologies
Sub-Objective:
Configure and verify PPP -
Which of the following is NOT true of the PPP Session Phase of PPPoE?
- PPP options are negotiated
- BNG sends a PPPoE Active Discovery Offer to the client
- Authentication is performed
- Once link setup is complete, data will be transferred across the PPP link within PPPoE headers
Explanation:
The Broadband Network Gateway does not send a PPPoE Active Discovery Offer to the client during the PPP Session Phase. That action occurs during the Active Discovery Phase. During the PPP Session Phase, the following steps occur:
PPP options are negotiated.
Authentication is performed.
Network Control Protocols (NCP) for any Layer 3 protocols that will traverse the link are started, and these Layer 3 packets will be transmitted within PPPoE headers.Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify PPP -
You have implemented an automatic 6-to-4 tunnel between the routers rtrA and rtrB as shown in the following network diagram:
300-410 Part 02 Q06 015 The routers rtrA and rtrB are connected to two IPv6 subnets and are separated by an IPv4 network. You decide to verify whether the tunnel was correctly implemented using the show running-config command.Which of the following commands should exist in the output of the show running-config command on rtrA and rtrB? (Choose all that apply.)
- interface tunnel
- tunnel source
- tunnel destination
- tunnel mode ipv6ip
- tunnel mode ipv6ip 6to4
Explanation:
The following commands should exist in the output of the show running-config command on rtrA and rtrB:interface tunnel
tunnel source
tunnel mode ipv6ip 6to4The interface tunnel command is used to define a tunnel interface on the router. The tunnel source command allows you to specify the source of the tunnel, which is the router interface that faces the IPv4 network. The tunnel source must be configured with an IPv4 address. The tunnel mode ipv6ip 6to4 command is used to specify the tunneling mechanism, which in this case is automatic 6-to-4.The partial output of the show running-config command on rtrA is as follows:!
interface Tunnel0
no ip address
tunnel mode ipv6ip 6to4
tunnel source 172.50.20.5
ipv6 address 2002:ac32:of06::1/48
!
<output omitted>The partial output of the show running-config command on rtrB is as follows:!
interface Tunnel0
no ip address
tunnel mode ipv6ip 6to4
tunnel source 172.50.20.1
ipv6 address 2002:ac32:0f06::2/48
!
<output omitted>The tunnel destination command and the tunnel mode ipv6ip commands do not appear in the show running-config output when automatic 6-to-4 tunnels are implemented on rtrA and rtrB. Both of these commands are executed for manually configured tunnels.Objective:
Network Principles
Sub-Objective:
Recognize proposed changes to the network -
The exhibit is a frame relay hub-and-spoke topology with router A as the hub.
300-410 Part 02 Q07 016 You want to use the OSPF routing protocol between all three locations. Which interface configuration commands are required on router A? (Choose three.)
- ip ospf network broadcast
- ip ospf network point-to-point
- ip ospf network point-to-multipoint
- frame-relay map 10.20.10.21 221
- frame-relay map 10.20.10.22 222
- frame-relay map ip 10.20.10.21 221 broadcast
- frame-relay map ip 10.20.10.22 222 broadcast
Explanation:
In OSPF point-to-multipoint mode, the routers will automatically identify each neighbor. The election of a designated router (DR) and backup designated router (BDR) are not required. This RFC compliant mode of operation is commonly found in partial mesh topologies, such as hub-and-spoke designs. In the diagram shown in the scenario, router A is the hub.The frame relay serial interface has one DLCI to each spoke location. DLCI 221 is used by router A to communicate with router C and DLCI 222 is used to communicate with router B. On router A’s serial interface, point-to-multipoint mode is enabled with the ip ospf network configuration command. The following is the syntax of the ip ospf network command:ip ospf network [{broadcast | nonbroadcast | point-to-multipoint | point-to-multipoint nonbroadcast}]- The command parameters are as follows:
broadcast – This mode enables the interface to emulate a LAN. This mode requires a full or partial mesh topology. - nonbroadcast – This RFC 2328 compliant mode is also referred to as NBMA mode. The neighbors must be statically configured.
