Nneettwwoorrkkiinnggv3 PDF

300-101.examcollection.premium.exam.
190q
Number: 300-101
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
300-101
Implementing Cisco IP Routing (ROUTE)
Version 1.0
Exam A
QUESTION 1
Automatic 6-to-4 tunnels exist between dual-stack routers (A, B, and C). One router has the IPv6 address,
2002:D030:6BC0:173C::26:37D0/48
Which of the following addresses is the IPv4 address of the router with the IPv6 address
2002:D030:6BC0:173C::26:37D0/48?
A. 10.176.15.131
B. 10.200.80.67
C. 208.48.107.192
D. 208.138.16.110
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The IPv4 address of the IPv6 router is 208.48.107.192. In an automatic 6-to-4 tunnel, IPv6 addresses have
the 2002::/16 prefix. The 32-bit IPv4 address of the IPv6 router is then embedded into the IPv6 address.
The 32 bits of the IPv4 address is embedded in the second and third quartet of the IPv6 address. The
second and third quarters in the IPv6 address correspond to D030:6BC0. The conversion of these
hexadecimal digits into decimal is given as follows:
The IPv6 router does not have 10.176.15.131 as its IPv4 address. The 10.176.15.131 address is the IPv4
equivalent of the second and third quarter (05B0:0F81) in the source IPv6 address.
The other two IPv4 addresses are incorrect as they pertain to neither of the two IPv6 hosts.
Objective:
Network Principles
Sub-Objective:
Recognize proposed changes to the network
References:
Cisco IOS IPv6 Implementation Guide > Implementing Tunneling for IPv6
QUESTION 2
You have recently joined a company as the network administrator. You have been asked to complete the
configuration on the border routers for an automatic 6-to-4 tunnel between several IPv6 network domains.
The commands that are currently configured on the routers are as follows:
ipv6 route tunnel

interface tunnel
ipv6 address
tunnel source
Which of the following additional commands is required to complete the configuration of automatic 6-to-4
tunnel on the border routers?
A. tunnel mode ipv6ip

B. tunnel mode ipv6ip 6to4
C. tunnel mode ipv6ip auto-tunnel
D. tunnel mode ipv6ip isatap
Correct Answer: B
Section: (none)
Explanation
Explanation:
The correct answer is to use the tunnel mode ipv6ip 6to4 command to complete the configuration of an
automatic 6-to-4 tunnel. This command requires the use of IPv6 unicast addresses that have the 2002::/16
prefix.
The types of tunneling mechanisms supported by IPv6 are:

Automatic 6-to-4 tunnel
ISATAP tunnel
Manually configured tunnel
GRE tunnel
Apart from using a tunneling mechanism, interoperability between IPv4 and IPv6 can be provided by using a
dual-stack infrastructure or Network Address Translation-Protocol Translation (NAT-PT). A dual-stack
infrastructure allows you to use both IPv4 and IPv6 addresses on the same router/host. NAT-PT is used to
translate IPv4 addresses to IPv6 and vice versa.
The tunnel mode ipv6ip command should not be used to complete the configuration because this command
specifies IPv6 as the passenger protocol and creates a manually configured tunnel.
The tunnel mode ipv6ip auto-tunnel command is not required to enable automatic 6-to-4 tunneling on the
border routers. This command creates an automatic IPv4-compatible IPv6 tunnel between the routers.
The tunnel mode ipv6ip isatap command should not be used because this command creates an ISATAP
tunnel.
Objective:
Network Principles
Sub-Objective:
References:
Cisco IOS IPv6 Configuration Guide; Implementing Tunneling for IPv6 > Configuring Manual IPv6 Tunnels
Cisco > Cisco IOS IPv6 Command Reference > tunnel mode ipv6ip
QUESTION 3
You have implemented IPv6 automatic 6-to-4 tunneling between three IPv6 subnets as shown in the
network exhibit. (Click the Exhibit(s) button.)
You have used the following commands to implement the automatic 6-to-4 tunnel:
Your supervisor has assigned the task of verifying the automatic 6-to-4 tunnel to one of your colleagues.
Your colleague runs the show running-config command and finds that incorrect IPv6 addresses have been
assigned to the tunnel interfaces of the routers.
Which of the following IPv6 addresses should be assigned to rectify the problem? (Choose two.)
A. 2002::c0a8:2d01/64 to the Fa0/1 interface of rtrA

B. 2002:c0a8:4b01::1/64 to the Fa0/1 interface of rtrB
C. 2002:c0a8:7d01::1/64 to the Fa0/1 interface of rtrC
D. 2002:c0a8:4b01::1/64 to the Fa0/1 interface of rtrA
Correct Answer: BC
Section: (none)
Explanation
Explanation:
The 2002:c0a8:4b01::1/64 and the 2002:c0a8:7d01::1/64 IPv6 addresses should be assigned to the Fa0/1
interfaces of rtrB and rtrC, respectively. Automatic 6-to-4 tunnels embed the IPv4 address of the tunnel
interfaces into the second and third quartets of the IPv6 address that has the 2002::/16 prefix.
To assign IPv6 addresses to the tunnel interfaces, perform the following steps:
1. Convert the IPv4 address of the tunnel interface into binary.
2. Convert the binary equivalent of the IPv4 address into hexadecimal (IPv6).
3. Append the hexadecimal equivalent to the 2002::/16 prefix to form the IPv6 prefix of the tunnel
interface.
For the Fa0/1 interface of rtrB, its IPv4 address of 192.68.75.1 is equivalent to the IPv6 address c0a8:4b01.
This address is then appended to the 2002::/16 prefix, resulting in 2002:c0a8:4b01::/48. The remaining host
bits can be filled with zeros. Similarly, the IPv4 address of the Fa0/1 interface of rtrC is converted to the
IPv6 address 2002:c0a8:7d01::/48.
The 2002::c0a8:2d01/64 IPv6 address should not be assigned to the Fa0/1 interface of rtrA. The Fa0/1
interface of rtrA has the IPv4 address 192.168.45.1. The IPv6 equivalent of the IPv4 address, which is
c0a8:2d01, should be embedded in the second and third quartets of the IPv6 address instead of the
seventh and eighth quartets. IPv4 addresses are embedded into the last 32 bits for ISATAP tunnels.
The 2002:c0a8:4b01::1/64 IPv6 addresses should not be assigned to the Fa0/1 interface of rtrA. This IPv6
address is the equivalent of the IPv4 address 192.168.75.1, which is the address of the Fa0/2 interface of
rtrB and not rtrA. Therefore, this IPv6 address should be assigned to the Fa0/1 interface of rtrB.
Objective:
Network Principles
Sub-Objective:
References:
Cisco Press > Articles > Cisco Certification > CCNP > CCNP Self-Study: Advanced IP Addressing
Cisco Press > Articles > Network Technology > General Networking > Cisco Self-Study: Implementing
Cisco IPv6 Networks (IPV6)
Cisco > Support > Technology Support > IP > IP Version 6 (IPV6) > Configure > Configuration Examples
and Technotes > IPv6 Tunnel Through an IPv4 Network
Cisco IOS IPv6 Implementation Guide, Release 15.2M&T > Implementing Tunneling for IPv6
QUESTION 4
An automatic IPv4-compatible IPv6 tunnel exists between two IPv6 networks. The two IPv6 networks
belong to different BGP autonomous systems (AS). The tunnel source has the IPv4 address
172.168.111.65/24 and the tunnel destination has the IPv4 address 172.168.222.80/24.
Which of the following statements is TRUE about the tunnel source and tunnel destination IPv6 addresses?
(Choose two.)
A. the IPv6 address of the tunnel source is 172.168.111.65::

B. the IPv6 address of the tunnel source is ::172.168.111.65
C. the IPv6 address of the tunnel destination is 172.168.222.80::
D. the IPv6 address of the tunnel destination is ::172.168.222.80
Correct Answer: BD
Section: (none)
Explanation
Explanation:
The IPv6 address of the tunnel source is ::172.168.111.65 and the IPv6 address of the tunnel destination is
::172.168.222.80. These two addresses are IPv4-compatible IPv6 addresses, which are addresses that
contain the IPv4 addresses of the tunnel source and destination.
In automatic IPv4-compatible IPv6 tunnel, the IPv4 addresses of the tunnel source and the tunnel
destination are used to determine their IPv6 addresses. The IPv4 addresses of the tunnel source/
destination are embedded into the least significant 32 bits of an all-zero unicast IPv6 address. The resultant
IPv6 address has zeros in the most significant 96 bits and the IPv4 address of the tunnel source/destination
in the remaining 32 bits.
In this case, the source of an automatic IPv4-compatible IPv6 tunnel has the IPv6 address
0:0:0:0:0:0:172.168.111.65, abbreviated as ::2.168.111.65. You can also convert this address into pure
hexadecimal format, which would be ACA8:6F41.
Any of the following three addresses could be used to identify the BGP neighbor at 172.168.11.65:
0:0:0:0:0:0:172.168.111.65
::172.168.111.65
::ACA8:6F41
Similarly, the tunnel destination has the IPv6 address 0:0:0:0:0:0:172.168.222.80 (abbreviated as
::172.168.222.80). The hexadecimal form of the IPv6 address of the tunnel destination is ::ACA8:DE50.
Any of the following three addresses could be used to identify the BGP neighbor at 172.168.222.80:
0:0:0:0:0:0:172.168.222.80
::172.168.222.80
::ACA8:DE50
The other two options state incorrect IPv6 addresses of the tunnel source and the tunnel destination. Both
options specify an IPv6 address that has the IPv4 address of the tunnel source/destination in the most
significant 32 bits and zeros in the least significant 96 bits.
Objective:
Network Principles
Sub-Objective:
References:
Home > Support > Technology Support > IP > IP Version 6 (IPv6) > Configure > Configuration Examples
and Technotes > IPv6 Tunnel Through an IPv4 Network > Configure > Configurations (Automatic IPv4-
Compatible Mode)
Cisco > Support > Technology Support > IP > IP Version 6 (IPv6) > Technology Information > Technology
White Paper > IPv6 Deployment Strategies > Selecting a Deployment Strategy > Deploying IPv6 Over IPv4
Tunnels > Automatic IPv4-Compatible Tunnel
QUESTION 5
Your company has implemented IPv6 addresses and routing on every host, server, and router. Recently,
your company acquired another company that has an IPv4 addressing scheme for its entire network. The
acquired company's network does not have any support for IPv6. You need to devise a method so that the
IPv6 hosts in your company can seamlessly communicate with the IPv4 hosts of the acquired company's
network. You do not want to install any additional routers, and you want minimum configuration changes on
the networks.
Which of the following is the best method to allow communication between the IPv4 and IPv6 hosts?
A. Embedding IPv6 packets into IPv4 packets

B. Translating IPv4 addresses to and from IPv6 addresses
C. Configuring IPv6 on the hosts and routers in the IPv4 network
D. ConfiguringIPv4 on the hosts and routers in the IPv6 network
Correct Answer: B
Section: (none)
Explanation
Explanation:
Translating IPv4 addresses to and from IPv6 addresses is the best method to allow communication
between the IPv4 and IPv6 hosts. This translation of IPv4 and IPv6 addresses is known as Network
Address Translation-Protocol Translation (NAT-PT). NAT-PT is a technique available for deploying IPv6
and IPv4 addresses in a unified network. With NAT-PT, the network requires fewer modifications and
software for the IPv4 and IPv6 hosts. Additionally, it provides easy and quick interoperability between the
IPv4 and IPv6 hosts.
NAT-PT is configured on one of the routers on the border of the IPv4 and IPv6 networks. Whenever an IPv4
packet intended for a host in the IPv6 network is received by the NAT-PT router, the router applies NAT-PT
on the packet and translates all the headers in the IPv4 headers. In addition, it translates the IPv4 source
and destination addresses to IPv6 source and destination addresses. The IPv6 packet is then set by the
NAT-PT router to the intended IPv6 host. The NAT-PT router performs the reverse translation when an IPv6
host sends a packet to an IPv4 host.
Embedding IPv6 packets into IPv4 packets is not the best method to allow communication between the
IPv4 and IPv6 hosts. When IPv6 packets are embedded inside IPv4 packets, the process is referred to as
tunneling. Tunneling is appropriate when two IPv6 networks are separated by an IPv4 network. When an
IPv6 host of one network sends an IPv6 packet destined for a host on the other IPv6 network, an IPv4
tunnel is created between the two IPv6 networks. The IPv6 packet is then embedded into an IPv4 packet
that traverses through the IPv4 tunnel to reach the intended IPv6 host, where the embedded packet is
extracted by the recipient. In this scenario, a single IPv6 network is available; hence, a tunnel cannot be
formed.
Configuring IPv6 on the hosts and routers in the IPv4 network, or configuring IPv4 on the hosts and routers
in the IPv6 network, are not the best methods to allow communication between the IPv4 and IPv6 hosts.
Each of these two methods is cumbersome and not the most efficient for providing interoperability between
IPv4 and IPv6 in this case. Furthermore, the IPv4 hosts on the acquired company's network do not support
IPv6 as stated.
Objective:
Network Principles
Sub-Objective:
References:
Cisco NAT Configuration Guide, Release 15M&T > NAT-PT for IPv6
QUESTION 6
You have implemented an automatic 6-to-4 tunnel between the routers rtrA and rtrB as shown in the
following network diagram:
The routers rtrA and rtrB are connected to two IPv6 subnets and are separated by an IPv4 network. You
decide to verify whether the tunnel was correctly implemented using the show running-config command.
Which of the following commands should exist in the output of the show running-config command on rtrA
and rtrB? (Choose all that apply.)
A. interface tunnel
B. tunnel source
C. tunnel destination
D. tunnel mode ipv6ip
E. tunnel mode ipv6ip 6to4
Correct Answer: ABE

Section: (none)
Explanation
Explanation:
The following commands should exist in the output of the show running-config command on rtrA and rtrB:
interface tunnel
tunnel source
tunnel mode ipv6ip 6to4
The interface tunnel command is used to define a tunnel interface on the router. The tunnel source
command allows you to specify the source of the tunnel, which is the router interface that faces the IPv4
network. The tunnel source must be configured with an IPv4 address. The tunnel mode ipv6ip 6to4
command is used to specify the tunneling mechanism, which in this case is automatic 6-to-4.
The partial output of the show running-config command on rtrA is as follows:
!
interface Tunnel0
no ip address
tunnel source 172.50.20.5
ipv6 address 2002:ac32:of06::1/48
!
<output omitted>
The partial output of the show running-config command on rtrB is as follows:
!
interface Tunnel0
no ip address
tunnel source 172.50.20.1
ipv6 address 2002:ac32:0f06::2/48
!
<output omitted>
The tunnel destination command and the tunnel mode ipv6ip commands do not appear in the show
running-config output when automatic 6-to-4 tunnels are implemented on rtrA and rtrB. Both of these
commands are executed for manually configured tunnels.
Objective:
Network Principles
Sub-Objective:
References:
Cisco Press > Articles > Cisco Certification > CCNP > CCNP Self-Study: Advanced IP Addressing
Cisco Interface and Hardware Component Configuration Guide > IPv6 Automatic 6to4 Tunnels
Cisco > Support > Technology Support > IP > IP Version 6 (IPV6) > Configure > Configuration Examples
and Technotes > IPv6 Tunnel Through an IPv4 Network
QUESTION 7
Which of the following statements are TRUE about manually configured IPV4-to-IP6 tunnels and GRE
tunnels? (Choose two.)
A. Manually configured tunnels use the tunnel mode ipv6ip command, while GRE tunnels use the tunnel
mode gre ip command.
B. Manually configured tunnels support IPv6 IGPs, while GRE tunnels do not.
C. Manually configured tunnels block IPv6 multicasts, while GRE forwards them.
D. Manually configured tunnels do not support multiple passenger protocols, while GRE tunnels support
them.
Correct Answer: AD
Section: (none)
Explanation
Explanation:
The following statements are TRUE about manually configured tunnels and GRE tunnels:
Manually configured tunnels use the tunnel mode ipv6ip command, while GRE tunnels use the tunnel
mode gre ip command.
Manually configured tunnels do not support multiple passenger protocols, while GRE tunnels support
them.
Manually configured tunnels and Generic Routing Encapsulation (GRE) tunnels are static point-to-point
tunneling methods. Both of these tunneling methods provide a permanent link between two IPv6 networks
that are separated by an IPv4 backbone. For each link between two IPv6 networks, a separate tunnel needs
to be created.
Manually configured tunnels use a particular passenger protocol and do not support multiple passenger
protocols at the same time. However, GRE tunnels can simultaneously use various passenger protocols.
It is incorrect to state that manually configured tunnels support IPv6 IGPs, while GRE tunnels do not. GRE
tunnels also support IPv6 IGPs, such as OSPF, RIP, and IS-IS.
It is incorrect to state that manually configured tunnels block IPv6 multicasts, while GRE forwards them.
Manually configured tunnels also forward IPv6 multicasts.
Objective:
Network Principles
Sub-Objective:
References:
Cisco IOS IPv6 Configuration Guide, Release 12.4 > Implementing Tunneling for IPv6 > Configuration
Examples for Implementing Tunneling for IPv6 > Example: Configuring Manual IPv6 Tunnels
QUESTION 8
Which dialer interface command sets the maximum size of IP packets to 1492?
A. router(config-if)# mtu 1492

B. router(config-if)# ip ppp 1492
C. router(config-if)# ip 1492
D. router(config-if)# ip mtu 1492
Correct Answer: D
Section: (none)
Explanation
Explanation:
The correct interface command to set the maximum size of IP packets (maximum transmission unit or MTU
size) to 1492 is router(config-if)# ip mtu 1492. This command is required because RFC 2516 states the
maximum receive unit (MRU) must not be negotiated larger than 1492 bytes.
All other answers are invalid commands due to incorrect syntax.
Objective:
Network Principles
Sub-Objective:
Explain TCP operations
References:
Cisco > Cisco IOS IP Application Services Command Reference > idle (firewall farm datagram protocol)
through ip slb natpool > ip mtu
QUESTION 9
Examine the following FIB table:
Which of the following statements is NOT true?
A. These are the default entries in an FIB table

B. No IP addresses have been configured on this router
C. Multicast routing is enabled
D. The gateway of last resort has not been set
Correct Answer: C
Section: (none)
Explanation
Explanation:
The Forwarding Information Base (FIB) table is created when Cisco Express Forwarding (CEF) is enabled
on the router. FIB is a mapping of destination networks and IP addresses to next-hop IP addresses and exit
interfaces.
In the scenario, multicast routing has NOT enabled in the router. If it were enabled, the next hop for the
224.0.0.0/4 network would not be listed as drop. A drop means any packets sent to multicast IP addresses
will be dropped. If multicast routing were enabled, the entry for 224.0.0.0 would appear as follows:
Prefix Next Hop Interface

224.0.0.0/4 0.0.0.0
The next hop of 0.0.0.0 means that this traffic will be process switched, and CEF cannot forward the
packets.
The table displayed in the scenario contains the default entries in the FIB. These entries will change based
on further configuration of the router interfaces and the addition of routes to the routing table through either
static routing or through routing protocols.
No IP addresses have been configured on the router. Had they been configured, the addresses of the
networks to which they were connected would be in the table. For example, if the IP address of the
FastEthernet 0/1 interface were set to 192.168.1.1/24, three entries would have been added to the table as
follows:
While the first IP address represents the directly attached network of which the interface is a member, the
second IP address represents the network ID of the network, the third IP address represents the specific IP
address assigned to the interface, and the last IP address represents the broadcast address of the network.
The gateway of last resort has not been set on the router. If it were set, it would be listed along with an IP
address for the next hop and the exit interface. An entry for a gateway of last resort (or default route) would
resemble the following:
Prefix Next Hop Interface

0.0.0.0/0 192.168.5.5 FastEthernet 0/0
Objective:
Network Principles
Sub-Objective:
Identify Cisco Express Forwarding concepts
References:
Cisco IOS Switching Services Configuration Guide, Release 12.2 > Cisco Express Forwarding Overview
Cisco > Home > Support > Product Support > Routers > Cisco 12000 Series Routers > Troubleshoot and
Alerts > Troubleshooting Technotes > Understanding Cisco Express Forwarding (CEF)
QUESTION 10
Which of the following IPv6/IPv4 interoperability techniques routes both IP versions simultaneously?
A. NAT-PT
B. Dual stack
C. 6to4 tunnels
D. Teredo
Correct Answer: B
Section: (none)
Explanation
Explanation:
When the routers in the network are capable of routing both IPv6 and IPv4 traffic, it is referred to as dual
stack. The dual stack routers simply recognize the version a frame is using and react accordingly to each
frame.
Network Address Translation- Port Translation (NAT-PT) is a service that runs on a router or server that
converts IPv4 traffic to IPv6, and vice versa. This eliminates the need for the routers or clients to be dual
stack-capable. When only one router exists between the IPv4 and the IPv6 networks, this will be the only
option, since all other methods listed require a dual stack capable device on each end of the tunnel. The
IPv6 to IPv4 mapping can be obtained by the host from a DNS server, or the mapping can be statically
defined on the NAT device.
6to4 tunnels can be created between dual stack routers or between a dual stack router and a dual stack
client. In either case, each tunnel endpoint will have both an IPv6 and an IPv4 address. When traffic needs
to cross an area where IPv6 is not supported, the tunnel can be used to transport the IPv6 packet within an
IPv4 frame. When the frame reaches the end of the tunnel, the IPv4 header is removed and the IPv6 frame
is further routed based on its IPv6 address.
Teredo is an alternate tunneling mechanism that encapsulates the IPv6 frame in an IPv4 UDP packet. It
has the added benefit of traversing a NAT device that is converting private IP addresses to public IP
addresses. 6to4 tunnels cannot traverse NAT devices by converting private IP addresses to public IP
addresses.
Objective:
Network Principles
Sub-Objective:
References:
Cisco > Home > Products and Services > Cisco IOS and NX-OS Software > Cisco IOS Technologies >
IPV6 > Product Literature > White Papers > Federal Agencies and the Transition to IPv6
Cisco > Cisco IOS IPv6 Configuration Guide, Release 15.2MT
QUESTION 11
An enterprise has implemented an IPv4 addressing scheme on the servers of its core network. To
effectively handle the increasing user requests to the server, the enterprise has plans to implement three
new subnets with IPv6 addressing in its existing IPv4 network. The network administrator has set up dual-
stack routers on the boundary of these subnets, as shown in the network diagram.
You need to ensure interoperability between IPv4 and IPv6 hosts such that routers A, B, and C can
dynamically determine the destination of an IPv6 packet. In addition, global unicast addresses should be
supported on all hosts in the three IPv6 subnets.
Which of the following tunneling method can be used between the three routers? (Choose two.)
A. GRE tunnel
B. Automatic 6-to-4 tunnel
C. ISATAP tunnel
D. Manually-configured tunnel
Correct Answer: BC
Section: (none)
Explanation
Explanation:
You can use either automatic 6-to-4 tunnel or an Intra-site Automatic Tunnel Addressing Protocol (ISATAP)
tunnel. Both of these tunneling methods are point-to-multipoint tunneling methods. This means that a single
router (the point) can send IPv6 packets to different IPv6 routers (multipoints), depending on the destination
address. When a router receives an IPv6 packet from an IPv6 host, it encapsulates the IPv6 packet in an
IPv4 packet, which is then sent through the IPv4 core network. When the IPv4 packet is received at the
destination router, the IPv6 address is extracted from the IPv4 packet and then forwarded to the intended
IPv6 host.
Automatic 6-to-4 tunnels are created automatically by two IPv6 routers separated by an IPv4 network.
These tunnels consider the IPv4 network as a virtual non-broadcast multi-access (NBMA) link. The tunnel is
formed for every IPv6 packet that travels from one IPv6 border router to another IPv6 border router. IPv4
and IPv6 must be supported at both the border routers.
In automatic 6-to-4 tunneling, addresses belonging to the 2002::/16 prefix are used. In such IPv6
addresses, the 32-bit IPv4 address of each edge router is embedded into its IPv6 address increasing the
length of the prefix to 48 (16 + 32). In automatic 6-to-4 tunnel, the IPv4 address of the router is embedded
into the second the third quartet of the IPv6 address of the router.
ISATAP is also an automatic tunneling mechanism that uses an underlying IPv4 network as a NBMA link for
IPv6 networks. However, it is most suitable for exchanging packets within an IPv6 network instead of
exchanging packets between two IPv6 networks. With ISATAP tunnels, IPv6 dual-stack routers connected
through the same IPv4 network can communicate with one another.
ISATAP works with unicast IPv6 addresses that are identified by a 64-bit prefix. The lowermost 64 bits are
used to identify the interface of the router and are in modified EUI-64 format. The 0:5eFe value exists in the
first 32 bits of the interface identifier. This value indicates that the IPv6 address is an ISATAP address. The
remaining 32 bits contain the hexadecimal value of the IPv4 address; that is, the seventh and the eighth
quartets in the IPv6 contain the IPv4 address.
You should not use a GRE tunnel or a manually configured tunnel between the three routers. These two
tunneling methods provide static point-to-point tunnel between two IPv6 routers through an IPv4 network.
Both these tunneling methods assume a virtual point-to-point link.
Objective:
Network Principles
Sub-Objective:
References:
Cisco IPv6 Implementation Guide; Implementing Tunneling for IPv6
QUESTION 12
Which of the following statements represent characteristics of an automatic 6to4 tunnel through an IPv4
network? (Choose all that apply.)
A. There is a NAT-PT router on either end of the tunnel.

B. There is a dual stack router on either end of the tunnel.
C. Each 6to4 site will have a /48 prefix.
D. Each 6to4 site will have a /16 prefix.
E. The IPv4 addresses of the edge routers are part of the site prefix.
F. The IPv6 addresses of the sending and receiving IPv6 hosts are part of the site prefix.
Correct Answer: BCE

Section: (none)
Explanation
Explanation:
When implementing an automatic 6to4 tunnel, each IPv6 site receives a 48-bit prefix. The hexadecimal
equivalent of the IPv4 address of the edge router is appended to 0x2002 and followed with the prefix to
identify each end of the tunnel.
Each end of the tunnel must be a dual stack router, which is one that can route both IPv4 and IPv6 traffic.
For example, if the edge router's IPv4 address were 192.168.99.1, the hexadecimal equivalent of the
address (c0a8:6301) would be inserted between 0X2002 and the /48 prefix, resulting in a packet with the
IPv6 address 2002:c0a8:6301::/48 to arrive at the tunnel endpoint address.
A Network Address Translation - Port Translation (NAT-PT) router performs translation from IPv4 to IPv6. It
is not used in a 6to4 tunnel.
Each site does not have a /16 prefix with a 6to4 tunnel. Rather, each site has a /48 prefix.
The IPv6 address of each IPv6 host is not part of the site prefix. These addresses are retained within the
IPv6 portion of the header, and will be read after the frame reaches the end of the tunnel for eventual IPv6
routing on the far end.
Objective:
Network Principles
Sub-Objective:
References:
Cisco > Products > Collateral > Whitepaper > Enterprise IPv6 Transition Strategy > IPv6 Deployment
Solution Options
QUESTION 13
Examine the following output.
What possible reason(s) can cause the state of the first entry in the adjacency table? (Choose all that
apply.)
A. the interface is a multipoint interface

B. the clear ip arp command was executed
C. the Layer 3 information is unknown
D. the clear adjacency command was executed
Correct Answer: BD
Section: (none)
Explanation
Explanation:
If either the clear ip arp or the clear adjacency commands were issued, the entry would temporarily be listed
as incomplete in the adjacency table. The adjacency table is used by Cisco Express Forwarding (CEF) to
maintain Layer 2 information about the next hop to remote networks. In CEF, an adjacency refers to a
control structure that holds Layer 2 information for an IP address on a particular interface. When that
information is not available the entry will be listed as incomplete, as shown in the example.
Layer 2 information normally comes from the ARP process. Therefore, if the ARP table is cleared with the
clear ip arp command, the Layer 2 information will be temporarily unavailable until the ARP process re-
learns it the next time a frame must be sent to that hop. Moreover, if the adjacency table is emptied with the
clear adjacency command, the entry must be created again. This will also result in the entry being marked
incomplete for a short period of time until the ARP table can be consulted and the Layer 2 information re-
added.
The interface in the scenario is not a multipoint interface. A multipoint interface would include entries for
multiple next hops, since a multipoint interface connects to multiple Layer 3 destinations. An example of this
is shown below in sample output from a Frame Relay interface:
The layer 3 information of the next hop is present in the entry in the scenario example. It is 10.10.10.2.
Objective:
Network Principles
Sub-Objective:
Identify Cisco Express Forwarding concepts
References:
Home > Support > Technology support > IP > IP switching > Troubleshoot and alerts > Troubleshooting
Technotes > Troubleshooting Incomplete Adjacencies with CEF
QUESTION 14
You have been alerted that TCP traffic leaving an interface has been reduced to near zero, while UDP
traffic is steadily increasing at the same time.
What is this behavior called and what causes it?
A. jitter, caused by lack of QoS

B. latency, caused by the MTU
C. starvation, caused improper configuration of QoS queues
D. windowing, caused by network congestion
Correct Answer: C
Section: (none)
Explanation
Explanation:
This behavior is called starvation and is caused by improper configuration of QoS queues. When TCP and
UDP flows are assigned to the same QoS queue, they compete with one another. This is not a fair
competition because the TCP packets will react to packet drops by throttling back TCP traffic, while UDP
packets are oblivious to drops and will take up the slack created by the diminishing TCP traffic. The results
from mixing UDP and TCP traffic in the same queue are:
Starvation
Latency
Lower throughput
While it is true that jitter can be caused by a lack of QoS, jitter is not what is being described in the scenario.
Jitter is the variation in latency as measured in the variability over time of the packet latency across a
network. This phenomenon seriously impacts time-sensitive traffic, such as VoIP, and can be prevented by
placing this traffic in a high-priority QoS queue.
While latency can be caused by the maximum transmission unit (MTU) in the network, this is not a case of
latency, although latency may be one of the perceived effects of starvation. Latency is the delay in reception
of packets. The MTU is the largest packet size allowed to be transmitted, and an MTU that is set too large
can result in latency.
While windowing can be caused by network congestion, this is not a case of windowing. This is a technique
used to adjust the number of packets that can acknowledged at once by a receiving computer in a
transmission. In times of congestion the window, or number of packets that can be acknowledged at a time,
will be small. Later, when congestion goes down, the window size can be increased.
Objective:
Network Principles
Sub-Objective:
Describe UDP operations
References:
Design Guide > Service Provider Quality of Service > CE Guidelines for Collapsing Enterprise Classes >
Mixing TCP with UDP
QUESTION 15
Refer to the following set of commands:
Which of the following statements is TRUE about the given set of commands?
A. IPv4 and IPv6 are running simultaneously on rtrA

B. The IPv4 address is translated to an IPv6 address
C. The IPv6 address is an IPv4-compatible address
D. A tunnel is created for the interoperability of the IPv4 and IPv6 addresses
Correct Answer: A
Section: (none)
Explanation
Explanation:
The correct answer is that IPv4 and IPv6 are running simultaneously on rtrA. The set of commands enables
IPv6 on the rtrA router and assigns an IPv4 address and an IPv6 address to the Fa0/0 interface. This
indicates that the router is a dual-stack router on which both IPv4 and IPv6 are running simultaneously.
The IPv4 address is not translated to the IPv6 address by the given set of commands because NAT-PT is
not enabled on the router. To enable NAT-PT on a router, you need to use the ipv6 nat command. In
addition, the ipv6 nat prefix command should be used to specify an IPv6 prefix.
The IPv6 address is not an IPv4-compatible address. IPv4-compatible IPv6 addresses are used in
automatic IPv4-compatible IPv6 tunnels. These addresses refer to those IPv6 unicast addresses that have
zeros in the first 96 bits and an IPv4 address in the last 32 bits. For example, 0:0:0:0:0:0:192.156.10.67 is
an IPv4-compatible IPv6 address where 192.156.10.67 is an IPv4 address. The IPv6 address
(2001:0:1:1:D52::F3C/64), in this case, is not an IPv4-compatible IPv6 address.
A tunnel is not created for the interoperability of the IPv4 and IPv6 addresses because the given set of
commands configures the router as a dual-stack router. There are no commands for configuring a tunnel on
the router.
Objective:
Network Principles
Sub-Objective:
References:
Cisco IOS IPv6 Configuration Guide, Release 12.4 > Implementing IPv6 Addressing and Basic Connectivity
> Configuration Examples for Implementing IPv6 Addressing and Basic Connectivity > Example: Dual
Protocol Stacks Configuration
QUESTION 16
Which of the following statements is TRUE concerning a 6to4 tunnel?
A. The IPv6 packet is encapsulated in an IPv4 packet using an IPv4 protocol type of 41.
B. The 6to4 tunnel method includes a 20-byte IPv6 header with no options and an IPv4 payload.
C. The maximum transmission unit is increased by 20 octets with the 6to4 tunnel method.
D. The IPv6 packet has its header removed and replaced with an IPv4 header with the 6to4 tunnel method.
Correct Answer: A
Section: (none)
Explanation
Explanation:
When an IPv6 packet is tunneled across a portion of the network that does not support IPv6, the IPv6
packet is encapsulated in an IPv4 packet using an IPv4 protocol type of 41. When it reaches the other end
of the tunnel, the IPv4 portion is stripped off and the packet is routed the rest of the way by using the
remaining IPv6 header.
This method does not include a 20-byte IPv6 header with no options and an IPv4 payload. On the contrary,
it includes a 20-byte IPv4 header with no options and an IPv6 payload.
The maximum transmission unit is not increased by 20 octets with this method. Rather, it is decreased by
20 bytes due to the extra overhead.
The IPv6 packet does not have its header removed and replaced with an IPv4 header. It encapsulates the
entire IPv6 packet within an IPv4 header.
Objective:
Network Principles
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > IP > IP Version 6 > Configure > Configuration Examples
and Technotes > Tunneling IPv6 through an IPv4 Network
QUESTION 17
Which of the following are valid IPv4 to IPv6 migration strategies? (Choose two.)
A. DHCP
B. Tunnels
C. Dual-stack
D. Encapsulating IPv4 into IPv6
Correct Answer: BC
Section: (none)
Explanation
Explanation:
Tunnels and dual-stack are valid IPv4 to IPv6 migration strategies.
Tunneling mechanisms can transport IPv6 across an IPv4 infrastructure. Cisco supports the following types
of tunneling for this purpose:
Manual tunnels
Generic Routing Encapsulation (GRE) tunnels
IPv4 compatible tunnels
6-to-4 tunnels
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnels
For all tunneling types, IPv6 packets are encapsulated in IPv4 packets for delivery across the IPv4
infrastructure. These tunnels require two endpoints, either two routers, or a router and a host. Both
endpoints must support IPV4 and IPv6.
When implementing an automatic 6-to-4 tunnel each IPv6 site receives a /48-bit prefix. The hexadecimal
identify each end of the tunnel. Each end of the tunnel must be a dual stack router, that is, one that can
route both IPv4 and IPv6. For example if the edge router's IPv4 address were 192.168.99.1, the
hexadecimal equivalent of the address (c0a8:6301) would be inserted between 0X2002 and the /48 prefix,
resulting in 2002:c0a8:6301:: /48 to arrive at the tunnel endpoint address.
The following example shows a partial output of the show run command executed on a router hosting one
end of a 6-to-4 tunnel:
The least significant 32 bits in the address referenced by the ipv6 route 2002::/16 Tunnel0 command
correspond to the IPv4 address (64.101.64.1) assigned to the tunnel source. The hex equivalent is
4065:4001, yielding 2002:4065:4001::/48.
Another example of how IPv4 addresses can be used in the creation of the tunnel endpoint IPv6 identifier is
shown in the partial output of the show run command executed on a router that is hosting one end of an
automatic IPv4 compatible tunnel:
In the neighbor statement under the BGP configuration section, the neighbor address is derived from the
IPv4 address of the other router (192.168.4.1). This could be implemented in one of three ways:
::192.168.4.1
0:0:0:0:0:0:192.168.4.1
::c0a8:0401
The IPv6 addresses ::192.168.4.1 and 0:0:0:0:0:0:192.168.4.1 are implemented by inserting the IP address
at either the end of :: or 0:0:0:0:0:0. (:: is a IPv6 shortcut for 0:0:0:0:0:0). The IPv6 address::c0a8:0401 is
implemented by inserting the hex equivalent of 192.168.4.1 (c0a8:0401) in the same location.
Another potential migration strategy is to run dual stacks. The TCP/IP stack, or stack, is the TCP/IP
software that is included in most operating systems. It is possible to run dual TCP/IP stacks on a computer.
For example, servers and other infrastructure equipment often run both an IPv4 and IPv6 IP stack for
application compatibility. This dual-stack configuration allows applications that require IPv6 to use the IPv6
stack and applications that require IPv4 to use the IPv4 stack. The following partial output of the show run
command shows the configuration of a dual stack router:
<output omitted>
ipv6 unicast routing
interface fastethernet0/0
ip address 192.168.5.1 255.255.255.0
ipv6 address 3ffe:b00:c19:2::3/127
This configuration allows applications on the same segment to communicate via IPv4 or IPv6.
Dynamic Host Configuration Protocol (DHCP) provides no benefits in migrating from IPv4 to IPv6.
IPv4 is not encapsulated in IPv6 in any of the migration strategies. IPv6 is encapsulated into IPv4.
Objective:
Network Principles
Sub-Objective:
References:
Cisco > Cisco IOS IPv6 Implementation Guide, Release 12.4 > Implementing Tunneling for IPv6
QUESTION 18
You just discovered that a ping packet sent from one of the devices to another took a different path in the
return than it did on its way to the destination.
What behavior caused this?
A. Windowing
B. Global synchronization
C. MSS
D. Asymmetric routing
Correct Answer: D
Section: (none)
Explanation
Explanation:
This behavior is caused by asymmetric routing. This is quite common in a routed network and usually is not
a problem. It can, however, become an issue when firewalls reside in a routed path. Firewalls can cause
problems when they maintain state information about connections. State information is used to determine if
return connection is allowed. If the return path is routed through a different firewall, it will not have the
correct state information for the connection, and the return will be disallowed.
It is not caused by windowing. This is a technique used to adjust the number of packets that can be
acknowledged at once by a receiving computer in a transmission. In times of congestion, the window or
number of packets that can be acknowledged at a time will be small. Later, when congestion goes down,
the window size can be increased.
The behavior is not caused by the maximum segment size (MSS). This value specifies the largest amount
of data, in octets, that a computer or communications device can receive in a single TCP segment. This will
not cause a packet to take a different path in the return than it did on its way to the destination.
The behavior is not caused by global synchronization. This occurs when congestion on the network causes
all devices to reduce their transmission rates at the same time. The result is the network cycling between
sharp increases and sharp decreases in traffic.
Objective:
Network Principles
Sub-Objective:
Explain TCP operations
References:
Home > Services > Technical services newsletter > Tech insights > Chalk talk > Asymmetric Routing and
Firewalls
QUESTION 19
You are configuring a 6to4 tunnel. You want to translate the IPv4 address 192.168.50.4 to the IPv6 address
for the tunnel.
What would be the correct translation?
A. 2002:c0a8:3204::/16
B. 2002:c0a8:9901::/48
C. 2002:c0a8:3204::/48
D. c0a8:3204:2002::/16
Correct Answer: C
Section: (none)
Explanation
Explanation:
When implementing an automatic 6to4 tunnel, each IPv6 site receives a /48-bit prefix. The hexadecimal
identify each end of the tunnel. In this case, if the edge router's IPv4 address were 192.168.50.4, the
hexadecimal equivalent of the address (c0a8:3204) would be inserted between 0X2002 and the /48 prefix,
resulting in 2002:c0a8:3204::/48 to arrive at the tunnel endpoint address.
The correct address would not be 2002:c0a8:3204::/16. The prefix is 48, not 16.
The correct address would not be 2002:c0a8:9901::/48. The hexadecimal equivalent of the address
192.168.50.4 is c0a8:3204, not c0a8:9901.
The correct address would not be c0a8:3204:2002::/16. It has an incorrect prefix (/16) and the values in the
other sections are out of order.
Objective:
Network Principles
Sub-Objective:
References:
Cisco IPv6 Implementation Guide, Release 15.2M&T > Implementing Tunneling for IPv6 > Implementing
Tunneling for IPv6 > Configuration Examples for Implementing Tunneling for IPv6
QUESTION 20
In the Active Discovery phase of PPPoE, which of the following is NOT verified by the Broadband Network
gateway (BNG) to prevent spoofing?
A. source MAC address

