思科题库排错ccnp正版、看考试战报随时鸿鹄

/选择题QUESTIONAnetworkadministratoristroubleshootinganEIGRPconnectionbetweenRou,IPaddress,:andRouterB,IPaddress.GiventhedebugoutputonRou,whichtwostatementsaretrue?(Choosetwo.)RoureceivedaopacketwithmismatchedautonomoussystemRoureceivedaopacketwithmismatchedoRoureceivedaopacketwithmismatchedauthenticationRoureceivedaopacketwithmismatchedmetric-calculationRouwillformanadjacencywithRouwillnotformanadjacencywithSection:SelectQUESTION2WhentroubleshootinganEIGRPconnectivityproblem,younoticethattwoconnectedEIGRProutersarenot ingEIGRPneighbors.Abetweenthetworouterswassuccessful.WhatisthenextthingthatshouldbeVerifythattheEIGRPoandholdtimersmatchVerifythatEIGRPbroadcastpacketsarenotbeingdroppedbetweenthetworouterswiththeshowipEIGRPpeercommand.VerifythatEIGRPbroadcastpacketsarenotbeingdroppedbetweenthetworouterswiththeshowipEIGRPtrafficcommand.VerifythatEIGRPisenabledfortheappropriatenetworksonthelocalandneighboringrouter.Section:SelectQUESTION3RefertotheHowwouldyouconfirmonR1thatloadbalancingisactuallyoccurringonthedefault-network()?Useandtheshowiproutecommandtoconfirmthetimersforeachdefaultnetworkresetsto0.Loadbalancingdoesnotoccuroverdefaultnetworks;thesecondroutewillonlybeusedforfailover.Useanextendedalongwithrepeatedshowiproutecommandstoconfirmthegatewayoflastresortaddresstogglesbackandforth.Usethetraceroutecommandtoanaddressthatisnotexplicitlyintheroutingtable.Section:SelectQUESTION4WhichIPsecmodewillencryptaGREtunneltoprovidemultiprotocolsupportandreducedoverhead?multipointSection:SelectQUESTION5WhichthreefeaturesarebenefitsofusingGREtunnelsinconjunctionwithIPsecforbuildingsite-to-sites?(Chooseallowsdynamicroutingoverthesupportsmulti-protocol(non-IP)trafficoverthereducesIPsecheadersoverheadsincetunnelmodeissimplifiestheACLusedinthecryptousesVirtualTunnelInterface(VTI)tosimplifytheIPsecQUESTION6WhichstatementistrueaboutanIPsec/GRETheGREtunnelsourceanddestinationaddressesarespecifiedwithintheIPsectransformset.AnIPsec/GREtunnelmustuseIPsectunnelGREencapsulationoccursbeforetheIPsecencryptionCryptomapACLisnotneededtomatchwhichtrafficwillbeSection:Case题目部分Acustomernetworkengineerhasmadeconfigurationchangesthathaveresultedinsomelossofconnectivity.Youhavebeencalledintoevaluateaswitchnetworkandsuggestresolutionstotheproblems.QUESTIONPC2inVLAN200isunabletothegatewayaddress;identifytheissue. namemismatchonVLAN200notconfiguredonVLAN200notconfiguredonVLAN200notconfiguredonCorrectAnswer:DSection:CaseBylookingattheconfigurationforSW4,weseethatitismissingVLAN200,andthe"switchportaccessvlan200"commandismissingunderinterfaceethQUESTIONWhichofstatementistrueregardingSTPissueidentifiedwithswitchesinthegiventopology?LoopguardconfiguredontheNew_SwitchcestheportsinloopinconsistentstateRootguardconfiguredonSW1cestheportsinrootinconsistentBpduguardconfiguredontheNew_SwitchcestheaccessportsinRootguardconfiguredonSW2cestheportsinrootinconsistentCorrectAnswer:ASection:CaseOnthenewswitch,weseethatloopguardhasbeenconfiguredwiththe"spanning-treeguardloop"command.Theloopguardfeaturemakesadditionalchecks.IfBPDUsarenotreceivedonanon-designatedport,andloopguardisenabled,thatportismovedintotheloop-inconsistentblockingstate,insteadofthelistening/learning/forwardingstate.Withouttheloopguardfeature,theportassumesthedesignatedportrole.TheportmovestotheSTPforwardingstateandcreatesaloop.QUESTIONYouhaveconfiguredPVST+loadbalancingbetweenSW1andtheNew_SwitchinsuchawaythatboththelinksE2/2andE2/3areutilizedfortrafficflow,whichcomponentoftheconfigurationispreventingPVST+loadbalancingbetweenSW1andSW2linksPortpriorityconfigurationonPortpriorityconfigurationonthePathcostconfigurationonPathcostconfigurationontheCorrectAnswer:DSection:CaseHereistheconfigurationfoundontheThiscausestheportcostforlinketh1/3toincreasethepathcostto250forallVLANs,makingthatlinklesspreferredsothatonlyeth1/2willbeused.QUESTIONSW1SwitchManagementIPaddressisnotablefromSW4.Whatcouldbetheissue?ManagementVLANnotallowedinthetrunklinksbetweenSW1andManagementVLANnotallowedinthetrunklinksbetweenSW1andManagementVLANnotallowedinthetrunklinkbetweenSW2andManagementVLANipaddressonSW4isconfiguredinwrongManagementVLANinterfaceisshutdownonCorrectAnswer:DSection:CaseInthenetwork,VLAN300iscalledtheManagementVLAN.Basedontheconfigurationsshownbelow,SW1hasVLAN300configuredwiththeIPaddressof/24,whileonSW4VLAN300hasanIPaddressof/24,whichisnotinthesamesubnet.YouhavebeenbroughtintotroubleshootanEIGRPnetwork.Anetworkengineerhasmadeconfigurationchangestothenetworkrenderingsomelocationsunreachable.Youaretolocatetheproblemandsuggestsolutiontoresolvetheissue.QUESTIONR5has epartiallyisolatedfromtheremainderofthenetwork.R5canreachdevicesondirectlyconnectednetworksbutnothingelse.Whatiscausingtheproblem?AnoutbounddistributelistinInbounddistributelistsinAnoutbounddistributelistinIncorrectEIGRProutingprocessIDinCorrectAnswer:BSection:CaseHereweseethatdistributelist3hasbeenappliedtoEIGRPonrouterR5,butaccess-list3containsonlydenystatementssothiswilleffectivelyblockallroutingadvertisementsfromitstwoEIGRPneighbors,thusisolatingR5fromtherestoftheEIGRPnetwork:QUESTIONThenetworksegmentbetweenR2andR4has edisconnectedfromtheremainderofthenetwork.Howshouldthisissueberesolved?ChangetheautonomoussystemnumberintheremainderofthenetworktobeconsistentwithR2andR4.MovethenetworktotheEIGRP1routingprocessinR2andEnabletheR2andR4routerinterfacesconnectedtotheRemovethedistribute-listcommandfromtheEIGRP200routingprocessinRemovethedistribute-listcommandfromtheEIGRP100routingprocessinCorrectAnswer:BSection:CaseWhenissuingthe"showipeigrpneighbor"command(whichisabouttheonlycommandthatitletsyoudointhisquestion)youwillseethatallotherroutersareconfiguredforEIGRPAS1.However,the192.16824.0networkbetweenR2andR4isincorrectlyconfiguredforEIGRPAS100:Youhavebeenaskedbyyourcustomertohelpresolveissuesintheirroutednetwork.TheirnetworkengineerhasdeployedHSRP.OncloserinspectionHSRPdoesn'tappeartobeoperatingproperlyanditappearsthereareothernetworkproblemsaswell.YouaretoprovidesolutionstoallthenetworkQUESTIONYouhavereceivednotificationfromnetworkmonitoringsystemthatlinkbetweenR1andR5isdownandyounoticedthattheactiverouterforHSRPgroup1hasnotfailedovertothestandbyrouterforgroup1.Youarerequiredtotroubleshootandidentifytheissue.ThereisanHSRPgrouptrackcommandThereisanHSRPgrouppriorityThereisanHSRPauthenticationThereisanHSRPgroupnumberThisisnotanHSRPissue;thisisroutingSection:WhenlookingattheHSRPconfigurationofR1,weseethattrackinghasbeenenabled,butthatitisnottrackingthelinktoR5,onlythelinktoR2:R1shouldbetrackingtheEth0/1link,not0/0toachievethedesiredQUESTIONThefollowingdebugmessagesarenoticedforHSRPgroup2.ButstillneitherR1norR2hasidentifiedoneofthemasstandbyrouter.Identifythereasoncausingtheissue.Note:onlyshowcommandscanbeusedtotroubleshoottheticket.'Mar2611:17:39.234:HSRP:Et1/0Grp ooutActiveprivIP'Mar2611:17:40.034:HSRP:EtO/0Grp ooutActiveprj'Mar2611:17:40.364:HSRP:EtO/0Grp1oinStandby'Mar2611:17:41.969:HSRP:Et1/0Grp2ooutActiveprivIP'Mar2611:17:42.719:HSRP:EtO/0Grp ooutActiveprjvIP'Mar2611:17:42.918:HSRP:EtO/0Grp oinStandby'Mar2611:17:44.869:HSRP:Et1/0Grp ooutActiveprivIP'Mar2611:17:45.485:HSRP:EtO/0Grp1ooutActiveprjvIP'Mar2611:17:45.718:HSRP:EtO/0Grp1oinStandby'Mar2611:17:47.439:HSRP:Et1/0Grp2ooutActiveprivIP'Mar2611:17:48.252:HSRP:EtO/0Grp1oinStandby100vIP'Mar2611:17:48.322:HSRP:EtO/0Grp1ooutActiveprj'Mar2611:17:50.389:HSRP:Et1/0Grp2ooutActiveprivIP'Mar2611:17:50.735:HSRP:EtO/0Grp1oinStandby100vIP'Mar2611:17:50.921:HSRP:EtO/0Grp1ooutActiveprj'Mar2611:17:53.089:HSRP:Et1/0Grp2ooutActiveprivIP'Mar2611:17:53.338:HSRP:EtO/0Grp1oout'Mar2611:17:53.633:HSRP:EtO/0Grp oinStandby100vIPHSRPgrouppriorityThereisanHSRPauthenticationThereisanHSRPgroupnumberThisisnotanHSRPissue:thisisDHCPTheACLappliedtointerfaceisblocking opacketCorrectAnswer:ESection:CaseOnR1weseethataccesslist102hasbeenappliedtotheEthernet1/0Thisaccesslistisblockingalltraffictothe02IPaddress,whichisthemulticastaddressusedbyHSRP.QUESTIONExaminetheconfigurationonR4.Theroutingtableshowsnoentriesfor/24and/24.IdentifywhichofthefollowingistheissuepreventingrouteentriesbeinginstalledonR4routingtable?HSRPissuebetweenR4andThisisanOSPFissuebetweenR4andThisisaDHCPissuebetweenR4andThedistribute-listconfiguredonR4isblockingrouteTheACLconfiguredonR4isblockinginboundtrafficontheinterfaceconnectedtoR2CorrectAnswer:DSection:CaseIfwelookattheconfigurationonR4weseethatthereisadistributelistappliedtoOSPF,whichblocksthe/24and/24QUESTIONExaminetheconfigurationonR5.RouterR5donotseeanyrouteentrieslearnedfromR4;whatcouldbetheissue?HSRPissuebetweenR5andThereisanOSPFissuebetweenR5andThereisaDHCPissuebetweenR5andThedistribute-listconfiguredonR5isblockingrouteTheACLconfiguredonR5isblockingtrafficforthesubnetsadvertisedfromCorrectAnswer:BSection:CaseIfweissuethe"showiproute"and"showipospfneighbor"commandsonR5,weseethattherearenolearnedOSPFroutesandhehasnoOSPFAcustomernetworkengineerhaseditedtheirOSPFnetworkconfigurationandnowyourcustomerisexperiencingnetworkissues.Theyhavecontactedyoutoresolvetheissuesandreturnthenetworktofullfunctionality.QUESTIONTheOSPFneighbourrelationshiphasbeenlostbetweenR1andR3.Whatiscausingthisproblem?TheserialinterfaceinR1shouldbetakenoutoftheshutdownAneighborstatementneedstobeconfiguredinR1andR3pointingateachTheR1networktypeshouldbechangedtopoint-to-multipointTheo,deadandwaittimersonR1needtobereconfiguredtomatchthevaluesonR3.CorrectAnswer:CSection:CaseInorderfortwoOSPFroutersto