- point-to-multipoint – This RFC 2328 compliant mode is used in partial mesh topologies, such as hub-and-spoke. Routers use additional LSAs to discover neighboring routers instead of manually defining DRs and BDRs. The hub router floods link state updates (LSUs) by duplicating the update to be sent to each routers using the respective DLCI.
- point-to-multipoint nonbroadcast – This is a Cisco extension to the point-to-multipoint mode.
This mode is useful when the frame relay virtual circuits do not support broadcast traffic. Neighbors are manually defined.
There is no point-to-point parameter for the ip ospf command. Creating a point-to-point configuration differs in that the point-to-point parameter is executed as a parameter of the command that creates the subinterface that hosts the point-to-point connection as shown below:
Router(config)# interface serial 0.1 point-to-point
When configuring a serial interface without sub-interfaces, OSPF will check the encapsulation to determine the network type. HDLC and PPP default to point-to-point while Frame-Relay encapsulation defaults to nonbroadcast.
The frame-relay map command identifies the mapping between the Layer 3 address (IP address) and the Layer 2 address (DLCI). The frame relay virtual circuits from the hub router are identified as supporting broadcast traffic by using the frame-relay map command with the broadcast keyword.
Objective:
Layer 2 Technologies
Sub-Objective:
Explain Frame Relay -
You are troubleshooting a PPPoE connection that is supposed to maintain a connection with the ISP, even if no interesting traffic exists. The configuration of the dialer interface is shown below:
300-410 Part 02 Q08 017 What command should you add to ensure the connection is maintained in the absence of interesting traffic?
- dialer -group
- dialer persistent
- dialer list
- dialer string
Explanation:
The dialer persistent command is used to specify that the connection stays up even in the absence of interesting traffic. Interesting traffic is user-defined traffic that triggers a call to the remote end. Were it present in the configuration, the section would appear as follows:
300-410 Part 02 Q08 018 The dialer-group command is assigns the dialer interface to a dialer group. It is an optional setting, and does not appear in this configuration.
The dialer-list command is used to specify an access list that defines interesting traffic. It is an optional setting, and would NOT be a part of a configuration that does not maintain the connection based on interesting traffic. If you use dialer persistent, then you don’t need to use dialer-list. The dialer list defines interesting traffic, while dialer persist keep the connection up in the absence of interesting traffic.
The dialer string command is used to define the number to call to make the connection. It is present in the configuration in the scenario, and specifies the number 713 555 0199.
Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify PPP -
Which command shows only OSPF routes installed into the routing table?
- show ip route
- show ip ospf route
- show ip route ospf
- show ip ospf
- show ip ospf database
Explanation:
The correct answer is show ip route ospf.The show ip route ospf command shows you all the OSPF learned routes in the routing table. An example of the command and its output are below with an explanation of some of the terminology.Router5# show ip route ospfO IA 10.0.0.0/8 [110/65] via 5.0.0.2, 00:00:20, Serial1/1/0
S 0.0.0.0/0 [110/1] via 5.0.0.2, 00:00:20, Serial1/1/0
O E2 172.16.0.0 [110/25] via 5.0.0.2, 00:00:30, Serial1/1/0- indicates that the route was learned from OSPF.
IA – indicates that the route is an inter area route, meaning it was learned via summary type 3 link state advertisements (LSAs).
S – indicates that a static default route has been configured.
E2 – indicates that the route is an external router redistributed from another protocol.
Via – indicates the next hop address to use and the local interface from which to send
[110/65]- indicates the administrative distance with the first value and the cost in the second (AD/cost).The full legend of the possible route codes is below:Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area
* – candidate default, U – per-user static route, o – ODR
P – periodic downloaded static routeThe commands below can be used to monitor and verify OSPF operation:
show ip route – displays known routes and from which protocol the routes were discovered, but for all routing protocols, not just OSPF.
show ip ospf – displays the number of times the SPF algorithm has run and the default Link State Update (LSU) interval, but not the OSPF routes.
show ip ospf database – displays the router ID, the OSPF process ID, and the contents of the topological database but not the routing table.
There is no show ip ospf route command.Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify OSPF operations -
Which commands will prevent the local router from advertising the 139.10.0.0 network out of the Ethernet 0/0 interface, while allowing all other networks to be advertised?