B. arriving access interface
C. PPPoE session ID
D. destination MAC address
Correct Answer: D
Section: (none)
Explanation
Explanation:
The destination MAC address is the address of the BNG, so there is no need for it to be verified. If the
traffic arrived on the BNG interface, it is correct.
PPPoE is composed of two main phases, the Active Discovery Phase and the PPP Session Phase. The
Active Discovery phase consists of the following communications between the PPPoE client and the BNG:
1. The client sends a PPPoE Active Discovery Initiation (PADI) broadcast signal to the remote device
(BNG).
2. The remote device sends back a PPPoE Active Discovery Offer (PADO) that contains the MAC address
of the BNG and destination MAC address of the subscriber (client).
3. The subscriber (client) send a PPPoE Active Discovery Request (PADR) continuing the destination MAC
address of the BNG to which it wishes to establish a session.
4. The BNG responds with a PPPoE Active Discovery Session-Confirmation (PADS) containing the PPPoE
session ID.
Once this process is complete, the session moves on to the PPP Session Phase in which Link Control
Protocol (LCP) parameters such as maximum transmission unit (MTU) are agreed to, authentication is
performed, and Network Control Protocols (NCP) for any Layer 3 protocol that will traverse the link are
started.
Objective:
Layer 2 Technologies
Sub-Objective:
Configure and verify PPP
References:
Cisco Support Community > ASR9000 BNG debugging PPPoE sessions
Cisco > Cisco Security Appliance Command Line Configuration Guide, Version 8.0 > Configuring the
PPPoE Client > PPPoE Client Overview
QUESTION 21
An associate of yours configured a PPPoE connection. You have been alerted by a vulnerability tester that
by using a sniffer, he was able to learn the connection credentials.
What type of authentication must your associate have configured on the connection?
A. PAP
B. 802.1x
C. CHAP
D. IPsec
Correct Answer: A
Section: (none)
Explanation
Explanation:
The method used must have been Password Authentication Protocol (PAP). This method transmits the
credentials in clear text, which makes it a poor choice.
There are only two methods available to authenticate a PPP connection, PAP and Challenge-Handshake
Authentication Protocol (CHAP). CHAP never sends the password across the link. Rather, the
authenticating end of the connection sends random text and other information to the requester. The
requester encrypts this data with its password and sends it back. The authenticating end of the connection
reverses the encryption using the same password and compares the result with what was originally sent. If
it matches, the authenticating end of the connection is assured that the requesting end knows the
password.
The connection could not have used either 802.1x or IPsec, as neither method would transmit the
credentials in clear text.
The connection could not have used CHAP. If it had, the credentials could not have been captured with a
sniffer.
Objective:
Sub-Objective:
References:
Cisco > Authentication, Authorization, and Accounting Configuration Guide, Cisco IOS Release 15M&T >
Configuring Authentication > Non-AAA Authentication Methods > Enabling CHAP or PAP Authentication
Cisco > Authentication, Authorization, and Accounting Configuration Guide, Cisco IOS Release 15M&T
(PDF)
QUESTION 22
Examine the output of the show frame-relay map command:
Which of the following statements is true of the configuration of R1?
A. Neither PVC is up
B. A frame-relay map statement was used to manually map the IP address to the DLCI on both PVCs
C. The DLCIs for both PVCs were learned using inverse ARP
D. Broadcast traffic is not allowed on either PVCs
Correct Answer: C
Section: (none)
Explanation
Explanation:
The output shows that the Data Link Connection identifiers (DLCI) for both PVCs were learned using
inverse ARP. In a Frame Relay topology, Layer 2 addresses are called DLCSI. Each end of a Frame Relay
circuit can learn the DLCI of the other end through manual configuration, using the frame-relay map
command, or it can be learned dynamically, using a process called inverse ARP. When the addresses are
learned using inverse ARP, the output of the show frame-relay map command will indicate that by
designating the circuit as dynamic.
Both PVCs are up, as indicated by the word active in the output for both PVCs.
A frame-relay map statement not was used to manually map the IP addresses to the DLCI on both PVCs.
Were that the case, the output would indicate static in the place where it says dynamic.
Broadcast and multicast traffic are both allowed across both PVCs, as indicated by the word broadcast after
each entry.
Objective:
Sub-Objective:
Explain Frame Relay
References:
Home > Support > Technology Support > Wan > Frame relay > Troubleshoot and alerts > Troubleshooting
TechNotes > Comprehensive Guide to Configuring and Troubleshooting Frame Relay
QUESTION 23
You have a Frame Relay topology that is currently a hub and spoke using a single physical serial interface
on the hub router with the default network type. OSPF is also running on the interface.
You execute the following command:
ip ospf network point-to-point
What would be the effect of executing this command on the serial interface of the hub router?
A. The hello interval for OSPF will change to 30 seconds

B. The dead interval for OSPF will change to 40 seconds
C. There will now be a DR election
D. The hub router must now be configured with a router ID
Correct Answer: B
Section: (none)
Explanation
Explanation:
The dead interval for OSPF will change to 40 seconds. By default, a Frame Relay connection that uses a
physical interface is designated a non-broadcast network for purposes of determining the OSPF hello and
dead intervals. There are four possible network types for Frame Relay, and they use different values for the
OSPF hello and dead intervals. The values are shown below:
When the ip ospf network point-to-point command is executed, it will change the network type from the
default of non-broadcast to point-to-point. This alteration will change the hello and dead intervals to 10 and
40 seconds, respectively.
The hello interval for OSPF will not change to 30 seconds. That is the value for non-broadcast and point-to-
multipoint networks.
There will not be a designated router (DR) election. DRs are not elected on a point-to-point network.
The hub router does not need to be configured with a router ID. In OSPF for IPv4, the router can create its
own by using one of the IP addresses of its interfaces.
Objective:
Sub-Objective:
Explain Frame Relay
References:
Home > Support > Technology support > Initial Configurations for OSPF over Frame Relay Subinterfaces
QUESTION 24
An associate configured a serial connection on Router1 to use PPP with authentication. You execute the
debug ppp negotiation command on the router and receive the following output:
Which of the following statements are true? (Choose all that apply.)
A. the credentials are being sent in clear text

B. the connection failed
C. the peer's name is Router2
D. the authentication failed
Correct Answer: AC
Section: (none)
Explanation
Explanation:
The peer router's name is Router2 and the authentication method is PAP, which transmits the credentials in
clear text. The peer name can be seen in the following line of output:
*Mar 3 00:06:17.536: Se1/1 PAP: Authenticating peer ROUTER2
The authentication protocol used is seen in the following line of output:

*Mar 3 00:06:16.868: Se1/1 LCP: AuthProto PAP (0x0304C023)
The connection process and authentication process are two separate processes and in this case both
succeeded. First the connection completed as indicated by the following line of output:
*Mar 3 00:06:17.260: Se1/1 LCP: State is Open
Then later the authentication succeeded, as indicated by this line at the end of the output:
*Mar 3 00:06:17.584: Se1/1 PPP: Phase is UP
Objective:
Sub-Objective:
References:
Point-to-Point Protocol (PPP) Introduction > Troubleshoot and Alerts > Troubleshooting TechNotes >
Configuring and Troubleshooting PPP Password Authentication Protocol (PAP)
QUESTION 25
Which of the following is NOT true of the PPP Session Phase of PPPoE?
A. PPP options are negotiated

B. BNG sends a PPPoE Active Discovery Offer to the client
C. Authentication is performed
D. Once link setup is complete, data will be transferred across the PPP link within PPPoE headers
Correct Answer: B
Section: (none)
Explanation
Explanation:
The Broadband Network Gateway does not send a PPPoE Active Discovery Offer to the client during the
PPP Session Phase. That action occurs during the Active Discovery Phase.
During the PPP Session Phase, the following steps occur:

PPP options are negotiated.
Authentication is performed.
Network Control Protocols (NCP) for any Layer 3 protocols that will traverse the link are started, and
these Layer 3 packets will be transmitted within PPPoE headers.
Objective:
Sub-Objective:
References:
Cisco Support Community > ASR9000 BNG debugging PPPoE sessions
Cisco > Cisco Security Appliance Command Line Configuration Guide, Version 8.0 > Configuring the
PPPoE Client > PPPoE Client Overview
QUESTION 26
After configuring a PPPoE client on and Ethernet interface, you discover the connection is not working. You
execute the show run command to view the PPPoE configuration, part of which is shown in the following
output:
What command is missing?
A. vpdn-group
B. request dialin
C. protocol pppoe
D. vpdn enable
Correct Answer: D
Section: (none)
Explanation
Explanation:
The command vpdn enable is required to enable virtual private dialup networking. If this command has not
been executed, the other commands will not take effect. While some commands are optional, the following
tasks are required to set up the PPP over Ethernet client feature:
Enable PPPoE in a VPDN Group
Configure a PPPoE Client
Configure the Dialer Interface
The first step includes these three sub-tasks:

1. Enable virtual private dialup networking using the vpdn enable command.
2. Associate a VPDN group with a customer or VPDN profile using the vpdn-group name command.
3. Create a request-dialin VPDN subgroup using the request-dialin command.
4. Enable the VPDN subgroup to establish PPPoE sessions using the protocol pppoe command.
In the output in the scenario, we can see that all tasks were taken care of in the first section except for
enabling virtual private dialup networking. Had hat been done, the first section would correctly appear as:
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
!
The rest of the configuration is correct. The following section configures the PPPoE client and specifies the
dialer interface to use for cloning:
interface ethernet1/1
pppoe-client dial-pool-number 1
pppoe-client dial-pool-number 2
The following sections configure two dialer interfaces. They specify that the IP addresses for the interfaces
are obtained via PPP/IPCP (IP Control Protocol) address negotiation and that the dialing pools to use to
connect to a specific destination subnetwork. Finally, they configure the interfaces to belong to a specific
dialing group.
!
interface dialer 1
ip address negotiated
dialer pool 1
dialer-group 1
!
interface dialer 2
ip address negotiated
dialer pool 2
dialer-group 2
Objective:
Sub-Objective:
References:
Cisco Press > Articles > Cisco Network Technology > General Networking > End-to-End DSL Architectures
PPP over Ethernet Client
QUESTION 27
The exhibit is a frame relay hub-and-spoke topology with router A as the hub.
You want to use the OSPF routing protocol between all three locations. Which interface configuration
commands are required on router A? (Choose three.)
A. ip ospf network broadcast

B. ip ospf network point-to-point
C. ip ospf network point-to-multipoint
D. frame-relay map 10.20.10.21 221
E. frame-relay map 10.20.10.22 222
F. frame-relay map ip 10.20.10.21 221 broadcast
G. frame-relay map ip 10.20.10.22 222 broadcast
Correct Answer: CFG

Section: (none)
Explanation
Explanation:
In OSPF point-to-multipoint mode, the routers will automatically identify each neighbor. The election of a
designated router (DR) and backup designated router (BDR) are not required. This RFC compliant mode of
operation is commonly found in partial mesh topologies, such as hub-and-spoke designs. In the diagram
shown in the scenario, router A is the hub.
The frame relay serial interface has one DLCI to each spoke location. DLCI 221 is used by router A to
communicate with router C and DLCI 222 is used to communicate with router B. On router A's serial
interface, point-to-multipoint mode is enabled with the ip ospf network configuration command. The
following is the syntax of the ip ospf network command:
ip ospf network [{broadcast | nonbroadcast | point-to-multipoint | point-to-multipoint

nonbroadcast}]
The command parameters are as follows:

broadcast - This mode enables the interface to emulate a LAN. This mode requires a full or partial mesh
topology.
nonbroadcast - This RFC 2328 compliant mode is also referred to as NBMA mode. The neighbors must
be statically configured.
point-to-multipoint - This RFC 2328 compliant mode is used in partial mesh topologies, such as hub-
and-spoke. Routers use additional LSAs to discover neighboring routers instead of manually defining
DRs and BDRs. The hub router floods link state updates (LSUs) by duplicating the update to be sent to
each routers using the respective DLCI.
point-to-multipoint nonbroadcast - This is a Cisco extension to the point-to-multipoint mode.
This mode is useful when the frame relay virtual circuits do not support broadcast traffic. Neighbors are
manually defined.
There is no point-to-point parameter for the ip ospf command. Creating a point-to-point configuration differs
in that the point-to-point parameter is executed as a parameter of the command that creates the
subinterface that hosts the point-to-point connection as shown below:
Router(config)# interface serial 0.1 point-to-point
When configuring a serial interface without sub-interfaces, OSPF will check the encapsulation to determine
the network type. HDLC and PPP default to point-to-point while Frame-Relay encapsulation defaults to
nonbroadcast.
The frame-relay map command identifies the mapping between the Layer 3 address (IP address) and the
Layer 2 address (DLCI). The frame relay virtual circuits from the hub router are identified as supporting
broadcast traffic by using the frame-relay map command with the broadcast keyword.
Objective:
Sub-Objective:
Explain Frame Relay
References:
Cisco > Home > Support > Support Technology > Support > IP Routing > Configure > Configuration
Examples and Technotes > Initial Configurations for OSPF over Frame Relay Subinterfaces
Cisco > Cisco IOS Wide-Area Networking Command Reference > frame-relay lapf n201 through fr-atm
connect dlci > frame-relay map
QUESTION 28
You are troubleshooting a PPPoE connection that is supposed to maintain a connection with the ISP, even
if no interesting traffic exists. The configuration of the dialer interface is shown below:
What command should you add to ensure the connection is maintained in the absence of interesting traffic?
A. dialer -group
B. dialer persistent
C. dialer list
D. dialer string
Correct Answer: B
Section: (none)
Explanation
Explanation:
The dialer persistent command is used to specify that the connection stays up even in the absence of
interesting traffic. Interesting traffic is user-defined traffic that triggers a call to the remote end. Were it
present in the configuration, the section would appear as follows:
The dialer-group command is assigns the dialer interface to a dialer group. It is an optional setting, and
does not appear in this configuration.
The dialer-list command is used to specify an access list that defines interesting traffic. It is an optional
setting, and would NOT be a part of a configuration that does not maintain the connection based on
interesting traffic. If you use dialer persistent, then you don't need to use dialer-list. The dialer list defines
interesting traffic, while dialer persist keep the connection up in the absence of interesting traffic.
The dialer string command is used to define the number to call to make the connection. It is present in the
configuration in the scenario, and specifies the number 713 555 0199.
Objective:
Sub-Objective:
References:
Cisco Dial Configuration Guide, Release 15.0S > Part 5: Dial-on-Demand Routing Configuration >
Configuring Peer-to-Peer DDR with Dialer Profiles
Cisco Press > Articles > Cisco Network Technology > General Networking > End-to-End DSL Architectures
QUESTION 29
Which command shows only OSPF routes installed into the routing table?
A. show ip route
B. show ip ospf route
C. show ip route ospf
D. show ip ospf
E. show ip ospf database
Correct Answer: C
Section: (none)
Explanation
Explanation:
The correct answer is show ip route ospf.
The show ip route ospf command shows you all the OSPF learned routes in the routing table. An example
of the command and its output are below with an explanation of some of the terminology.
Router5# show ip route ospf
O IA 10.0.0.0/8 [110/65] via 5.0.0.2, 00:00:20, Serial1/1/0

S 0.0.0.0/0 [110/1] via 5.0.0.2, 00:00:20, Serial1/1/0
O E2 172.16.0.0 [110/25] via 5.0.0.2, 00:00:30, Serial1/1/0
- indicates that the route was learned from OSPF.

IA - indicates that the route is an inter area route, meaning it was learned via summary type 3 link state
advertisements (LSAs).
S - indicates that a static default route has been configured.
E2 - indicates that the route is an external router redistributed from another protocol.
Via - indicates the next hop address to use and the local interface from which to send
[110/65]- indicates the administrative distance with the first value and the cost in the second (AD/cost).
The full legend of the possible route codes is below:
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
The commands below can be used to monitor and verify OSPF operation:
show ip route - displays known routes and from which protocol the routes were discovered, but for all
routing protocols, not just OSPF.
show ip ospf - displays the number of times the SPF algorithm has run and the default Link State
Update (LSU) interval, but not the OSPF routes.
show ip ospf database - displays the router ID, the OSPF process ID, and the contents of the
topological database but not the routing table.
There is no show ip ospf route command.
Objective:
Sub-Objective:
Configure and verify OSPF operations
References:
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > show ip route
QUESTION 30
Which commands will prevent the local router from advertising the 139.10.0.0 network out of the Ethernet
0/0 interface, while allowing all other networks to be advertised?
A. RouterA(config)router rip
RouterA(config-router)# network 10.0.0.0
RouterA(config-router)# distribute-list 10 out e0/0
RouterA(config)# access-list 10 deny 139.10.0.0 0.0.255.255
RouterA(config)# access-list 10 permit any
B. RouterA(config)router rip
RouterA(config-router)# distribute-list 10 in e0/0
C. RouterA(config)# router rip
RouterA(config-router)# access-group 10 out e0/0
D. RouterA(config)# router rip
RouterA(config)# interface e0/0
RouterA(config-if)# access-group 10 out
Correct Answer: A
Section: (none)
Explanation
Explanation:
The following command set will prevent the local router from advertising the 139.10.0.0 network out of the
Ethernet 0/0 interface, while allowing all other networks to be advertised:
RouterA(config)# router rip

RouterA(config-router)# distribute-list 10 out e0/0
The distribute-list command allows you to apply a basic access list to a routing process. Just like applying
an access list to an interface, when you apply it to a routing process, the permit statements determine what
networks may be advertised out the interface. The deny statements determine what networks are not
allowed to be advertised out the interface. Instead of applying the access list to an interface, you use the
distribute-list command in router configuration mode to apply it to the particular routing process. By
specifying an interface and a direction (in or out) in the distribute-list command, you can indicate where the
advertisements will be blocked and in what direction.
Keep in mind that when applied this way, the access list does not affect what data traffic passes through the
interface. It only affects what networks that the routing protocol will advertise. In the scenario here, RIP will
not send advertisements for the 139.10.0.0 network out Ethernet 0/0, but traffic coming from or going to that
network is still allowed through the interface in either direction unless there is an access list applied to the
interface that will block it.
Conversely, if you applied an access-list to the interface that blocked traffic to or from the 139.10.0.0
network, but permitted all other traffic, it would not stop the routing updates about the 139.10.0.0 from
passing through.
Note: The last command in the sequence, RouterA(config)#access-list 10 permit any, is VERY important. If
that line is missing, any route not specified with an allow statement will be denied. For example, if you
wanted to only allow one network to be advertised, you could configure an allow statement for that network
and leave off the permit any parameter. It would block all advertisements with the exception of the one
specified by the allow statement.
The following command set is incorrect because the distribute list is applied inbound, which would prevent
the reception of updates concerning the 139.10.0.0/16 but would not prevent them from being advertised:

RouterA(config-router)# distribute-list 10 in e0/0
The following command set is incorrect because it applies an access list to the interface instead of a
distribute list. The effect would be to block all traffic for that network, but allow routing updates:

RouterA(config-router)# access-group 10 out e0/0
The following command set is incorrect because it also applies an access list instead of a distribute list, this
time incoming instead of outgoing:

RouterA(config)# interface e0/0
RouterA(config-if)# access-group 10 out
Objective:
Sub-Objective:
Configure and verify filtering with any protocol
References:
Cisco > Cisco IOS IP Configuration Guide, Release 12.2 > Configuring IP Routing Protocol-Independent
Features > Filtering Routing Information
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > distribute-list out (IP)
QUESTION 31
Which of the following commands should you use to determine both the feasible successors and the non-
feasible successors to a given destination network?
A. show ip route eigrp

B. show ip eigrp topology
C. show ip eigrp topology all-links
D. show ip eigrp topology zero-successors
Correct Answer: C
Section: (none)
Explanation
Explanation:
The show ip eigrp topology all-links command displays both feasible successors and non-feasible
successors to a given destination network. This command displays the contents of the topology table and
shows all the routes available for a given destination network.
An example of partial output of the command is below:

The 172.20.2.0/24 network has a feasible successor. This can be determined by looking at the values in the
parenthesis next to each route. The second value after the / is the advertised distance from the successor.
This value must be less than the value of the feasible distance for a route to be considered a feasible
successor. There are two routes for 172.20.2.0/24. The first route listed, via 172.17.3.1, is the successor
route. Its cost is 246983122, which matches the feasible distance (FD). The second route, via 172.17.1.1,
has an advertised distance of 2443698 (the second value in the parentheses after the /). Because this value
is less than the FD (2413698), it qualifies as a feasible successor.
The 172.25.1.0/24 network does not have a feasible successor. The second route listed via 172.17.1.1 has
an advertised distance of 2501649, which is greater than the value of the FD, (2416381). Therefore, it is not
a feasible successor.
You should not use the show ip route eigrp command. This command displays only the best metric routes
(successors) to a given destination network. A route has the best metric if it has the least feasible distance,
which refers to the sum of the metric from a given neighbor to a destination network and the metric to reach
that neighbor.
You should not use the show ip eigrp topology command without the all-links parameter. This command
displays only the feasible successors to a given destination network.
You should not use the show ip eigrp topology zero-successors command because this command lists
those routes that do not have a valid successor.
Objective:
Sub-Objective:
Configure and verify policy-based routing
References:
Cisco IOS IP Routing: EIGRP Command Reference > show ip eigrp topology
QUESTION 32
An EIGRP network is configured with default settings for all the routers, shown in the exhibit. Traffic is not
routing correctly.
What commands need to be run, and on which router should it be run?
A. The ip summary-address eigrp 500 172.16.0.0.0 255.255.0.0 command should be run on Router D.
B. The ip summary-address eigrp 500 172.16.3.0.0 255.255.255.0 command should be run on Router C.
C. The no auto-summary command should be run on Routers A, B, C and F
D. The auto-summary command should be run on Router D.
Correct Answer: C
Section: (none)
Explanation
Explanation:
The no auto-summary command should be run on Routers A, B, C and F. When discontinuous networks
exist in the network, as in this one, the auto summarization feature will prevent proper routing. Auto
summarization is enabled by default.
Discontinuous networks are subnets of a classful parent network address not located in the same area of
the network. Because Routers A, B, C and F will all advertise a 10.0.0.0/8 network Router D will not only
think that the 10.0.0.0/8 network is on two different directions it will be unable to discern the individual
subnets connected to each, leading to connectivity issues. Executing the no auto-summary command on
those three routers will allow them to advertise subnets, clearing up the routing confusion created by auto
summarization.
The ip summary-address eigrp 500 172.16.0.0.0 255.255.0.0 command should not be run on Router D.
This will manually configure the same summarization that is already occurring automatically, and will not
solve the issue.
The auto-summary command should not be run on Router D. This function is already being performed
automatically and is the source of the routing problem. It should be disabled instead.
Objective:
Sub-Objective:
Configure and verify manual and autosummarization with any routing protocol
References:
Cisco > Support > Technology Support > IP > IP Routing > Technology Information > Technology
Whitepaper > Enhanced Interior Gateway Routing Protocol > Document ID: 16406 > Summarization
QUESTION 33
You need to resolve a route-selection problem in a redistributed network by increasing the administrative
distance to several networks for a protocol, other than EIGRP or BGP, so that these routes will not be used.
You create access list 5 to identify the relevant networks, and access the routing protocol configuration
prompt.
Which command will set the administrative distance to these networks to 220 for the selected protocol?
A. Router(config-router)# list 5 distance 220

B. Router(config-router)# admin 220 access-list 5
C. Router(config-router)# distance 220 0.0.0.0 255.255.255.255 5
D. Router(config-router)# increase 0.0.0.0 255.255.255.255 admin 220 list 5
Correct Answer: C
Section: (none)
Explanation
Explanation:
The correct command is Router(config-router)# distance 220 0.0.0.0 255.255.255.255 5. This command
instructs the router to change the AD for any networks specified in the access list 5 to 220.
The correct syntax for the distance command is shown below:
distance weight [address mask [ access-list-number | name]
The weight parameter is the administrative distance (AD), which is a number from 10 to 255. Note:
Distances 0 through 9 are reserved for system use.
To change the administrative distance for an entire routing protocol, use the distance command, as shown
below:
Router(config)# router rip

Router(config-router)# distance 125
To change the AD for only selected networks, use an access list with the distance command as shown
below:
Router(config)#access-list 5 permit 10.0.0.0 255.0.0.0

Router(config)#router rip
Router(config-router)# distance 220 0.0.0.0 255.255.255.255 5
The 0.0.0.0 255.255.255.255 portion included with the distance command could hold an address/mask
combination for a single address, but it is more common to use an access list.
Objective:
Sub-Objective:
Describe administrative distance
References:
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > distance (ip)
QUESTION 34
Which of the following commands would reveal the K values configured on an EIGRP router?
A. debug ip eigrp
B. debug eigrp packet
C. show ip eigrp traffic
D. show ip protocols
Correct Answer: D
Section: (none)
Explanation
Explanation:
The show ip protocols command gives information about any dynamic routing protocol, including EIGRP.
With respect to EIGRP, it will show the K values as a part of the output. A sample is shown below:
Routing Protocol is "eigrp 77"

Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1,K2=0,K3=1,K4=0,K5=0
EIGRP maximum, hopcount 100
<output omitted>
The debug ip eigrp command displays real-time information about EIGRP packets that are received and
sent. It does not contain K values. A single line of this command output is shown below:
Router# debug ip eigrp

IP-EIGRP: Processing incoming UPDATE packet
IP-EIGRP: Ext 192.168.5.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 -
256000 104960
<output omitted>
The debug eigrp packet command displays general debug information, but not K values. A sample of this
command output is shown below:
Router# debug eigrp packet

EIGRP: Sending HELLO on Ethernet0/1
AS 109, Flags 0x0, Seq 0, Ack 0
EIGRP: Received UPDATE on Ethernet0/1 from 192.195.78.24,
AS 109, Flags 0x1, Seq 1, Ack 0
<output omitted>
The show ip eigrp traffic command displays packets received, as well as statistics on hello packets,
updates, queries, and acknowledgments, but not K values. Partial output of this command is shown below:
Router# show ip eigrp traffic

IP-EIGRP Traffic Statistics for process 151
Hellos sent/received: 220/205
Updates sent/received: 7/29
Queries sent/received: 2/0
Replies sent/received: 0/2
Acks sent/received: 29/14
Objective:
Sub-Objective:
Describe and optimize EIGRP metrics
References:
Cisco IOS Master Command List, Release 12.4T > sa ipsec through show ip route dhcp > show ip protocols
QUESTION 35
You instructed your associate to configure Router R2 to reject a redistribution of the 20.0.0.0/8 network,
while still receiving routes from other networks connected to Router R1. The diagram below displays the
network in place:
When he is finished, you find that the 20.0.0.0/8 network still being advertised and traffic from the 20.0.0.0/8
network is not reaching Router2. You execute the show running-configuration command and see the
following output:
What is the problem?
A. The access list was applied to the wrong interface.

B. The access list should have been configured as a distribute list.
C. The access list has an incorrect wildcard mask.
D. The access list is applied in the wrong direction.
Correct Answer: B
Section: (none)
Explanation
Explanation:
The access list should have been created as a distribute list to control route redistribution from the other
area. This configuration would prevent the redistribution of the 20.0.0.0/8 network by applying the list as a
distribute list under the Border Gateway Protocol (BGP). The proper commands would be:
Router2(config)# router bgp 94688

Router2(config-router)# distribute-list 101 in
To correct the problem with traffic not arriving from the 20.0.0.0/8 network, you must remove the application
of the list under interface S0 as well. This would be done by executing the following command set:
Router2(config)# interface Serial1

Router2(config-int)# no ip access-group 101 in
The access list was not applied to the wrong interface. It should not have been applied directly to any
interface. When applied directly as an access list to an interface, it will prevent traffic, but not the
redistribution of routes.
The access list does not have an incorrect wildcard mask. To prevent the redistribution of a Class C
network, the correct wildcard mask is 0.0.0.255.
The access list was not applied in the wrong direction. It should be applied incoming, but should be applied
as an incoming distribute list, and it should be applied under the BGP protocol.
Objective:
Sub-Objective:
References:
Cisco IOS Master Command List, Release 12.4T > d > distribute-list in (IP)
Cisco > Home > Support > Technology Support > IP > IP Routing > Design > Design Technotes > Filtering
Routing Updates on Distance Vector IP Routing Protocols
QUESTION 36
Which commands will display the feasible successors, the feasible distance, and the advertised distance for
networks learned by a router?
A. show ip eigrp topology

B. show ip route
C. show bgp neighbors
D. show ip eigrp traffic
E. show ip route eigrp
Correct Answer: A
Section: (none)
Explanation
Explanation:
To view the feasible successors, the feasible distance, and the advertised distance, you would use the
show ip eigrp topology command. A sample output of this command is below.
The table lists all routes to networks and their advertised distance and feasible distance. This information is
used to select the successor and feasible successor for each network. Before a route can be considered as
a feasible successor or backup, the feasible distance of the route must be a larger value than the
advertised distance.
The following information can be extracted from this output:

The route 15.10.0.0/16 has a feasible successor. If you examine the feasible and advertised distances
in the brackets next to the two potential feasible successor routes [feasible distance/advertised
distance], you will see that for the route 15.10.0.0/16 via 10.10.5.1, the feasible distance of the route is
greater (2594586) than the advertised distance (2448152), which qualifies it as a feasible successor.
The route 65.0.0.0/8 does not have a feasible successor. The route 65.0.0.0/8 via 10.20.1.6 has a
feasible distance (2589779) that is less than the advertised distance (2672569), so it does not qualify.
The router at 10.20.0.1 is directly connected to the networks 65.0.0.0/8 and 150.10.0.0/16. This can
be deduced by the fact that the address 10.20.0.1 is the source of the successor routes for those networks.
The route to 200.10.10.0/24 is undergoing recomputation, as evidenced by the line FD is Inaccessible.
It also tells you that Router2 sent a query to 10.1.1.2 and is waiting for a reply, as evidenced by the line
Remaining replies: via 10.1.1.2, r, Serial 0.
The route to the 10.0.0.0/8 network is showing a convergence problem, as evidenced by the code SIA
to the left of its entry. This stands for Stuck In Active. An active state is present when the local router has
queried for a new route to the network. Stuck in Active occurs when no response has been received, and
the local router marks it SIA.
The show ip route and the show ip route eigrp commands simply display the routing table, which does not
display the advertised distance. Below is an example of the show ip route command executed on a router
running EIGRP:
The show ip eigrp traffic command does not show feasible successors, feasible distance or advertised
distance. It displays statistics on hellos, updates, queries, replies and acknowledgments. Sample output is
shown below:
Router# show ip eigrp traffic

IP-EIGRP Traffic Statistics for process 100
Hellos sent/received: 215/212
Updates sent/received: 7/25
Queries sent/received: 2/0
Replies sent/received: 0/2
Acks sent/received: 21/17
The show ip bgp command displays information involving BGP and has nothing to do with EIGRP.
Objective:
Sub-Objective:
References:
QUESTION 37
You can use a variety of commands to verify and troubleshoot the operation of route redistribution on your
network.
Which command should you NOT use on routers that are overloaded?
A. trace
B. debug
C. show ip route
D. show ipx route
Correct Answer: B
Section: (none)
Explanation
Explanation:
The debug command uses a good deal of router CPU time, so you should not initiate this command on an
already overloaded router. It often requires the router to do extensive examination of the packets, requiring
heavy use of resources at times.
You could also possibly overload the router just with the debug command. If the router is overloaded to the
point that it is no longer responding to your EXEC session, you may need to reload the router to stop the
debug output.
These additional steps can help to verify proper route redistribution:

On the router not performing the redistribution, use the show ip route command to see if the
redistributed routes are displayed.
On the router performing the redistribution, use the show ip protocol command to verify the redistribution
configuration, and use the show ip route command that to verify the proper routes are there from each
routing protocol.
The trace command is used to discover the route that packets take to their destination.
The show ip route command displays the routing table.
The show ip protocols command displays information about each routing protocol running on the router.
Objective:
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > Dial and Access > ISDN, CAS > Design > Design
Technotes > Important Information on Debug Commands > Document ID: 10374
Cisco > Cisco IOS Debug Command Reference > Using Debug Commands
QUESTION 38
You manage the company network, as shown in the network diagram below:
You executed the following command on RouterA:
routerA(config)# ip route 0.0.0.0 0.0.0.0 S0/0

routerA(config)# router eigrp 200
routerA(config-router)# redistribute static metric 1000 1 255 1 1500
Which of the following statements are TRUE about the given set of commands? (Choose two.)
A. A static default route is created on RouterA