eneighbors,theymusthavematchingnetworktypesacrossthelinks.Inthiscase,weseethatR1hasbeenconfiguredasnon-broadcastandR3isusingpointtopointnon-broadcast.Thiscanbeseenbyissuingthe"showrunning-config"commandoneachrouter,orthe"showipospfinterface"command:QUESTIONConnectivityfromR3toR4,R5andR6hasbeenlost.Howshouldconnectivitybereestablished?ConfigureR4withavirtuallinktoChangetheR3andR4o-intervalandretransmit-interfacetimerstozerosothelinkwon'tgodown.AddanOSPFnetworkstatementforarea1inAddanOSPFnetworkstatementfor55area2inAddanOSPFnetworkstatementfor55area1inCorrectAnswer:ESection:[none]ExBasedonthenetworkdiagram,weknowthatavirtuallinkwillneedtobeconfiguredtologicallyconnectarea2tothebackarea0.However,thisisnottheproblemaswecanseethatR3hasbeencorrectlyconfiguredtodothis.Itis,however,missingthenetworkstatementforthelinktoR4.Here,weseethatthelinktoR4isusingthenetwork,butthatthisnetworkhasnotbeenaddedtoOSPFBasedonthenetworkdiagram,thislinkshouldbeaddedtoArea1,notAreaQUESTIONAfterresolvingtheissuesbetweenR3andR4.Area2isstillexperiencingroutingissues.Basedonthecurrentrouterconfigurations,whatneedstoberesolvedforroutestothenetworksbehindR5tobeseenintheConfigureR4andR5touseMD5authenticationontheEthernetinterfacesthatconnecttothecommonsubnet.ConfigureArea1inbothR4andR5touseMD5Addipospfauthentication-key7BESTtotheR4EthernetinterfacethatconnectstoR5andipospfauthentication-key7BESTtoR5EthernetinterfacethatconnectstoR4.Addipospfauthentication-keyCISCOtoR4Ethernet0/1andaddarea2authenticationtotheR4OSPFroutingprocess.CorrectAnswer:DSection:[none]Here,weseefromtherunningconfigurationofR5thatOSPFauthenticationhasbeenconfiguredonthelinktoR4:However,thishasnotbeendoneonthelinktoR5onQUESTIONThesubnetsarenotreachablefromR4.howshouldtheproblembeEditaccess-list46inR6topermitalltheApplyaccess-list46inR6toadifferentApplyaccess-list1asadistribute-listoutunderrouterospf100inRemovedistribute-list64outonRemovedistribute-list1inethernet0/1inRemovedistribute-list1inethernet0/0inCorrectAnswer:DSection:[none]ExHereweseefromtherunningconfigurationofR6thatdistributelist64isbeingusedintheoutbounddirectiontoallOSPFneighbors.However,However,nopacketswillmatchtheinthisaccesslistbecausethefirstlineblocksallnetworks,andsincethenetworkswillalsomatchthefirstlineofthisACL,theseOSPFnetworkswillnotbeadvertisedbecausetheyarefirstdeniedinthefirstlineoftheACL.16TT通用的拓扑图。每个TT拓扑相同，但是配置不一样。TopologyOverviewActualTroubleshootinglabdesignisforbelownetworkdesign)ShouldhaveIPEIGRP100isrunningbetweenswitchDSW1&DSW2OSPF(ProcessID1)isrunningbetweenR1,R2,R3,R4NetworkofOSPFisredistributedinEIGRPBGP65001isconfiguredonR1withWebservercloudAS65002HSRPisrunningbetweenDSW1&DSW2Switches hascreatedthetestbedshowninthelayer2andlayer3topologyexhibits.Thisnetworkconsistsoffourrouters,twolayer3switchesandtwolayer2IntheIPv4layer3topology,R1,R2,R3,andR4arerunningOSPFwithanOSPFprocessnumber1.DSW1,DSW2andR4arerunningEIGRPwithanASof10.Redistributionisenabledwherenecessary.R1isrunningaBGPASwithanumberof65001.ThisAShasaneBGPconnectiontoAS65002intheISP’snetwork.Becausethe ’saddressspaceisintheprivaterange.R1isalsoprovidingNATtranslationsbetweentheinside(/16&/16)networksandoutside(/24)network.ASW1andASW2arelayer2switches.NTPisenabledonalldeviceswith26servingasthemasterclockTheworkstationsreceivetheirIPaddressanddefaultgatewayviaR4’sDHCPserver.Thedefaultgatewayaddressof54istheIPaddressofHSRPgroup10whichisrunningonDSW1andDSW2.IntheIPv6layer3topologyR1,R2,andR3arerunningOSPFv3withanOSPFprocessnumber6.DSW1,DSW2andR4arerunningRIPngprocessnameThetwoIPv6routing s,OSPF6andRIPngareconnectedviaGREtunnelrunningovertheunderlyingIPv4OSPF .Redistrutionisenabledwherenecessary.Recentlytheimplementationgrouphasbeenusingthetestbedtodoa‘proof-of-concept’onseveralimplementations.Thisinvolvedchangingtheconfigurationononeormoreofthedevices.YouwillbepresentedwithaseriesoftroubleticketsrelatedtoissuesintroducedduringtheseNote:Althoughtroubleticketshavemanysimilarfaultindications,eachtickethasitsownissueandsolution.Ticket1OSPF“Theimplementationgrouphasbeenusingthetestbedtodo‘proof-of-concept’thatrequiredboth 1and 2toaccesstheWebServerat41.Afterseveralchangedtointerfacestatus,networkaddressing,routingschemesandlayer2connectivity,attroubletickethasbeenopenedindicatingthat 1cannotthe41(internetServer)”1isabletobutnot.InitialtroubleshootingshowsthatR1doesnothaveanyOSPFneighborsoranyOSPFroutesConfigurationonR1:routerospfnetworkarea12!interfaceSerial0/0/0/0.12point-to-ipaddressipnatipospfmessage-digest-key1md5TSHOOTConfigurationonR2:routerospfnetworkarea!ipaddress52ipospfauthenticationmessage-ipospfmessage-digest-key1md5QUESTIONOnwhichdeviceisthefaultconditionSection:TROUBLEExAsyouwillsee,theprobleminthissituationiswithOSPFonR1.Itismissingthe"ipospfauthenticationmessage-digest"commandontheSerial0/0/0/0.12QUESTIONFaultConditionisrelatedtowhichIPIPv4OSPFIPv4OSPFIPv6OSPFIPv4layer3securityCorrectAnswer:DTheprobleminthissituationiswithOSPFonrouter1.Itismissingthe"ipospfauthenticationmessagedigest"commandontheSerial0/0/0/0.12interface.Theproblemstatement lsusthatthetworoutersarenotableto OSPFneighbors.QUESTIONWhatisthesolutionofthefaultenableOSPFAuthenticationontheS0/0/0interfaceusingtheipospfauthenticationmessagedigestenableOSPFroutingonthes0/0/0interfaceusingthenetwork.255area12commandenableOSPFroutingonthes0/0/1interfaceusingthenetwork55area12redistributetheBGProutesintoOSPFusingtheredistributeBGP65001subnetcommand.Section:TROUBLEExR2iscorrectlyconfiguredforOSPFauthentication,includingthe"ipospfauthenticationmessage-digest"commandlistedproperlyunderthesub-interfaceSerial0/0/0.12.R1ismissingthisTicket2“Theimplementationgrouphasbeenusingthetestbedtodo‘proof-of-concept’thatrequiredboth 1and 2toaccesstheWebServerat41.Afterseveralchangedtointerfacestatus,networkaddressing,routingschemesandlayer2connectivity,attroubletickethasbeenopenedindicatingDSW1willnot etheactiverouterforHSRPgroup10.HSRPhasbeenconfigurationuredbetweenDSW1andDSW2.DSW1isconfigurationuredtobeactiverouterbutitnever