-
RouterA(config)router rip RouterA(config-router)# network 10.0.0.0 RouterA(config-router)# network 139.10.0.0 RouterA(config-router)# network 199.10.10.0 RouterA(config-router)# distribute-list 10 out e0/0 RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255 RouterA(config)# access-list 10 permit any
-
RouterA(config)router rip RouterA(config-router)# network 10.0.0.0 RouterA(config-router)# network 139.10.0.0 RouterA(config-router)# network 199.10.10.0 RouterA(config-router)# distribute-list 10 in e0/0 RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255 RouterA(config)# access-list 10 permit any
-
RouterA(config)# router rip RouterA(config-router)# network 10.0.0.0 RouterA(config-router)# network 139.10.0.0 RouterA(config-router)# network 199.10.10.0 RouterA(config-router)# access-group 10 out e0/0 RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255 RouterA(config)# access-list 10 permit any
-
RouterA(config)# router rip RouterA(config-router)# network 10.0.0.0 RouterA(config-router)# network 139.10.0.0 RouterA(config-router)# network 199.10.10.0 RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255 RouterA(config)# access-list 10 permit any RouterA(config)# interface e0/0 RouterA(config-if)# access-group 10 out
Explanation:
The following command set will prevent the local router from advertising the 139.10.0.0 network out of the Ethernet 0/0 interface, while allowing all other networks to be advertised:RouterA(config)# router rip RouterA(config-router)# network 10.0.0.0 RouterA(config-router)# network 139.10.0.0 RouterA(config-router)# network 199.10.10.0 RouterA(config-router)# distribute-list 10 out e0/0 RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255 RouterA(config)# access-list 10 permit any
The distribute-list command allows you to apply a basic access list to a routing process. Just like applying an access list to an interface, when you apply it to a routing process, the permit statements determine what networks may be advertised out the interface. The deny statements determine what networks are not allowed to be advertised out the interface. Instead of applying the access list to an interface, you use the distribute-list command in router configuration mode to apply it to the particular routing process. By specifying an interface and a direction (in or out) in the distribute-list command, you can indicate where the advertisements will be blocked and in what direction.
Keep in mind that when applied this way, the access list does not affect what data traffic passes through the interface. It only affects what networks that the routing protocol will advertise. In the scenario here, RIP will not send advertisements for the 139.10.0.0 network out Ethernet 0/0, but traffic coming from or going to that network is still allowed through the interface in either direction unless there is an access list applied to the interface that will block it.
Conversely, if you applied an access-list to the interface that blocked traffic to or from the 139.10.0.0 network, but permitted all other traffic, it would not stop the routing updates about the 139.10.0.0 from passing through.
Note: The last command in the sequence, RouterA(config)#access-list 10 permit any, is VERY important. If that line is missing, any route not specified with an allow statement will be denied. For example, if you wanted to only allow one network to be advertised, you could configure an allow statement for that network and leave off the permit any parameter. It would block all advertisements with the exception of the one specified by the allow statement.
The following command set is incorrect because the distribute list is applied inbound, which would prevent the reception of updates concerning the 139.10.0.0/16 but would not prevent them from being advertised:
RouterA(config)# router rip RouterA(config-router)# network 10.0.0.0 RouterA(config-router)# network 139.10.0.0 RouterA(config-router)# network 199.10.10.0 RouterA(config-router)# distribute-list 10 in e0/0 RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255 RouterA(config)# access-list 10 permit any
The following command set is incorrect because it applies an access list to the interface instead of a distribute list. The effect would be to block all traffic for that network, but allow routing updates:
RouterA(config)# router rip RouterA(config-router)# network 10.0.0.0 RouterA(config-router)# network 139.10.0.0 RouterA(config-router)# network 199.10.10.0 RouterA(config-router)# access-group 10 out e0/0 RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255 RouterA(config)# access-list 10 permit any
The following command set is incorrect because it also applies an access list instead of a distribute list, this time incoming instead of outgoing:
RouterA(config)# router rip RouterA(config-router)# network 10.0.0.0 RouterA(config-router)# network 139.10.0.0 RouterA(config-router)# network 199.10.10.0 RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255 RouterA(config)# access-list 10 permit any RouterA(config)# interface e0/0 RouterA(config-if)# access-group 10 out
Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify filtering with any protocol -
-
Which of the following commands should you use to determine both the feasible successors and the non-feasible successors to a given destination network?