B. A summary default route is created on RouterA
C. The default route is redistributed into the EIGRP network
D. The default route is not advertised to the EIGRP network
Correct Answer: AC
Section: (none)
Explanation
Explanation:
The given set of commands creates a static default route on RouterA and redistributes this route into the
EIGRP company network. The ip route 0.0.0.0 0.0.0.0 S0/0 command executed in the global configuration
mode creates a static default route on the router. The ip route command allows you to specify a static route.
The redistribute static metric 1000 1 255 1 1500 command then redistributes the static default route into the
EIGRP autonomous system (AS) 200. This implies that the EIGRP network identifies the default route as an
external route, and traffic to all unknown destination subnets will be diverted to the default route.
Alternatively, default routes can be advertised into EIGRP networks by either of the following methods:
Using the network 0.0.0.0 command on the router
Using the ip summary-address eigrp 200 0.0.0.0 0.0.0.0 command on the router
A summary default route is not created on RouterA in the scenario. If the ip summary-address eigrp 200
0.0.0.0 0.0.0.0 command was used on RouterA, then a summary default route would be created. The
summary default route points to the 0.0.0.0 network with the null0 interface as the next-hop interface.
Summary default routes are helpful for providing remote networks with a default route.
The default route is advertised to the EIGRP network because the redistribute command was executed.
This command is used to advertise the default route to the EIGRP network.
Objective:
Sub-Objective:
Configure and verify default routing
References:
Cisco > Support > Technology Support > IP > IP Routing > Design > Design TechNotes > Configuring a
Gateway of Last Resort Using IP Commands
Cisco > Support > Technology Support > IP > IP Routing > Technology Information > Technology White
Paper > Enhanced Interior Gateway Routing Protocol
QUESTION 39
Which show command displays the status of all of a router's Border Gateway Protocol (BGP) connections in
a concise format?
A. show ip bgp
B. show ip bgp summary
C. show ip bgp connections
D. show ip bgp neighbor’s summary
Correct Answer: B
Section: (none)
Explanation
Explanation:
The correct answer is show ip bgp summary.
Although show ip bgp neighbors will show you the status of your connections to neighbors, only show ip bgp
summary shows it to you in a concise, summarized format, with one neighbor listed per line. It displays both
iBGP and eBGP neighbors and the number of prefixes that have been learned from the neighbor. Below is
an example of the output of the show ip bgp summary command:
The following information can be obtained from this output:

The BGP session to 192.168.5.1 is established. A number in the State column indicates that the session
is established. This number indicates the number of prefixes received from the neighbor.
Router6 is attempting to establish a BGP peering session with the 192.168.6.1 neighbor. This is
indicated by the keyword Active in the State column.
Several show commands can be used to verify BGP configuration and operation:
show ip bgp - displays the contents of the BGP routing table
show ip bgp summary - displays the status of BGP connections in a summary format
show ip bgp neighbors - displays information about the TCP and BGP connections to neighbors
Objective:
Sub-Objective:
Describe, configure, and verify BGP peer relationships and authentication
References:
Cisco IOS Master Command List, Release 12.4 > a through b > BGP > Commands: show ip through T >
show ip bgp summary
QUESTION 40
Which of the following does the show ip eigrp topology all-links command display?
A. Only feasible successors

B. Only non-feasible successors
C. Both feasible successors and non-feasible successors
D. Both successors and feasible successors
Correct Answer: C
Section: (none)
Explanation
Explanation:
The show ip eigrp topology all-links command displays both the feasible successors and the non-feasible
successors. Feasible successors refer to backup routes to a particular destination network.
Routers compute the metric/distance of every route they learn from their EIGRP neighbors. There can be
multiple routes to the same destination network. The route with the least metric value to a specific
destination network is selected as the best path, or successor, to that network. However, if the successor
goes down, the router computes the next best loop-free path to the same destination network, which is
called the feasible successor.
Feasible successors must have a reported (or advertised) distance that is less than the feasible distance, or
current best metric. The routes that are neither successors nor feasible successors are called non-feasible
successors. The feasible successors and the non-feasible successors can be viewed by running the show
ip eigrp topology all-links command. Sample output is shown below:
The router at 172.17.3.1 is directly connected to three networks: 172.25.1.0/24, 172.20.2.0/24, and
172.18.2.0/24. The second network, 172.20.2.0/24, is listed as the source of the successor routes to those
networks. The connection to the last network, 172.18.2.0/4, can deduced by the fact that the local router
uses the Serial1 interface to connect to the two networks that the router at 172.17.3.1 is a successor for.
Therefore, that router must be directly connected to the network on the Serial1 interface of the local router.
Objective:
Sub-Objective:
References:
QUESTION 41
Examine the following diagram:
Routing updates are not being received on Router A from Router D. The partial output of the show run
command for Router B and Router C is shown below:
What commands should you run to ensure that routing updates are getting to Router A from Router D?
(Choose all that apply.)
A. routerC(config-router)# area 1 virtual-link 2.2.2.2

B. routerC(config-router)# no area 1 virtual-link 4.4.4.4
routerC(config-router)# area 0 virtual-link 2.2.2.2
C. routerB(config-router)# area 0 virtual-link 3.3.3.3
D. routerB(config-router)# area 1 virtual-link 3.3.3.3
E. routerC(config-router)# no area 1 virtual-link 4.4.4.4
F. routerB(config-router)# area 1 virtual-link 4.4.4.4
G. routerB(config-router)# no area 1 virtual-link 4.4.4.4
Correct Answer: DE
Section: (none)
Explanation
Explanation:
The problem is that the virtual link that provides a connection from area 2 to area 0 is misconfigured on
Router C, and is missing entirely from Router B. The current configuration on Router C uses the router ID
4.4.4.4 in the virtual link statement, but the neighbor that is on the other end of the link (Router B) has an ID
of 2.2.2.2. Therefore, you must remove the incorrect statement with this command:
routerC(config-router)# no area 1 virtual-link 4.4.4.4
Then, you would recreate it correctly with the following command:
The configuration of the virtual link on Router B is missing completely. To add it, you would use the area 1
virtual-link command and configure the neighbor as Router C at 3.3.3.3:
routerB(config-router)# area 1 virtual-link 3.3.3.3
You should not run the following command on Router C:
This would apply a correct statement, but leave in the incorrect statement.
You should not run any of the following sets of commands:
routerC(config-router)# no area 1 virtual-link 4.4.4.4

or
routerB(config-router)# area 0 virtual-link 3.3.3.3
These commands all incorrectly include the area 0 syntax. The area in the command should be the area
being transited to get to area 0, which is area 1.
You should not run the routerB(config-router)# area 1 virtual-link 4.4.4.4 command on Router B. This
command uses an incorrect router ID. The neighbor for Router B should be Router C, 3.3.3.3
You should not run the routerB(config-router)# no area 1 virtual-link 4.4.4.4 command on Router B. There is
no virtual link to remove from Router B.
Objective:
Sub-Objective:
Configure and verify network types, area types, and router types
References:
Home>Support>Technology Support>IP>IP Routing>Configure>Configuration Examples and
Technotes>OSPF virtual link
Cisco > Home > Support > Technology Support > IP > IP Routing > Design > Design Technotes > What Are
OSPF Areas and Virtual Links?
QUESTION 42
Router10 is an area system border router (ASBR). The interfaces on Router 10 are configured as below:
S 0/0 10.0.0.0/8
S0/1 172.16.0.0/8
Fa0/0 192.168.5.0/24
Fa0/1 192.168.6.0/24
You would like Router 10 to advertise the 192.168.5.0/24 and the 192.168.6.0/24 networks over OSPF in its
Type 5 link-state advertisements (LSAs).
What command set would instruct the router to do this?
A. RTA10(config)# router ospf 1

RTA10(config-router)# redistribute static
B. RTA10(config)# router ospf 1
RTA10(config-router)# redistribute connected
C. RTA10(config)# router ospf 1
RTA10(config)# redistribute connected
D. RTA10(config)# router ospf 1
RTA10(config-router)# network 192.168.5.0 0.0.0.0 area 1
Correct Answer: B
Section: (none)
Explanation
Explanation:
By default, Type 5 link-state advertisements (LSAs) do not include directly connected networks. To alter this
behavior, you must execute the redistribute connected command in OSPF configuration mode. This
command instructs the router to include these local interfaces in its advertisements, as follows:
RTA10(config)# router ospf 1

RTA10(config-router)# redistribute connected
You should not execute the command set that includes the redistribute static command. This instructs the
router to advertise any statically defined routes that have been configured, instead of those that are local to
the router.
You should not execute the command set that includes RTA10(config)# redistribute connected. The
redistribute connected command is shown being executed at the wrong command prompt, and will
generate an error message. It must be executed in the OSPF configuration mode and not global
configuration mode.
You should not execute the following command set:
RTA10(config)# router ospf 1

The network commands will cause the networks to receive updates from the router, but do not allow them
to be advertised in Type 5 LSAs.
Objective:
Sub-Objective:
Configure and verify redistribution between any routing protocols or routing sources
References:
Cisco > Home > Support > Technology Support > IP > IP Routing > Design > Design Technotes >
Redistributing Connected Networks into OSPF
QUESTION 43
Refer to the following partial output of the show ip bgp neighbors command:
Which of the following can NOT be determined from the given output? (Choose all that apply.)
A. The ASN of rtrA

B. The ASN of 172.161.81.7
C. The best paths between rtrA and the 172.161.81.7 neighbor
D. The RID of the 172.161.81.7 neighbor
E. The status of the connection between rtrA and 172.161.81.7
Correct Answer: AC
Section: (none)
Explanation
Explanation:
The autonomous system number (ASN) of rtrA and the best paths between rtrA and the 172.161.81.7
neighbor cannot be determined from the given output.
The show ip bgp neighbors command displays the TCP and BGP connections from a given router to its
neighbors. This command is executed in EXEC mode. You can use various optional keywords to view
different aspects of the neighbors. For example, this command can display the details about a given
neighbor, routes advertised to or received from neighbors, and the prefix-list received by neighbors.
In this case, the command is used to show the details about a specific neighbor of rtrA. The IP address
(172.161.81.7) of the neighbor is provided in the command. The text BGP neighbor is 172.161.81.7
indicates the IP address of the neighbor. The text remote AS 151 indicates that the neighbor is in the ASN
151. It can also be determined from the text external link that the neighbor is an eBGP neighbor. For iBGP
neighbors, the text internal link will appear. The router ID (RID) of the neighbor can be determined from the
text remote router ID 10.8.22.4.
The output also provides details about the state of the BGP connection, which is Established in this case.
Furthermore, the duration for which the connection has been established, the duration for which BGP
maintains neighbor relationship in the absence of messages, and the keepalive duration are also displayed.
The state of the connection between the local router (rtrA) and the given neighbor (172.161.81.7) can be
any of the following:
Idle Indicates that the local router does not accept any connection from its neighbor
Idle (admin) Indicates that the connection between the two routers has been shut down administratively
by using the neighbor shutdown command
Connect Indicates that the local router has already sent an connection request to its neighbor
Active Indicates that the local router is listening for connection requests from the neighbor
OpenSent Indicates that the local router has sent an OPEN message to its neighbor
OpenConfirm Indicates that the local router has received a KEEPALIVE or UPDATE message from its
neighbor
Established Indicates that a BGP connection has been successfully created between the local router
and its neighbor
The status of the connection between two BGP neighbors can also be viewed by using the show ip bgp
summary command, as shown below:
In the above output, it can be determined that the command router bgp 210 was executed on rtrA because
the local AS is 210 in the output. It can be determined that the command neighbor 45.1.1.5 shutdown was
issued on rtrA because the state of the neighbor relationship with the router at 45.1.1.5 is listed as IDLE
(ADMIN).
All the other options are incorrect because the respective details are displayed by the show ip bgp
neighbors command.
Objective:
Sub-Objective:
Configure and verify eBGP (IPv4 and IPv6 address families)
References:
Cisco IOS IP Routing: BGP Command Reference > show ip bgp neighbors
Cisco > Cisco IOS IP Routing: BGP Command Reference > show ip bgp summary
QUESTION 44
Examine the exhibit.
You are asked to configure the routers R1, R2, R3, and R4. (Refer to the IP addressing table below.) Which
configuration command series is required to ensure that router R1 will NOT be receiving Type 3, 4, or 5
LSAs?
R1 interface E0 - 172.31.200.1/21
R2 interface E0 - 172.31.200.2/21
R2 interface E1 - 172.31.208.2/21
R3 interface E0 - 172.31.208.3/21
A. R1(config)# router ospf 5

R1(config-router)# area 5 stub
R1(config-router)# network 172.31.200.0 0.0.7.255 area 5
B. R2(config)# router ospf 5
R2(config-router)# area 5 stub no-summary
R1(config)# router ospf 5
R1(config-router)area 5 stub
C. R1(config)# router ospf 10
D. R2(config)# router ospf 10
Correct Answer: B
Section: (none)
Explanation
Explanation:
At the area border router (ABR), router R2, the no-summary keyword is required with the area stub
command to create a totally stubby area. All other routers in area 5 will require the stub command without
the no summary keyword. The following commands are required to configure R2:
R1 will require:

All routers within a stub area must be configured as stub, or adjacencies will not form. Besides the
command to enable OSPF and the command to identify the area, the only other required command
identifies the area as a stub. A totally stubby area does not accept any external network LSAs (Type 5) or
any inter-area summary LSAs (Types 3 and 4) from entering the area.
Use the area stub command with the no-summary keyword to configure a totally stubby area. The diagram
below shows the commands that should be executed on R1 and R2.
The correct syntax for the area stub command is shown below:
Router(config-router)# area area-id stub [no-summary]
Note that the optional no-summary keyword is used only on area border routers (ABRs) to block summary
link advertisements into the stub area. This option creates a totally stubby area. It is very important to
configure the command consistently on all routers within the area. OSPF sends its stub status (on or off) in
its hello packets. If two neighbors have conflicting stub status, they will not form an adjacency, and you end
up with no OSPF communication over that link.
Objective:
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > IP Routing > Design > Design Technotes > What Are
OSPF Areas and Virtual Links? > What Are Areas, Stub Areas, and Not-So-Stubby Areas?
Cisco > Cisco IOS IP Routing: OSPF Command Reference > area stub
QUESTION 45
You instructed your assistant to configure load balancing on a router. The router currently has two routes to
network A. One route has a cost of 15, and the other has a cost of 30.
What command should the assistant execute to instruct the router to treat the two routes as equal without
including any other routes in the load balancing?
A. routerA(config)# variance 2
B. routerA(config-router)# variance 2
C. routerA(config)# variance 3
D. routerA(config-router)# variance 3
Correct Answer: B
Section: (none)
Explanation
Explanation:
The correct command to instruct the router to treat the two routes as equal is variance 2. It must be entered
in EIGRP configuration mode, as evidenced by the routerA(config-router)# prompt. The number that comes
after the command is called the multiplier. A multiplier of two tells the router that any route that is within
twice the metric of the best route will be considered equal to the best route.
The default setting for variance is one, which indicates that the routes must be equal to be considered for
load balancing. An additional requirement of load balancing is that the alternate route's feasible distance
must not be higher than the advertised distance of the route, which could indicate a routing loop.
The assistant should not execute the variance 2 command at the routerA(config)# prompt, which is global
configuration mode. The variance command must be entered in EIGRP configuration mode at the routerA
(config-router)# prompt.
The assistant should not use the variance 3 command in either mode because that would direct the router
that any route within three times the cost of the best route (in this scenario, a cost of 45) would be
considered equal to the cost of the best route. The scenario requires that two routes be load balanced.
Because one route has a cost of 15 and the other has a cost of twice 15 (30), the variance multiplier must
be two.
Objective:
Sub-Objective:
Configure and verify EIGRP load balancing
References:
Cisco > Home > Support > Technology Support > IP > IP Routing > Design > Design Technotes > How
Does Unequal Cost Path Load Balancing (Variance) Work in IGRP and EIGRP?
Cisco > Support > Technology Support > IP > IP Routing > Design > Design Technotes > Route Selection
in Cisco Routers > Document ID: 8651
QUESTION 46
The router labeled "B" has been configured by using the following configuration commands:
RouterB(config)# router eigrp 100

RouterB(config-router)# network 10.0.0.0
RouterB(config-router)# distribute-list 10 in bri 0
RouterB(config)# access-list 10 deny 11.11.0.0 0.0.255.255
RouterB(config)# access-list 10 permit any
Which statement best describes the effects of this configuration?
A. Only network 11.11.0.0 will be advertised to routers A and C.

B. Advertisements received by router A will include router D networks.
C. Advertisements to router C will not include the router D and E networks.
D. Traffic from network 11.11.0.0 hosts will be discarded because of ACL 10.
Correct Answer: B
Section: (none)
Explanation
Explanation:
The router will scan the access list specified by a distribute list. If a match to a permit statement is found,
the route entry is permitted; if a match is found to a deny statement, the route is discarded. In this question,
the permit statement in ACL 10 provides a permit match to all routes advertised from router D except for
network 11.11.0.0.
Distribute lists are used to filter inbound, outbound, or redistributed routing updates. Instead of using the
passive-interface command, distribute lists enable you to selectively control which routes are processed.
If a distribute list is associated with an interface, the routing update is compared to the access list that was
specified in the distribute list. If a match is found to a permit statement, then the packet is forwarded. If a
match is found to a deny statement, the packet is discarded. If no match is found, the implicit deny
statement at the end of the access list will drop the packet. For example, if the access list in the above
example were missing the line access-list 10 permit any, all updates would be denied, not just the one
specified by the deny statement.
If no distribute list is associated with the interface, the routing update packets are processed as normal.
Distribute lists can reference multiple access lists if required to obtain the desired result. For example,
examine the following configuration from a partial output of show run:
router eigrp
distribute-list 2 out ethernet 0
distribute-list 1 out
!
access-list 1 permit 10.0.0.0 0.255.255.255
By using two access lists and two distribute lists, you accomplish the following:
Only routes matching 10.0.0.0/8 will be advertised out interfaces other than E0
Only routes matching 10.0.1.0/24 will be advertised out E0
Network 11.11.0.0 will not be the only network advertised to routers A and C. In this question, the permit
statement in ACL 10 provides a permit match to all routes advertised from router D except for network
11.11.0.0.
The option advertisements to Router C will not include the router D and E networks is incorrect because
although the 11.11.0.0/16 network will be denied, any other networks attached to either Router C or Router
D will be permitted.
Traffic from network 11.11.0.0 hosts will NOT be discarded because of ACL 10. If the access list were
applied to the interface with the access-group command instead of the distribute-list command, this would
be the case, but a distribute list blocks routing updates, not normal traffic.
Objective:
Sub-Objective:
References:
QUESTION 47
Which EIGRP packet type is sent as a multicast when a new route is discovered, and sent as a unicast to
synchronize topology tables when neighbors initialize?
A. ACK
B. Hello
C. Update
D. Replies
E. Queries
Correct Answer: C
Section: (none)
Explanation
Explanation:
EIGRP update packets are sent as a multicast when a new route is discovered, and sent as a unicast to
synchronize topology tables when a neighboring router initializes.
Whenever EIGRP only needs to communicate with a single neighbor, it sends a unicast to that neighbor
instead of the standard multicast. In this case, it unicasts a packet to update a new EIGRP router on the
network with the information that all other routers on that network already know.
Hellos for neighbor discovery and maintenance are always multicasts.
ACKs are hellos without data, and are always unicast.
Queries are always multicast.
Replies to queries are always unicast.

Objective:
Sub-Objective:
Describe EIGRP packet types
References:
Internetworking Technology Handbook > Enhanced Interior Gateway Routing Protocol (EIGRP) > EIGRP
Packet Types
QUESTION 48
Your company has a policy of creating all configurations in text files, checking the files, and then applying
the configurations to the devices. Your assistant has presented you with the following partial configuration
that she plans to execute on a router:
interface S0/0/1
ipv6 address 2001:610:FFFF:1::1/64
ipv6 ospf 100 area 0
ipv6 router ospf 100

router-id 10.1.1.6
The configuration is supposed to accomplish the following:

Enable IPv6 routing
Assign a router ID
Assign an IPv6 address to the interface
Place the interface in OSPF area 0
Which step does this configuration NOT complete?
A. Enable IPv6 routing

B. Assign a router ID
C. Assign an IPv6 address to the interface
D. Place the interface in OSPF area 0
Correct Answer: A
Section: (none)
Explanation
Explanation:
The configuration indicates all steps are complete except for globally enabling IPv6 routing. If that had been
done, the configuration output would have reflected it under the interface as follows:
interface S0/0/1
ipv6 address 2001:610:FFFF:1::1/64
ipv6 enable

router-id 10.1.1.6
Prior to configuring OSPFv3 on an interface, it must be enabled globally. OSPFv3 is an OSPF version
specific to IPv6. The following commands will globally enable OSPF v3. It will then be reflected by the ipv6
enable statement under the interface when viewing the configuration as shown in the fourth line of the
output above.
Router5(config)# ipv6 unicast-routing

Router5(config)# ipv6 ospf 100
Router5(config-rtr)# router-id 10.1.1.6
The problem is not the router ID. The configuration in the scenario does assign a router ID, as indicated by
these lines:
router-id 10.1.1.6
The problem is not the IPv6 address. The configuration does assign an IPv6 address to the interface, as
indicated by these lines:
interface S0/0/1
ipv6 address2001:610:FFFF:1::1/64
OSPF area 0 is not the problem. The configuration does place the interface in OSPF area 0, as indicated by
these lines:
interface S0/0/1
Objective:
Sub-Objective:
Configure and verify OSPF for IPv6
References:
Cisco > Implementing OSPF for IPv6 > How to Implement OSPF for IPv6
QUESTION 49
Which show command displays entries in a router's Border Gateway Protocol (BGP) table?
A. show ip bgp
B. show ip bgp table
C. show ip bgp topology
D. show ip bgp summary
Correct Answer: A
Section: (none)
Explanation
Explanation:
The correct command is show ip bgp.
The BGP table lists all the paths that the BGP router has learned. Each destination network listed might
have multiple possible paths listed. Given that the criteria are met for each destination network, BGP will
choose a path to put in the IP routing table.
The BGP table is in many ways analogous to EIGRP's topology table in that it lists many known paths, not
just the best path. Below is an example partial output of the show ip bgp command:
The following facts can be determined from this output:

All of the routes were redistributed into BGP from an IGP. In the status column (located to the left of the
Network column and to right of the column where some lines have a > symbol) is a column that is either
blank or has an i symbol. In this case, all of the columns are blank. If the status column is blank, then
BGP learned the route from an external peer. If it has an i symbol, an iBGP neighbor advertised this
path to the router. It was learned from an Interior Gateway Protocol (IGP) and was advertised as a result
of executing a network statement on the neighbor under the router bgp context as shown below adding
the 30.0.0.0 network under BGP 100.
R4(config)#router bgp 100

R4(config-router)#network 30.0.0.0
Four routes will be installed in the routing table. These routes have both an * symbol and a > symbol.
l in the status column. The * symbol indicates that the next hop is valid and the > symbol indicates that
this is the best route.
The output is slightly different if you specify the network that you are interested in, as shown below in the
show ip bgp 214.5.98.0 command output:
This output focuses solely on the route to the network 214.5.98.0 and provides the following pieces of
information:
The neighbor that sent this route is at 192.168.1.1
The AS of the network where 214.5.98.0 is located is 5760
The IGP metric to reach the neighbor that sent this route is 886, as shown by the text 192.168.1.1 (metric
886)
The complete metric to 214.5.98.0 is 1652, as shown in the last line by Origin IGP, metric 1652
The commands show ip bgp table and show ip bgp topology are not valid Cisco commands.
The show ip bgp summary command displays the status of BGP connections.
Objective:
Sub-Objective:
Explain BGP attributes and best-path selection
References:
Cisco IOS Master Command List, Release 12.4 > l through q > Cisco IOS IP Routing: BGP Command
Reference > show ip bgp
QUESTION 50
You have enabled RIPng on one of the interfaces of a router with the basic configuration. You have
assigned an address to that interface using the ipv6 address command.
Which of the following statements should appear in the output of the show running-config command
executed on the router? (Choose all that apply.)
A. ipv6 unicast-routing
B. ipv6 enable
C. ipv6 rip enable
D. ipv6 router rip
E. ipv6 unnumbered
F. ipv6 prefix-list
Correct Answer: AC
Section: (none)
Explanation
Explanation:
The ipv6 unicast-routing and ipv6 rip enable statements should appear in the output of the show running-
config command.
The ipv6 unicast-routing command is one of the basic IPv6 commands that needs to be executed on any
router for IPv6 processing. This command is executed in the global configuration mode to allow IPv6 packet
forwarding on the router. When it has been executed the ipv6 unicast-routing statement will appear in the
output of the show run command.
The ipv6 rip enable command allows you to enable RIPng on a router interface. You should execute this
command to create a RIPng routing process. When it has been executed the ipv6 rip enable statement will
appear in the output of the show run command.
The ipv6 router rip command allows you to work with RIPng routing process by entering the router
configuration mode for RIPng. It will only appear if modifications have been made to the RIPng routing
process, which is not mentioned in this case.
The commands to configure a router with RIPng is as follows:
rtrA(config)# ipv6 unicast-routing

rtrA(config)# interface Fa0/1
rtrA(config-if)# ipv6 rip rip process enable
rtrA(config-if)# ipv6 address 2001:1:1:1::1/64
Important note: in the command set above, the command that enables the RIP process on interface Fa0/1
is executed before the command assigning the IPv6 address. The order of execution of those two
commands does not matter. However, if a configuration file is copied and pasted into a router, then the
order in which the statements appear does matter.
For example, if the partial configuration below were pasted into a router, the IPv6 RIP process 56 would not
be enabled on Fa0/0:
ip unicast routing
interface Fa0/0
ipv6 rip 56 enable
ipv6 address 2001:1:1:1::1/64
The system would reject the ipv6 rip 56 enable command because an IPv6 address is not yet present. If the
commands were reversed in the file, the system would accept the ipv6 rip 56 enable command.
In the scenario, the ipv6 enable command does not appear in the show running-config output. This
command enables IPv6 routing on a router interface that has not been assigned an IPv6 address. In this
case, an IPv6 address is explicitly assigned to the router interface by using the ipv6 address command.
Therefore, the ipv6 enable command is not required.
The ipv6 unnumbered interface type command does not appear in the show running-config output. This
command will allow you to enable IPv6 without assigning an IPv6 address to a router interface.
Objective:
Sub-Objective:
Describe RIPng
References:
Cisco IPv6 Implementation Guide, Release 15.2M&T > Implementing RIP for IPv6 > How to Implement RIP
for IPv6 > Enabling the IPv6 RIP Process
Cisco IPv6 Implementation Guide, Release 15.2M&T > Implementing RIP for IPv6 > Configuration
Examples for IPv6 RIP > Examples: IPv6 RIP Configuration
Cisco IOS IPv6 Command Reference > ipv6 ospf dead-interval through ipv6 split-horizon eigrp > ipv6 rip
enable
Cisco IOS IPv6 Command Reference > ipv6 ospf dead-interval through ipv6 split-horizon eigrp > ipv6 router
rip
Cisco > Cisco IOS IPv6 Command Reference > ipv6 prefix-list
Cisco IOS IPv6 Command Reference > ipv6 summary-address through mpls ldp router-id > ipv6
unnumbered
QUESTION 51
Company A recently acquired Company B and the network infrastructures are being merged. Both
organizations used non-overlapping globally unique network addressing but different Interior Gateway
Protocols (IGPs). Initially, multiple WAN links will connect the two organizations. Company A will maintain
its core routing protocol, and Company B's routing protocol will be the edge routing protocol. Two-way
redistribution will be used to ensure full network routing capability.
What additional routing configuration should be performed to prevent routing loops and suboptimal routing?
A. Manually configure static routes.

B. Manually configure default routes.
C. Manually adjust the administrative distances.
D. Manually adjust the local preference attribute.
Correct Answer: C
Section: (none)
Explanation
Explanation:
When routes are being redistributed from the core into the edge and from the edge into the core, the
administrative distance (AD) associated with external routes should be modified. This lessens the possibility
of sub-optimal routing when multiple routing protocols advertise different paths to the same network. The
AD associated with the externally advertised routes should be higher than the internal IGP's AD. To change
the AD for an entire routing protocol, use the distance command. An example and the command syntax are
shown below:
router(config)#router rip
router(config-router)#distance 125
The complete syntax of the distance command is:
distance weight [address mask [ access-list-number | name]
The weight parameter is the AD, which can be a number from 10 to 255. Note that distances 0 through 9
are reserved for system use.
To change only the AD for selected networks, use an access list with the distance command as shown
below:
router(config)# access-list 5 permit 10.0.0.0 255.0.0.0

router(config)# router rip
router(config-router)# distance 220 0.0.0.0 255.255.255.255 5
The 0.0.0.0 255.255.255.255 portion included with the distance command could hold an address/mask
combination for a single address, but it is more common to use an access list.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > distance (ip)
Cisco > Support > Technology Support > IP > IP Routing > Design > Design Technotes > What Is
Administrative Distance? > Document ID: 26634
QUESTION 52
Which of the following commands will enable the DHCP and relay services on a Cisco router?
A. RouterA(config)# service dhcp
B. RouterA(config)# dhcp enable
C. RouterA(config)# enable dhcp
D. RouterA(config-if)# dhcp enable
E. RouterA(config-if)# service dhcp
Correct Answer: A
Section: (none)
Explanation
Explanation:
Using the service dhcp command at global configuration mode will enable the DHCP and relay services on
a Cisco router. By default, these services are already enabled on the router, but they can be disabled using
the no service dhcp command. Before the DHCP service can actually function, a pool of addresses must be
created and any statically defined addresses (such as the router itself) must be excluded. If the router has
two interfaces and needs to issue addresses on both interfaces two pools and two exclusion statements
must be present.
Below is an example of a complete configuration taken from a partial output of the show run command. This
router has two interfaces 10.0.0.1/24 and 192.168.5.1/24, creating the need for two pools and two exclusion
statements. It excludes the address ranges 10.0.0.1-10.0.0.5 from the 10.0.0.0/24 pool and excludes
192.168.5.1-192.168.5.5 from the 192.168.5.0/24 pool, and creates a pool for 10.0.0./24 and
192.168.5.0/24.
The commands RouterA(config)# dhcp enable and RouterA(config)# enable dhcp are incorrect because the
syntax is incorrect.
The command RouterA(config-if)# dhcp enable is incorrect because the syntax is incorrect and because it
is executed in interface configuration mode. Enabling DHCP is done at the global prompt.
The command RouterA(config-if)# service dhcp is incorrect because it is executed in interface configuration
mode. Enabling DHCP is done at the global prompt
Objective:
Sub-Objective:
Identify, configure, and verify IPv4 addressing and subnetting
References:
Cisco > IP Addressing: DHCP Configuration Guide, Release 15M&T > DHCP Overview
Cisco > Cisco IOS IP Addressing Services Command Reference > service dhcp
QUESTION 53
You are configuring a DHCP server to service a group of clients that are located on a different subnet than
the DHCP server itself. What else must you configure to ensure a successful setup?
A. Relay agent
B. Multicast routing
C. Unicast routing
D. Access list
Correct Answer: A
Section: (none)
Explanation
Explanation:
If a DHCP server needs to service clients in a different subnet, you will need to configure a relay agent. The
relay agent service is enable by default but does not function unless you provide the IP address of the
remote DHCP server, which is done by executing the ip helper address command on the interface where
the address needs to be announced.
The fact that the clients are on a different subnet indicates that there is a router between the DHCP server
and the clients. The DHCP discover packet that a client sends out is in the form of a broadcast. Routers do
not forward broadcast traffic from one segment to the other. Without a relay agent, the DHCP server would
never receive the requests.
A relay agent resides on the same segment as the clients. When a client sends out a discover packet, the
relay agent takes the request, converts it to a unicast packet, and forwards the request to the DHCP server
on the other network segment.
The relay agent can also be activated on the router that separates the two network segments. To enable
the relay agent service on a Cisco router where 172.16.10.2 is the IP address of the DHCP server, use the
following command:
Router(config-if)# ip helper-address 172.16.10.2
A relay agent can also be used to assist in the auto configuration of a switch. Auto configuration is a
process whereby:
1. A switch boots up.
2. The switch obtains an IP address, subnet mask, and gateway address (optional).
3. The switch uses the DNS server to locate the TFTP server.
4. The switch connects to the TFTP server, downloads the configuration file, and applies it.
When the switch must broadcast to locate the DHCP, DNS, or TFTP server, IP helper addresses can be
provided for all of these. When the switch broadcasts, a unicast will be sent to all of these addresses.
In following illustration, the FastEthernet0 interface of the router is connected to the subnet containing the
switch and the FastEthernet1 interface of the router is connected to the subnet containing the DHCP, DNS,
and TFTP servers. The addresses involved are:
Switch - 10.2.2.2
Router - F0 10.2.21, F2 20.2.2.2
DHCP - 20.2.2.5
DNS - 20.2.2.6
TFTP - 20.2.2.7
The router that is located between the subnet containing the switch and the subnet containing the DHCP,
DNS, and TFTP servers should be configured as shown below:
Regardless of whether the ip helper-address command has been used to aid in the DHCP configuration of
a switch utilizing auto configuration, or to aid DHCP clients in a different subnet from the DHCP server, the
DHCP relay service will provide relay services for the following UDP protocols by default:
Trivial File Transfer Protocol (TFTP) (port 69)
Domain Naming System (DNS) (port 53)
Time service (port 37)
NetBIOS Name Server (port 137)
NetBIOS Datagram Server (port 138)
Boot Protocol (BOOTP) client and server packets (ports 67 and 68)
TACACS service (port 49)
IEN-116 Name Service (port 42)
This default behavior can be altered with the IP forward-protocol udp command executed in global
configuration mode.
Multicast routing, unicast routing and access lists do not aid in the DHCP communication process.
Objective:
Sub-Objective:
References:
Cisco > IP Addressing: DHCP Configuration Guide > Configuring the Cisco IOS DHCP Relay Agent
QUESTION 54
You have two autonomous systems connected by more than one ASBR.
Which strategy does Cisco recommend in this situation?
A. Use two-way redistribution.