esactiveeventhoughtheHSRPcommunicationbetweenDSW1andDSW2isworking.down!track10iproute28metricthresholdthresholdmetricup61down62!interfaceipaddressiphelper-addressstandby10ipstandby10prioritystandby10standby10track1decrement60ConfigurationonDSW1interfaceVlan10ipaddressiphelper-addressstandby10ipstandby10prioritystandby10QUESTIONOnwhichdeviceisthefaultconditionSection:TROUBLEExInthiscaseweknowthattheproblemiswithHSRPandthatDSW1willetheactiverouter.SinceweknowthatHSRPcommunicationisworkingbetweenDSW1andDSW2,wecandeducethattheproblemmustbewithQUESTIONFaultConditionisrelatedtowhichIPDHCPIPv4EIGRPIPv6RIPIPv4layer3LoopAccessSection:TROUBLEExTheprobleminthiscaseisthatDSW1willnot etheactivestandbyrouter,whichisanHSRPQUESTIONWhatisthesolutionoffaultUndertheinterfacevlan10configurationenterthestandy10Underthetrack1objectconfigurationdeletethethresholdmetricup1down2commandandenterthethresholdmetricup61down62commandUndertheinterfacevlan10configurationdeletethestandby10track1decrement60commandandenterthestandby10track10decrement60Underthetrack10objectconfigurationdeletethethresholdmetricup61down62commandandenterthethresholdmetricup1down2command.CorrectAnswer:CSection:TROUBLEExThereasonthatrouterDSW1willnot etheactiverouterisbecauseitisconfiguredtotrackthe28network.Itshouldhavebeenconfiguredtotrackthe28network.ThiscanbefixedbyrecingtheChange"standby10track1decrement60"commandwiththe"standby10track10decrement60"command.Ticket3BGP“Theimplementationgrouphasbeenusingthetestbedtodo‘proof-of-concept’thatrequiredboth 1and 2toaccesstheWebServerat41.Afterseveralchangedtointerfacestatus,networkaddressing,routingschemesandlayer2connectivity,attroubletickethasbeenopenedindicatingthat 1cannotthe41(internetServer)”1isableto26butnottheWebServerat41.InitialtroubleshootingshowsandR1doesnothaveanyBGProutes.R1alsodoesnotshowanyactiveBGPneighborrouterbgp65001nosynchronizationnetwork24maskneighbor26remote-as65002noauto-summaryQUESTIONOnwhichdeviceisthefaultconditionSection:TROUBLEExTheproblemlieswithrouterR1asitdoesnothaveanyBGProutes,andithasnotsuccessfullypeeredwiththeotherrouters.QUESTIONTheFaultConditionisrelatedtowhichIPIPv4OSPFIPv4OSPFIPv6OSPFIPv4layer3Section:TROUBLEExBGProutesaremissingfromR1.Also,R1doesnothaveanyBGPpeerseventhoughtherouterat26hasbeenconfigured.QUESTIONWhatisthesolutionofthefaultUndertheBGPprocess,enterthebgpredistribute-internalUndertheBGPprocess,bgpconfederationidentifier65001DeletethecurrentBGPprocessandreenterallofthecommandsusing65002astheASnumber.UndertheBGPprocess,deletetheneighbor26remote-as65002commandentertheneighbor26remote-as65002Section:TROUBLEExBasedonthenetworktopology,theredoesnotappeartobeanypeerswithanIPaddressof26.Ifyouexaminethetopologydiagramyoucanseethatthepeer'sIPaddressshouldhavebeenconfiguredas26,whichisthepeerinAS65002.Ticket4NATTheimplementationgrouphasbeenusingthetestbedtodo‘proof-of-concept’thatrequiredboth 1and 2toaccesstheWebServerat41.Afterseveralchangedtointerfacestatus,networkaddressing,routingschemesandlayer2connectivity,attroubletickethasbeenopenedindicating 