-
show ip route eigrp
-
show ip eigrp topology
-
show ip eigrp topology all-links -
show ip eigrp topology zero-successors
Explanation:
The show ip eigrp topology all-links command displays both feasible successors and non-feasible successors to a given destination network. This command displays the contents of the topology table and shows all the routes available for a given destination network.An example of partial output of the command is below:
300-410 Part 02 Q11 019 The 172.20.2.0/24 network has a feasible successor. This can be determined by looking at the values in the parenthesis next to each route. The second value after the / is the advertised distance from the successor. This value must be less than the value of the feasible distance for a route to be considered a feasible successor. There are two routes for 172.20.2.0/24. The first route listed, via 172.17.3.1, is the successor route. Its cost is 246983122, which matches the feasible distance (FD). The second route, via 172.17.1.1, has an advertised distance of 2443698 (the second value in the parentheses after the /). Because this value is less than the FD (2413698), it qualifies as a feasible successor.
The 172.25.1.0/24 network does not have a feasible successor. The second route listed via 172.17.1.1 has an advertised distance of 2501649, which is greater than the value of the FD, (2416381). Therefore, it is not a feasible successor.
You should not use the show ip route eigrp command. This command displays only the best metric routes (successors) to a given destination network. A route has the best metric if it has the least feasible distance, which refers to the sum of the metric from a given neighbor to a destination network and the metric to reach that neighbor.
You should not use the show ip eigrp topology command without the all-links parameter. This command displays only the feasible successors to a given destination network.
You should not use the show ip eigrp topology zero-successors command because this command lists those routes that do not have a valid successor.
Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify policy-based routing -
-
An EIGRP network is configured with default settings for all the routers, shown in the exhibit. Traffic is not routing correctly.
300-410 Part 02 Q12 020 What commands need to be run, and on which router should it be run?
- The ip summary-address eigrp 500 172.16.0.0.0 255.255.0.0 command should be run on Router D.
- The ip summary-address eigrp 500 172.16.3.0.0 255.255.255.0 command should be run on Router C.
- The no auto-summary command should be run on Routers A, B, C and F
- The auto-summary command should be run on Router D.
Explanation:
The no auto-summary command should be run on Routers A, B, C and F. When discontinuous networks exist in the network, as in this one, the auto summarization feature will prevent proper routing. Auto summarization is enabled by default.Discontinuous networks are subnets of a classful parent network address not located in the same area of the network. Because Routers A, B, C and F will all advertise a 10.0.0.0/8 network Router D will not only think that the 10.0.0.0/8 network is on two different directions it will be unable to discern the individual subnets connected to each, leading to connectivity issues. Executing the no auto-summary command on those three routers will allow them to advertise subnets, clearing up the routing confusion created by auto summarization.The ip summary-address eigrp 500 172.16.0.0.0 255.255.0.0 command should not be run on Router D. This will manually configure the same summarization that is already occurring automatically, and will not solve the issue.The auto-summary command should not be run on Router D. This function is already being performed automatically and is the source of the routing problem. It should be disabled instead.Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify manual and autosummarization with any routing protocol -
You need to resolve a route-selection problem in a redistributed network by increasing the administrative distance to several networks for a protocol, other than EIGRP or BGP, so that these routes will not be used. You create access list 5 to identify the relevant networks, and access the routing protocol configuration prompt.Which command will set the administrative distance to these networks to 220 for the selected protocol?