B. Use a default route in both directions.
C. Allow routes to be exchanged in one direction, and use a default route in the other direction.
D. Manually configure routes in all ASBRs, and update the configuration each time there is a change in
either AS.
Correct Answer: C
Section: (none)
Explanation
Explanation:
If there is a single autonomous system border router (ASBR) connecting two autonomous systems (AS),
Cisco generally recommends full two-way route redistribution. But when there are multiple ASBRs, as in this
scenario, two-way route redistribution may result in routing loops. One solution is to use a default route in
one direction and allow routes to be exchanged in the other direction.
Default routes in both directions will almost certainly cause routing loops.
Manual configuration of static routes would work, but the administrative maintenance necessary when there
are changes would be considerable.
Objective:
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > IP Routing > Technology Information > Technology White
Paper > OSPF Design Guide > OSPF Design Tips
QUESTION 55
Which command can you use to verify that interfaces have been configured in the correct areas and to
show timer intervals and neighbor adjacencies for OSPF?
A. show ip ospf
B. show ip route
C. show ip protocol
D. show ip ospf database
E. show ip ospf interface
Correct Answer: E
Section: (none)
Explanation
Explanation:
The correct answer is show ip ospf interface. This command displays all of the important OSPF parameters
that relate to each of the interfaces. Information can be displayed on a per-interface basis if an interface is
specified. If none is specified, all interfaces running OSPF will be displayed.
The following commands can be used to monitor and verify OSPF operation:
show ip ospf - displays the number of times the SPF algorithm has run and the default LSU interval, but
does not show neighbor adjacencies.
show ip route - displays known routes and how they were discovered, but not timers and neighbor
adjacencies.
show ip protocol - displays information about timers, filters, metric, etc. for the entire router, but not
OSPF neighbor adjacencies.
show ip ospf database - displays the router ID, the OSPF process ID, and the contents of the topological
database, but not adjacencies information or timer values.
Objective:
Sub-Objective:
Configure and verify OSPF neighbor relationship and authentication
References:
Cisco > Cisco IOS IP Routing: OSPF Command Reference > show ip ospf interface
QUESTION 56
Refer to the following table:
Path1, Path2, and Path3 are the available routes between routers A and B. The bgp always-compare med
command is executed for all three routes.
What should be the value for the missing ASN (represented by a question mark in the table) so that Path3
becomes the best path between routers A and B based on their MED values?
A. 10
B. 20
C. 30
D. 40
Correct Answer: D
Section: (none)
Explanation
Explanation:
The missing autonomous system number (ASN) in the AS_PATH parameter of Path3 should be 40 so that
Path3 becomes the best path from A to B. BGP selects the best path by first selecting the first valid path
between two routers. If other paths are available between the two routers, BGP compares values of various
attributes to select the best available path. In this case, Path 2 is the current best path between routers A
and B. The values of various parameters (listed in the table) are compared with Path1 and Path2.
While comparing Path1 and Path2, the weight, LOCAL_PREF, local originate source command, length of
AS_PATH, and origin type are same. Therefore, these parameters are not useful in determining the best
path. However, the MED value of Path2 is lower than that of Path1. As a result, Path2 is selected as the
best path because BGP prefers the route with the lesser MED value.
BGP now compares the parameter values of Path 2 (the current best path) and Path3. The weight and
LOCAL_PREF parameters are same for both routes. Path 2 and Path3 are both local routes originated by
using the redistribute and the network commands, respectively. BGP prefers local routes learned by the
network or redistribute commands over those that are learned by the aggregate-address command.
The AS_PATH parameter specifies the list of AS numbers that comprise the route. The best path should
have the shortest value for the AS_PATH parameter. In this case, both Path2 and Path3 consist of three AS
numbers and are originated by an IGP. Therefore, the AS_PATH and the origin type parameters are not
helpful in determining the best path.
Finally, BGP compares the MED values of Path2 and Path3. The MED values are compared only when the
first AS number in the AS_PATH is the same for both routes; that is, when both routes begin in the same
AS. The first ASN in the AS_PATH parameter of Path2 is 40; therefore, the missing ASN for Path3 should
be 40. This allows the comparison of MED values and the selection of Path3 as the best route as it has
lower MED value.
All the other options are incorrect because a value other than 40 disables the comparison of the MED
values between Path2 and Path3. If the MED value is not considered, then BGP determines whether Path3
is an iBGP or eBGP router. BGP selects an iBGP route instead of an eBGP route.
Objective:
Sub-Objective:
References:
Internetworking Technology Handbook > BGP > BGP attributes
QUESTION 57
Refer to the following exhibit that shows four Cisco routers named rtr1, rtr2, rtr3, and rtr4:
The routers rtr2, rtr3, and rtr4 are eBGP peers of rtr1. In addition, rtr3 and rtr4 are also eBGP peers.
You want to implement the following requirements on rtr1:

The first attribute to select the best path is used.
Advertisements about 10.77.22.0/24 sent by rtr4 will be chosen over the advertisements sent by rtr3.
Which of the following commands should be included in the implementation plan for rtr1 to achieve the
desired results? (Each option is a part of the solution. Choose all that apply.)
A. neighbor 135.90.66.1 route-map set_weight out

B. neighbor 135.90.66.6 route-map set_weight in
C. route-map set_weight deny 10
D. match ip-address 1
E. set metric 100
F. set weight 100
Correct Answer: BDF

Section: (none)
Explanation
Explanation:
The following commands should be included in the implementation plan:
neighbor 135.90.66.6 route-map set_weight in

match ip-address 1
set weight 100
The neighbor 135.90.66.6 route-map set_weight in command specifies a route-map named set_weight for
the incoming routing updates from 135.90.66.6 peer. The match ip-address 1 command specifies a criterion
to match the IP address as specified in an access list. When the match criterion is met, the action specified
in the set weight command is performed.
The set weight 100 command sets the weight attribute, which is a Cisco-defined attribute, to 100. The
weight attribute is the first to be checked when BGP selects the best path between eBGP routers. This
attribute is local to the router on which it is set and cannot be advertised to other routers.
The complete set of commands to achieve the desired results is as follows:

router bgp 444
neighbor 135.90.66.3 remote-as 111
neighbor 135.90.66.6 route-map set_weight in
route-map set_weight permit 10
match ip-address 1
set weight 100
The set metric 100 command should not be included in the implementation plan to achieve the desired
results. This command sets the metric to 100; however, the requirement is to use the first attribute to be
checked, which is the weight attribute.
The neighbor 135.90.66.1 route-map set_weight out command should not be included in the
implementation plan. This command forms an eBGP neighbor relationship with rtr3. The command also
uses a route map named set_weight to set the weight attribute for the routes sent by rtr1. However, the
weight attribute is local to rtr1 and cannot be set for outbound routes.
The route-map set_weight deny 10 command should not be specified in the implementation plan to achieve
the desired results. This command creates a route map named set_weight. The deny keyword in this
command indicates that if the match criterion is satisfied, then the set action is not performed. The permit
keyword should be specified instead of the deny keyword to perform the set action when a match occurs.
Objective:
Sub-Objective:
Identify suboptimal routing
References:
Cisco > Support > Technology Support > IP > IP Routing > Design > Design Technotes > BGP Case
Studies > BGP Case Studies 1 > Route Maps
Cisco > Support > Technology Support > IP > IP Routing > Design > Design Technotes > BGP Best Path
Selection Algorithm
Studies > BGP Case Studies 2 > Weight Attribute
QUESTION 58
You have determined that RTR2 is not advertising the CIDR summary address 192.168.0.0 to the other
routers in AS 65100. Which set of configuration commands will enable the BGP router RTR2 to announce
the network prefix 192.168.0.0/16 to the other routers in the AS 65100?
A. router bgp 65100

network 192.168.3.0
B. router bgp 65100
network 192.168.0.0
C. router bgp 65100
network 192.168.0.0 mask 255.255.0.0
ip route 192.0.0.0 255.0.0.0 null 0
D. router bgp 65100
network 192.168.0.0 mask 255.255.0.0
ip route 192.168.0.0 255.255.0.0 null 0
Correct Answer: D
Section: (none)
Explanation
Explanation:
Issuing the following commands will cause RTR2 to advertise the CIDR block 192.168.0.0/16 to the other
routers by using BGP:
RTR2(config)# router bgp 65100

RTR2(config-router)# neighbor 172.16.1.2 remote-as 65101
RTR2(config-router)# network 192.168.0.0 mask 255.255.0.0
RTR2(config-router)# ip route 192.168.0.0 255.255.0.0 null 0
The network command specifies the address that will be inserted into the BGP table. Without the mask
keyword, the classful network will be assumed. Because 255.255.0.0, or /16, is not the natural mask for any
Class C address, the mask keyword must also be specified. Thus, 192.168.0.0 and 255.255.0.0 identify the
desired address and mask of the 192.168.0.0/16 network prefix.
The router checks the IP forwarding table for an exact match before it advertises the route. Without a
matching entry in the IP forwarding table, that route will not be advertised. RTR2 must be able to advertise a
CIDR block and not the individual subnets. A static route is required because BGP requires that a match of
the network prefix be present in the forwarding table when using the network command with the mask
keyword. Therefore, to ensure an exact match for the identified prefix exists in the IP forwarding table, and
to ensure that the prefix will always be advertised, a static route for 192.168.0.0/16 to null 0 is also required.
The syntax for the network command is shown below:
network network-number [ mask network-mask ] [ route-map map-tag ]
The parameters are:

mask - This parameter is optional and identifies the network or subnetwork to advertise.
route-map - This parameter is optional and identifies a preconfigured route-map that will be used to filter
specific addresses from being advertised.
The following command set is missing the mask keyword in the network command and the command to
create a static route to null 0. The address used in the network command is also incorrect. It should
192.168.0.0:
router bgp 65100

network 192.168.3.0
create a static route to null 0:
router bgp 65100
network 192.168.0.0
The following command set uses an incorrect mask (255.0.0.0) in the command that creates the static
route to null 0. It should be 255.255.0.0:
router bgp 65100

network 192.168.0.0 mask 255.255.0.0
ip route 192.0.0.0 255.0.0.0 null 0
Objective:
Sub-Objective:
References:
Internetworking Case Studies > Using the Border Gateway Protocol for Interdomain Routing > Controlling
the Flow of BGP Updates > CIDR and Aggregate Addresses > Aggregation and Static Routes
QUESTION 59
Which method of advertising networks from an autonomous system into BGP can result in the most
instability?
A. Using the network command

B. Redistributing static routes into BGP
C. Redistributing dynamic routes into BGP
D. Redistributing static routes into IBGP
Correct Answer: C
Section: (none)
Explanation
Explanation:
Redistributing dynamic IGP routes into BGP can result in instability, and is not recommended.
Dynamic routes can disappear from the routing table, and even flap up and down constantly if there are link
problems, especially with WAN links. If the networks are redistributed into BGP, their flapping can result in
BGP updates about the route changing status, resulting in instability for BGP.
Most ISPs guard against unstable routes and might threaten to cut off your BGP connectivity if you have
flapping routes that cause BGP instability in their networks.
The network command and redistributed static routes, on the other hand, tend not to change state so often.
As a result, they are considered much more stable from a BGP perspective.
Objective:
Sub-Objective:
References:
Studies > Document ID: 26634 > Redistribution
QUESTION 60
Consider the following output of the show ip bgp summary command:
Which of the following neighbors have an established connection with RouterA?
A. 10.1.1.1
B. 10.2.1.1
C. 10.3.1.1
D. 10.4.1.1
E. 10.5.1.1
Correct Answer: B
Section: (none)
Explanation
Explanation:
The neighbor with the IP address 10.2.1.1 has an established connection with RouterA. This is because the
State/PfxRcd value for this neighbor is a number, 15, which indicates the number of prefixes received by
RouterA from the neighbor. The prefixes are exchanged between BGP neighbors through the update
message, which can be transmitted only if an established connection exists between the neighbors. An
established connection exists between two neighbors if the local router is in Open Confirm state and it
receives a KEEPALIVE or an UPDATE message.
The connection between RouterA and the neighbor with the IP address 10.1.1.1 is not established. This is
because the State/PfxRcd value for this neighbor is OPENSENT. In this state, RouterA sends an OPEN
message to a neighbor to determine the parameters for establishing a connection. The OPENSENT state
occurs before the connection is established.
because the State/PfxRcd value for this neighbor is IDLE. In this state, RouterA does not accept any
incoming connections from the neighbor.
because the State/PfxRcd value for this neighbor is ACTIVE. In this state, RouterA is attempting to
establish a BGP peering session but it is not yet complete.
because the State/PfxRcd value for this neighbor is OPENCONFIRM. In this state, RouterA waits for a
KEEPALIVE or NOTIFICATION message from the neighbor.
Objective:
Sub-Objective:
References:
Cisco IOS IP Routing: BGP Command Reference > show ip bgp summary
QUESTION 61
Router 5 has four interfaces. The networks hosted on each interface are as follows:
Fa0/1 192.168.5.4/29
Fa0/2 192.168.6.0/24
Fa0/3 192.168.7.0/24
S0/0 172.16.5.0/24
You execute the following commands on the router:
After this command sequence is executed, what routes will be present in the routing table of the router at
172.16.5.2? (Choose all that apply.)
A. 192.168.5.4/29
B. 172.16.5.0/24
C. 192.168.6.0/24
D. 192.168.7.0/24
E. none of these will be present
F. only network addresses beginning with 192 will be present
Correct Answer: ABCD

Section: (none)
Explanation
Explanation:
Despite the inclusion of the command aggregate-address 192.168.5.0 255.255.252.0, all subnets of the
aggregate route will also be placed in the routing updates because of the omission of the summary-only
keyword. Therefore, 192.168.5.4/29, 172.16.5.0/16, 192.168.6.0/24 and 192.168.7.0/24 will be present.
Had the following command been executed, the subnet addresses would not appear in the routing table of
the router at 172.16.5.2:
Router5(config-router)# aggregate-address 192.168.5.0 255.255.252.0 summary-only
Therefore, both the aggregate address and all of the 192.168.0.0 subnets will be in the routing table.
The 172.16.5.0/24 network will be in the routing table of the router at 172.160.5.1 because it is directly
connected.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Routing: BGP Command Reference > aggregate-address
QUESTION 62
You manage the EIGRP subnet in your organization. You have enabled EIGRP for IPv6 on all the routers in
the EIGRP AS 355 using the following commands on all the routers:
The ipv6 unicast-routing command in global configuration mode
The interface command in global configuration mode
The ipv6 enable command in interface configuration mode
The ipv6 eigrp command in interface configuration mode
The ipv6 router eigrp command in global configuration mode
The eigrp router-id command in global configuration mode
During verification, you discover that EIGRP for IPv6 is not running on the routers.
Which of the following should be done to fix the issue?
A. The ipv6 address command should be executed in interface configuration mode.

B. The ipv6 address command should be executed in router configuration mode.
C. The eigrp router-id command should be executed in interface configuration mode.
D. The eigrp router-id command should be executed in router configuration mode.
Correct Answer: D
Section: (none)
Explanation
Explanation:
The eigrp router-id command should be executed in router configuration mode to fix the issue. This
command specifies a fixed router IPv4 address to the router. If this command is missing or incorrectly
configured on the router, EIGRP for IPv6 will not run properly.
Another command that you should perform so that EIGRP for IPv6 runs on the routers is the no shutdown
command. You should execute this command in interface configuration mode. The no shutdown command
is necessary because all the interfaces with EIGRP for IPv6 enabled on them are in a shutdown state by
default.
A sample configuration to implement EIGRP for IPv6 on a router is as follows:
rtrA(config)# ipv6 unicast-routing

rtrA(config) # interface Fa0/1
rtrA(config-if) # ipv6 enable
rtrA(config-if) # ipv6 eigrp 355
rtrA(config-if)# no shutdown
rtrA(config-if) # exit
rtrA(config)# ipv6 router eigrp 355
rtrA(config-rtr)# eigrp router-id 1.1.1.1
The two options stating that the ipv6 address command should be executed on the routers are incorrect.
EIGRP for IPv6 can be configured on router interfaces without explicitly specifying a global unicast IPv6
address. If you specify the ipv6 enable command, as in this scenario, then the ipv6 address command is
not required.
The option stating that the eigrp router-id command should be executed in interface configuration mode is
incorrect. This command should be executed in router configuration mode instead of interface or global
configuration modes.
Objective:
Sub-Objective:
Identify IPv6 addressing and subnetting
References:
Cisco IPv6 Implementation Guide, Release 15.2M&T > Implementing EIGRP for IPv6 > How to Implement
EIGRP for IPv6 > Enabling EIGRP for IPv6 on an Interface
QUESTION 63
Which command is the proper command for allowing RIP routing updates to be received on an interface
while not allowing them to be sent out of the same interface?
A. Router(config)# passive-interface e0/0

B. Router(config-if)# passive-interface
C. Router(config-if)# interface passive
D. Router(config-router)# passive-interface e0/0
E. Router(config-router)# interface passive e0/0
Correct Answer: D
Section: (none)
Explanation
Explanation:
The correct answer is as follows:
Router(config-router)# passive-interface e0/0
The effect of the passive-interface command is dependent on the routing protocol running on the interface.
For EIGRP, the router will not only stop sending routing updates, but also hellos, which means that it will not
form a neighbor relationship with another EIGRP router on that interface. This is also the case with OSPF
and IS-IS. With RIP, however, the router will continue to send hellos even as it stops sending routing
updates, and it will still receive routing updates.
The passive-interface command issued at the router configuration mode will prevent routing updates from
being sent out on a specific interface while still allowing the interface to receive updates. This command can
be used in any situation where you want the router to receive routing updates on a particular interface but
not send any updates. This is helpful for security purposes, for preventing routing loops, or to control routing
update traffic.
The other options either use improper syntax or are executed at an incorrect prompt.
Objective:
Sub-Objective:
Configure and verify loop prevention mechanisms
References:
Does the Passive Interface Feature Work in EIGRP?
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > passive-interface
QUESTION 64
Examine the following diagram:
Which of the following actions will make area 1 a totally stubby area? (Choose all that apply. Each correct
answer is part of the solution.)
A. execute the area 1 stub no-summary command on RouterA

B. execute the area 1 stub no-summary command on RouterB
C. execute the area 1 stub command on RouterB
D. execute the area 1 stub command on RouterA
E. execute the area 0 stub-no summary command on RouterA
F. execute the area 0 stub no-summary command on RouterB
G. execute the area 0 stub command on RouterB
H. execute the area 0 stub command on RouterA
Correct Answer: AC
Section: (none)
Explanation
Explanation:
You should execute the area 1 stub no-summary command on RouterA and the area 1 stub command on
RouterB. A totally stubby area is one that only keeps local area routes in the link-state database (LSDB),
plus a default route that leads out of the area. To make an area totally stubby, the area border router (ABR)
should be configured with the area 1 stub no-summary command and all other area routers should be
configured with the area 1 stub command. The diagram in the scenario indicates that RouterA is the border
router.
You should not run any of the commands that refer to area 0. This would affect a different area than the
requirement stated in the scenario.
None of the other combinations of actions will create a totally stubby area.
If you run the area 1 stub command on both RouterA and RouterB, it will create a stub area. A stub area
differs from a totally stubby area in that a stub area will allow updates about areas in the same OSPF
domain.
Objective:
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > IP > IP Routing > Design > Design Technotes > What Are
OSPF Areas and Virtual Links? > Define a Totally Stub Area
QUESTION 65
Router R2 operates in a broadcast, multi-access network. Examine the following output of the show ip ospf
neighbor command.
Based on the output, with which routers can R2 establish a full adjacency?
A. the neighbor at 192.168.5.6

B. the neighbor at 192.168.5.10
C. the neighbor at 192.168.5.116
D. the neighbor at 192.168.5.107
Correct Answer: D
Section: (none)
Explanation
Explanation:
R2 can establish a full adjacency with the neighbor at 192.168.5.107 and the neighbor at 192.168.5.165. In
a broadcast, multi-access network OSPF network, full adjacencies can only be established with a
designated router (DR) or a backup designated router (BDR).
Objective:
Sub-Objective:
References:
Home.Support > Technology Support > IP > IP Routing > Design > Design Technotes > What does the
show ip ospf neighbors command reveal?
Cisco > Cisco IOS IP Routing: OSPF Command Reference > show ip ospf neighbor
QUESTION 66
RouterA and RouterB are both in OSPF area 2, and RouterA is connected directly to the backbone. Their
router IDs are shown below:
RouterA - 165.165.20.15
RouterB - 165.165.10.12
Which commands should be executed on RouterA and RouterB to create a virtual link between the two
routers?
A. RouterA(config-router)# area 2 virtual-link 165.165.10.12

RouterB(config-router)# area 2 virtual-link 165.165.20.15
B. RouterA(config-router)# area 2 virtual-link 165.165.10.12
C. RouterA(config-router)# area 0 virtual-link 165.165.20.15
D. RouterA(config-router)# area 0 virtual-link 165.165.10.12
Correct Answer: A
Section: (none)
Explanation
Explanation:
The area virtual-link command should specify the area to be traversed and the ID of the router to which the
router being configured will connect. Therefore, the correct answer is:
RouterA(config-router)# area 2 virtual-link 165.165.10.12

A virtual link is used to make a virtual connection of an area border router (ABR) to the backbone. It is used
in situations where an area does not physically border the backbone area. The virtual link provides logical
connectivity of the area to the backbone. If the virtual link appears not to be functional, which would
manifest itself in Router A not having all of Router B's networks in its routing table, the state of the link can
be verified on Router A by executing the show ip ospf virtual-link command. An example is shown below.
The state of the link as shown in line 1 of the output should be up.
RouterA# show ip ospf virtual-links
Virtual Link to router 172.16.8.2 is up

Transit area 0.0.0.1, via interface Ethernet0, Cost of using 10
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 0:00:08
Adjacency State FULL
The configuration below is incorrect because area 0 is referenced in the second line. It should reference
area 2, the area being traversed.

The configuration below is incorrect because area 0 is referenced in the first line. It should reference area 2,
the area being traversed.

The configuration below is incorrect because area 0 is referenced in both lines. Both should reference area
2, the area being traversed.

If the virtual link is incorrectly configured the following error will be generated:
*Dec 10 00:31.146: %OSPF-4-ERRRCV: Received invalid packet mismatch area ID,

from backbone area must be virtual link but not found from 165.165.10.5, Serial
0
Objective:
Sub-Objective:
References:
OSPF Areas and Virtual Links?
QUESTION 67
Based on the following partial output of the show ip ospf database command, which router roles(s) is
Router7 performing? (Choose all that apply.)
A. ABR
B. ASBR
C. BR
D. IR
Correct Answer: AC
Section: (none)
Explanation
Explanation:
Router7 is an area border router (ABR) and a backbone router (BR). The output reveals the link state
databases for two areas, area 0 and area 2. Only ABR routers will display multiple databases when you
execute this command.
If Router7 is an ABR, then it is also connected to the backbone and will be a backbone router.
Router 7 is not an autonomous system boundary router (ASBR) because it only displays sections in the
output for Type 1 and Type 2 link-state advertisements (LSAs). ASBRs will also have a section for Type 4
LSAs, which would have its own heading at the end of the output.
Router7 is not an internal router. A router is either an internal router or an ABR and Router 7 is an ABR.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Routing: OSPF Command Reference > show ip ospf database
QUESTION 68
Examine the diagram below:
Based on the diagram and the following partial output from Router R2, which networks will be present in the
routing table of Router R1?
A. 192.168.5.0
B. 10.0.0.0
C. 172.50.0.0
D. 192.168.5.0 and 10.0.0.0
Correct Answer: D
Section: (none)
Explanation
Explanation:
The routes that will be present in Router R1 are 192.168.5.0 and 10.0.0.0. According to the output, only the
route from EIGRP 55 will be redistributed to EIGRP 200. Therefore, the 10.0.0.0 network will be advertised
to Router R1 from Router R2 and the 192.168.5.0 network, which is present in the routing table of Router
R2, will be advertised to Router R1.
The 192.168.5.0 network alone would not be correct. The 10.0.0.0 network will be present as well.
The 172.50.0.0 network will not be present because Router 2 is not configured with a redistribution
statement for that network. The required statement would be redistribute ospf 1.
Objective:
Sub-Objective:
References:
and Technotes > Redistributing Routing Protocols
QUESTION 69
Refer to the following diagram of an OSPF network.
Which of the following routers generate network link advertisements (NLA)? (Choose all that apply.)
A. R3
B. R4
C. R7
D. R8
E. R9
F. R13
Correct Answer: AE
Section: (none)
Explanation
Explanation:
The R3 and the R9 routers in the scenario generate network link advertisements (NLA). An NLA or a Type 2
LSA is generated only by the designated router (DR) of a segment. Type 2 LSAs are generated only for
those networks in which a DR has been selected. A DR is a router that has the highest OSPF priority on a
segment. Until there are two OSPF routers on the segment, no Type 2 LSAs will be generated.
Type 2 LSAs are flooded in the area that contains the network segment with the DR. These advertisements
are used by the DR to represent the routers that are connected to the network. This type of LSA is sent to
those routers that belong to the same network as the DR. Therefore, in this case, Type 2 LSAs are
generated by the R3 and the R9 routers. R3 sends the LSAs to R1, R2, and R4, while R9 sends LSAs to
R8, R10, and R11.
R4, R7, or R8 will not send NLAs or Type 2 LSAs. These three routers are area border routers (ABR) for
different OSPF areas. Like any other OSPF router, these routers generate Type 1 LSAs or router link
advertisements (RLA). The LSAs contain the state of the routers that belong to same area. In this case, R4
generates and floods Type 1 LSAs into Area 0 and Area 10. Similarly, R7 and R8 flood Type 1 LSAs into
Area 0 and Area 20, and Area 0 and Area 30, respectively.
ABRs also generate Type 3 and Type 4 LSAs or summary link advertisements (SLA). These LSAs are
flooded into other areas to and from the backbone area. Type 3 LSAs contain the list of networks that are
exchanged between two areas. In this case, R4 floods Type 3 LSAs into Area 0 and Area 10; R7 floods
these LSAs into Area 0 and Area 20; and R8 floods them into Area 0 and Area 30. Type 4 LSAs list the
routes that point to autonomous system boundary router (ASBR).
R13 will not generate Type 2 LSAs. R13 is an Area System Border Router (ASBR), which generate Type 5
LSAs apart from Type 1 LSAs. Type 5 LSAs, or external link advertisements, list the routes external to the
AS; they are flooded throughout the OSPF domain except for stub areas.
Objective:
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > IP > IP Routing > Technology Information > Technology
Whitepaper > OSPF Design Guide
QUESTION 70
Which of the following IPv6 addresses correctly represent the shortened version of the IP address
2031:0000:0000:130F:0000:0000:876A:130B? (Choose two.)
A. 2031::130F::876A:130B
B. 2031::130F:0:0:876A:130B
C. 2031:0:130F::876A:130B
D. 2031:0:0:130F::876A:130B
Correct Answer: BD
Section: (none)
Explanation
Explanation:
2031:0000:0000:130F:0000:0000:876A:130B can be shortened to either 2031::130F:0:0:876A:130B or
2031:0:0:130F::876A:130B.
IPv6 addresses are written in 16-bit hexadecimal number fields separated by a colon (:). There are a total of
eight 16-bit fields, making each IPv6 address a total of 128 bits. The hexadecimal letters are NOT case
sensitive.
You can shorten an IPv6 address by removing the leading zeros in any address field. You can only remove
zeros that are the first character in an address field. For example, FFC0:02C0: is the same as FFC0:2C0:.
However, FFC0:8020 is not the same as FFC0:802:.
If a 16-bit address field contains all zeros, then it can be represented by a single zero. For example,
FF80:0000: is the same as FF80:0:.
You can use double colons (::) to represent successive address fields of zeros. An address parser can
determine the number of missing fields and then insert the proper number of zeros to complete the
address. For example, FF80:0000:0000:0000:0000:0000:0000:0001 is the same as FF80::1, and
0000:0000:0000:0000:0000:0000:0000:0001 could be written as ::1. However, you can only have one set of
double colons (::) in an address; therefore, FF80:0000:0000:0CB0:0000:0000:0000:0001 cannot be written
as F80::0CB0::1.
Objective:
Sub-Objective:
References:
Cisco > IPv6 Addressing and Basic Connectivity Configuration Guide > IPv6 Addressing and Basic
Connectivity
Cisco > IPv6 Addressing at a Glance (PDF)
QUESTION 71
Examine the following output of the show ip ospf interface command.
What would be the effect of executing the auto-cost reference bandwidth 2000 command on Router43 in
router OSPF mode?
A. the cost of the Serial interface would increase to 20

B. the cost of the FastEthernet interfaces would increase to 2000
C. the cost of the Serial interface would increase to 647
D. the cost of the FastEthernet interfaces would increase to 20
Correct Answer: D
Section: (none)
Explanation
Explanation:
If the auto-cost reference bandwidth 2000 command is executed in router OSPF mode it will result in a cost
to the FastEthernet interfaces of 20. The formula for arriving at the cost is:
reference bandwidth / interface bandwidth = cost
The default reference bandwidth for FastEthernet is 100 Mbps. If the reference bandwidth is set at 2000
Mbps using the auto-cost reference command, and the FastEthernet interface has a bandwidth of 100
Mbps, the resulting cost is 20 (2000 / 100 = 20).
The auto-cost reference bandwidth command is executed in router OSPF mode to affect all interfaces.
Alternatively, the cost of each interface can be set separately with the ip ospf cost command issued in
interface configuration mode. The two commands can also be used in combination: you can set all
interfaces with the auto-cost reference bandwidth command, and then set a single interface to a different
cost with the ip ospf cost command.
The command would not result in the cost of the Serial interface increasing to 20 or to 647. With a
reference bandwidth of 2000 Mbps and interface bandwidth of 1544 kbps (the default bandwidth of a serial
interface), the resulting cost would be 1294.
Objective:
Sub-Objective:
Configure and verify OSPF path preference
References:
White Paper > OSPF Design Guide > OSPF Cost
Cisco > Cisco IOS IP Routing: OSPF Command Reference > show ip ospf interface
Cisco > Cisco IOS IP Routing: OSPF Command Reference > auto-cost
QUESTION 72
You instructed your assistant to configure redistribution of OSPF routes into EIGRP on Router 9. The routes
are not being advertised to EIGRP and you are troubleshooting the problem. The EIGRP process ID is 100
and the OSPF process ID is 20. When you ask your assistant what commands were executed, you are
shown the following:
Router9(config)# router eigrp 100

Router9(config-router)# redistribute ospf 20
What is the problem?
A. no metric was configured

B. the process IDs are incorrect
C. the redistribute command is executed at the interface configuration prompt
D. the redistribute command is executed at the global configuration prompt
Correct Answer: A
Section: (none)
Explanation
Explanation:
The problem is that the metric was not configured. Some routing protocols require that a metric be provided
for the redistributed routing protocol or route redistribution will not occur successfully. RIP and EIGRP both
require that a metric be provided. IS-IS and OSPF do not have this requirement.
When you redistribute traffic into EIGRP without specifying a metric, then the default metric applied is zero,
the route will be treated as unreachable, and the route will not be advertised. The addition of the metric
parameter as shown below would solve this issue:
Router9(config)# router eigrp 100

Router9(config-router)# redistribute ospf 20 metric 10000 100 255 1 1500
In this example, 1000 is the bandwidth, 100 is the delay, 255 is the reliability, 1 is the load, and 1500 is the
MTU.
The process IDs are correct in the original scenario, and the command was executed in the correct context.
Objective:
Sub-Objective:
References:
and Technotes > Redistributing Routing Protocols
QUESTION 73
Which command should be executed on all ABRs in an area to configure it as a totally stubby area?
A. Router(config-router)# area process-id stub [no-summary]

B. Router(config-router)# area area-id [no-summary] stub
C. Router(config-router)# area area-id stub [no-summary]
D. Router(config-ospf)# area router-id [no-summary] stub
Correct Answer: C
Section: (none)
Explanation
Explanation:
The correct syntax for the area stub command to configure a totally stubby area is shown below:
Router(config-router)# area stub [no-summary]
Note that the optional no-summary keyword is used only on area border routers (ABRs) to block summary
link advertisements into the stub area. This option creates a totally stubby area. All internal routers in the
area need only the stub keyword without the no summary keyword.
It is very important to configure the command consistently on all routers within the area. OSPF sends its
stub status (on or off) in its hello packets. If two neighbors have conflicting stub status, for example, if one
indicates that a stub is present and the other indicates that no stub is present, they will not form an
adjacency, and you end up with no OSPF communication over that link.
The other options are either using incorrect syntax or being executed at an incorrect prompt. The area stub
command should be executed at the OSPF router configuration prompt.
Objective:
Sub-Objective:
References:
QUESTION 74
You have configured a BGP network with several routers in the same autonomous system (AS). There are
three possible routes from router A to router B in the network. The following conditions exist:
All three routes have the same weight
All three routes were originated locally through the use of the network command
The bgp default local-preference 50 command is executed for all three routes
All three routes have different lists of AS through which they travel
Which of the following parameters is used to select the best path among the three routes?
A. Weight
B. MED
C. LOCAL_PREF
D. AS_Path
Correct Answer: D
Section: (none)
Explanation
Explanation:
The AS_Path parameter is used to select the best path among the three routes. To select the best path
from router A to router B, BGP analyses various BGP attributes that are set during the configuration of the
network. The key BGP attributes and the order in which they are checked are as follows:
1. Weight - highest weight is selected
2. LOCAL_PREF - highest LOCAL_PREF is selected
3. Locally originated routes - local routes are selected
4. AS_PATH - shortest AS_PATH is selected
5. Origin type - lowest origin type is selected
6. Multi-exit Discriminator (MED) - lowest MED is selected
Because the weight attribute is same for all three routes, BGP checks the value of the LOCAL_PREF
attribute. However, this attribute is also same for the three routes because the bgp default local-preference
50 command was executed for the three routes, which sets the value of the LOCAL_PREF attribute to 50
for those routes.
BGP then checks whether any of the routes were locally originated using either the network or aggregate
commands. As stated in the scenario, all three routes were locally originated with the network command
during BGP configuration. Consequently, BGP analyzes the value of the AS_PATH attribute. This attribute
refers to a list of AS numbers that are traversed by a particular route. The route with the shortest AS_PATH
is selected as the best path.
The weight attribute is not used to select the best path in this case. The weight attribute for all three routes
is the same. If this attribute were different for the three routes, then the route with the highest weight would
be considered the best path.
The MED attribute is not used to select the best path in this case. The MED, or multi-exit discriminator,
specifies the route into an AS that has more than one entry points. A route with the lowest MED is selected
as the best path. However, in this case, the MED attribute is not considered because the AS_PATH
attribute is different for the three routes. If the AS_PATH attribute for the three routes were the same, then
the MED attribute would have been considered.
The LOCAL_PREF attribute is not used to select the best path. The LOCAL_PREF attribute is checked if
the weight attribute for the routes is same. The LOCAL_PREF attribute refers to the local preference, which
specifies the route that has preference to exit the AS for a given destination network. The route with the
highest LOCAL_PREF value is selected as the best path. However, the bgp default local-preference 50
command was executed for all three routes. Hence, this attribute is not considered to select the best path
between the BGP routers A and B.
Objective:
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > IP > IP Routing > Design > Design TechNotes > BGP
Best Path Selection Algorithm
QUESTION 75
Examine the exhibit by pressing the Exhibit(s) button.
You are to configure R1 to belong to area 5. This area does not accept routes from the external AS or
summary routes from any other internal areas. Refer to the IP addressing below.
R1 - int E0 - 192.168.5.1/24
R2 - int E0 - 192.168.5.2/24
R2 - int E1 - 192.168.0.2/24
R3 - int E0 - 192.168.0.3/24
Which configuration commands are required to correctly configure R1?
A. R1(config)# router ospf 10

R1(config-router)# area 5 no-summary stub
B. R1(config)# router ospf 5
C. R1(config)# router ospf 10
D. R1(config)# router ospf 5
Correct Answer: B
Section: (none)
Explanation
Explanation:
All routers within a stub area must be configured as stub, or adjacencies will not form. Besides the
command to enable OSPF and the command to identify the area, the only other required command
identifies the area as a stub. At the area border router (ABR), R2, the no-summary keyword is required. The
following commands are required to configure R1:

A totally stubby area does not accept any external network LSAs (Type 5) or any inter-area summary LSAs
(Types 3 and 4) from entering the area. Use the area stub command with the no-summary keyword on the
ABR only to configure a totally stubby area.
The correct syntax for the area stub command is shown below:
Router(config-router)# area area-id stub [no-summary]
Note that the optional no-summary keyword is used only on ABRs to block summary link advertisements
into the stub area. This option creates a totally stubby area. It is very important to configure the command
consistently on all routers within the area. OSPF sends its stub status (on or off) in its hello packets.
If two neighbors have conflicting stub status, they will not form an adjacency, and you end up with no OSPF
communication over that link.
Objective:
Sub-Objective:
References:
Cisco IOS Master Command List, Release 12.4 > a through b > area stub
QUESTION 76
Which of the following commands will display information about Type 4 LSAs?
A. show ip ospf database external

B. show ip ospf database asbr-summary
C. show ip ospf database summary
D. show ip ospf database router
Correct Answer: B
Section: (none)
Explanation
Explanation:
The command show ip ospf database asbr-summary will display information about Type 4 LSAs. These
LSAs provide next-hop information for areas that are receiving Type 5 or external LSAs. Consider the
following sample output of the show ip ospf database asbr-summary command:
The output shows that the router that sent this LSA is at 172.16.241.75. The router functioning as the ASBR
is at 172.16.245.63. The advertising router, located at 172.16.241.75, is broadcasting that its best metric to
reach the ASBR at 172.16.254.63 is 1.
The command show ip ospf database external will not display information about Type 4 LSAs. It will display
information about Type 5 LSAs, or External Link LSAs, instead of ASBR summary links, which are Type 4
LSAs.
The command show ip ospf database summary will not display information about Type 4 LSAs. It will
display information about summary links, or Type 3 LSAs, that are generated by an ABR, not summary links
generated by an ASBR.
The command show ip ospf database router will not display information about Type 4 LSAs. It will display
information about router links, or Type 1 LSAs, instead of ASBR summary links, which are Type 4 LSAs.
Objective:
Sub-Objective:
Describe OSPF packet types
References:
QUESTION 77
You have a router that is running both OSPF and RIP. You have configured this router to perform mutual
redistribution between the two protocols. The following conditions exist:
The S0/0 interface, which is configured for RIP, is routing for the 172.16.5.0/24 network.
The S0/1 interface, which is configured for OSPF, is routing for the 172.16.6.32/28 network.
Users in the RIP domain are unable to connect to devices in the OSPF domain.
What must be done to allow the OSPF routes to be redistributed into the RIP domain? (Choose two. Each
correct answer is part of the solution.)
A. Create a static route that points to 172.16.6.0/24 with a next hop of null0.
B. Execute the passive-interface command on S0/0.
C. Create a loopback address on the router
D. Redistribute static routes into RIP.
Correct Answer: AD
Section: (none)
Explanation
Explanation:
The OSPF domain has a different mask than the RIP domain, and they are on the same major network.
The OSPF domain's mask is also longer than the RIP domain's mask. Therefore, the RIP domain will not
advertise routes learned from OSPF and redistributed into RIP. To solve this problem, you can create a
static route to the major (classful) network 172.16.6.0/24, which includes all of the subnets in the OSPF
domain, set the destination as null0, and then redistribute static routes into RIP. The following commands
would enable this process:
router1(config)# ip route 172.16.5.0 255.255.255.0 null0

router1(config)# router rip
router1(config-router)# redistribute static
router1(config-router)# default metric 1
You should include the metric as well to ensure redistribution. This will allow the 172.16.5.0/24 network to
be advertised to the RIP domain and, when the frames arrive at the null0 interface, will ensure the routing
table of the router will have routes to the specific subnets of the OSPF domain.
You should not execute the passive-interface command. This would prevent the interface from advertising
either RIP or OSPF routes, and would only allow RIP updates inbound. This would not solve the problem
and will create additional problems when the router is unable to advertise RIP routes to the other routers in
the RIP domain.
You should not create a loopback address on the router. Loopback addresses are logical addresses that
can be created and used as the source of routing updates. Under normal circumstances, if routing updates
are sourced from a physical interface and the interface goes down, the route will be removed from the
routing tables. Since a loopback interface cannot go down, it provides the advantage of keeping a route in
the tables even if the physical interface that services the route goes down. Loopback interfaces are of no
help in solving the redistribution problem.
Objective:
Sub-Objective:
References:
Redistributing Between Classful and Classless Protocols: EIGRP or OSPF into RIP or IGRP
QUESTION 78
You are the network administrator for a large software organization. You designed the LAN in the
organization's main building for connecting the internal LAN to a WAN as shown below:
You have configured EIGRP with the variance parameter set to 3 on all the routers to enable unequal load
balancing from the 172.16.1.0 network to the WAN. The delay configured on each of the routers is shown in
the LAN diagram, and the K values are set as follows:
K1 = 0
K2 = 0
K3 = 1
K4 = 0
K5 = 0
Which of the following paths are entered into the routing tables as a result of the unequal load balancing
configured on the routers? (Choose all that apply.)
A. RA-RB-RD-RH-RK
B. RA-RB-RE-RI-RK
C. RA-RC-RF-RI-RK
D. RA-RC-RG-RJ-RK
Correct Answer: B
Section: (none)
Explanation
Explanation:
The only path is entered in the routing table as a result of the unequal load balancing configured on the
routers:
RA-RB-RE-RI-RK
In EIGRP networks, bandwidth and delay are the default factors for calculating the metric/cost for a given
route. Additional factors such as load and reliability can be considered in the computation of the EIGRP
metric, as given in the following formula:
Metric = [K1 * bandwidth + (K2 * bandwidth) / (256 - load) + K3 * delay] * [K5 / (reliability + K4)]
In this case, only the K3 value has a non-zero value. This implies that only delay is taken into consideration
to calculate the metric of the shortest path from 172.16.1.0 network to the WAN. The path with the lowest
metric, which is delay in this scenario, is the shortest path, and is therefore entered automatically in the
routing table. The total delay and the corresponding metric for the three best paths are given as follows:
In the given table, the path RA-RB-RE-RI-RK has the lowest metric of 14080. This is the shortest path, so it
would be entered in the routing table even if variance were not enabled. In this scenario variance is set to 3,
which enables unequal load balancing among those paths that have a metric less than three times the least
metric for the given route. Three times the least metric in this scenario is 42240 (14080 x 3). This implies
that paths between the 172.16.1.0 network and the WAN having a metric less than 42240 participate in the
load balancing. On metric values alone, those paths would appear in the routing tables. However, to be
eligible to be a feasible successor the reported distance of the path must be less than the feasible distance
(current best path). None of the paths, with the exception of RA-RB-RE-RI-RK meet that requirement.
The path RA-RB-RD-RH-RK is not entered in the routing table as a result of the unequal load balancing.
The scaled EIGRP delay for this path is 43520 (170 x 256), which is more than three times the least metric
available from the 172.16.1.0 network to the WAN (42240). In addition, the reported distance for this path is
more than the feasible distance. Therefore, the path RA-RB-RD-RH-RK is not used for balancing the load
from the 172.16.1.0 network to the WAN and does not appear in the routing tables.
Objective:
Sub-Objective:
References:
Cisco > Support > Technology Support > IP > IP Routing > Design > Design Technotes > How Does
Unequal Cost Path Load Balancing (Variance) Work in IGRP and EIGRP? > Document ID: 13677
Cisco > Support > Technology Support > IP > IP Routing > Design > Design Technotes > How Does Load
Balancing Work? > Document ID: 5212
Whitepaper > Enhanced Interior Gateway Routing Protocol > Document ID: 16406 > Feasible Distance,
Reported Distance, and Feasible Successor
QUESTION 79
OSPF area border routers (ABRs) advertise a default route to stub and totally stubby areas.
Which command is the BEST command to configure a cost of 25 for the default route advertised to area 1?
A. Router(config-router)# area 1 cost 25