1cannotthe41(internet1and2arenotabletoreachtheWebServerat41.InitialtroubleshootingthatDSW1,DSW2andalltheroutersareabletoreachtheipnatinsidesourcelistnat_poolinterfaceSerial0/0/0/1overload!ipaccess-liststandardnat_poolpermit!interfaceipnat!ipaddressipnatipospfmessage-digest-key1md5TSHOOTipospdauthenticationmessage-digestQUESTIONOnWhichdeviceisthefaultconditionSection:TROUBLEExs1and2belonginthesubnet,asifyouobservetheNATconfigurationyouwillnoticethatonlyarespecifiedintheNATpool.s1and2arenotbeingtranslatedwhentheyshouldbe.TheproblemiswiththeNATconfigurationonR1.QUESTIONTheFaultConditionisrelatedtowhichIPIPv4OSPFIPv4OSPFIPv6OSPFIPv4layer3securityCorrectAnswer:CExs1and2belonginthesubnet,asifyouobservetheNATconfigurationyouwillnoticethatonlyarespecifiedintheNATpool.s1and2arenotbeingtranslatedwhentheyshouldbe.TheproblemiswiththeNATconfigurationonR1.QUESTIONWhatisthesolutionofthefaultUndertheinterfaceSerial0/0/0configurationentertheipnatUndertheinterfaceSerial0/0/1configurationentertheipnatUndertheipaccess-liststandarnat_traficconfigurationentertheUndertheipaccess-liststandarnat_traficconfigurationenterthepermit55commandSection:TROUBLEExs1and2belonginthesubnet,asifyouobservetheNATconfigurationyouwillnoticethatonlyarespecifiedintheNATpool.s1and2arenotbeingtranslatedwhentheyshouldbe.TheproblemiswiththeNATconfigurationonR1.Addingthe"permit"statementtotheNATpoolaccesslistwillincludethesetwohoststobetranslated,andthentheyshouldbeabletothewebservers.Ticket5R1Theimplementationgrouphasbeenusingthetestbedtodo‘proof-of-concept’thatrequiredboth 1and 2toaccesstheWebServerat41.Afterseveralchangedtointerfacestatus,networkaddressing,routingschemesandlayer2connectivity,attroubletickethasbeenopenedindicatingthat 1cannotthe41(internetServer).1isnotabletoreachtheWebServerat41.InitialtroubleshootingshowsthatR1isalsonotabletoreachtheWebServer.R1alsodoesnothaveanyactiveBGP!descriptionlinktoipaccess-groupedge_securityinipnatoutsidentpbrasdcastnetbroadcastkey1nocdpenable!!ipaccess-listnat_trafficpermitipaccess-listnat_trafficpermit!ipaccess-listedge_securitydenyip55anyipaccess-listedge_securitydenyip55anyipaccess-listedge_securitydenyip55anyipaccess-listedge_securitydenyip55anyipaccess-listedge_securitypermitiphost41anyQUESTIONOnwhichdeviceisthefaultconditionSection:TROUBLEExSinceweknowthatR1doesnothaveanyBGPneighbors,wecandeducethattheproblemlieswithR1.QUESTIONTheFaultConditionisrelatedtowhichIPIPv4OSPFIPv4OSPFIPv6OSPFIPv4layer3securityCorrectAnswer:GBasedontheconfigurationshown,wecanseethatonlythewebserverisallowedaccessonR1accordingtotheaccesslist.BGPusesTCPport179toestablishapeeringrelationship,andwecanseethattheBGProutersthatneedstopeerwithR1isnotallowedtodoso,sotheyarenotabletoexchangeroutes.SotheproblemiswithIPAccessList.QUESTIONWhatisthesolutionofthefaultUndertheipaccess-listedge_securityconfigurationaddthepermitip24anycommandUndertheinterfaceSerial0/0/1entertheipaccess-groupedge_securityoutcommand.Undertheipaccess-listedge_securityconfigurationdeletethedeny55anyUndertheinterfaceSerial0/0/0configurationdeletetheipaccess-groupedge_securityincommandandentertheipaccessgroupedge_securityoutcommandSection:TROUBLEExBasedontheconfigurationshown,wecanseethatonlythewebserverisallowedaccessonR1accordingtotheaccesslist.BGPusesTCPport179toestablishapeeringrelationship,andwecanseethattheBGProutersthatneedstopeerwithR1isnotallowedtodoso,sotheyarenotabletoexchangeroutes.ByallowingallIPpacketsfromthe24/30network,BGPwouldbeestablishedandconnectivitywouldberestored.Ticket6VLANTheimplementationgrouphasbeenusingthetestbedtodo‘proof-of-concept’thatrequiredboth 