-
Router(config-router)# list 5 distance 220
-
Router(config-router)# admin 220 access-list 5
-
Router(config-router)# distance 220 0.0.0.0 255.255.255.255 5 -
Router(config-router)# increase 0.0.0.0 255.255.255.255 admin 220 list 5
Explanation:
The correct command is Router(config-router)# distance 220 0.0.0.0 255.255.255.255 5. This command instructs the router to change the AD for any networks specified in the access list 5 to 220.The correct syntax for the distance command is shown below:distance weight [address mask [ access-list-number | name]The weight parameter is the administrative distance (AD), which is a number from 10 to 255. Note: Distances 0 through 9 are reserved for system use.To change the administrative distance for an entire routing protocol, use the distance command, as shown below:Router(config)# router ripRouter(config-router)# distance 125To change the AD for only selected networks, use an access list with the distance command as shown below:Router(config)#access-list 5 permit 10.0.0.0 255.0.0.0 Router(config)#access-list 5 permit 11.0.0.0 255.0.0.0 Router(config)#access-list 5 permit 12.0.0.0 255.0.0.0 Router(config)#router rip Router(config-router)# distance 220 0.0.0.0 255.255.255.255 5
The 0.0.0.0 255.255.255.255 portion included with the distance command could hold an address/mask combination for a single address, but it is more common to use an access list.
Objective:
Layer 3 Technologies
Sub-Objective:
Describe administrative distance -
-
Which of the following commands would reveal the K values configured on an EIGRP router?
- debug ip eigrp
- debug eigrp packet
- show ip eigrp traffic
- show ip protocols
Explanation:
The show ip protocols command gives information about any dynamic routing protocol, including EIGRP. With respect to EIGRP, it will show the K values as a part of the output. A sample is shown below:Routing Protocol is “eigrp 77”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1,K2=0,K3=1,K4=0,K5=0
EIGRP maximum, hopcount 100
<output omitted>The debug ip eigrp command displays real-time information about EIGRP packets that are received and sent. It does not contain K values. A single line of this command output is shown below:Router# debug ip eigrp
IP-EIGRP: Processing incoming UPDATE packet
IP-EIGRP: Ext 192.168.5.0 255.255.255.0 M 386560 – 256000 130560 SM 360960 – 256000 104960
<output omitted>The debug eigrp packet command displays general debug information, but not K values. A sample of this command output is shown below:Router# debug eigrp packet
EIGRP: Sending HELLO on Ethernet0/1
AS 109, Flags 0x0, Seq 0, Ack 0
EIGRP: Received UPDATE on Ethernet0/1 from 192.195.78.24,
AS 109, Flags 0x1, Seq 1, Ack 0
<output omitted>The show ip eigrp traffic command displays packets received, as well as statistics on hello packets, updates, queries, and acknowledgments, but not K values. Partial output of this command is shown below:Router# show ip eigrp traffic
IP-EIGRP Traffic Statistics for process 151
Hellos sent/received: 220/205
Updates sent/received: 7/29
Queries sent/received: 2/0
Replies sent/received: 0/2
Acks sent/received: 29/14Objective:
Layer 3 Technologies
Sub-Objective:
Describe and optimize EIGRP metrics -
You instructed your associate to configure Router R2 to reject a redistribution of the 20.0.0.0/8 network, while still receiving routes from other networks connected to Router R1. The diagram below displays the network in place:
300-410 Part 02 Q15 021 When he is finished, you find that the 20.0.0.0/8 network still being advertised and traffic from the 20.0.0.0/8 network is not reaching Router2. You execute the show running-configuration command and see the following output:
300-410 Part 02 Q15 022 What is the problem?
- The access list was applied to the wrong interface.
- The access list should have been configured as a distribute list.
- The access list has an incorrect wildcard mask.
- The access list is applied in the wrong direction.
Explanation:
The access list should have been created as a distribute list to control route redistribution from the other area. This configuration would prevent the redistribution of the 20.0.0.0/8 network by applying the list as a distribute list under the Border Gateway Protocol (BGP). The proper commands would be:Router2(config)# router bgp 94688 Router2(config-router)# distribute-list 101 in
To correct the problem with traffic not arriving from the 20.0.0.0/8 network, you must remove the application of the list under interface S0 as well. This would be done by executing the following command set:
Router2(config)# interface Serial1 Router2(config-int)# no ip access-group 101 in
The access list was not applied to the wrong interface. It should not have been applied directly to any interface. When applied directly as an access list to an interface, it will prevent traffic, but not the redistribution of routes.