B. Router(config-router)# area 1 default 25
C. Router(config-router)# area 1 default-cost 25
D. Router(config-router)# area 1 default-route-cost 25
Correct Answer: C
Section: (none)
Explanation
Explanation:
The correct answer is area 1 default-cost 25. Even though another option (area 1 default 25) is a
configurable abbreviation for the command, the more correct answer explicitly specifies the default-cost
parameter. The correct syntax for the area default-cost command is shown below:
Router(config-router)# area area-id default-cost cost
If you have multiple border routers between two areas, you might prefer one exit-point router over the other
for that area. By configuring one with a lower cost than the other, it will become the preferred exit point. If
that router or its links were to fail, then the routers interior to the area would route through the second-best
exit point. You could also set the default costs to values that are close to achieve better load balancing. The
default default-cost is 1. Please see the network shown in the graphic.
Objective:
Sub-Objective:
References:
Cisco IOS Master Command List, Release 12.4 > a through b > area default-cost
QUESTION 80
You need to manually assign IPv6 addresses to the interfaces on an IPv6-enabled router. While assigning
addresses, you need to ensure that the addresses participate in neighbor discovery and in stateless auto-
configuration process on a physical link.
Which of the following addresses can be assigned to the interfaces?
A. FEC0:0:0:1::1/64
B. FE80::260:3EFF:FE11:6770/10
C. 2001:0410:0:1:0:0:0:1/64
D. 2002:500E:2301:1:20D:BDFF:FE99:F559/64
Correct Answer: B
Section: (none)
Explanation
Explanation:
The FE80::260:3EFF:FE11:6770/10 address can be assigned to an interface of the IPv6-enabled router.
This address is a link-local address as it has the prefix FE80::/10. Link-local addresses can be configured
for an interface either automatically or manually.
Link-local addresses are IPv6 unicast addresses that are configured on the interfaces of an IPv6-enabled
router. With link-local addresses, the nodes can connect to a network (local link) and communicate with
other nodes. In addition, these addresses participate in the neighbor discovery protocol and the stateless
auto-configuration process.
The FEC0:0:0:1::1/64 address should not be used for the interfaces because this address is a site-local
address. Site-local addresses are IPv6 equivalent addresses to IPv4's private address classes. These
addresses are available only within a site or an intranet, which typically is made of several network links.
You should not use the 2001:0410:0:1:0:0:0:1/64 and 2002:500E:2301:1:20D:BDFF:FE99:F559 addresses

for the interfaces. These two addresses are global unicast addresses as they fall in the range from 2000::/3
and to E000::/3. A global address is used on links that connect organizations to the Internet service
providers (ISPs).
Objective:
Sub-Objective:
References:
Cisco > Understanding IPv6 Link Local Address
QUESTION 81
What additional EIGRP configuration is required to ensure that all destination networks are reachable if all
routers are running pre- 15.0 versions of the IOS?
A. The eigrp stub receive only command should be executed on routers A and B.
B. A static route to 10.10.0.0/16 via the interface to router D should be configured at router C.
C. The no auto-summary router configuration command should be executed on router C.
D. The passive interface command should be executed on routers A and B.
E. The no auto-summary command should be executed on routers A and B.
Correct Answer: E
Section: (none)
Explanation
Explanation:
To ensure the full network is reachable, routers A and B must advertise their networks without first
summarizing them to the class B 172.31.0.0/16 address in updates to router C. Otherwise, router C would
incorrectly assume that it has two paths to the 172.31.0.0 classful network: one via router A and the other
via router B. Therefore, routers A and B should be configured with the no auto-summary command so that
they advertise 172.31.16.0/24 and 172.31.17.0/24, respectively. Starting with version 15, EIGRP auto
summarization is disabled by default
Summarization is beneficial in most cases. It reduces the number of routes in the neighboring router tables
and effectively contains EIGRP queries. The problem with discontiguous networks (or subnets) using
EIGRP is that EIGRP will automatically summarize on the classful network boundary. By configuring the
router to disable automatic summarization with the no auto-summary command, the routers will be able to
see all of the individual subnets, not just a summary. The no auto-summary command must be issued from
router configuration mode as shown below:
router(config-router)# no auto-summary
Note that auto summarization is effective only on directly connected routes. For example, in the scenario
exhibit, router C does not need to have auto summarization disabled in order to advertise the subnets to
routers D and E. Since those subnet routes were learned via a route advertisement, they will be advertised
to routers D and E without summarization.
In some situations, it may be necessary to turn off auto summarization globally while still summarizing
specific networks. If you need to manually summarize a set of networks, the following command when
executed in EIGRP configuration mode can summarize those specific networks while auto summarization is
disabled:
ip summary-address [eigrp as-number] [address] [mask]

For example:
router10(config)# int Ethernet0/0
router10(config-if)# ip summary-address eigrp
Objective:
Sub-Objective:
References:
Summarization and Auto-summarization in EIGRP
QUESTION 82
You are configuring EIGRP on a spoke router in a hub-and-spoke topology. In an effort to keep the routing
table small, the hub router has been configured to send only a default route to the remote routers.
What command would you use on the spoke routers to enable them to send only connected and summary
routes to the hub router, and prevent the hub router from sending a query to the spoke router when a route
is lost elsewhere?
A. eigrp stub
B. eigrp stub static
C. eigrp passive
D. eigrp stub receive-only
Correct Answer: A
Section: (none)
Explanation
Explanation:
The eigrp stub command is used to configure a router to send only connected and summary routes to its
neighboring router. For example, examine the following output of the show ip route command that was
executed on a router configured as a stub router:
router10#show ip route
C 172.16.5.0/24 is directly connected, Serial 0
D 192.168.7.0/24 [90/16523564] via 172.16.4.1, 00:21:20, Serial 1
D 172.16.0.0/16 is a summary, 00:21:23, Null 0
C 172.16.4.0/24 is directly connected, Serial 2
The routes that will be advertised are 172.16.5.0/24, 172.16.4.0/24, and the summary route 172.16.0.0/16.
The first two is directly connected routes, and the last is the summary route that is auto configured by the
EIGRP process.
When the stub feature is enabled on a router, the router will announce itself as a stub router. Neighbor
routers will not query a stub router for alternate routes when a route is lost elsewhere in the network. The
EIGRP stub feature works well in hub-and-spoke topologies when the goal is to minimize the amount of
EIGRP bandwidth and processing associated with the spoke router. The eigrp stub command has the
following syntax:
eigrp stub [receive-only | connected | static | summary]
When you do not specify any keywords with the command, connected and summary are used by default.
receive-only: Prevents the router from sending any connected or summary routes.
connected: Instructs the router to send connected routes.
static: Instructs the router to send static routes that were redistributed by using the redistribute static
command.
summary: Instructs the router to send summary routes.
These parameters can be combined to resolve various problems, as seen in the following image:
Router A is not receiving the route to the 172.16.1.0/16 network because Router B, which stands between
Router A and C, is configured with the eigrp stub-receive-only command. This is resulting in hosts from the
corporate office being unable to connect to hosts in the 172.16.0.0/16 network. If there were a legitimate
reason to keep Router B configured with the eigrp stub-receive-only command, the problem could be solved
by executing the following command set on Router A:
routerA(config)# router eigrp 20

routerA(config-router)# ip summary-address eigrp 20 172.16.0.0 255.255.0.0
routerA(config-router)# eigrp stub connected summary
This command set would create a summary address for the 172.16.0.0/16 network and then advertise it to
the corporate office as a result of using the eigrp stub connected summary command. The inclusion of the
connected parameter ensures that the directly connected networks will also be advertised, to ensure that
hosts in the corporate office can reach the 172.16.0.0/16 network.
The eigrp stub static command instructs the router to send static routes that were redistributed by using the
redistribute static command. Examine the EIGRP configuration shown below:
<output omitted>
ip route 10.4.4.0 255.255.255.0 10.4.3.10
Route eigrp 200
No auto-summary
Redistribute static 1000 1 255 1 1500
Network 10.4.1.0 0.0.0.3.
Network 10.4.2.0 0.0.0.255
Eigrp stub static
With this configuration, the router would not advertise any of the networks defined in the network
statements, but would only advertise the static route configured with the line ip route 10.4.4.0 255.255.255.0
10.4.3.10.
Eigrp passive is not a valid Cisco command.
Eigrp stub receive-only will cause the router to not advertise any routes. The router will only receive
updates.
Objective:
Sub-Objective:
Configure and verify EIGRP stubs
References:
Cisco IOS Master Command List, Release 12.4 > e through h > eigrp stub
QUESTION 83
Which conditions will prevent two EIGRP routers from becoming neighbors? (Choose two.)
A. Their K-values do not match.
B. Their hold times do not match.
C. Their AS numbers do not match.
D. Their hello intervals do not match.
Correct Answer: AC
Section: (none)
Explanation
Explanation:
EIGRP routers will not become neighbors if the K-values do not match or if the autonomous system (AS)
numbers do not match. They also will not become neighbors if EIGRP is not enabled for the proper
networks on the local and remote routers. However, routers can become neighbors if their hello intervals
and hold times do not match.
The AS number is designed to control the routers with which a router can communicate. If the AS numbers
do not match, EIGRP will not exchange routes between the two routers by design and definition.
The K-values are flags that state whether a certain metric component, such as Load, is used. They must
match because they regulate how the metric values are calculated. If one router is just using bandwidth and
delay to calculate its metric, and another is using bandwidth, delay, and load; they could make contradictory
routing decisions that would lead to a routing loop. Because of this possibility, EIGRP requires that the K-
values must match before it will allow the routers to exchange routes.
EIGRP does not require that the hello and hold times match. Although this flexibility can be helpful, it can
also lead to unforeseen problems if they are accidentally mismatched. The hello interval is the amount of
time in seconds to wait before sending another hello packet. The hold time is the amount of time in seconds
to wait before declaring a link to be down.
Objective:
Sub-Objective:
Configure and verify EIGRP neighbor relationship and authentication
References:
Introduction to EIGRP > How does EIGRP work?
QUESTION 84
Click the Exhibit(s) button to view an EIGRP network. The partial output of the show running-config
command on the rtrB router is as follows:
Which of the following subnets are blocked through the Fa0/0 interface of rtrB while sending updates to
rtrC? (Choose all that apply.)
A. 172.161.9.0/24
B. 172.161.35.0/18
C. 172.161.64.0/28
D. 172.161.88.0/22
E. 172.161.111.0/25
F. 172.161.247.0/30
Correct Answer: AEF

Section: (none)
Explanation
Explanation:
The 172.161.9.0/24, 172.161.111.0/25 and 172.161.247.0/30 subnets are blocked through the Fa0/0
interface of rtrB while sending updates to rtrC. The following lines in the output create an IP prefix list
named blk_A:
ip prefix-list blk_A deny 172.161.0.0/16 ge 24 le 30

ip prefix-list blk_A permit 0.0.0.0/0 le 32
The blk_A list blocks the subnets that exactly match the first 16 most significant bits as 172.161.0.0. The ge
keyword indicate that the subnet mask for the 172.161.0.0 subnets must be greater than or equal to 24 bits.
Similarly, the le keyword indicates that the mask for the 172.161.0.0 subnets should be less than or equal to
30 bits. Therefore, all subnets of 172.161.0.0 network with masks 24, 25, 26, 27, 28, 29, and 30 are
blocked.
The second line permits all other routes to be passed on. The subnets that match the blk_A prefix list are
172.161.9.0/24, 172.161.111.0/25, 172.161.247.0/30, and 172.161.64.0/28.
The line distribute-list prefix blk_A out indicates that the distribute-list command applies the blk_A prefix list
to all the outgoing interfaces. This implies that if rtrB receives an update about the 172.161.9.0/24,
172.161.111.0/25, 172.161.247.0/30 or 172.161.64.0/28 subnets, they are blocked. In this case, the
172.161.64.0/28 is not blocked through the Fa0/0 interface to rtrC because it is directly connected.
The 172.161.35.0/18 and 172.161.88.0/22 subnets are not blocked through the Fa0/0 interface of rtrB to
rtrC. This is because both these subnets are outside the range of prefix masks 24 through 30; hence, these
two subnets are allowed through the Fa0/0 interface.
Objective:
Sub-Objective:
References:
Technotes > Filtering Routing Updates on Distance Vector IP Routing Protocols
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > distribute-list in
Cisco > Cisco IOS IP Routing: BGP Command Reference > ip prefix-list
QUESTION 85
Refer to the following exhibit.
You executed the following commands on all three routers in OSPF AS 1:

The ipv6 cef command in the global configuration mode
The interface serial command in the global configuration mode
The ipv6 address command in the interface configuration mode
The ipv6 ospf area command in the interface configuration mode
You run the show ipv6 traffic command and observe that IPv6 packets are not being exchanged between
the OSPF routers.
Which of the following commands should be configured on the routers to fix the problem?
A. ipv6 enable
B. ip address
C. ipv6 router ospf
D. ipv6 unicast-routing
Correct Answer: D
Section: (none)
Explanation
Explanation:
The ipv6 unicast-routing command should be used on all of the routers to rectify the problem. The ipv6
unicast-routing command allows the forwarding of IPv6 packets. You should execute the ipv6 unicast-
routing command in the global configuration mode.
A sample configuration to enable OSPF for IPv6 on the S0/1 interface of rtrA is as follows:
The ipv6 enable command is not required if an IPv6 address has been configured on an interface. If it is
executed with no IPv6 addresses configured, the interfaces will use the link local IPv6 addresses that each
interface generates automatically.
The ip address command is not required to fix the problem because this command is used to specify an
IPv4 address to a router interface. The use of this command depends on the type of tunneling mechanism
used. In this case, no tunneling mechanism is being used.
The ipv6 router ospf command does not rectify the problem because this command is used to enter the
router configuration mode for OSPF for IPv6. Using this command is optional and does not affect the
activation of OSPF for IPv6 on the routers.
Objective:
Sub-Objective:
References:
Cisco IPv6 Networks (IPV6) > Configuration Exercise: Configuring an IPv6
Cisco IPv6 Networks (IPV6) > Configuring IPv6 on Cisco IOS Software
Cisco IOS IPv6 Command Reference > ipv6 summary-address eigrp Through mpls ldp router-id > ipv6
unicast-routing
Cisco > Support > Technology Support > IP > IP Version 6 (IPv6) > Configure > Configuration Examples
and Technotes > Sample Configuration for OSPFv3
QUESTION 86
The exhibit contains portions of RouterA's BGP configuration and IP routing table.
Which IP network addresses, that were not learned using BGP, will be present in BGP advertisements from
RouterA?
A. 172.16.0.0/16
B. 172.16.16.0/24
C. 172.16.24.0/20
D. No IGP networks will be advertised because synchronization is disabled.
Correct Answer: A
Section: (none)
Explanation
Explanation:
The auto-summary command can affect which networks, identified by using the network command, will be
advertised. Using the existing BGP configuration, the router will not announce the 172.16.16.0/24 subnet.
Instead, it will announce the classful address 172.16.0.0/16 when the IP routing table maintained by the IGP
contains any subnet of that classful address.
The network command directly affects what network is advertised in BGP. If the network command does
not also include a network mask, and if auto-summary is enabled, the classful address of 172.16.0.0/16 is
advertised any time that the router learns about a 172.16.0.0 subnet via its Interior Gateway Protocol (IGP),
such as OSPF or EIGRP. In the exhibit, the routing table does contain entries of the 172.16.16.0/24 and
172.16.24.0/24 subnets that were learned by using the IGP.
If auto-summary is disabled by using the no auto-summary command, only networks in the routing table
that are exact matches to the network commands are advertised. For example, to have the router
announce only the 172.16.16.0/24 subnet learned via its IGP, you should alter the network command's IP
address and include the subnet mask as follows:
network 172.16.16.0 mask 255.255.255.0
A combination of network statements and route statements can be used to advertise a subset of networks
that exist. Examine the output shown below:
router bgp 68410

network 192.168.24.0 255.255.252.0
ip route 192.168.24.0 255.255.252.0 null 0
The router is configured to advertise a summary route to the network 192.168.24.0 255.255.252.0. Consider
the following networks:
192.168.24.0/24
192.168.25.0/24
192.168.26.0/24
192.168.32.0/24
If this router was connected to those networks, and received a packet destined for 192.168.25.1, it would
successfully route the packet because the summary address (where the summarization is the result of the
mask 255.255.252.0) is designed to include all of the subnets above except for 192.168.32.0/24. Therefore,
all subnets except 192.168.32.0/24 will be advertised by the network and ip route statements with the
summary mask.
Note: Whenever changes are made to a routing policy or to an access list that is used by a routing policy,
the change will not be reflected in the routing tables of the receiving routers until the BGP session has been
cleared with the clear ip bgp command.
The BGP synchronization rule specifies that networks will not be advertised or used via iBGP unless it also
has been learned through an IGP. If synchronization is disabled, iBGP will advertise a network without also
learning it through an IGP.
Objective:
Sub-Objective:
References:
Cisco IOS Master Command List > a through b > BGP Commands: A through B > auto-summary (BGP)
Cisco > Cisco IOS IP Routing: BGP Command Reference > router bgp
Cisco > Cisco IOS IP Routing: BGP Command Reference > network (BGP and multiprotocol BGP)
QUESTION 87
You are configuring BGP speakers RouterA and RouterB to authenticate one another. The following
conditions exist:
RouterA has an IP address of 192.168.5.3
RouterB has an IP address of 192.168.5.2
Both routers reside in AS 6550.
Which of the following commands will result in successful authentication?
A. neighbor 192.168.5.2 password routera executed on RouterA

neighbor 192.168.5.3 password routerb executed on RouterB
B. neighbor 192.168.5.2 password routerb executed on RouterA
neighbor 192.168.5.3 password routera executed on RouterB
C. neighbor 192.168.5.2 password routera executed on RouterA
D. neighbor 192.168.5.2 password routera executed on RouterA
E. neighbor 192.168.5.2 password routerb executed on RouterB
Correct Answer: C
Section: (none)
Explanation
Explanation:
The following command pair should be used to configure successful authentication:
neighbor 192.168.5.2 password routera executed on RouterA

When setting the keys for authentication, the keys must match. The keys do not need to be the names of
either router, and should be a combination of letters numbers and symbols. In this example, both keys are
set to the value routera.
The following two command pairs are incorrect because the keys do not match:

and
neighbor 192.168.5.2 password routerb executed on RouterA

If you executed the debug ip bgp command to perform troubleshooting with either of these configurations in
place, the error message you would see would be as follows:
%TCP-6-BADAUTH: Invalid MD5 digest from 192.168.5.3 (12293) to 192.168.5.2

(179)
In the error message, the numbers in parentheses are the port numbers used for the attempted
communication.
The single commands would be incorrect because the key has only been configured on one end:
and
If you executed the debug ip bgp command to troubleshoot with either of these configurations in place, you
would see the following message:
%TCP-6-BADAUTH: No MD5 digest from 192.168.5.3 (12293) to 192.168.5.2 (179)
Objective:
Sub-Objective:
References:
Cisco IOS Master Command List, Release 12.4 > l through q > Cisco IOS IP Routing: BGP Command
Reference > neighbor password
QUESTION 88
If you executed the show ip ospf database command, which keyword would you add to the command to
produce the following output?
A. router
B. summary
C. network
D. external
Correct Answer: B
Section: (none)
Explanation
Explanation:
The output was produced with the summary keyword. When the show ip ospf database command is
executed, any of several keywords can be used to specify the type of link-state advertisements (LSAs) to
display. The output LS Type: Summary Links(Network) indicates that these are summary links. Summary
LSAs are generated by an area border router (ABR) and will be displayed when you execute the summary
keyword. These are Type 3 LSAs.
The router keyword was not used. If this keyword had been used, the LS Type line would have included
Router Links instead of Summary Links. Router LSAs are Type 1 LSAs.
The network keyword was not used. If this keyword had been used the LS Type line would have included
Network Links instead of Summary Links. Network LSAs are Type 2 LSAs.
The external keyword was not used. If this keyword had been used the LS Type line would have included
AS External Links instead of Summary Links. External LSAs are Type 5 LSAs.
Objective:
Sub-Objective:
Describe OSPF packet types
References:
QUESTION 89
With respect to modifying an OSPF router ID to a loopback address, which of the following statements are
true?
A. OSPF is not as reliable if a loopback interface is configured.

B. Using a loopback address avoids wasting an additional IP address.
C. A loopback interface is not always active, and it can go "down" like a real interface.
D. The loopback address does not automatically appear in the routing table of neighboring OSPF routers,
so it cannot be pinged from other routers unless you include it with a network statement on the router
local to the loopback interface.
Correct Answer: D
Section: (none)
Explanation
Explanation:
A loopback address does not automatically appear in neighboring routers' routing tables, so it cannot be
pinged for network troubleshooting.
A work-around for this problem is to add a network statement under OSPF that advertises the loopback
address network so that other routers will know how to reach your loopback.
A loopback address is an IP address assigned to a loopback interface, which is a logical interface on a

router that behaves like a physical interface. Their advantage is that, unlike physical interfaces, logical
interfaces do not go down.
For example:
Router(config)# interface loopback 0
Router(config-if)# ip address 172.17.1.1 255.255.255.0
In the example, a loopback IP address is used by OSPF to provide its router ID. This type of address is
preferred because it is assumed to be more stable than a router ID tied to a physical interface. The
traditional problem with a router ID tied to a physical interface is that if the physical interface were to go
down, the router would have to change its router ID to some other value. That would cause the OSPF
neighbor relationships to reset and change values in the link-state advertisements (LSAs), causing a
disruption to the OSPF area.
With this consideration in mind, OSPF is more reliable when using a loopback interface than using a
physical interface.
Using a loopback address does not avoid wasting an additional IP address. The address must still be
unique.
A loopback interface is always active, and it cannot go "down" as a physical interface can.
Objective:
Sub-Objective:
References:
Cisco > IP Routing: OSPF Configuration Guide > Configuring OSPF > Forcing the Router ID Choice with a
Loopback Interface
QUESTION 90
Which of the following commands need to be configured on a RIPng router prior to enabling this routing
protocol?
A. ipv6 rip enable

B. ipv6 multicast-routing
C. ipv6 unicast-routing
D. ipv6 router rip
Correct Answer: C
Section: (none)
Explanation
Explanation:
The ipv6 unicast-routing command should be used before enabling RIPng on a router. This command
should be executed in global configuration mode of the router. IPv6 can then be enabled by using the ipv6
enable command on any of the interfaces of the router. The ipv6 unicast-routing command allows you to
forward IPv6 unicast datagrams.
Routing Information Protocol Next Generation (RIPng) allows routers to learn about routes in an
autonomous system. RIPng is an extension of the RIPv2 protocol to provide support IPv6 for future
adherence.
The similarities between RIPv2 and RIPng are as follows:

Both protocols use User Datagram Protocol (UDP).
Both use distance vector algorithm to find the best route.
Both of them measure the metric in terms of hops.
Both have the same maximum hop count of 15 for valid routes.
The differences between RIPv2 and RIPng are as follows:

RIPv2 learns IPv4 routes, whereas RIPng learns IPv6 routes
RIPv2 supports automatic summarization as IPv4 defines classful addresses, whereas RIPng does not
support automatic summarization
RIPv2 uses UDP port 520, whereas RIPng supports port 521
RIPv2 requires authentication for RIP packets, whereas RIPng does not require RIP-specific
authentication as IPv6 has an in-built IPsec authentication
The ipv6 rip enable command should not be used because this command allows you to enable IPv6 RIP
routing process on the interfaces of a router.
You should not use the ipv6 multicast-routing command prior to enabling IPv6 on the router. This command
is used after IPv6 is enabled on one or more interfaces of the router to allow multicast forwarding using
Protocol Independent Multicast (PIM) and Multicast Listener Discovery (MLD) on all the IPv6-enabled
interfaces.
The ipv6 router rip command should not be used prior to enabling IPv6 because it allows you to enter the
RIP for IPv6 router mode.
Objective:
Sub-Objective:
Describe RIPng
References:
Cisco > Configuring IPv6 Routing
Cisco > Cisco IOS IPv6 Command Reference > ipv6 unicast-routing
QUESTION 91
Which statements in regards to route filtering are true? (Choose two.)
A. Network security is the primary role of route filtering.

B. If no route filter exists for an interface, the packet is processed normally.
C. Route filtering on an interface cannot filter routes that originate from the same router.
D. The distribute-list command enables the administrator to filter redistributed routes.
E. The network keyword of the passive-interface command enables you identify the routes to advertise.
Correct Answer: BD
Section: (none)
Explanation
Explanation:
Distribute lists are used to filter inbound, outbound, or redistributed routing updates. Instead of using the
passive-interface command, distribute lists enable you to selectively control which routes are processed.
If no distribute list is associated with the interface, the routing update packets are processed normally.
If a distribute list is associated with an interface, the routing update is compared to the access list that was
specified in the distribute list. If a match is found to a permit statement, then the packet is forwarded. If a
match is found to a deny statement, the packet is discarded. If no match is found, the implicit deny
statement at the end of the access list will drop the packet.
Network security is not the primary role of route filtering. Its primary function is to reduce unnecessary
routing update traffic.
Route filtering on an interface can filter routes that originate from the same router.
The network keyword of the passive-interface command does not enable you identify the routes to
advertise.
Objective:
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > IP Routing > Design > Design Technotes > Filtering
Cisco > Cisco IOS IP Configuration Guide: Configuring IP Routing Protocol-Independent Features >
Filtering Routing Information
QUESTION 92
By default, how often are EIGRP hello packets sent on a LAN?
A. 5 seconds
B. 10 seconds
C. 30 seconds
D. 60 seconds
Correct Answer: A
Section: (none)
Explanation
Explanation:
The EIGRP default hello time over a LAN or high-speed dedicated WAN link is five seconds.
On multipoint circuits with less than T1 bandwidth, EIGRP hello packets are sent every 60 seconds.
EIGRP sets the default hello interval to five seconds to ensure that it can quickly sense if connectivity to a
neighboring router has been cut. If a router does not hear from a neighboring EIGRP router in 15 seconds,
it will declare that neighbor as no longer reachable.
The five-second hello interval is shorter than the default values for OSPF hellos (10 seconds), RIP updates
(30), or IGRP updates (90). As a result, EIGRP senses network faults faster by default than do other
protocols.
Objective:
Sub-Objective:
References:
Internetworking Technology Handbook > Enhanced Interior Gateway Routing Protocol (EIGRP) >
Underlying Processes and Technologies
QUESTION 93
Which of the following commands allows a Cisco router to obtain an IP address from a DHCP server?
A. Router(config-if)# ip address dhcp

B. Router(config)# ip address dhcp
C. Router(dhcp-config)# ip address dhcp
D. Router(config)# address dhcp
E. Router(dhcp-config)# address dhcp
Correct Answer: A
Section: (none)
Explanation
Explanation:
The ip address dhcp command when issued from interface configuration mode will allow a router to obtain
an IP address for that interface from a DHCP server.
In this scenario, the router is acting as a DHCP client, not a server, so the command would not be issued
from dhcp-config mode. In addition, the IP address is being assigned to an interface on the router, not the
router as a whole so the command would not be entered at global config mode.
The most common situation in which a router interface might be set as a DHCP client is to enable one
DHCP router to obtain configuration options from another router providing this service.
Consider an example where RouterA is connected to RouterB. RouterA contains a complete DHCP
configuration including the options (DNS server, domain name). RouterB is connected to RouterA through
its FastEthernet0 interface. The following configuration would allow RouterB to issue a different set of
addresses than RouterA while importing the options from Router A. The configuration of RouterB is below
as shown in the partial output of the show run command:
Note that for this configuration to function properly, the FastEthernet0 interface on RouterB must be set as a
DHCP client.
The command router(config)# ip address dhcp is incorrect because it is executed at the global configuration
prompt. The command must be executed in interface configuration mode.
The command router(dhcp-config)# ip address dhcp is incorrect because it is executed at the DHCP
configuration prompt. The command must be executed in interface configuration mode.
The command router(config)# address dhcp is incorrect because it is missing the ip part of the command.
The command router(dhcp-config)# address dhcp is incorrect because it is missing the ip part of the
command and it is executed at the DHCP configuration prompt. It must be executed in interface
configuration mode.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Addressing Services Command Reference > ip address dhcp
QUESTION 94
Which statements about BGP policy-based routing are true? (Choose two.)
A. BGP policy-based routing is performed on a router's inbound interface.