1and 2toaccesstheWebServerat41.Afterseveralchangedtointerfacestatus,networkaddressing,routingschemesandlayer2connectivity,attroubletickethasbeenopenedindicating 1cannotthe41(internet1isgettinganIPaddressfromtheDHCPserverbutisnotabletoDSW1ortheFTPserver.vlanaccess-maptest110actiondropmatchipaddressvlanaccess-maptest120actiondropmatichipaddress20vlanaccess-maptest130actionforwardmatchipaddress30vlanaccess-maptest40actionforward!vlanfiltertest1vlan-vlaninternalallocation!access-list10permitaccess-list20permitaccess-list30permitQUESTIONOnwhichdeviceisthefaultcondition1FTPSection:TROUBLEExSince1isnotabletoDSW1wecandeducethattheproblemlieswithDSW1.UponcloserexaminationweseethattheVLANfilterlistbeingappliedtothisdeviceisfilteringoutthenetworkthatDSWison.QUESTIONTheFaultConditionisrelatedtowhichIPDHCPIPv4EIGRPIPv6RIPIPv4layer3LoopAccessPortVLANACL/PortSwitchVirtualSection:TROUBLEExSince1isnotabletoDSW1wecandeducethattheproblemlieswithDSW1.UponcloserexaminationweseethattheVLANfilterlistbeingappliedtothisdeviceisfilteringoutthenetworkthatDSWison.SotheproblemisVLANAccessMap.QUESTIONWhatisthesolutionofthefaultUndertheglobalconfigurationmodeenternoaccess-listvlanUndertheglobalconfigurationmodeenternoaccess-mapvlanUndertheglobalconfigurationmodeenternovlanaccess-maptest1Undertheglobalconfigurationmodeenternovlanfiltertest1vlan-listSection:TROUBLEExSince1isnotabletoDSW1wecandeducethattheproblemlieswithDSW1.UponcloserexaminationweseethattheVLANfilterlistbeingappliedtothisdeviceisfilteringoutthenetworkthatDSWison.Ifweremovethisfilterlistconnectivitywouldberestored.Ticket7PortTheimplementationgrouphasbeenusingthetestbedtodo‘proof-of-concept’thatrequiredboth 1and 2toaccesstheWebServerat41.Afterseveralchangedtointerfacestatus,networkaddressing,routingschemesandlayer2connectivity,attroubletickethasbeenopenedindicating 1cannotthe41(internetoneisgettinga169.x.x.xIPaddressandisnotableto2orDSW1.InitaltroubleshootingshowsthatportFa1/0/1onASW1isinerrdisableswitchportmodeaccessswitchportport-securityswitchportport-securitymac-address0000.0000.0001InterfaceFastEthernet1/0/2switchportport-securityswitchportport-securitymac-addressQUESTIONOnwhichdeviceisthefaultconditionSection:TROUBLEExInthiscaseweknowthatthe isunabletogetanIPaddressviaDHCPbecauseithasanAPIPA(AutomaticPrivateIPAddressing),whichisa169.x.x.xIPaddress.WealsoknowthattheswitchportonASW1isinanerrdisablestate,which lsusthattheissueiswithASW1.QUESTIONTheFaultConditionisrelatedtowhichAccessPortVLANACL/PortSwitchVirtualInterfaceCorrectAnswer:DSection:TROUBLETICKETExThebiggestissueisthattheASW1switchportconnectingthe isinerrdisablestate.Uponcloserexamination,wecanseethatportsecurityhasbeenconfiguredonthisporttoonlyallowswithaMACaddressof0000.0000.0001toconnecttothenetwork.SincethisisnottheMACaddressof1,theissueiswiththeportsecurityconfiguration.QUESTIONWhatisthesolutionofthefaultInConfigu