The access list does not have an incorrect wildcard mask. To prevent the redistribution of a Class C network, the correct wildcard mask is 0.0.0.255.
The access list was not applied in the wrong direction. It should be applied incoming, but should be applied as an incoming distribute list, and it should be applied under the BGP protocol.
Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify filtering with any protocol -
Which commands will display the feasible successors, the feasible distance, and the advertised distance for networks learned by a router?
- show ip eigrp topology
- show ip route
- show bgp neighbors
- show ip eigrp traffic
- show ip route eigrp
Explanation:
To view the feasible successors, the feasible distance, and the advertised distance, you would use the show ip eigrp topology command. A sample output of this command is below.
300-410 Part 02 Q16 023 The table lists all routes to networks and their advertised distance and feasible distance. This information is used to select the successor and feasible successor for each network. Before a route can be considered as a feasible successor or backup, the feasible distance of the route must be a larger value than the advertised distance.
The following information can be extracted from this output:
The route 15.10.0.0/16 has a feasible successor. If you examine the feasible and advertised distances in the brackets next to the two potential feasible successor routes [feasible distance/advertised distance], you will see that for the route 15.10.0.0/16 via 10.10.5.1, the feasible distance of the route is greater (2594586) than the advertised distance (2448152), which qualifies it as a feasible successor.
The route 65.0.0.0/8 does not have a feasible successor. The route 65.0.0.0/8 via 10.20.1.6 has a feasible distance (2589779) that is less than the advertised distance (2672569), so it does not qualify.The router at 10.20.0.1 is directly connected to the networks 65.0.0.0/8 and 150.10.0.0/16. This can be deduced by the fact that the address 10.20.0.1 is the source of the successor routes for those networks.
The route to 200.10.10.0/24 is undergoing recomputation, as evidenced by the line FD is Inaccessible. It also tells you that Router2 sent a query to 10.1.1.2 and is waiting for a reply, as evidenced by the line Remaining replies: via 10.1.1.2, r, Serial 0.
The route to the 10.0.0.0/8 network is showing a convergence problem, as evidenced by the code SIA to the left of its entry. This stands for Stuck In Active. An active state is present when the local router has queried for a new route to the network. Stuck in Active occurs when no response has been received, and the local router marks it SIA.
The show ip route and the show ip route eigrp commands simply display the routing table, which does not display the advertised distance. Below is an example of the show ip route command executed on a router running EIGRP:
300-410 Part 02 Q16 024 The show ip eigrp traffic command does not show feasible successors, feasible distance or advertised distance. It displays statistics on hellos, updates, queries, replies and acknowledgments. Sample output is shown below:
Router# show ip eigrp traffic
IP-EIGRP Traffic Statistics for process 100
Hellos sent/received: 215/212
Updates sent/received: 7/25
Queries sent/received: 2/0
Replies sent/received: 0/2
Acks sent/received: 21/17The show ip bgp command displays information involving BGP and has nothing to do with EIGRP.
Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify policy-based routing -
You can use a variety of commands to verify and troubleshoot the operation of route redistribution on your network.
Which command should you NOT use on routers that are overloaded?
- trace
- debug
- show ip route
- show ipx route
Explanation:
The debug command uses a good deal of router CPU time, so you should not initiate this command on an already overloaded router. It often requires the router to do extensive examination of the packets, requiring heavy use of resources at times.You could also possibly overload the router just with the debug command. If the router is overloaded to the point that it is no longer responding to your EXEC session, you may need to reload the router to stop the debug output.These additional steps can help to verify proper route redistribution:
On the router not performing the redistribution, use the show ip route command to see if the redistributed routes are displayed.
On the router performing the redistribution, use the show ip protocol command to verify the redistribution configuration, and use the show ip route command that to verify the proper routes are there from each routing protocol.The trace command is used to discover the route that packets take to their destination.The show ip route command displays the routing table.The show ip protocols command displays information about each routing protocol running on the router.Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify manual and autosummarization with any routing protocol -
You manage the company network, as shown in the network diagram below:
You executed the following command on RouterA:
routerA(config)# ip route 0.0.0.0 0.0.0.0 S0/0 routerA(config)# router eigrp 200 routerA(config-router)# redistribute static metric 1000 1 255 1 1500
Which of the following statements are TRUE about the given set of commands? (Choose two.)