B. A BGP administrator can use policy-based routing to alter the final destination of the packet.
C. BGP policy-based routing will select the next-hop of the packet based on its source address.
D. BGP policy-based routing can be used to alter the path selection for a packet in a downstream AS.
Correct Answer: AC
Section: (none)
Explanation
Explanation:
BGP policy-based routing is performed on a router's inbound interface. BGP policy-based routing will select
the next-hop of the packet based on its source address. It does this through the use of route maps.
Below is a partial output of the show run command executed on a router that has a BGP configuration that
uses a route map to alter the local preference of a route (172.16.0.0/16) to 90 if it is advertised from the
BGP neighbor at 10.5.5.1:
The above output indicates that the local preference for the route to 172.16.0.0/16 is 90 ONLY if it comes
from 10.5.5.1, but not if the same route is advertised from 10.5.5.35.
Route maps can be used to influence a part of the routing table without affecting the rest of the table.
Consider an example where a router had two routes to every network in the table, and it prefers Neighbor A
as the next hop for all routes. If you desired to change the next hop for one of the routes to Neighbor B
without affecting the others, you could use route maps to take two different approaches, altering different
attributes, which would arrive at the same result. The approaches would be:
Apply a route map to Neighbor B incoming that would set the local preference to 200 (default is 100) for
the route. Local preference values determine the path used to exit the AS. A higher value is preferred.
Apply a route map to Neighbor A such that it advertises the route with a MED of 200. Med values
determine the preferred path into the AS. A lower value is preferred. The default is 0.
Either of these approaches would result in the next hop for the network hanging to Neighbor B without
affecting the others,
Policy-based routing does not alter the destination address of the packet. It can only alter the path to that
final destination.
The BGP routing policy in one AS cannot determine the BGP routing policy in another AS.
Objective:
Sub-Objective:
Identify suboptimal routing
References:
Cisco > Home > Support > Technology Support > IP Routing > Design > Design Technotes > Route-Maps
for IP Routing Protocol Redistribution Configuration
QUESTION 95
Which command shows a list of neighboring routers, their priorities, and their current state?
A. show ip ospf
B. show ip protocol
C. show ip ospf database
D. show ip ospf neighbor [detail]
Correct Answer: D
Section: (none)
Explanation
Explanation:
The show ip ospf neighbor [detail] command will display the OSPF information that is known about OSPF
neighbors and the OSPF operating state with them.
The commands below can be used to monitor and verify OSPF operation:
show ip ospf - shows the number of times the SPF algorithm has run and the default LSU interval.
show ip protocol - displays information about timers, filters, metric, etc. for the entire router.
show ip ospf database - shows the router ID, the OSPF process ID, and the contents of the topological
database.
These commands do not show details about OSPF neighbors.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Routing Protocols Command Reference > IP Routing Protocol-Independent
Commands: S through T > show ip ospf neighbor
QUESTION 96
Consider the partial output of the show ip route eigrp command:
Which of the following destination subnets have equally load-balanced routes? (Choose all that apply.)
A. 172.161.4.47/30
B. 172.161.11.0/27
C. 15.200.16.0/24
D. 15.11.78.0/24
E. 0.0.0.0/0
Correct Answer: BCE

Section: (none)
Explanation
Explanation:
The 172.161.11.0/27 and 15.200.16.0/24 networks have equally load-balanced routes. A default route,
0.0.0.0/0, has been configured for load balancing as well. These three subnets are each load balanced on
multiple routes. The output entry for the 172.161.11.0/27 subnet is as follows:
D 172.161.11.0/27 [90/1723695] via 10.10.19.45, 00:56:17, S0/1

[90/1723695] via 10.10.19.40, 00:50:58, S0/1
This subnet can be reached by rtrA through two routes: 10.10.19.45 and 10.10.19.40 next-hop addresses.
Both these routes have the same metric (1723695), and so are equally load balanced.
In the output, the 15.200.16.0/24 subnet has three equal-metric routes: 10.10.78.23, 10.10.19.40, and
10.10.70.41. These three routes are equally used to balance the load from rtrA to the 15.200.16.0/24
subnet.
The default route 0.0.0.0/0 is load balanced through two interfaces, as shown in the output:
D*EX 0.0.0.0/0 [170/2645987] via 10.10.70.41, 00:05:12, Ethernet0/0

[170/2645987] via 10.10.70.23, 00:05:12, Ethernet0/0
This load balancing of the default route could be tested by using traceroute to any IP address not
represented in the routing table and verifying the path taken.
Subnets 172.161.4.47/30 and 15.11.78.0/24 are not participating in load balancing. In the given output,
there is a single route (line) for both of these subnets. The rtrA router uses the route through the next-hop
10.10.78.23 to reach the 172.161.4.47/30 destination subnet. Similarly, rtrA uses the next-hop 10.10.70.41
to transmit packets to the 15.11.78.0/24 subnet.
Objective:
Sub-Objective:
References:
Cisco IOS IP Routing: Protocol-Independent Command Reference > show ip route
Whitepaper > Enhanced Interior Gateway Routing Protocol > Document ID: 16406 > Load Balancing
QUESTION 97
Which command can you use to display the topological database maintained by an OSPF router?
A. show ip ospf topology

B. show ip ospf database
C. show ip ospf [process-id]
D. show ip ospf border-routers
Correct Answer: B
Section: (none)
Explanation
Explanation:
The correct answer is show ip ospf database. Partial output is shown below:
Issuing the show ip ospf database command will show you a summary of the database; however, to obtain
details you must use a keyword with the command, such as router, network, summary, or external.
The following commands are available to verify OSPF configurations:

show ip route - displays known routes and from which protocol the routes were discovered for all routing
protocols.
show ip ospf - displays the number of times the SPF algorithm has run and the default Link State
Update (LSU) interval.
show ip ospf database - displays the router ID, the OSPF process ID, and the contents of the topological
database.
There is no show ip ospf topology command.
The show ip ospf [process-id] command can be used to view the number of times the SPF algorithm has
been executed, but not to view the database.
The show ip ospf border-routers command display the ABRs and the routes to them, but not the contents of
the database.
Objective:
Sub-Objective:
References:
Cisco IOS Master Command List, Release 12.4T > sa ipsec through show ip route dhcp > show ip ospf
database
QUESTION 98
Which command can be used to view the number of times the SPF algorithm has been executed?
A. show ip ospf
B. show ip ospf interface
D. show ip ospf neighbor
Correct Answer: A
Section: (none)
Explanation
Explanation:
The show ip ospf command can be used to view the number of times the SPF algorithm has been
executed, as shown in the last line of the following output:
The show ip ospf interface command can be used to view neighbor adjacencies. A partial output of the
command is shown below. It will not show the number of times the SPF algorithm has been executed.
The show ip ospf neighbor command can also be used to view neighbor adjacencies, although its output is
slightly different from the show ip ospf interface command. A partial output of the show ip ospf neighbor
command is shown below. It also does not show the number of times the SPF algorithm was executed.
The show ip ospf database command does not show the number of times the SPF algorithm has executed.
It shows the contents of OSPF database. Partial output is shown below:
You can make the command output more specific by using parameters with the show ip ospf database
command. For example, to view only Type 5 LSAs in the database, you would execute the show ip ospf
database external command. Since all Type 5 LSAs are from external networks, this keyword will trim the
output to only those types of LSAs. When Type 5 (or external) routes are placed in the database, the next
hop address will be 0.0.0.0, which makes it appear as if it is a default route. What this really means is that
any traffic that needs to go to that external network will be sent to the router that originated the
advertisement (the ASBR).
Objective:
Sub-Objective:
References:
Cisco IOS IP Routing: OSPF Command Reference > OSPF Commands: show ip ospf through T > show ip
ospf
QUESTION 99
Which commands will display the other routers with which the local router has established an adjacency
with, including hold time and uptime parameters?
A. show ip eigrp neighbors

B. show ip route
C. show adjacencies
D. show eigrp neighbors
Correct Answer: A
Section: (none)
Explanation
Explanation:
The show ip eigrp neighbors command will display the neighboring EIGRP routers with which the local
router has established an adjacency. It will also display hold time and uptime statistics. In this case, the
uptime statistic refers to how long the adjacency has been established. A sample output of the show ip
eigrp neighbors command is below.
Router2# show ip eigrp neigh

IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.20.0.1 Se1 11 22:37:26 28 200 0 2
0 10.10.0.1 Se0 13 22:38:09 19 200 0 4
The show ip route command simply displays the routing table and does not provide neighbor information.
The other commands are not valid IOS commands.
Objective:
Sub-Objective:
References:
Cisco IOS IP Routing: EIGRP Command Reference > show ip eigrp neighbors
QUESTION 100
Which of the following statements is TRUE about the communication occurring between rtrA and rtrB in the
given exhibit?
A. The only loopback interface used in the communication is the loopback 0 interface of rtrA.
B. The only loopback interface used in the communication is the loopback 1 interface of rtrB.
C. Both loopback 0 and loopback 1 interfaces are used for the communication between rtrA and rtrB.
D. Neither loopback 0 nor loopback 1 interface is used for the communication between rtrA and rtrB.
Correct Answer: A
Section: (none)
Explanation
Explanation:
The only loopback interface used in the communication is the loopback 0 interface of rtrA. The configuration
on the rtrA router indicates that BGP is enabled on rtrA in the autonomous system number (ASN) 450. The
neighbor 131.78.45.2 remote-as 450 command establishes a connection with the rtrB interface having the
131.78.45.2 address. The Gi0/1 interface of rtrB has the address 131.78.45.2, which is directly connected to
the Gi0/0 interface (132.78.45.1) of rtrA. The next line, neighbor 131.78.45.2 update-source loopback 0,
specifies that the 131.78.45.2 interface (Gi0/1) of rtrB communicates with the loopback 0 interface on rtrA.
In the configuration of rtrB, the neighbor 10.144.1.1 remote-as 450 command establishes a neighboring
relationship with the interface having the address10.144.1.1. The loopback 0 interface of rtrA has the
address 10.144.1.1. The loopback 1 interface on rtrB is assigned an IP address but not used in establishing
BGP connections between rtrA and rtrB
Loopback 1 interface of rtrB only would only be used in the communication between rtrA and rtrB if you
configured rtrA and rtrB as follows:
rtrA(config)#router bgp 450
rtrA(config-router)# neighbor 131.78.1.1 remote-as 450
rtrB(config)#router bgp 450

rtrB(config-router)# neighbor 131.78.45.1 remote-as 450
rtrB(config-router)# neighbor 131.78.45.1 update-source loopback 1
Both loopback 0 and loopback 1 interfaces are NOT used for communication between rtrA and rtrB. Only
the loopback 0 interface of rtrA is used. Both of the loopback interfaces would be used in the
communication between rtrA and rtrB only if you changed the configuration of rtrA and rtrB, as given below:
rtrA(config)# router bgp 450

rtrA(config-router)# neighbor 131.78.1.1 update-source loopback 0
rtrB(config)#router bgp 450

rtrB(config-router)# neighbor 10.144.1.1 update-source loopback 1
Because the loopback 0 interface of rtrA is used in communication, is incorrect to state that neither
loopback 0 nor loopback 1 interface is used. To ensure that neither of the loopback interfaces are be used
for communication, you would configure rtrA and rtrB as follows:

rtrB(config)# router bgp 450

Objective:
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > IP > IP Routing > Design > Design Technotes > BGP
Case Studies > eBGP Multihop
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > neighbor update-source
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > neighbor remote-as
QUESTION 101
Which command can you use to specify that network 208.15.208.0 belongs to OSPF area 0?
A. router(config)# network 208.15.208.0 area 0

B. router(config-if)# ip ospf area 0
C. router(config)# network 208.15.208.0 255.255.255.0 area 0
D. router(config-router)# network 208.15.208.0 0.0.0.255 area 0
Correct Answer: D
Section: (none)
Explanation
Explanation:
You identify the area to which a network belongs with the network area command issued from router
configuration mode:
router(config-router)# network address wildcard-mask area area-id
To enter router configuration mode, enter the command router ospf process ID in global configuration
mode. For this command to be accepted and acted upon by the router, at least one interface on the router
must have an IP address assigned and be up.
The command router(config)# network 208.15.208.0 area 0 is incorrect because it is executed in global
configuration mode, as evidenced by the prompt router(config)#.
The command router(config-if)# ip ospf area 0 is incorrect. This command would be used to configure the
router for OSPF and its area. It would also enter configuration mode for that particular process of OSPF so
the user can enter additional commands that affect that process. However, this command is missing the
process ID.
The command router(config)# network 208.15.208.0 255.255.255.0 area 0 is incorrect because it is

executed in the wrong mode. It is entered in global configuration mode instead of OSPF configuration
mode. It also has an incorrect mask. You must use a wildcard mask instead of a regular mask in the
network statements for OSPF. In this case, the mask should be 0.0.0.255 instead of 255.255.255.0.
Objective:
Sub-Objective:
References:
Cisco : OSPF Commands > network area
QUESTION 102
Consider the partial output of the show ip bgp command:
Which of the following statements are TRUE about the given output? (Choose all that apply.)
A. The 10.62.7.0 route is learned by the router through an iBGP neighbor.

B. All five routes have been originated by an IGP.
C. The router is aware of the best path for the 61.80.3.0 destination.
D. There are four AS between the router and the 192.177.1.0 subnet.
Correct Answer: AB
Section: (none)
Explanation
Explanation:
The following statements are TRUE about the given output:
The 10.62.7.0 route is learned by the router through an iBGP neighbor.
All five routes have been originated by an IGP.
The show ip bgp command displays information about the BGP routing table, including origin type, metric,
next-hop addresses for every route learned by BGP, router ID, local preference, and BGP path. In the
output, the character i in the first entry of the 10.62.7.0 destination indicates that the route was learned by
an iBGP neighbor. The * symbol at the beginning of the routes indicate that they are valid routes, while the >
symbol indicate that the route is the current best route.
The i at the end of the entries under the Path column indicates that the routes have been originated by an
interior gateway protocol (IGP). In the scenario output, all five routes have an i at the end of their respective
entries. If the character e appears as the origin code, the routes are considered to have originated from an
exterior gateway protocol (EGP). The origin code can also be the ? character, which implies that the origin
of the route is unknown.
The output also displays the next-hop addresses for the routes. The 200.7.34.0 subnet is a local route, and
hence has its next-hop address as 0.0.0.0.
The show ip bgp command also displays the local router's ID (RID), local preference, weight, and next-hop
addresses for every route learned by BGP. In this case, the RID of RouterA is 200.17.34.15 and the local
preference, weight, and next-hop address for the 10.62.7.0 network are 100, 0, and 10.62.7.78,
respectively. The metric and the next-hop address for the BGP routes can also be viewed by using the
show ip route bgp command, as follows:
RouterA# show ip route bgp

B 10.62.7.0 [200/0] via 10.62.7.78, 01:34:16
B 200.17.56.0 [200/0] via 10.62.7.78, 01:34:16
B 192.177.1.0 [20/100] via 10.62.7.115, 01:34:16
The BGP table version can also be displayed by using the show ip bgp neighbors and the show ip bgp
summary commands. The show ip bgp neighbors command also displays the address, ASN, and RID of
neighbors of the local router, as shown below:
RouterA# show ip bgp neighbors

BGP neighbor is 192.177.1.6, remote AS 200, external link
BGP version 17, remote router ID 200.17.34.15
BGP state = Established, table version = 16, up for 01:45:03
<output omitted>
The show ip bgp summary command displays the RID and the BGP table version, as shown in the following
output:
RouterA# show ip bgp summary

BGP router identifier 200.17.34.15, local AS number 100
BGP table version is 17, main routing table version 18
<output omitted>
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.62.7.90 17 200 56 55 18 0 0 01:42:13 27
10.62.7.145 17 300 34 33 18 0 0 00:31:20 0
The router is not aware of the best path for the 61.80.3.0 route. The character h appears at the beginning of
the entry for the 61.80.30 destination. This means that the route is in the history state currently and that the
best route is not known.
There are not four AS between the router and the 192.177.1.0 subnet. In the output, the Path column for the
192.1771.1.0 subnet lists four AS numbers. The four AS numbers refer to the ASNs traversed by the route
from RouterA to the 192.177.1.0 subnet. The first AS refers to the first neighbor of RouterA; the second AS
refers to the neighbor of the first neighbor; and so on. The last AS in the column is the AS of the
192.177.1.0. This implies that there are three AS (1, 2, and 3) that exist between RouterA and the subnet.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Routing: BGP Command Reference > show ip bgp
Cisco > Cisco IOS IP Routing: BGP Command Reference > show ip route bgp
Cisco > Cisco IOS IP Routing: BGP Command Reference > show ip bgp summary
QUESTION 103
Which of the following statements is NOT true about BGP peers?
A. eBGP peers use TCP to communicate

B. eBGP peers use port 179 by default
C. eBGP peers do not update the AS_Path attribute before sending updates to another eBGP peer
D. iBGP peers do not update the AS_Path attribute before sending updates to an iBGP peer
Correct Answer: C
Section: (none)
Explanation
Explanation:
External BGP (eBGP) peers do update the AS_Path attribute before sending updates to another eBGP
peer. This helps to maintain the path back to the source of the update.
eBGP peers use TCP to communicate, and they do so on port 179 by default.
Internal BGP (BGP) peers are routers that reside in the same AS. iBGP peers do not update the AS_Path
attribute before sending updates to an iBGP peer. That is only done when an update is sent from an eBGP
peer to another eBGP peer.
Objective:
Sub-Objective:
References:
Home > About Cisco > Publications and Merchandise > The Internet Protocol Journal > Back issues >
Volume 9,Number 1, March 2006 > Autonomous System Numbers > Exploring Autonomous System
Numbers
QUESTION 104
Which parameter does EIGRP use to compute the bandwidth part of the metric?
A. The maximum bandwidth link in the path, in kilobits per second

B. The minimum bandwidth link in the path, in kilobits per second
C. The average bandwidth of all the links in the path, in kilobits per second
D. The average bandwidth of all the links in the path, in kilobytes per second
Correct Answer: B
Section: (none)
Explanation
Explanation:
The minimum bandwidth link, in kilobits per second, is used in the EIGRP metric calculation, because this is
the limiting factor in the overall speed of delivery over the path.
BW = (10,000,000 / bandwidth in Kbps) x 256

Delay = (delay in microseconds / 10) x 256
The formula for calculating the EIGRP metric is shown below:
[K1 x BW + (K2 X BW) / (256 - load) + K3 x delay] X [K5 / (reliability + K4)]
You should note, however, that when K5 = 0 (as it is by default), a slightly different formula applies.
When K5 = 0, the EIGRP metric is [K1 X BW + (K2 X BW) / (256 - load) + K3 x delay]
By default, K1 = 1, K3 = 1, and K2, K4, and K5 = 0.
Therefore, the default EIGRP metric is BW + Delay, where "BW" and "Delay" are determined according to
the formula above.
The final formula is shown below:
[10,000,000 / (bandwidth in Kbps) + (delay in microseconds) / 10] * 256
These usually are derived from the values listed in the show interfaces command.
Objective:
Sub-Objective:
References:
Paper > Enhanced Interior Gateway Routing Protocol > Using The Metrics
QUESTION 105
Examine the sample output of the show ip eigrp topology command.
The network 65.0.0.0 is one of the advertised networks in the routing table. What does the value 128256
represent?
A. The advertised distance

B. The feasible distance
C. The administrative distance
D. The hop count
Correct Answer: A
Section: (none)
Explanation
Explanation:
The number 128256 after the advertisement for network 65.0.0.0 represents the advertised distance. The
advertised distance is the metric that the neighboring router advertised to the local router.
The feasible distance is the metric that the local router would advertise to the next router. Feasible distance
is represented by the number preceding the advertised distance number in the output.
The administrative distance is a number that represents the trustworthiness of a routing protocol. It allows a
router to decide which routing protocol's route to use in the event that more than one protocol advertises a
route to the same network. The administrative distance is not shown in the output of the show ip eigrp
topology command.
Hop count is a simple metric that RIP uses to compare multiple routes to the same network.
Objective:
Sub-Objective:
References:
Paper > Enhanced Interior Gateway Routing Protocol > Feasible Distance, Reported Distance, and
Feasible Successor
Cisco > Cisco IOS IP Routing: EIGRP Command Reference > show ip eigrp topology
QUESTION 106
Consider the following commands:
RouterA(config)# router ospf 10

RouterA(config-router)# redistribute eigrp 20 metric 30
What does the value of 30 represent?
A. It identifies the seed metric associated with OSPF routes that are redistributed into EIGRP.
B. It identifies the seed metric associated with EIGRP routes that are redistributed into OSPF.
C. It identifies the amount that the existing EIGRP metric will increment as it is redistributed into OSPF.
D. It specifies that routes that contain metrics of less than 30 will be redistributed from OSPF into EIGRP.
Correct Answer: B
Section: (none)
Explanation
Explanation:
The value 30 represents the seed metric for routes that are redistributed from EIGRP into OSPF.
When configuring the OSPF process, the redistribute command is used to identify the source protocol, its
AS or process ID, and several other optional parameters, such as metric. The default seed metric for all
routing protocols except BGP is 20. When redistributing BGP, the default seed metric is 1.
It does not identify the seed metric associated with OSPF routes that are redistributed into EIGRP. The
command is redistributing EIGRP into OSPF, not OSPF into EIGRP.
It does not identify the amount that the existing EIGRP metric will increment as it is redistributed into OSPF.
A seed metric value is an absolute value not incremental.
It does not specify that routes that contain metrics of less than 30 will be redistributed from OSPF into
EIGRP. It not used to filter routes.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > redistribute (ip)
QUESTION 107
Which command can you use to display the area border routers (ABRs) and the routes to them?
A. show ip ospf dr
B. show ip opsf bdr
Correct Answer: D
Section: (none)
Explanation
Explanation:
The correct answer is show ip ospf border-routers. The following commands are available to verify OSPF
configurations:
show ip ospf border-routers - displays internal ISPF routing table entries for an ABR.
show ip ospf virtual-links - displays the current state of OSPF virtual links.
show ip ospf - displays information about the router's role and each area to which the router is
connected.
show ip ospf database - displays the contents of the router's topological database. Note that a number
of keywords can be used with the show ip ospf database command to get specific information.
The command show ip ospf dr is not correct because dr is not a parameter of the show ip ospf command.
The command show ip ospf bdr is not correct because bdr is not a parameter of the show ip ospf
command.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Routing: OSPF Command Reference > show ip ospf border-routers
QUESTION 108
If the following protocols are redistributed into OSPF, which protocol will receive a metric of 1 if none is
specified, rather than the default metric of 20?
A. EIGRP
B. RIP
C. IGRP
D. BGP
Correct Answer: D
Section: (none)
Explanation
Explanation:
Border Gateway Protocol (BGP) routes that are redistributed into OSPF will be marked with a metric of 1 if
no other metric is specified. All other routing protocols will receive a metric of 20 when redistributed into
OSPF.
A metric can be manually specified when redistributing the route, as shown below:
router5(config)# router ospf 10

router5(config-router)# redistribute bgp 120 metric 5
Objective:
Sub-Objective:
References:
Cisco Press > Articles > Network Technology > General Networking > Cisco OSPF Route Redistribution
Cisco > Support > Technology Support > IP > IP Routing > Design > Design Technotes > Redistributing
Routing Protocols > Document ID: 8606
QUESTION 109
Routers R1 and R2 are being added to the network shown in the exhibit.
The addresses of their respective interfaces have already been configured as follows:
R1: E0 192.168.4.5/30
R2: E0 192.168.4.6/30
R2: E1 192.168.72.6/30
You have been assigned to complete the following as a part of implementing OSPF area 5:
The E0 interface on R1 should be in area 5.
The E0 interface on R2 should be in area 5.
The mask used with the OSPF configuration should only include the addresses for R1 and R2.
Area 5 should not allow any external or inter-area routes (except for the default route).
Which commands are required to accomplish this set of requirements? (Choose all that apply.)
A. R1# configure terminal

R1(config)# router OSPF 1
R1(config-router)# end
R1# copy running-config startup-config
B. R1# configure terminal
R1#copy running-config startup-config
C. R1# configure terminal
D. R2# configure terminal
E. R2# configure terminal
F. R2# configure terminal
Correct Answer: AD
Section: (none)
Explanation
Explanation:
The following set of commands will configure R1 properly and satisfy the requirements:
R1# configure terminal

The configure terminal command enters global configuration mode, from which the router ospf 1 command
can be executed to enable OSPF process 1. The network command allows the192.168.4.4/30 network to
join OSPF area 5 and uses a wildcard mask (0.0.0.3) that only includes the E0 interfaces on R1 and R2.
The area 5 stub command configures R1 as an internal router in a totally stubby area, which is necessary
because no external or inter-area routes are allowed. The final two commands exit OSPF configuration
mode and save the configuration.
The following set of commands will configure R2 properly and satisfy the requirements:
R2# configure terminal

The configure terminal command enters global configuration mode, from which the router ospf 1 command
can be executed to enable OSPF process 1. The network command allows the192.168.4.4/30 network to
join OSPF area 5, and uses a wildcard mask (0.0.0.3) that only includes the E0 interfaces on R1 and R2.
The area 5 stub no-summary command configures R2 as an area border router (ABR) in a totally stubby
area, which is necessary because no external or inter-area routes are allowed. The final two commands exit
OSPF configuration mode and save the configuration.
The wildcard mask on both network statements, 0.0.0.3, is the wildcard equivalent of a 255.255.255.252
mask (/30). When used with the network address 192.168.4.4, this mask will only allow two addresses in
the area, 192.168.4.5 and 192.168.4.6, as per the scenario requirements.
The command set that executes the area 5 stub no-summary command on router R1 is incorrect because
R1 is an internal router and does not require the no-summary keyword. The no-summary keyword is only
required on the ABR when configuring a totally stubby area.
The command set that executes the network 192.168.4.4 0.0.0.4 area 5 command on router R1 has the
wrong wildcard mask.
The command set that executes the network 192.168.4.4 0.0.0.3 area 0 command on router R2 is incorrect
because the area should be area 5, not area 0.
The command set that executes the area 5 stub command on router R2 is incorrect becauseR2 is an ABR
router and requires the no-summary keyword when configuring a totally stubby area.
Objective:
Sub-Objective:
References:
QUESTION 110
You need to configure eBGP on the rtrA and rtrB routers, as shown in the following image:
You have configured eBGP on rtrA through the following commands:

rtrA(config)# neighbor 201.60.3.2 remote-as 505
While configuring eBGP on rtrB, you need to ensure that updates about the 192.168.58.0/24 and the
192.168.127.0/24 subnets are sent to rtrA with a metric of 300. In addition, rtrB should send updates about
the 172.161.94.0/24 subnet are sent with a metric of 500.
Which of the following set of commands would NOT be part of the set used to correctly configure eBGP on
rtrB?
A. access-list 1 permit 192.168.0.0 0.0.255.255

router bgp 505
neighbor 201.60.3.1 route-map change_parameters in
B. access-list 1 permit 192.168.0.0 0.0.255.255
router bgp 505
neighbor 201.60.3.1 route-map change_parameters out
C. route-map change_parameters permit 10
match ip-address 2
set metric 500
D. route-map change_parameters permit 20
match ip-address 1
set metric 300
Correct Answer: A
Section: (none)
Explanation
Explanation:
The following command set would NOT be used because it only applies the access list route-map
change_parameters inbound instead of outbound, as would be required:
The ACL 1 allows the 192.168.58.0/24 and the 192.168.127.0/24 subnets, while the ACL 2 allows the
172.161.94.0/24 subnet. The neighbor route-map command specifies a route-map named
change_parameters for the 201.60.3.1 BGP peer. The out keyword at the end of the command indicates
that the route-map is applied only to the updates sent by rtrB, and not received by rtrB.
In the following command, the route map change_parameters is defined with the permit keyword. The
permit keyword indicates that if a match occurs, the actions specified in the set sub-command are
executed:
route-map change_parameters permit 10

match ip-address 2
set metric 500
In this case, this command checks if the IP address of the subnets advertised to rtrA is in the
172.161.94.0/24 subnet (specified by ACL 2). If the IP address matches, then the metric of those routes are
set to 500.
In the following command, the route map change_parameters is defined with the permit keyword:
route-map change_parameters permit 20

match ip-address 1
set metric 300
In this case, this command checks if the IP address of the subnets advertised to rtrA is in the
192.168.58.0/24 or the 192.168.127.0/24 subnets (specified by ACL 1) If the IP address matches, then the
metric of those routes are set to 300.
Objective:
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > IP > IP Routing > Design > Design Technotes > BGP
Case Studies > Route Maps
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > route-map
QUESTION 111
For a non-ISP autonomous system (AS), which combination of two conditions will require redistribution from
BGP into Interior Gateway Protocol (IGP)? (Choose two.)
A. All routers run BGP.

B. Not all routers run BGP.
C. No knowledge of external routes is required inside the AS.
D. Routers inside the AS require knowledge of external routes.
Correct Answer: BD
Section: (none)
Explanation
Explanation:
For non-ISP autonomous systems (AS), redistribution into IGP is required when BOTH of the following
conditions exist:
Not all routers run BGP
Knowledge of external routes is required inside the AS
Note: Redistribution of any BGP routes into your IGP can cause serious problems, even if your internal
routers can handle the load. This should be done rarely, if at all. If you do decide to do this, configure heavy
filtering to allow only very few routes into OSPF or EIGRP so as not to overwhelm those protocols. For
instance, do it only for a select group of networks for which optimal routing is critical.
Objective:
Sub-Objective:
References:
Studies > Document ID: 26634 > Static Routes and Redistribution
Cisco > Cisco IOS IP Routing: BGP Configuration Guide, Release 12.4 > Cisco BGP Overview >
Information About Cisco BGP > BGP Autonomous Systems
QUESTION 112
Your network has an OSPF area that connects to an EIGRP area at two points, Router A and Router B. You
directed your assistant to set up these two routers in order to have traffic load-balanced between the two
entry points. However, you discover that all traffic is going through Router A. When you view the results of
the show run command for each device, you get the partial output shown below:
What action should be performed to make traffic use both routes to the EIGRP area?
A. change the metric for EIGRP to 50 on Router A

B. change the metric for EIGRP to 45 on Router B
C. change the metric type to Type 1 on Router A
D. change the metric type to Type 1 on Router B
Correct Answer: A
Section: (none)
Explanation
Explanation:
You should change the metric for EIGRP to 50 on Router A. The metric can be defined when configuring
the redistribution of one routing protocol into another. A lower metric will cause traffic to be routed in that
direction. Therefore, to make the paths from the two routers equal, you should raise the metric on Router A
to 50 to match that of Router B.
You should not lower the metric on Router B to 45. It will still be a higher metric than that of A and traffic will
still go in that direction.
You should not change the metric type on either router. The metric type determines whether the
downstream OSPF routers should add their cost to the total cost to get to the ASBR when computing cost.
In this scenario, Router A and Router B are both ASBRs. When set to Type 1, downstream OSPF routers
do add their metric. With Type 2, they simply use the configured metric. If you want true load balancing, you
should leave the metric type set to Type 2, since you have no information on the cost from the other routers
to the ASBRs. However, when Type 1 is used, you must also take into consideration the metric from the
other routers to the ASBR when determining the true cost to leave the OSPF area.
Objective:
Sub-Objective:
References:
Home > Support > Technology Support > IP > IP Routing > Design > Design Technotes > Redistributing
Routing Protocols
Cisco > Support > Technology Support > IP > IP Routing > Design > Design Technotes > Route Selection
in Cisco Routers > Document ID: 8651
QUESTION 113
Which command can you use to display information about OSPF virtual links?
A. debug ip ospf adj

B. show ip ospf [process-id]
C. show ip ospf virtual-links
Correct Answer: C
Section: (none)
Explanation
Explanation:
The correct answer is show ip ospf virtual-links. The show ip ospf virtual-links command displays the
current state of OSPF virtual links, as shown below.
The following additional commands are available to verify OSPF configurations: show ip ospf border-
routers, debug ip ospf adj, and show ip ospf.
The show ip ospf border-routers command displays internal OSPF routing table entries for an ABR, as
shown below.
router10#show ip ospf border-routers

Codes: i - Intra-area route, I-Inter-area route
Type Dest Address Cost NextHop Interface ABR ASBR Area SPF
i 2.2.2.2 10 192.1.1.199 Ethernet 2 TRUE FALSE 0 3
i 3.2.2.2 10 192.1.1.200 Ethernet 2 TRUE FALSE 0 3
The show ip ospf command displays information about the router's role and each area to which the router is
connected, as shown below.
The debug ip ospf adj command displays information about the state of neighbor adjacencies, as shown
below.
R3#debug ip ospf adj

OSPF adjacency events debugging is on
00:54:04: OSPF: Rcv pkt from 172.12.23.2, Ethernet0, area 0.0.0.1 : src not on
the same network
In the above example, either the IP address or the subnet mask is misconfigured on either this router or the
neighbor.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Routing Protocols Command Reference > IP Routing Protocol-Independent
Commands: S through T > show ip ospf virtual-links
QUESTION 114
View the sample output of the debug ip eigrp command.
What is the significance of the number 4294967295 as shown in the output?
A. It represents the unreachable metric for EIGRP.

B. It represents the administrative distance for EIGRP.
C. It represents a reachable metric for the given network.
D. It represents one of the link characteristics that EIGRP uses to calculate the metric.
Correct Answer: A
Section: (none)
Explanation
Explanation:
The value 4294967295 in the debug ip eigrp output represents the unreachable metric for EIGRP. This
means that the network has become unavailable and cannot be reached. In this output, the M represents
the local metric, and the SM represents the metric that was reported by the neighbor that advertised the
network to the local router.
The administrative distance (AD) for internal EIGRP is 90.
The link characteristics that are used in the EIGRP calculation are shown following the dash after the M and
SM values (1657856 4294967295). By default, EIGRP only uses bandwidth and delay in its calculation.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS Debug Command Reference > debug h225 asn1 through debug ip ftp > debug ip eigrp
QUESTION 115
The network administrator has configured router R2 to redistribute a newly installed EIGRP network into
their core OSPF network. The redistributed networks and subnets are not properly appearing in the routing
tables of the other routers. The following output displays partial configuration for router R2:
router ospf 10
redistribute eigrp 50 metric 100 metric-type 1
network 192.16.31.0 0.0.0.255
What two modifications would correct the problem? (Choose two.)
A. Change the EIGRP AS number from 50 to 10

B. Change the AS number specified for OSPF to 50
C. Add the command network 10.0.0.0 0.0.0.255
D. Add the command network 10.0.0.0 255.255.255.0
E. Add the level-1-2 keyword to the redistribute command
F. Add the subnets keyword to the redistribute command
G. Change the command network 192.16.31.0 0.0.0.255 to include the area keyword and value
Correct Answer: FG
Section: (none)
Explanation
Explanation:
The R2 router will not form adjacencies with neighboring routers in the area if the area IDs do not match.
The area keyword in the network command is missing from the initial router R2 configuration. The correct
command would be:
R2(config)# network 192.16.31.0 0.0.0.255 area 1
Secondly, the subnets keyword should be used in the redistribute command to ensure that all of the
subnets in the 10.0.0.0/8 are redistributed into OSPF. For example, you would use the following commands
to redistribute EIGRP autonomous system (AS) 50 networks and subnetworks into OSPF with a metric of
100 and advertise them as external Type 1 routes:
R2(config)# router ospf

R2(config-router)# redistribute eigrp 50 metric 100 metric-type 1
The complete syntax for the redistribute command when used in OSPF is as follows:
redistribute protocol [process-id] [metric metric-value] [metric-type type-value] [subnets]
The command parameters are:
protocol - Identifies the source protocol, such as BGP, connected, EIGRP, IGRP, ISIS, OSPF, static, or
rip.
process-id - Depending on the routing protocol, identifies the source autonomous system number or
process ID.
metric - Identifies the seed metric for the redistributed route. The default is 0.
metric-type - For OSPF, it identifies the redistributed routes as either external Type 1 or Type 2 routes.
The default is Type 2.
subnets - Optional keyword for use with OSPF to indicate that the scope of the networks to be
redistributed also includes subnets.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Routing: Protocol-Independent Command Reference > redistribute (ip)
QUESTION 116
A neighboring EIGRP router fails. Its advertised distance (AD) to network 10.10.10.0 was 2 and the feasible
distance (FD) was 3.
Which route will be used to route packets destined for network 10.10.10.0 if the other routes have the
following feasible and advertised distances respectively to the destination network?
A. FD-6
AD-3
B. FD-4
AD-1
C. FD-5
AD-3
D. FD-4
AD-3
Correct Answer: B
Section: (none)
Explanation
Explanation:
When EIGRP loses it best route, called the successor route, it will then use a feasible successor route, if
available, to route the packets to that destination. To be considered a feasible successor, the advertised
distance, which is the neighboring router's distance, needs to be less than the feasible distance, which is
the local router's own metric.
In this scenario, the feasible distance is 3. The only available feasible successors are the ones that have
the advertised distance/feasible distance of 1/4 and 2/4.
Objective:
Sub-Objective:
References:
Paper > Enhanced Interior Gateway Routing Protocol > Feasible Distance, Reported Distance, and
Feasible Successor
QUESTION 117
You have two routers connected to each other that are both running the EIGRP protocol. The routers have
built a neighbor relationship and are exchanging routing information. You execute the following command
on the EIGRP process on Router 1:
router1(config)# router eigrp 100

router1(config-router)# passive-interface
What will be the effect of this command?
A. Only routing advertisements from Router 1 to Router 2 will be prevented.