300-410 Part 02 Q18 025 - A static default route is created on RouterA
- A summary default route is created on RouterA
- The default route is redistributed into the EIGRP network
- The default route is not advertised to the EIGRP network
Explanation:
The given set of commands creates a static default route on RouterA and redistributes this route into the EIGRP company network. The ip route 0.0.0.0 0.0.0.0 S0/0 command executed in the global configuration mode creates a static default route on the router. The ip route command allows you to specify a static route. The redistribute static metric 1000 1 255 1 1500 command then redistributes the static default route into the EIGRP autonomous system (AS) 200. This implies that the EIGRP network identifies the default route as an external route, and traffic to all unknown destination subnets will be diverted to the default route.Alternatively, default routes can be advertised into EIGRP networks by either of the following methods:
Using the network 0.0.0.0 command on the router
Using the ip summary-address eigrp 200 0.0.0.0 0.0.0.0 command on the routerA summary default route is not created on RouterA in the scenario. If the ip summary-address eigrp 200 0.0.0.0 0.0.0.0 command was used on RouterA, then a summary default route would be created. The summary default route points to the 0.0.0.0 network with the null0 interface as the next-hop interface. Summary default routes are helpful for providing remote networks with a default route.The default route is advertised to the EIGRP network because the redistribute command was executed. This command is used to advertise the default route to the EIGRP network.Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify default routing -
Which show command displays the status of all of a router’s Border Gateway Protocol (BGP) connections in a concise format?
- show ip bgp
- show ip bgp summary
- show ip bgp connections
- show ip bgp neighbor’s summary
Explanation:
The correct answer is show ip bgp summary.Although show ip bgp neighbors will show you the status of your connections to neighbors, only show ip bgp summary shows it to you in a concise, summarized format, with one neighbor listed per line. It displays both iBGP and eBGP neighbors and the number of prefixes that have been learned from the neighbor. Below is an example of the output of the show ip bgp summary command:
300-410 Part 02 Q19 026 The following information can be obtained from this output:
The BGP session to 192.168.5.1 is established. A number in the State column indicates that the session is established. This number indicates the number of prefixes received from the neighbor.
Router6 is attempting to establish a BGP peering session with the 192.168.6.1 neighbor. This is indicated by the keyword Active in the State column.Several show commands can be used to verify BGP configuration and operation: show ip bgp - displays the contents of the BGP routing table show ip bgp summary - displays the status of BGP connections in a summary format show ip bgp neighbors - displays information about the TCP and BGP connections to neighbors
Objective:
Layer 3 Technologies
Sub-Objective:
Describe, configure, and verify BGP peer relationships and authentication -
Which of the following does the show ip eigrp topology all-links command display?
- Only feasible successors
- Only non-feasible successors
- Both feasible successors and non-feasible successors
- Both successors and feasible successors
Explanation:
The show ip eigrp topology all-links command displays both the feasible successors and the non-feasible successors. Feasible successors refer to backup routes to a particular destination network.Routers compute the metric/distance of every route they learn from their EIGRP neighbors. There can be multiple routes to the same destination network. The route with the least metric value to a specific destination network is selected as the best path, or successor, to that network. However, if the successor goes down, the router computes the next best loop-free path to the same destination network, which is called the feasible successor.Feasible successors must have a reported (or advertised) distance that is less than the feasible distance, or current best metric. The routes that are neither successors nor feasible successors are called non-feasible successors. The feasible successors and the non-feasible successors can be viewed by running the show ip eigrp topology all-links command. Sample output is shown below:
300-410 Part 02 Q20 027 The router at 172.17.3.1 is directly connected to three networks: 172.25.1.0/24, 172.20.2.0/24, and 172.18.2.0/24. The second network, 172.20.2.0/24, is listed as the source of the successor routes to those networks. The connection to the last network, 172.18.2.0/4, can deduced by the fact that the local router uses the Serial1 interface to connect to the two networks that the router at 172.17.3.1 is a successor for. Therefore, that router must be directly connected to the network on the Serial1 interface of the local router.
Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify policy-based routing