B. Only router advertisements to and from Router 1 will be prevented.
C. All hellos and routing updates will be prevented, and the neighbor relationship between Router 1 and
Router 2 will be broken.
D. Hellos will be prevented, but routing updates will continue to be sent out.
Correct Answer: C
Section: (none)
Explanation
Explanation:
The effect of the passive-interface command is dependent on the routing protocol. With RIP, the command
prevents the sending of route updates, but does not prevent the reception of route updates. With EIGRP,
the passive-interface command prevents both the sending and receiving of route updates, and also the
sending of hellos. Without hello packets, the routers are unable to maintain the neighbor relationship, upon
which all communications including route updates depend.
If the intent was to preventing routing updates from Router 1 to Router 2 while still allowing updates from
Router 2 to Router 1, the routing updates must be filtered out and denied on Router 1 with a distribute list,
as shown in the following command set:
router1(config)access-list 101 deny any

router1(config)#router eigrp 100
router1(config-router)distribute-list 101 out
Objective:
Sub-Objective:
Troubleshoot passive interfaces
References:
Cisco IOS Master Command List, Release 12.4T > p through r > passive-interface
QUESTION 118
You are the network administrator for a corporate organization. You changed the BGP configuration, then
executed the following command on the rtrA router:
clear ip bgp 172.161.18.5 soft out
What is the result of this command?
A. The outbound session between rtrA and 172.161.18.5 is cleared and reset.
B. The inbound session between rtrA and 172.161.18.5 is cleared and reset.
C. The outbound session between rtrA and 172.161.18.5 is cleared.
D. The inbound session between rtrA and 172.161.18.5 is cleared.
Correct Answer: C
Section: (none)
Explanation
Explanation:
The outbound TCP session between rtrA and 172.161.18.5 is cleared as a result of the given command.
The given command is a variation of the clear ip bgp command.
The clear ip bgp command allows you to clear and reset the sessions or routing updates in BGP routers so
that changes in the BGP configuration can take effect. You can use this command to clear and reset the
sessions for all neighbors, a specific neighbor, or a group of neighbors. Use an asterisk (*) or the group
name instead of the IP address to apply the command on all the neighbors of a router or a particular peer
group, respectively.
For example, if you execute the clear ip bgp * command, all the sessions currently active are cleared and
reset. If you use the clear ip bgp 172.161.18.5 command on rtrA, the current session between rtrA and its
neighbor 172.161.18.5 is cleared and reset. Such a reset of sessions is known as hard reset. When hard
resets are performed, the neighbor relationship is broken and must be reestablished.
The soft keyword, which is optional, indicates a soft reset. This keyword allows you to clear the BGP table
without resetting the session. If you do not use this keyword, the sessions are cleared and then reset with a
hard reset.
The out keyword specifies that the command should be applied to only outbound sessions. If you use the in
keyword, the command is applied to only inbound sessions.
The outbound TCP session between rtrA and 172.161.18.5 is not cleared and reset by the given command.
If the clear ip bgp 172.161.18.5 out command was used, then the outbound session between rtrA and
172.161.18.5 would be both cleared and reset.
The inbound TCP session between rtrA and 172.161.18.5 is not cleared and reset by the given command. If
the clear ip bgp 172.161.18.5 in command were used, then the inbound TCP session between rtrA and
172.161.18.5 would be cleared and then reset.
The inbound TCP session between rtrA and 172.161.18.5 is not cleared by the given command. If the in
keyword were used instead of the out keyword in the given command, the outbound TCP session between
the rtrA and 172.161.18.5 would be cleared.
Objective:
Sub-Objective:
References:
Cisco IOS IP Routing: BGP Command Reference > clear ip bgp
QUESTION 119
You are configuring Open Shortest Path First (OSPF) protocol for IPv6 on Router5. The router has two
interfaces, which have been configured as follows:
S0/0 - 192.168.5.1/24
S0/1 - 10.0.0.6/8
You would like OSPF to route for IPv6 only on the S0/0 network and not route for IPv6 on the S0/1 network.
The process ID you have chosen to use is 25. You do not want to apply an IPv6 address yet.
Which of the following command sets would enable OSPF for IPv6 as required?
A. Router5(config)#ipv6 ospf 25
Router5(config)# network 192.168.5.0
B. Router5(config)#ipv6 ospf 25
Router5(config)#router-id 192.168.5.1
C. Router5(config)#ipv6 unicast-routing
Router5(config)#ipv6 router ospf 25
Router5(config-rtr)#router-id 1.1.1.1
Router5(config)#interface S0/0
Router5(config-if)#ipv6 ospf 25 area 0
D. Router5(config)#ipv6 unicast-routing
Router5(config)#ipv6 ospf 25
Router5(config-rtr)#router-id 1.1.1.1
Correct Answer: C
Section: (none)
Explanation
Explanation:
The correct command sequence would be as follows:

Router5(config)# ipv6 router ospf 25
Router5(config)# interface S0/0
Router5(config-if)# ipv6 ospf 25 area 0
The first line enables IPv6 routing with the ipv6 unicast-routing command. The second line enables OSPF
routing for IPv6 with the ipv6 router ospf command. The third assigns a necessary router ID (which was
chosen at random) with the router-id command. The last two lines enable OSPF for area 0 on the proper
interface.
The following command set is incorrect because it does not enable OSPF routing for IPv6, assign a
necessary router ID, or enable OSPF for area 0 on the proper interface:

Router5(config)# network 192.168.5.0
This command set also displays incorrect use of the network command. The network command would be
used with OSPF v2.
The following command set fails to enable OSPF routing for IPv6, assign a necessary router ID, or enable
OSPF for area 0 on the proper interface:

Router5(config)# router-id 192.168.5.1
It also assigns the router ID under global configuration mode, rather than under router ospf 25 configuration
mode as required.
The following command set fails to enable OSPF for area 0 on the proper interface:

Objective:
Sub-Objective:
References:
Cisco > Implementing OSPF for IPv6 > How to Implement OSPF for IPv6
Cisco > Cisco IOS IPv6 Command Reference > ipv6 unicast-routing
Cisco > Cisco IOS IPv6 Command Reference > ipv6 ospf area
QUESTION 120
Refer to the following exhibit, where three routers have EIGRP for IPv6 enabled on them:
What is the next-hop address when rtrB advertises the 2001:5050:D402:B333::/64 IPv6 subnet to rtrC?
A. FE80::3030:3030:3030/64
B. FE80::3230:3030:3030/64
C. FE80::3030:30FF:FE30:3030/64
D. FE80::3230:30FF:FE30:3030/64
Correct Answer: D
Section: (none)
Explanation
Explanation:
The next-hop address when rtrB advertises the 2001:5050:D402:B333::/64 IPv6 subnet to rtrC is
FE80::3230:30FF:FE30:3030/64. In routers with EIGRP for IPv6 enabled on them, the next-hop address is
the IP address of the interface that advertises routes. The next-hop addresses should be link-local
addresses. Link-local addresses are IPv6 unicast addresses that are automatically assigned to the router
interfaces. These addresses have the FE80::/10 prefix and the EUI-64 standard interface address.
EUI-64 is an IEEE standard that allows the determination of an IPv6 address from the MAC address of an
interface. The 64 most significant bits should be specified in the ipv6 address command. The 64 least
significant bits are determined by using the EUI-64 standard. The steps to determine the 64 least significant
bits are as follows:
1. Divide the 48-bit MAC address into two 24-bit parts.
2. Embed FFFE (16 bits) between the two parts resulting in a 64-bit address.
3. If required, toggle the seventh bit of the first octet in the address. In EUI-64 format, if the seventh bit is 0,
then the address is local. If the seventh bit is 1, the address is global.
In this case, when rtrB advertises any route to rtrC, it advertises the interface with the MAC address
3030.3030.3030 as the next-hop. When the given steps are performed on the MAC address, it result in the
EUI-64 standard address 3230.30FF.FE30:3030. This address is then appended to the FE80::/10 prefix.
The resultant IPv6 link-local address of the interface is FE80::3230.30FF.FE30:3030/10.
The remaining three options are incorrect as their interface address is not in the EUI-64 standard.
Objective:
Sub-Objective:
References:
Cisco IPv6 Configuration Guide, Release 15.2 > IPv6 Neighbor Redirect Message
Cisco IPv6 Configuration Guide, Release 15.2 > IPv6 Unicast Routing > Aggregatable Global Address
QUESTION 121
An OSPF area contains the following networks:
165.164.8.0 255.255.254.0
165.164.10.0 255.255.254.0
165.164.12.0 255.255.254.0
165.164.14.0 255.255.254.0
How can the route to these networks be summarized?
A. 165.164.8.0 255.255.240.0
B. 165.164.8.0 255.255.248.0
C. 165.164.10.0 255.255.252.0
D. 165.164.14.0 255.255.240.0
Correct Answer: B
Section: (none)
Explanation
Explanation:
Summarization is the process of advertising a network with a subnet mask such that it includes all of the
subnets. For a simple example if you had two Class C networks, you could advertise them as a Class B
network and it would encompass them both. Normally summarization should be implemented such that it
summarizes ONLY the networks desired and no others (in the simple example it would possibly include
other Class C networks). The process for arriving at the "best" summarization is a follows.
First, write the last octet that all networks share in common (third octet in this case) in binary form for each
network:
165.164.8.0--00001000
165.164.10.0--00001010
165.164.12.0--00001100
165.164.14.0--00001110
The addresses have the first five bits in common; therefore, they can be summarized with the third octet
00001000 and a subnet mask of 255.255.248.0.
Another way of looking at it is that 165.164.8.0 255.255.248.0 covers the range of 165.164.8.0 through
165.164.15.255, the same range as all the component subnets.
None of the following possible answers is a valid range, nor do most of them cover the correct range of
addresses:
165.164.8.0 255.255.240.0 is not a valid range. A 20-bit mask can only be on a subnet that is a multiple of
16, such as .16.0, .32.0, .48.0 etc. The subnet .8.0 is not a multiple of 16.
165.164.10.0 255.255.252.0 is not valid. A 22-bit mask requires a multiple of 4 in the third octet, and 10 is
not a multiple of four. Even if it were a valid range, it does not cover the entire range of addresses that need
to be summarized.
165.164.14.0 255.255.240.0 is not valid. The 20-bit mask is only usable on ranges that are multiples of 16
in the third octet, and 14 is not a multiple of 16. Even if the mask were valid, it could not cover the correct
addresses.
When addresses are summarized the cost of the summary address will the highest cost of the component
subnets. For example, in the partial sample output of the show ip route command below, there are three
routes. The output is from a router running OSPFv3, so the addresses are IPv6, but the concept is the
same.
OI 2001:0D B 8:0:0:7/64 [110/20]

via FE 80::A8BB:CCFF:FE 00:6F00, FastEthernet0/0
OI 2001:0D B 8:0:0:8/64 [110/100]
OI 2001:0D B 8:0:0:9/64 [110/40]
The routes have metrics (the second value in brackets, [administrative distance/cost]) of 20, 100, and 40.
Therefore, the metric for the summarized route would be 100.
Objective:
Sub-Objective:
References:
Cisco > Home > Support > Technology Support > IP Routing > Technology > Information Technology >
White Papers > OSPF Design Guide
QUESTION 122
You have implemented OSPF for IPv6 for the following areas in OSPF AS 1:
The cost from rtrB to the 2001:5050:D402:B333:1:FE30::/96 network is 80, while the cost from rtrB to the
2001:5050:D402:B333:2:FE59::/96 network is 130.
Which of the following area range cost commands should be executed on rtrB?
A. area 10 range 2001:5050:D402:B333::/64 cost 80

B. area 10 range 2001:5050:D402:B333::/64 cost 130
C. area 10 range 2001:5050:D402:B333::/64 cost 210
D. area 10 range 2001:5050:D402:B333::/64 cost 0
Correct Answer: B
Section: (none)
Explanation
Explanation:
The area 10 range 2001:5050:D402:B333::/64 cost 130 command should be executed on rtrB. This
command defines an area range for an area border router (ABR) that has OSPF for IPv6 enabled on it. This
command provides a summary route of the routes in an OSPF area to be distributed to another area.
The range keyword in the command provides the summary route. The cost keyword in the command
specifies the cost of the summary route. The highest cost of the routes that are being summarized becomes
the cost of the summary route. In this case, the cost from rtrB to the 2001:5050:D402:B333:1:FE30::/96
network is 80, and the cost from rtrB to the 2001:5050:D402:B333:2:FE59::/96 network is 130. The cost of
the summary route is 130 as it is higher.
All the other options are incorrect because they do not specify the correct cost of the summary route.
Objective:
Sub-Objective:
References:
Cisco Learning Home > Groups > CCNP R&S Study Group > Discussions > What would be the Metric for a
Summary Route in OSPFv3
Cisco IOS IPv6 Configuration Guide, Release 12.4 > Implementing OSPF for IPv6 > How to Implement
OSPF for IPv6
QUESTION 123
You are using an aggregate static route to null 0 to redistribute static routes into BGP.
Which problem can result if the router loses access to one of these routes?
A. Black hole
B. Routing loop
C. Split horizon
D. Unstable BGP table
Correct Answer: A
Section: (none)
Explanation
Explanation:
If one of the aggregated routes is lost, the router will discard packets destined for that route. This condition
is known as a black hole.
For example, suppose you have a number of subnets of range 11.1.0.0/16, all of which have 24 bit masks,
such as 11.1.2.0/24. You aggregate them all to 11.1.0.0/16 and advertise that aggregate. If this router were
to lose connectivity to one of the subnets, for example 11.1.3.0/24, then any traffic routed through this
router to that subnet would never reach it, even if there were another valid path.
Split horizon is a loop avoidance mechanism that is by default always in effect, and is not affected by the
loss of a subnet route that is part of an aggregate route.
BGP tables are not made unstable by the loss of the loss of a subnet route that is part of an aggregate
route.
Routing loops would not occur simply from the loss of a subnet route that is part of an aggregate route.
Objective:
Sub-Objective:
References:
Cisco > IP Routing: BGP Configuration Guide > BGP4 > Aggregating Route Prefixes Using BGP
QUESTION 124
You have configured BGP on both rtrA in AS 1 and rtrB in AS 2. There are two routes created using the
network command between the two routers. One route traverses through AS 5 and AS 6 from rtrA to rtrB,
while the other route traverses AS 7, AS 8, and AS 9 from rtrA to rtrB. Both routes use default values for the
Weight and LOCAL_PREF attributes.
Which of the following attributes determines the BEST route between rtrA and rtrB routers?
A. Weight
B. LOCAL_PREF
C. Origin type
D. AS_PATH
Correct Answer: D
Section: (none)
Explanation
Explanation:
The AS_PATH attribute is used to determine the best path between the two routes. To select the best path
from rtrA to rtrB, BGP analyzes attributes that are set for the two available routes during the configuration of
the network. The key BGP attributes and the order in which they are checked are as follows:
1. Weight - highest weight is selected
2. LOCAL_PREF - highest LOCAL_PREF is selected
3. Locally originated routes - local routes are selected
4. AS_PATH - shortest AS_PATH is selected
5. Origin type - lowest origin type is selected
6. Multi-exit Discriminator (MED) - lowest MED is selected
The weight attribute is the first attribute to be checked while selecting the best BGP route. This attribute is
relevant only to the local router on which it is set. The value of this attribute can be any number from 0 to
65535. The default values are 32768 for locally originated routes and 0 for other types of routes. Both
routes in this case are originated locally and have the default weight values. Therefore, in this case, the
weight attribute is not used to determine the best route.
BGP then checks the value of the LOCAL_PREF attribute, which refers to local preference. Local
preference is a value indicates the route that is preferred to exit the AS to reach a given network. Routes
with higher local preference are selected by BGP. You can set the local preference for a route to any value;
however, if you do not, the route uses the default value of 100. Because both routes have the default
LOCAL_PREF value, this attribute is not used to determine the best route.
Next BGP checks whether any of the routes are locally originated using the network, redistribute, or
aggregate commands. As stated, both routes originated using the network command on the routers.
Consequently, BGP analyzes the value of the AS_PATH attribute, which is a list of the AS numbers
traversed by a particular route. The route with the shortest AS_PATH is selected as the best path. In this
case, the route that consists of AS 5 and 6 is considered the best path because the AS_PATH value for this
route is shorter than that for the route traversing AS 7, 8, and 9. The AS_PATH value for the route
traversing AS 5 and 6 is [6 5 1], while the AS_PATH for the route traversing AS 7, 8, and 9 is [9 8 7 1].
The other options are incorrect because the corresponding attributes are same for both the routes; hence,
those attributes are not considered while BGP determines the best path.
Objective:
Sub-Objective:
References:
Internetworking Technology Handbook > BGP > BGP attributes
QUESTION 125
Router R2 has been configured with the following OSPF router command:
area 1 range 130.31.96.0 255.255.224.0
Which addresses listed will be summarized by R2 into area 0? (Choose all that apply.)
A. 130.31.128.0/23
B. 130.31.112.0/20
C. 130.31.130.0/24
D. 130.31.160.0/22
E. 130.31.104.0/21
Correct Answer: BE
Section: (none)
Explanation
Explanation:
The command area 1 range130.31.96.0 255.255.224.0 is used to summarize the IP network addresses
from 130.31.96.0/24 to 130.31.127.0/24 in area 1. Addresses 130.31.112.0/20 and 130.31.104.0/21 are
both in that range of network addresses.
To determine if an address is a part of a summary, put the summary address and summary mask in binary
format. Do the same with the address and the summary mask you are examining, as shown below:
130.31.96.0 10000010.00001111.01100000.00000000
130.31.112.0 10000010.00001111.01110000.00000000
255.255.224.0 11111111.11111111.11100000.00000000
If the address you are testing and the summary address agree to the point where the mask stops, then the
test address is part of the summary. In this case, they agree through the 27th bit, so this address is a part of
the summary. The same is true for the 130.31.104.0 address.
In OSPF, you can only configure summarization on the border routers. The summaries need to be of routes
within a single area. You summarize the routes of an area so that routers in another area do not see the
individual networks, just the summary. The correct command is:
area area id range ip-address mask
The area id parameter is the number of the area whose networks are being summarized. For example, in
the network shown in the exhibit, to summarize the networks within area 1 to 130.31.96.0/19 you would
configure router R2 with the command area 1 range 130.31.96.0 255.255.224.0. This would not affect the
routing tables of the routers within area 1, but instead make the routing tables of areas 0 and 2 smaller.
These other routers would only have the summary route listed instead of the individual networks. Router 3
would only see the summary route 130.31.96.0/19.
Objective:
Sub-Objective:
References:
Paper > OSPF Design Guide > OSPF and Route Summarization > Inter-Area Route Summarization
Cisco IOS Master Command List, Release 12.4 > a through b > area range
QUESTION 126
When an EIGRP router starts, it sends a hello packet out of all interfaces.
Which type of packet do neighboring routers send in response?
A. ACK
B. Hello
C. Query
D. Reply
E. Update
Correct Answer: E
Section: (none)
Explanation
Explanation:
When an EIGRP router starts, it sends hello packets out of each interface. Neighboring routers respond
with update packets. These update packets are sent reliably, and must be acknowledged with an ACK
packet from the EIGRP router.
EIGRP makes neighbor relationships simple. If a router hears a hello from a new neighbor, it sends that
neighbor updates for all routes that it knows. This is different from Open Shortest Path First (OSPF), which
has a complex series of rules governing how neighbor relationships are formed and how databases are
synchronized. When changes to the network occur in OSPF, updates packets route reliable change
information only to the affected routes.
Queries and replies in EIGRP only occur when a router loses a route to a network and is actively seeking a
replacement route.
Objective:
Sub-Objective:
Describe EIGRP packet types
References:
Internetworking Technology Handbook > Enhanced Interior Gateway Routing Protocol (EIGRP) > EIGRP
Packet Types
QUESTION 127
What does the passive-interface command do when implement with RIP? (Choose two.)
A. Allows an interface to receive routing update traffic

B. Prevents an interface from sending routing update traffic
C. Prevents an interface from sending any normal data traffic
D. Allows an interface to receive normal data traffic
E. Disables a router interface
F. Places a router interface in standby mode
Correct Answer: AB
Section: (none)
Explanation
Explanation:
The effect of the passive-interface command is dependent on the routing protocol running on the interface.
For EIGRP, the router will not only stop sending routing updates, but also hellos, which means that it will not
updates, and it will still receive routing updates. An example of using the passive-interface command is
below. The command is issued from the router configuration mode.
Router(config-router)# passive-interface ethernet 0/0
The passive-interface command will even overrule a configuration that includes a distribute list that allows
the advertisement of a network through the interface. Examine the partial output of the show run command
taken from a router running EIGRP below:
router6#show run
!
router eigrp 100
network 10.16.18.0 0.0.255.255
network 10.16.19.0 0.0.255.255
passive-interface serial 0/0
distribute-list 50 out serial 0/0
!
Access-list 50 permit 10.16.8.0 0.0.255.255
In this case, although the distribute list allows the advertisement of the 10.16.8.0 network, the passive-
interface command applied to the Serial 0/0 interface will disallow all outgoing and incoming updates.
The passive-interface command does not affect the transmission or reception of normal data traffic, only
routing updates.
The passive-interface command does not disable the router interface. The shutdown command is used to
disable a router interface.
The passive-interface command does not place the router in standby mode.
Objective:
Sub-Objective:
Configure and verify loop prevention mechanisms
References:
Cisco > Cisco IOS IP Routing: Protocol-Independent Configuration Guide, Release 12.4 > Configuring IP
Routing Protocol-Independent Features > Filtering Routing Information
QUESTION 128
As the network administrator, you need to develop a verification plan for an OSPF network. The OSPF
network has several area routers, area border routers (ABRs), and autonomous system boundary routers
(ASBRs).
Which LSA types should you expect ABRs to generate while verifying the OSPF network? (Choose two.)
A. Type 4
B. Type 3
C. Type 2
D. Type 5
Correct Answer: AB
Section: (none)
Explanation
Explanation:
ABRs generate Type 3 and Type 4 LSAs in an OSPF network. ABRs are those routers that exist between
two OSPF areas, as shown in the following figure:
Type 3 and Type 4 LSAs are generated by ABRs to be flooded into other areas to and from the backbone
area (area 0). Type 3 LSAs, or summary link advertisements, contain the list of networks known by one
area. ABRs send Type 3 LSAs to the other OSPF areas in a given AS.
OSPF ABRs generates Type 4 LSAs to advertise the list of routes that point to an ASBR. These LSAs
advertise the location of the ASBR.
Type 5 LSAs are not generated by an ABR. These LSAs are generated by ASBRs to describe routes
redistributed into the area from other autonomous systems.
Type 2 LSAs are not generated by an ABR. A Type 2 LSA is generated only by the designated router (DR)
of a segment to be sent to the other routers that belong to the same area as the DR. A DR is a router that
has the highest OSPF priority on a segment. These advertisements are used by the DR to represent the
routers that are connected to the network.
Objective:
Sub-Objective:
References:
Cisco Learning Home > Groups > CCNP R&S Study Group > Discussions > OSPF Level of Detail
Cisco > Support > Technology Support > IP > IP Routing > Technology Information > Technology White
Paper > OSPF Design Guide > Link State Packets
QUESTION 129
You have determined that RTR2 is not advertising the CIDR summary address 192.168.0.0 to the other
routers in AS 65100.
Which set of configuration commands will enable the BGP router RTR2 to announce the network prefix
192.168.0.0/16 to the other routers in the AS 65100?
A. router bgp 65100

network 192.168.3.0
B. router bgp 65100
network 192.168.0.0
C. router bgp 65100
network 192.168.0.0 mask 255.255.0.0
ip route 192.0.0.0 255.0.0.0 null 0
D. router bgp 65100
network 192.168.0.0 mask 255.255.0.0
ip route 192.168.0.0 255.255.0.0 null 0
Correct Answer: D
Section: (none)
Explanation
Explanation:
Issuing the following commands will cause RTR2 to advertise the CIDR block 192.168.0.0/16 to the other
routers by using BGP:
RTR2(config)# router bgp 65100

RTR2(config-router)# network 192.168.0.0 mask 255.255.0.0
RTR2(config-router)# ip route 192.168.0.0 255.255.0.0 null 0
The network command specifies the address that will be inserted into the BGP table. Without the mask
keyword, the classful network will be assumed. Because 255.255.0.0, or /16, is not the natural mask for any
Class C address, the mask keyword must also be specified. Thus, 192.168.0.0 and 255.255.0.0 identify the
desired address and mask of the 192.168.0.0/16 network prefix.
The router checks the IP forwarding table for an exact match before it advertises the route. Without a
matching entry in the IP forwarding table, that route will not be advertised. RTR2 must be able to advertise a
CIDR block and not the individual subnets. A static route is required because BGP requires that a match of
the network prefix be present in the forwarding table when using the network command with the mask
keyword. Therefore, to ensure an exact match for the identified prefix exists in the IP forwarding table, and
to ensure that the prefix will always be advertised, a static route for 192.168.0.0/16 to null 0 is also required.
The syntax for the network command is shown below:
network network-number [ mask network-mask ] [ route-map map-tag ]
The parameters are:

mask - This parameter is optional and identifies the network or subnetwork to advertise.
route-map - This parameter is optional and identifies a preconfigured route-map that will be used to filter
specific addresses from being advertised.
create a static route to null 0. The address used in the network command is also incorrect. It should
192.168.0.0:
router bgp 65100

network 192.168.3.0
create a static route to null 0:
router bgp 65100

network 192.168.0.0
The following command set uses an incorrect mask (255.0.0.0) in the command that creates the static
route to null 0. It should be 255.255.0.0:
router bgp 65100

network 192.168.0.0 mask 255.255.0.0
ip route 192.0.0.0 255.0.0.0 null 0
Objective:
Sub-Objective:
References:
Internetworking Case Studies > Using the Border Gateway Protocol for Interdomain Routing > Controlling
the Flow of BGP Updates > CIDR and Aggregate Addresses > Aggregation and Static Routes
QUESTION 130
Examine the following output.
You are investigating why router RouterA does not include the 172.16.0.0 network in its BGP
advertisements. The output contains portions of RouterA's configuration and IP routing table.
Which statement correctly identifies the reason why this subnet does not appear in the BGP
advertisements?
A. BGP synchronization is enabled by default.

B. The no auto-summary command was used.
C. The 172.16.31.0/24 network was learned through BGP.
D. The 10.1.2.3 IP address was not defined as a BGP neighbor.
Correct Answer: B
Section: (none)
Explanation
Explanation:
The no auto-summary command affects how a network identified by using the network command is
advertised. The way the router in the exhibit is configured, it will not announce the 172.16.31.0/24 subnet.
The BGP router will announce the classful address 172.16.0.0/16 when the routing table, maintained by the
IGP, contains an exact match to the network command.
The network command directly affects what network is advertised in BGP. If the command does not also
include a network mask, and if auto-summary is enabled, then the classful address 172.16.0.0 is advertised
any time that the router learns about a subnet of 172.16.0.0 via its IGP such as OSPF or EIGRP. The
routing table does contain an entry for the 172.16.31.0/24 subnet that was learned through the IGP.
However, auto-summary is disabled with the no auto-summary command. Therefore, only networks in the
routing table that are an exact match to the network commands are advertised.
If the configuration goal is to announce the 172.16.0.0/16 network any time one of its subnets is learned,
such as 172.16.31.0/24, then you should enable auto-summary. If the goal is to announce only the
172.16.31.0/24 subnet learned through the IGP, then you should alter the network command's IP address
and include the subnet mask.
The BGP synchronization rule specifies that networks will not be advertised or used via iBGP unless it also
has been learned through an IGP. If synchronization is disabled, iGBP will advertise a network without also
learning it through an IGP. It does not affect the summarization of routes.
The 172.16.31.0 network was learned through an IGP session with router 10.1.2.3.
Objective:
Sub-Objective:
References:
Cisco IOS Master Command List, Release 12.4 > a through b > BGP Commands: A through B > auto-
summary (BGP)
Cisco > Cisco IOS IP Routing: BGP Command Reference > router bgp
Cisco > Cisco IOS IP Routing: BGP Command Reference > network (BGP and multiprotocol BGP)
QUESTION 131
Which method should you use to block all routing updates from being sent into a network through an
interface?
A. Static route
B. Default route
C. Passive interface
D. Route-update filtering
Correct Answer: C
Section: (none)
Explanation
Explanation:
To stop all outbound routing updates from an interface, you can use the passive-interface command. The
effect of the passive-interface command is dependent on the routing protocol running on the interface. For
EIGRP, the router will not only stop sending routing updates, but also hellos, which means that it will not
updates and it will still receive routing updates.
There are numerous reasons to use the passive-interface command. For instance, suppose that you have a
LAN with only end hosts on it and no other router. Additionally, there is no reason to send EIGRP packets,
but you want EIGRP to advertise that the network can be reached. The combination of a network statement
for that interface plus a passive-interface command would be appropriate.
Route-update filtering can block all routing updates if you prefer, but it is really intended for selective filtering
of updates. If your goal is to block all updates, the passive-interface command is best.
Default routes and static routes can be used as ways around having to send routing updates out an
interface. However, if your goal is to block updates, you should issue the passive-interface command.
Objective:
Sub-Objective:
Troubleshoot passive interfaces
References:
QUESTION 132
Which show command displays detailed information about a router's BGP connections to neighboring
routers?
A. show ip bgp
B. show ip bgp summary
C. show ip bgp neighbors
D. show ip bgp connections
Correct Answer: C
Section: (none)
Explanation
Explanation:
The show ip bgp neighbors command will show you detailed information about all of the router's neighbors
or peers. A sample of the show ip bgp neighbors output is shown below. The sample utilizes the ip address
parameter, which is optional, but can used to limit the output to display information about only one neighbor:
In the above example, router15 has sent out a BGP open packet to the peer at 10.5.1.6 and is listening for
a connection request from the peer. This can be determined by the line that says BGP state = Active. It can
also be determined that router has established a TCP connection two times, as evidenced by the line
Connections established 2.
The show ip bgp command displays the contents of the BGP routing table. It will not display detailed
information about a router's BGP connections to neighboring routers.
The show ip bgp summary command displays a summary of the status of BGP connections. It will not
display detailed information about a router's BGP connections to neighboring routers.
There is no show ip bgp connections command.
Objective:
Sub-Objective:
References:
Cisco IOS Master Command List, Release 12.4 > a through b > BGP Commands: show ip through T >
show ip bgp neighbors
QUESTION 133
You have configured OSPF on your network and enabled route summarization on an area border router
(ABR) with the following command:
Router(config-router)# area 3 range 165.164.8.0 255.255.248.0
What does the 3 specify in this command?
A. The ID of the OSPF backbone

B. The number of networks summarized in the area
C. The ID of the area about which routes will be summarized
D. The ID of the area to which the summary route information will be sent
Correct Answer: C
Section: (none)
Explanation
Explanation:
The 3 in the area range command specifies the area that contains the routes that are to be summarized. In
OSPF, you can only configure summarization on the border routers. The summaries need to be of routes
within a single area. You summarize the routes of an area so that routers in another area do not see the
individual networks, just the summary. The correct command syntax is shown below:
area number range ip-address mask
The number parameter is the number of the area whose networks are being summarized. For example, in
the network shown in the graphic below, to summarize the networks within area 2 to 10.1.0.0/16, you would
configure router A with the command area 2 range 10.1.0.0 255.255.0.0. This would not affect the routing
tables of the routers within area 2, but instead make the routing tables of areas 0 and 1 smaller. These
other routers would only have the summary route listed instead of the individual networks. Router C would
only see the summary route 10.1.0.0/16.
Objective:
Sub-Objective:
References:
Cisco IOS Master Command Reference > a through b > area range
QUESTION 134
Which of the following commands is used to verify the link-local, global unicast, and multicast addresses of
an IPv6 router?
A. show ipv6 neighbors (only link-local addresses)

B. show ipv6 route
C. show ipv6 protocols
D. show ipv6 interface
Correct Answer: D
Section: (none)
Explanation
Explanation:
The show ipv6 interface command is used to verify the link-local, global unicast, and multicast addresses
assigned to an IPv6-enabled router interface. The show ipv6 interface command displays information
regarding that interface, such as the physical state, MTU, and IPv6 enable/disable state.
A partial output of the show ipv6 interface command on an IPv6-enabled router named rtrA is as follows:
In the given sample output, you can see that the Fa0/1 interface of rtrA has the link-local address
FE80::6339:7BFF:FE5D:A031/64 and the global unicast address 2001:7067:90D1:1::1. The global unicast
address is not in EUI-64 format because when the ipv6 address command was issued, the eui64 keyword
was not used. If EUI-64 format had been specified with the eui64 keyword, the global unicast address would
have been 2001:7067:90D1:1:6339:7BFF:FE5D:A031.
An IPv6-enabled interface has not only a link-local and global unicast address, but also one or more
multicast addresses. A multicast address is an IPv6 address that has the prefix FF00::/8. These addresses
are assigned to interfaces of different nodes such that they appear as a logical group. This implies that
when a packet is destined for a multicast address, that packet is delivered to all the interfaces that have the
same multicast address. The various multicast groups are as follows:
FF02::1 Indicates the group of all the nodes on the local segment
FF02::2 Indicates the group of all the routers on the local segment
FF02::1:FF00:0/104 Indicates a solicited-node multicast group for every unicast or anycast address
assigned to the interface
You can also notice in the sample output that the Fa0/1 interface belongs to three multicast groups:
FF02::1, FF02::2, and FF02::1:FF5D:A031. The first two multicast groups refer to the all-host and all-router
multicast groups, respectively. The third group, FF02::1:FF5D:A031, is the solicited-node multicast address.
This address is created for every unicast or anycast address. A solicited-node multicast address is
determined by assigning the least significant 24 bits of the unicast address to the least significant 24 bits of
the FF02::1:FF00:0 address.
The show ipv6 neighbors command displays the link-local /global unicast addresses of the neighbors,
including other information such as state and the next-hop interface.
The show ipv6 route command is used to view the IPv6 routing table on the router. This command displays
the prefixes, administrative distance, metric, and next-hop addresses for various IPv6 networks.
The show ipv6 protocols command is used to view the active routing protocols for IPv6 on the router. This
command shows the interfaces, redistribution status, and summarization status about each of the routing
protocols enabled on the router.
Objective:
Sub-Objective:
References:
Cisco IOS IPv6 Command Reference > show ipv6 eigrp topology through show ipv6 nat statistics > show
ipv6 interface
Cisco IOS IPv6 Command Reference > show ipv6 nat translations through show ipv6 protocols > show ipv6
neighbors
Cisco IOS IPv6 Command Reference > show ipv6 nat translations through show ipv6 protocols > show ipv6
protocols
Cisco > Products & Services > Cisco IOS and NX-OS Software > Cisco IOS Technologies > IPv6 > Product
Literature > White Papers > Cisco IOS IPv6 Multicast Introduction
Cisco > IPv6 Implementation Guide, Release 15.2M&T > Implementing IPv6 Multicast
QUESTION 135
You executed the following commands to assign an IPv6 link-local address to the Fa0/0 interface of the R1
router:
R1(config)# interface Fa0/0

R1(config-if)# ipv6 ospf 1 area 1
When you executed the show running-config command on the R1 router, you observed that OSPF for IPv6
is not running on the router.
Which of the following commands should be added to the interface configuration?
A. ipv6 router ospf

B. ipv6 enable
C. ipv6 ospf neighbor
D. ipv6 ospf cost
Correct Answer: B
Section: (none)
Explanation
Explanation:
The ipv6 enable command should be used on R1 to enable IPv6. This command automatically provides an
IPv6 link-local unicast address for the interface on which IPv6 is being configured. If an explicit IPv6
address were configured on the interface, the command would not be required.
The ipv6 router ospf command should not be used in the configuration because this command allows you to
enter the router configuration mode for OSPF for IPv6.
The ipv6 ospf neighbor command is used to configure neighboring routers for OSPF.
The ipv6 ospf cost command should not be added to the configuration because this command allows you to
specify the OSPF cost to send packets from a given interface.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IPv6 Command Reference > ipv6 enable
QUESTION 136
Consider the following diagram. All PVCs are active.
If the partial output of the show ip ospf neighbor command executed on Router A is as follows, which of the
following statements is TRUE?
RouterA# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface

1.1.1.1 1 FULL/DROTHER 00:00:13 10.20.10.21 SerialO
2.2.2.2 1 FULL/DR 00:00:51 10.20.10.22 SerialO
A. Router C and Router B will fail to have all OSPF routes in their tables.
B. All routing tables will be populated correctly.
C. Router A will be the DR.
D. Router C will be the DR.
Correct Answer: A
Section: (none)
Explanation
Explanation:
The output of the command shows that Router C and Router B will fail to have all OSPF routes in their
tables. In a hub and spoke configuration, as depicted in the diagram, the hub router (Router A) should be
the designated router (DR) or the source of updates to the other routers. However, Router B is the DR, as
evidenced by the output of the show ip ospf neighbor command executed on Router A.
This situation could be rectified by setting Routers B and C with a priority of 0, which would disqualify them
from being the DR. After that, all routes could be distributed from the hub, which would have visibility of all
routes.
All routing tables will be populated correctly until the hub router is made the DR.
Neither Router A nor C will be the DR, since it is indicated that Router B is the DR in the output of the
command.
Objective:
Sub-Objective:
References:
Cisco > Home > Support > Support Technology > Support > IP Routing > Configure > Configuration
Examples and Technotes > Initial Configurations for OSPF over Frame Relay Subinterfaces
Cisco > Cisco IOS Wide-Area Networking Command Reference > frame-relay lapf n201 through fr-atm
connect dlci > frame-relay map
Cisco > Cisco IOS IP Routing: OSPF Command Reference > ip ospf network
QUESTION 137
Which command sets the OSPF priority value of a router interface to 10?
A. Router(config)# ospf priority 10

B. Router(config-if)# ospf priority 10
C. Router(config)# ip ospf priority 10
D. Router(config-if)# ip ospf priority 10
Correct Answer: D
Section: (none)
Explanation
Explanation:
The correct syntax for the ip ospf priority command is shown below:
Router(config-if)# ip ospf priority {number}
The number is a value from 0 to 255, and 1 is the default priority. A priority value of 0 means that the
interface cannot be elected as the designated router (DR) or backup designated router (BDR). The higher
the priority, the more preferred the router is when there is an election for DR and BDR for that network.
NOTE: The ip ospf priority command is entered in interface configuration mode, not router configuration
mode.
All other options either use incorrect syntax or are executed at an incorrect prompt.
Objective:
Sub-Objective:
References:
Cisco IOS Master Command List, Release 12.4 > i through k > ip ospf priority
QUESTION 138
When configuring a DMVPN solution, which of the following technologies makes it possible for the spoke
routers to use dynamic IP addressing?
A. IPsec
B. mGRE
C. NHRP
D. Dynamic routing protocols
Correct Answer: C
Section: (none)
Explanation
Explanation:
Next Hop Resolution Protocol (NHRP) allows the spoke routers to register their IP addresses with the
NHRP server, which is the hub router. It also allows the spoke routers to then learn the physical IP
addresses of the other spoke routers from the hub router, allowing for GRE links to be built dynamically as
needed between the spokes. This eliminates the need for the traffic to go through the hub router.
Dynamic Multipoint VPN (DMVPN) technology leverages the following associated technologies:
IPsec
mGRE
Dynamic routing protocols
NHRP
Cisco Express Forwarding
It makes it possible to build the hub router once, and add spokes later, making no additional changes to the
hub. The spokes are able to register with the hub and dynamically build their own connections to other
spokes using the IP addresses learned from the hub using NHRP. DMVPN also allows IPsec point-to-point
GRE tunnels to be built to new spokes with no IPsec peering configuration. The multipoint GRE technology
(mGRE) allows a single physical interface on the hub to be used for all spoke connections.
Finally, the routing protocols used by DMVPN allow the routers to share routing information, while Cisco
Express Forwarding (CEF) is a switching technology that improves performance while reducing the load on
the CPUs of the routers.
Objective:
VPN Technologies
Sub-Objective:
Describe DMVPN (single hub)
References:
Cisco > Dynamic Multipoint VPN (DMVPN) Design Guide (Version 1.1) > DMVPN Design Overview
QUESTION 139
You have a DMVPN hub with the following configuration applied:
What problem could occur if the bandwidth 1000 command were missing from the tunnel interface?
A. the tunnel interface will intermittently flap up and down

B. split horizon will prevent routing updates from traversing from spoke to spoke
C. congestion will develop in the tunnel interface
D. the IPsec association will fail
Correct Answer: A
Section: (none)
Explanation
Explanation:
In the absence of a bandwidth command on the tunnel interface, the default bandwidth on a tunnel interface
is 9 Kbps. EIGRP will use 50% of that (4.5K), which is too low. This will cause problems with the
maintenance of EIGRP neighbor relationships. From time to time this will cause the tunnel to flap up and
then down as the relationships go up and down. When you execute the bandwidth command it has no real
effect on the bandwidth of the link but it will allow EIGRP to use 50% of 10k or 5k for its purposes, leaving
4k for data. This will have little impact on the data while maintaining the neighbor relationships.
The bandwidth command will have no effect on split horizon. There will be no problems with split horizon,
even though the output shows that it has been disabled on the tunnel interface with the no ip split-horizon
eigrp 1 command.
The bandwidth command will not cause congestion on the link. It will only lower the bandwidth available to
data from 4.5K to 4K.
The bandwidth command will not cause the IPsec association to fail. There is sufficient bandwidth for this
process.
Objective:
VPN Technologies
Sub-Objective:
References:
Understanding Cisco Dynamic Multipoint VPN - DMVPN, mGRE, NHRP
QUESTION 140
The following configuration was applied to the router R66:
What is the interface ID and the IP address of the subinterface created to host the virtual network named
red? (Choose two.)
A. FastEthernet1/0/0.3
B. FastEthernet0/0/0.red
C. FastEthernet0/0/3
D. 10.1.1.3
E. 10.1.1.1
F. 10.0.0.3
Correct Answer: AE
Section: (none)
Explanation
Explanation:
The interface ID of the subinterface created to host the virtual network named red will be
FastEthernet1/0/0.3, and the IP address will be 10.1.1.1.
When a virtual routing and forwarding (VRF) instance is defined, it will have a name and a tag number. The
tag number is used by the router to dynamically create a subinterface on the specified physical interface of
the EVN trunk. The tag number is appended to the physical interface ID. Since the virtual network (vnet)
trunk was defined as FastEthernet1/0/0, the subinterface for vrf red will be FastEthernet1/0/0.3. All
subinterfaces on the trunk will use the same IP address as the physical interface defined as the trunk.
Easy virtual networking (EVN) is a technology that allows for multiple logical networks to use the same
physical infrastructure. EVN trunks carry the traffic of multiple VRFs. While the subinterfaces dedicated to
each VRF use the same IP address (that of the physical interface of the EVN trunk), no IP address conflicts
ever occur because each VRF maintains its own routing and forwarding tables, and while on the trunk, each
uses a VRF tag to separate the traffic from each VRF.
Objective:
VPN Technologies
Sub-Objective:
Describe Easy Virtual Networking (EVN)
References:
Cisco > Easy Virtual Network Configuration Guide, Cisco IOS XE Release 3S > Overview of Easy Virtual
Network
QUESTION 141
You are troubleshooting an issue with the configuration of mGRE on the hub router in a hub-and-spoke
configuration. Examine the output of the configuration of the tunnel interface on the hub router:
Which of the following statements is true?
A. The tunnel destination must be specified on the tunnel interface

B. the tunnel mode gre multipoint command must be executed on the tunnel interface
C. the tunnel mode gre multipoint command must be executed on the physical interface
D. The tunnel destination must be specified on the physical interface
Correct Answer: B
Section: (none)
Explanation
Explanation:
The tunnel mode gre multipoint command must be executed on the tunnel interface. An mGRE
configuration is one in which the tunnel is allowed to have multiple destinations. The distinguishing feature
between an mGRE interface and a point-to-point GRE interface is the tunnel destination. While it is
specified on a point-to-point GRE interface, it is not on an mGRE interface. Instead the command tunnel
mode gre multipoint is executed on the tunnel interface. This allows the interface to use the Next Hop
Routing protocol (NHRP) to discover the IP addresses of the other tunnel endpoints.
The tunnel destination is not specified on the tunnel interface using mGRE. Instead the command tunnel
mode gre multipoint is executed on the tunnel interface.
The tunnel mode gre multipoint command must be executed on the tunnel interface, not the physical
interface.
The tunnel destination is neither specified on the tunnel interface nor on the physical interface when using
mGRE.
Objective:
VPN Technologies
Sub-Objective:
Configure and verify GRE
References:
Cisco > Dynamic Multipoint VPN (DMVPN) Design Guide (Version 1.1) > DMVPN Design and
Implementation > mGRE Configuration
Cisco > Cisco IOS IP Mobility Command Reference > tunnel mode gre
QUESTION 142
You are planning the configuration of Easy Virtual Networking (EVN).
Which of the following statements is true of an interface that will be an EVN trunk?
A. It must support 802.1q encapsulation

B. The interface can also be configured for VRF-Lite
C. The interface will support OSPFv3
D. The interface can support RIP
Correct Answer: A
Section: (none)
Explanation
Explanation:
The interface must be able to support 802.1q encapsulation. The EVN trunk carries the traffic of multiple
virtual routing and forwarding (VRF) instances, with the traffic of each instance tagged with an ID called the
virtual network tag. Since the VLAN ID field of an 802.1q encapsulated packet is used for this ID, the link
must be one that supports 802.1q.
Easy Virtual networking is a technology that allows for the creation of separate networks with separate
routing tables and routing instances using the same physical topology. The IP addressing for the networks
can even overlap with no problem. The networks are kept separate using the network ID tags in a similar
fashion to the way switches keep VLANs separate by using VLAN tags.
An EVN trunk interface cannot also be configured for VRF-Lite. VRF-Lite is an earlier technology that
accomplishes the same goal, but lacks the simplicity of EVN.
Neither RIP nor OSPFv3 is supported in Easy Virtual Networking EVN at all.
Objective:
VPN Technologies
Sub-Objective:
Describe Easy Virtual Networking (EVN)
References:
Cisco > Easy Virtual Network Configuration Guide, Cisco IOS XE Release 3S > Overview of Easy Virtual
Network
QUESTION 143
After an associate configured a DMVPN hub, you execute the following command on the hub router:
Which of the following statements is true of this output?
A. The NMBA address was statically configured

B. The NHRP information did not come from the NHS
C. The mapping was created through an NHRP registration request
D. The device at 10.1.1.2 is behind a NAT router
Correct Answer: C
Section: (none)
Explanation
Explanation:
The mapping was created through an NHRP registration request, as indicated by the flag setting registered.
Next Hop Resolution Protocol (NHRP) can be used in place of static IP address to NBMA address
mappings to allow the spoke routers in an mGRE hub-and-spoke configuration to discover one another's
physical IP addresses.
When the output of the show nhrp detail command shows the registered flag listed, it means that the
mapping was created dynamically and was learned through a registration request to the next hop server
(NHS).
The mapping was not created statically. Had it been created statically, the Type field would not be listed as
dynamic. It would say static.
The NHRP information DID come from the next hop server (NHS). That is indicated by the presence of the
authoritative flag. The NHS is the next hop to the destination as indicated by the routing table.
The device at 10.1.1.2 is not necessarily behind a NAT router. The presence of the nat flag in the output
indicates that the device at 10.1.1.2 supports the NHRP NAT extension type for supporting dynamic spoke-
to-spoke tunnels to or from spokes behind a NAT router. This flag does not mean that the spoke (NHS
client) is behind a NAT router.
Objective:
VPN Technologies
Sub-Objective:
References:
Home > Support > Product support > Cisco IOS and NX-OS software > Cisco IOS software releases 12.4
mainline > Configure > Feature Guides > NHRP
QUESTION 144
The following commands were executed on the perimeter router. The Fa1/0 interface in the router is the
external interface.
What will be the effect of these commands?
A. all traffic will be blocked incoming

B. traffic sourced from private IP addresses will be blocked incoming
C. traffic destined for private IP addresses will be allowed incoming
D. no traffic will be blocked incoming
Correct Answer: A
Section: (none)
Explanation
Explanation:
All traffic will be blocked incoming. While it appears on the surface that this list was designed to block
incoming traffic sourced from private IP addresses, it is lacking a single permit statement. Due to the
implied deny all at the end of the list, no traffic will be allowed incoming.
Blocking incoming traffic from private IP addresses is a way to prevent IP spoofing, since there should be
no reason for traffic from private IP addresses to be incoming from the Internet. However, you need to
include a permit statement at the end to allow all other traffic types.
Traffic destined for private IP addresses is not all that will be blocked by this command set. In fact, no traffic
would be allowed. If there were a permit ip any any at the end of the list, then incoming traffic destined for
private IP addresses would be allowed. This is probably not a great idea either, but if it a permit IP any were
added at the end of the command set in the scenario, it would allow incoming traffic destined for private IP
addresses.
Objective:
Infrastructure Security
Sub-Objective:
Configure and verify router security features
References:
Cisco > Cisco IOS Security Command Reference: Commands A to C > access-list
Cisco > Cisco IOS Security Command Reference: Commands D to L > ip-group
Prevent IP spoofing with the Cisco IOS
QUESTION 145
Examine the following access list:
Which statement is NOT designed to prevent IP spoofing attacks from packets that appear to be sourced
from inside the network, but are actually sourced from outside the network?
A. access-list 110 deny ip 10.0.0.0 0.255.255.255 any

B. access-list 110 deny ip 172.16.0.0 0.15.255.255 any
C. access-list 110 deny ip 192.168.0.0 0.0.255.255 any
D. access-list 110 deny ip 208.0.0.0 0.255.255.255 any
Correct Answer: D
Section: (none)
Explanation
Explanation:
Infrastructure access control lists are designed to prevent spoofing attacks from packets that appear to be
sourced from inside the network when they are in fact sourced from outside the network. There are two
groups of address that should be blocked at the edge of the network:
The private address space, which are called RFC 1918 addresses
Certain "special use addresses" as defined in RFC 3330
The address 208.0.0.0 0.255.255.255 falls into neither of those categories.

The RFC 1918 addresses that should be blocked are:
10.0.0.0/24
172.16.0.0/16
192.168.0.0/16
The RFC 3330 addresses that should be blocked are:
0.0.0.0
127.0.0.0/8
192.0.2.0/24
224.0.0.0/4
For more information about these special use addresses, see RFC 3330.
Objective:
Sub-Objective:
References:
Home > Support > Technology Support > IP > IP addressing services > Technology information >
Technology white paper >Protecting Your Core: Infrastructure Protection Access Control Lists
QUESTION 146
Examine the following output of the show ip route command and the partial output of the show run
command from the router R63:
What will the router do with a packet with a source address of 192.168.5.5/24 and a destination address of
10.11.11.20/ 24 that arrives on the Serial0/0 interface?
A. forward it out the Ethernet0/0 interface

B. forward it out the Tunnel0 interface
C. drop the packet
D. forward it out the Ethernet0/1 interface
Correct Answer: C
Section: (none)
Explanation
Explanation:
It will drop the packet. The partial output of the show run command shows that the ip verify unicast source
reachable via rx command has been executed on the Serial 0/0 interface. This enables the Unicast Reverse
Path Forwarding (Unicast RPF) feature. This feature prevents IP spoofing by verifying from the routing table
that there is a valid return path to the source IP address. If there is not valid return path, you can assume
the IP address has been spoofed. When the command ends in the keyword rx, it means that there must be
a return path through the interface where the command was executed. This is called strict mode.
The packet arrived on the Serial0/0 interface. The routing table shows that there is no routing entry for the
192.168.5.0/24 network that leads back through the entry interface of Serial0/0. In fact, in this instance
there is no routing table entry for that network leading to any interface. When this occurs, the router will
drop the packet.
The router will not send the packet to either the Ethernet0/0 or the Tunnel0 interfaces because the
destination network, 10.11.11.0/24, is not a reachable destination on those interfaces. Even if it were
reachable, the Unicast Reverse Path Forwarding (Unicast RPF) feature will drop the packet because it has
been spoofed.
It will not send the packet to the Ethernet0/1 interface. The Unicast Reverse Path Forwarding (Unicast RPF)
feature will drop the packet because it has been spoofed. If the packet were not spoofed, it would be sent to
the Ethernet0/1 interface because that is the interface used by the default route. Because there is no route
in the table to the 10.11.11.0/24 network, it would be sent to the default route.
Objective:
Sub-Objective:
References:
Cisco IOS Security Configuration Guide, Release 12.2 > Configuring Unicast Reverse Path Forwarding
Cisco > Configuring Unicast Reverse Path Forwarding
QUESTION 147
An associate creates the following access list that she plans to apply to an interface on a router:
access-list 100 permit ip any any log
What type of traffic could cause this ACL to place a heavy load on the CPU of the router, and what
command could be used to reduce the impact of the ACL? (Choose two.)
A. traffic that is CEF switched

B. traffic that is process switched
C. traffic that is fast switched
D. ip access-list log-update threshold
E. ip access-list logging interval
F. logging rate limit
Correct Answer: BE
Section: (none)
Explanation
Explanation:
There are two contributors to the CPU load increase from ACL logging: process switching of packets that
match log-enabled access control entries (ACEs), and the generation and transmission of the log
messages. To reduce the impact of process switched traffic, the ip access-list logging interval command
can be used. The interval is specified in milliseconds and represents how often a single packet is process
switched. While the messages in the generated log entries may not be as comprehensive after this
command is executed, the counter values that are generated by the show access-list and show ip-access
list commands will still be accurate.
Packets that are not process switched (CEF switched and fast switched) will examined or accounted for in
the logging, so they are not the source of the problem.
The ip access-list log-update threshold command is used to configure how often syslog messages are
generated and sent after the initial packet match. While this would be a beneficial command to run, as it
addresses the second source of CPU congestion that is the sending of the syslog messages, that was not
listed as a traffic type option. Therefore, this would not be a solution to the issue presented by packet
switched traffic.
The logging rate limit command also will reduce the impact of log generation and transmission on the CPU,
but again, it does not address the issue presented by process switched traffic.
Objective:
Sub-Objective:
References:
Understanding Access Control List Logging
Cisco > Cisco IOS Security Command Reference: Commands D to L > ip-group
QUESTION 148
Which of the following commands enables Unicast Reverse Path forwarding in loose mode?
A. ip verify unicast source reachable-via rx

B. ip verify unicast source reachable-via any
C. ip verify unicast source reachable-via rx allow default
D. ip verify unicast source reachable-via allow default
Correct Answer: B
Section: (none)
Explanation
Explanation:
The command ip verify unicast source reachable-via any enables Unicast Reverse Path Forwarding (RPF)
in loose mode. In loose mode, traffic is allowed if the source address is reachable via any interface on the
router as indicted in the routing table. Unicast Reverse Path forwarding uses the source IP address when it
validates the packet. Packets are validated when the source address is contained in the routing table and is
reachable either via the ingress interface (strict mode) or via any interface (loose mode).
The command ip verify unicast source reachable-via rx enables Unicast RPF in strict mode, not loose
mode. The rx keyword indicates the source must be reachable on the interface where the packet arrived.
The command ip verify unicast source reachable-via rx allow default enables Unicast RPF in strict mode.
The inclusion of the allow default keyword indicates the source can be reachable via a default route to be
accepted.
The command ip verify unicast source reachable-via allow default is syntactically incorrect. The allow
default keyword cannot be present by itself. It must follow either the rx or any keywords.
Objective:
Sub-Objective:
References:
Understanding Unicast Reverse Path Forwarding
Cisco > Cisco IOS Security Command Reference: Commands D to L > ip verify unicast source reachable-
via
QUESTION 149
The following access lists are applied to an interface connecting two OSPF routers:
What is the result?
A. the DR on the link will begin updating

B. the OSPF adjacency will go down
C. the last deny statement will fail to log traffic
D. the list will only permit IPv6 neighbor advertisements
Correct Answer: B
Section: (none)
Explanation
Explanation:
If this list is applied to the interface connecting two OSPF routers, the OSPF adjacency would go down. The
deny ip any any log statement will deny the IPv6 link local addresses, which are used for the neighbor
discovery process and by OSPF routers to establish neighbor adjacencies when directly connected.
By default, IPv6 access lists have a deny all at the end that does NOT include those addresses. However,
when you set an explicit deny all as shown in the scenario, you will block all traffic that is not specified by an
earlier statement in the list.
The DR on the link, if present, will not begin updating because the adjacency will fail. It will then have no
neighbor to update.
The last deny statement in the scenario will log any traffic it blocks, as indicated by the inclusion of the log
keyword.
The list will NOT permit neighbor advertisements. These are always done in terms of link local addresses,
which the explicit deny ip any any log statement at the end will block.
Objective:
Sub-Objective:
References:
Security Configuration Guide: Access Control Lists, Cisco IOS XE Release 3S > IPv6 Access Control Lists
Cisco > Cisco IOS IPv6 Command Reference > ipv6 access-list
Cisco > Cisco IOS Security Command Reference: Commands M to R > permit (IP)
Cisco > Cisco IOS Security Command Reference: Commands D to L > deny (IP)
QUESTION 150
Which of the following IPv6 access list statements would permit SSH traffic from 2001:DB8:0:4::32 when
applied to the VTY lines?
A. permit ipv6 2001:DB3:0:5::/48 any eq ssh

B. permit ipv6 2001:DB8:0:4::/64 any eq ssh
C. permit ipv6 host 2001:DB8:0:4::32 any eq 23
D. permit ipv6 2001:DE8:0:4:::/48 any eq 22
Correct Answer: B
Section: (none)
Explanation
Explanation:
The only statement that would allow SSH traffic from 2001:DB8:0:4::32 is permit ipv6 2001:DB8:0:4::/64 any
eq ssh. It would match because it specifies the 2001:DB8:0:4:: subnet as a result of the /64 prefix. With that
prefix, traffic must match in the first four hextets. Since the address 2001:DB8:0:5::32 matches in the first
four hextets, it is allowed.
The statement permit ipv6 2001:DB3:0:5::/48 any eq ssh will not permit traffic from 2001:DB8:0:4::32. With
a /48 subnet mask, the address must match in the first three hextets, and it does not do
Objective:
Sub-Objective:
References:
Catalyst 3750 Software Configuration Guide, Release 12.2(55)SE > Configuring IPv6 ACLs
Cisco > Cisco IOS IPv6 Command Reference > permit (IPv6)
QUESTION 151
Examine the following output of the show ip route command and the partial output of the show run
command from the router R64:
What will the router do with a packet with a source address of 10.2.1.7/24 and a destination address of
10.11.11.50/ 24 that arrives on the Serial0 interface?
A. forward it out the Serial0/0 interface

B. forward it out the Tunnel0 interface
C. drop the packet
D. forward it out the Ethernet0/0 interface
Correct Answer: D
Section: (none)
Explanation
Explanation:
It will forward the packet out the Ethernet 0/0 interface. The partial output of the show run command shows
that the ip verify unicast source reachable via any command has been executed on the Serial 0/0 interface.
This enables the Unicast Reverse Path Forwarding (Unicast RPF) feature. This feature prevents IP
spoofing by verifying from the routing table that there is a valid return path to the source IP address. If there
is not valid return path, you can assume the IP has been spoofed.
When the ip verify unicast source reachable via command ends with the key word any , it means the return
path can be through any interface, not just the one where the command was executed. This is called loose
mode. It also includes the parameter allow-default which removes the requirement that the network be
specifically mentioned in the routing table.
Since there is a routing table entry for the source network leading to the Serial0/0 interface, the packet will
be forwarded to the destination network reachable using the route via the E0/0 interface.
The router will not send the packet to either the Serial0/0 or the Tunnel0 interfaces because the destination
network, 10.11.11.0/24, is not a reachable destination on those interfaces.
It will not send the packet to the Ethernet0/1 interface because that is the interface used by the default
route. Because there is a route in the table to the 10.11.11.0/24 network, it would be sent to the Ethernet
0/0 interface.
Objective:
Sub-Objective:
References:
Cisco IOS Security Configuration Guide, Release 12.2 > Configuring Unicast Reverse Path Forwarding
Cisco > Configuring Unicast Reverse Path Forwarding
QUESTION 152
When the log keyword is added to an access list statement, CPU utilization increases.
What is the source of the increased CPU utilization? (Choose all that apply.)
A. the process switching of packets that match the ACE

B. the incrementing of the match counter every 60 seconds
C. the generation and transmission of log messages
D. the CEF switching of packets that match the ACE
Correct Answer: AC
Section: (none)
Explanation
Explanation:
The source of the increased CPU utilization will have two sources. First is the process switching of each
packet that matches the ACE, which is a slower switching method than CEF switching. The second is the
generation and transmission of the log messages. Both effects can be mitigated by adjusting the logging
interval and the message interval.
The CPU utilization does NOT increase from the incrementing of the match counter every 60 seconds. The
match counter increments every 5 minutes by default.
The CPU utilization does NOT increase from the CEF switching of packets that match the ACE. Those
packets will be process switched, which is a much slower process than CEF switching.
Objective:
Sub-Objective:
References:
Understanding Access Control List Logging
Cisco > Cisco IOS Security Command Reference: Commands D to L > ip access-list log-update
Cisco > Cisco IOS Broadband Access Aggregation and DSL Command Reference > logging rate-limit
QUESTION 153
Earlier today you created and applied an access list designed to restrict remote access to the router R62
ONLY from the device at 2001:DB8:0:4:: 32. During testing, you discover that it is not having the desired
effect.
You execute the show run command and see the following partial output that is relevant to the issue:
Why is the access list not functioning correctly?
A. the IPv6 address in the list is not formatted correctly

B. the list is not applied to the proper interface
C. the list is missing a deny statement
D. the ipv6 access-group command should be used to apply the list
Correct Answer: B
Section: (none)
Explanation
Explanation:
The list is applied to the wrong interface. An access list that is designed to control remote access should be
applied to the VTY lines, not to one of the physical interfaces. If the command were formatted correctly, the
show run output would appear as follows:
The IPv6 address is formatted correctly. Although it has been shortened in format, it follows all of the
shortening rules. It omits only leading zeros and it utilizes the double colon only once.
The access list does not require a deny statement. There is an implicit deny all at the end of the list.
The ipv6 access-group command should not be used to apply the list. This command is used when an
access list is applied to a physical interface, not the VTY lines.
Objective:
Sub-Objective:
References:
Cisco > IPv6 Configuration Guide, Cisco IOS Release 15.0S > Implementing Traffic Filters and Firewalls for
IPv6 Security > Access Control Lists for IPv6 Traffic Filtering
Cisco > Security Configuration Guide: Access Control Lists, Cisco IOS Release 15S > Controlling Access to
a Virtual Terminal Line
QUESTION 154
The following command was executed on the router R61.
R61#debug ip packet detail 105
What type of information will this debug command generate?
A. all information on packets that are not fast switched by the router named 105
B. all information on packets that are not fast switched by the local router
C. information on packets that are not fast switched as filtered by the access list 105
D. information on packets sent from router 105
Correct Answer: C
Section: (none)
Explanation
Explanation:
This debug command will generate information on packets that are not fast switched as filtered by the
access list 105. The output of certain debug commands can generate a tremendous amount of output, and
in most cases a lot of information you don't need. It can even impact the performance of the router while the
debug command is in effect. The best way to reduce this output is to filter it through an extended access
list.
To do this, you create the access list as you would any other access list and then reference the access list
number when you execute the debug command. For example, to restrict the output of the debug ip packet
detail command to the traffic generate between the devices with the IP addresses 10.10.10.2 and 13.1.1.1,
you would create the following extended access list:
access-list 105 permit icmp host 10.10.10.2 host 13.1.1.1

access-list 105 permit icmp host 13.1.1.1 host 10.10.10.2
When you then execute the debug ip packet detail command and reference the list number of 105, it will
only display debug output concerning communications between these IP addresses.
The number 105 in the command does not reference a router name or number. It references an access list
number.
The command will not display all information on packets that are not fast switched by the local router. It will
be limited to information as filtered in the access list 105.
The command will not list information on packets sent from router 105. The number 105 refers to an access
list number, not a router.
Objective:
Sub-Objective:
References:
Home > Support > Technology support > Dial and access > Integrated services digital networks (isdn),
channel-associated signaling (cas) > Troubleshoot and alerts > Important Information on Debug
Commands
Cisco > Cisco IOS Debug Command Reference - Commands I through L > debug ip packet
QUESTION 155
Which of the following commands must be present in the configuration to support Unicast RFP?
A. bandwidth
B. ip cef
C. ip route 0.0.0.0 0.0.0.0
D. log
Correct Answer: B
Section: (none)
Explanation
Explanation:
The command ip cef must be present in the configuration to support Unicast Reverse Path Forwarding
(RPF). If the router is set to its defaults, it will be present. Unicasts RPF uses the tables created by CEF to
validate packet source addresses. Therefore, it must be enabled. Unicast RPF can be enabled in three
modes:
Strict mode - The source address must be must be reachable on the interface where the packet arrived.
Loose mode - Traffic is allowed if the source address is reachable via any interface on the router as
indicted in the routing table.
VRF mode - Evaluates an incoming packet's source IP address against the VRF table configured for an
eBGP neighbor.
The bandwidth command, while desirable to ensure proper cost calculation of the interface for routing
purposes, is not a requirement for Unicast RPF.
The ip route 0.0.0.0 0.0.0 command creates a default route. A default route does not need to be present for
Unicast RPF to function.
The log command is not required. This command should be used with caution with any access list, as it
causes an increase in CPU usage in the router.
Objective:
Sub-Objective:
References:
Cisco IOS Security Configuration Guide, Release 12.2 > Part 5: Other Security Features > Configuring
Unicast Reverse Path Forwarding
Cisco > Cisco IOS IP Switching Command Reference > ip cef
QUESTION 156
When the auth keyword is used in the snmp-server host command, which of the flowing must be configured
with an authentication mechanism?
A. the interface
B. the host
C. the user
D. the group
Correct Answer: C
Section: (none)
Explanation
Explanation:
The auth keyword specifies that the user should be authenticated using either the HMAC-MD5 or HMAC-
SHA algorithms. These algorithms are specified during the creation of the SNMP user.
For example, the following command creates a user named V3User that will be a member of the SNMP
group V3Group and will use HMAC-MD5 with a password of MyPassword:
snmp-server user V3User V3Group v3 auth md5 MyPassword
The authentication mechanism is not configured on the interface. All SNMP commands are executed at the
global configuration prompt.
The authentication mechanism is not configured at the host level. The version and security model
(authentication, authentication and encryption, or neither) are set at the host level.
The authentication mechanism is not configured at the SNMP group level. The group level is where access
permissions like read and write are set. This is why a user account must be a member of a group to derive
an access level, even if it is a group of one.
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify SNMP
References:
Configuring SNMP Support > Understanding SNMP > SNMP Versions
Cisco IOS Network Management Command Reference > snmp-server engineID local through snmp trap
link-status > snmp-server host
QUESTION 157
You recently implemented SNMPv3 to increase the security of your network management system. A partial
output of the show run command displays the following output that relates to SNMP.
<output omitted>
snmp-server group NORMAL v3 noauth read NORMAL write NORMAL
Which of the following statements is true of this configuration?
A. it provides encryption, but it does not provide authentication

B. it provides neither authentication nor encryption
C. it provides authentication, but it does not provide encryption
D. it provides both authentication and encryption
Correct Answer: B
Section: (none)
Explanation
Explanation:
It provides neither authentication nor encryption. In SNMPv3 there are three combinations of security that
can be used:
noAuthNoPriv- no authentication and no encryption noauth keyword in the configuration
AuthNoPriv - messages are authenticated but not encrypted auth keyword in the configuration
AuthPriv - messages are authenticated and encrypted priv keyword in the configuration
In this case, the keyword noauth in the configuration indicates that no authentication and no encryption are
provided. This makes the implementation no more secure than SNMPv1 or SNMPv2.
In SNMPv1 and SNMPv2, authentication is performed using a community string. When you implement
SNMP using the noauth keyword, it does not use community strings for authentication. Instead it uses the
configured user or group name (in this case NORMAL). Regardless, it does not provide either
authentication or encryption.
Objective:
Sub-Objective:
References:
SNMP Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) > SNMPv3
QUESTION 158
You execute the following command.
router(config-if)#ip helper-address 172.20.14.225
Which of the following traffic types will NOT be forwarded to the IP address 172.20.14.225?
A. TFTP
B. SMTP
C. DNS
D. TACACS
Correct Answer: B
Section: (none)
Explanation
Explanation:
While the ip helper address command is typically used to forward DHCP broadcasts to a DHCP server
located in a remote subnet, it will also forward the following broadcast packets by default as well:
TFTP - UDP port 69
Domain Name System (DNS) UDP port 53
Time service - port 37
NetBIOS Name Server - port137
NetBIOS Datagram Server - port 138
Bootstrap Protocol (BOOTP) - port 67
TACACS UDP port 49
Objective:
Sub-Objective:
Configure and verify IPv4 and IPv6 DHCP
References:
Cisco IOS IP Application Services Command Reference > ip accounting through ip sctp authenticate > ip
helper-address
QUESTION 159
You execute the debug ip packet command and find that you receive no output.
Which of the following is the MOST likely reason?
A. someone executed the no ip route-cache command

B. someone executed the no ip mroute cache command
C. someone attached an extended access list to the debug process
D. someone executed the ip cef command
Correct Answer: D
Section: (none)
Explanation
Explanation:
When the ip cef command is executed, it enables Cisco Express Forwarding. When CEF is enabled,
packets are no longer switched to the processor, so the output shows nothing. You must disable CEF and
fast switching on the interface while you are running the debug ip packet command.
Executing the no ip route-cache command would disable fast switching and would enable the gathering of
packets rather than disable the operation.
Executing the no ip-mroute cache command would disable fast switching of multicast packets and would
enable the gathering of multicast packets.
While it is possible that that an overly restrictive access list could result in NO output, this is only a
possibility. On the other hand, it is certain that no output will be produced if the ip cef command was
executed. Access lists SHOULD be used in conjunction with the debug ip packet command to reduce the
significant amount of information generated and the system resources required to do so.
Objective:
Sub-Objective:
Configure and verify logging
References:
Home > Support > Technology support > Dial and access > Integrated Services Digital Networks (ISDN)
Channel-Associated Signaling (CAS) > Troubleshoot and alerts > Troubleshooting Technotes > Important
Information on Debug Commands
Cisco > Cisco IOS IP Switching Command Reference > ip cache-invalidate-delay through monitor event-
trace cef ipv6 global > ip cef
QUESTION 160
You have implemented SNMP v3 in your network. You find after making the configuration changes that
technicians in the RESTRICTED group cannot access the MIB. You execute the show run command and
receive the following output that relates to SNMP:
What is preventing the RESTRICTED group from viewing the MIB?
A. the presence of the keyword priv in the command creating the RESTRICTED group
B. a mismatch between the authentication mechanism and the encryption type in the command creating
the RESTRICTED user
C. the absence of an access list defining the stations that can used by the RESTRICTED group
D. the presence of the keyword auth in the command creating the RESTRICTED user
Correct Answer: C
Section: (none)
Explanation
Explanation:
At the end of the command creating the RESTRICTED group is the parameter access 99. This indicates
that an access list number 99 is being used to specify the allowed IP addresses of the stations that can be
used to connect to the MIB for the group. Since the access list is missing from the configuration, no IP
addresses will be allowed, and no connections can be made by the group.
The presence of the keyword priv in the command creating the RESTRICTED group is not causing the
issue. This keyword indicates that encryption (privacy) and authentication should both be used on all
transmissions by the group.
In SMNPv3, there are three combinations of security that can be used:

noAuthNoPriv- no authentication and no encryption noauth keyword in the configuration
AuthNoPriv - messages are authenticated but not encrypted auth keyword in the configuration
AuthPriv - messages are authenticated and encrypted priv keyword in the configuration
There is no mismatch between the authentication mechanism and the encryption type in the command
creating the RESTRICTED user.
snmp-server user RESTRICTED RESTRICTED v3 auth sha CISCO priv des56 CISCO
In the preceding command, the section auth sha CISCO specified that messages are authenticated using
SHA with a key of CISCO. It does not need to the match the section priv des56 CISCO, which indicates that
encryption (priv) will be provided using DES56 with a key of CISCO.
The presence of the keyword auth in the command creating the RESTRICTED user is not causing the
issue. This line indicates that that messages are authenticated using SHA with a key of CISCO.
Objective:
Sub-Objective:
References:
SNMP Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) > SNMPv3
QUESTION 161
Which of the following translation scenarios is NOT supported by stateless NAT64?
A. translation from IPv6 Internet to an IPv4 network

B. translation from IPv4 Internet to an IPv6 network
C. translation from IPv6 network to an IPv4 network
D. translation from IPv4 network to an IPv6 network
Correct Answer: A
Section: (none)
Explanation
Explanation:
Translation from IPv6 Internet addresses to an IPv4 network is not supported by the stateless version of
NAT64. There are two versions of NAT 64: stateful and stateless. Stateful NAT64 creates or modifies
bindings or session state while performing translation, while stateless NAT64 does not create or modify
bindings or session state while performing translation/
Translation from IPv4 Internet to an IPv6 network is supported by both NAT64 methods, although the
stateful version requires static 6 to 4 mappings.
Translation from an IPv6 network to an IPv4 network is supported by both methods, stateful and stateless.
Translation from an IPv4 network to an IPv6 network is supported by both methods, although the stateful
version requires static 6-to-4 mappings.
Objective:
Sub-Objective:
Describe IPv6 NAT
References:
Home > Products & services > Cisco IOS and NX-OS software > Cisco IOS Technologies > Enterprise IPv6
solution > Data sheets and literature > NAT64 Technology: Connecting IPv6 and IPv4 Networks
QUESTION 162
Examine the following partial output of the show run command.
Which of the following statements is true?
A. NTP broadcasts will be sent on E0

B. NTP broadcasts will be received on E0
C. NTP broadcasts will be received on E1
D. NTP broadcasts will be sent on E2
Correct Answer: B
Section: (none)
Explanation
Explanation:
NTP broadcasts will be received on E0. This information is indicated by the presence of the command ntp
broadcast client under that interface:
interface Ethernet0
ip address 10.10.88.50 255.255.255.254
ntp broadcast client
!
The ntp broadcast client command configures a device to listen to NTP broadcast messages.at that
interface. NTP broadcasts will be received, not sent, on E0.
NTP broadcasts will be sent, not received, on E1, because the ntp broadcast command was applied to the
Ethernet1 interface:
interface Ethernet1
ip address 10.86.194.176 255.255.254.0
ntp broadcast
The required command to receive broadcasts, ntp broadcast client, is present under the E0 interface, not
the E1 interface.
NTP broadcasts will not be sent on E2. There are no ntp commands under that interface.
Objective:
Sub-Objective:
Configure and verify Network Time Protocol (NTP)
References:
Cisco > Cisco IOS Basic System Management Command Reference > ntp broadcast
Cisco > Cisco IOS Basic System Management Command Reference > ntp broadcast client
QUESTION 163
The following configuration is present on a router R1:
Which part of the configuration provides many-to-one access for all devices on the defined segments to
share a single IP address upon exiting the external interface?
A. ip nat inside
B. ip nat outside
C. ip nat inside source list 7 serial0 overload
D. access-list 7 permit 10.10.10.0 0.0.0.31
Correct Answer: C
Section: (none)
Explanation
Explanation:
The command ip nat inside source list 7 serial0 overload specifies the following:
The translation should occur in the interface specified as inside.
It should only be done for inside IP addresses that are specified in access list number 7.
The IP address that inside addresses should be translated to belongs to the Serial0 interface.
The translated IP address should be shared by all, as indicated by the overload keyword.
The command ip nat inside identifies the inside interface. In this case, it indicates the one on which
translation will take place.
The command ip nat outside identifies the outside interface, which can be configured for translation.
However, it has not been configured for translation in this scenario.
The commands below define the inside IP addresses that are allowed to be translated:

Objective:
Sub-Objective:
Configure and verify IPv4 Network Address Translation (NAT)
References:
Home > Support >Troubleshooting Technotes > Configuring Network Address Translation: Getting Started
Cisco > Cisco IOS IP Application Services Command Reference > ip nat inside source
QUESTION 164
You have configured DHCP on a router and configured it to assign IP addresses in the range of
192.168.1.10 through 192.168.1.150. You just discovered that one of your print servers is using the address
192.168.1.100 and you cannot change it.
What command can you use on the router to solve this problem?
A. Router(config)# ip dhcp excluded-address
B. Router(config)# access-list
C. Router(dhcp-config)# ip dhcp excluded-address
D. Router(config)# dhcp exclude-address
E. Router(config)# service dhcp excluded-address
Correct Answer: A
Section: (none)
Explanation
Explanation:
The ip dhcp excluded-address command will allow you to specify an address or group of addresses in a
pool that the DHCP server will not assign. This is typically used when a host has a permanent address
assigned that would conflict with addresses that the DHCP server would hand out. The proper syntax for
this command is as follows:
Router(config)# ip dhcp excluded-address low-address [high-address]
The other options use improper syntax or are executed at an incorrect prompt. The ip dhcp excluded-
address command should be executed at global configuration mode.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Addressing Services Command Reference > ip dhcp excluded-address
QUESTION 165
Yesterday one of your associates made some change to the syslog configuration on the router R69. Today,
while working on the router you received this syslog message:
000019: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36)
Based on this output, which of the following commands did the associate execute?
A. service sequence-numbers
B. service timestamps log
C. service timestamps log datetime msec
D. logging console 4
Correct Answer: A
Section: (none)
Explanation
Explanation:
The associate must have executed the service sequence-numbers command during his changes. This
command instructs the syslog system to add a sequence number to each message, which can help to
organize a timeline when messages are sent to a syslog server from various sources.
The associate could not have executed the service timestamps log command. This command enables time
stamps on log messages, showing the time since the system was rebooted. If this had been done, a time
stamp similar to the following would have been added to the message:
*Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2

(10.34.195.36)
The associate could not have executed the service timestamps log datetime msec command. This
command enables time stamps on log messages, showing the time since the system was rebooted in
milliseconds. If this had been done, a time stamp similar to the following would have been added to the
message:
*Mar 1 18:46:11:058 %SYS-5-CONFIG_I: Configured from console by vty2

(10.34.195.36)
The associate could not have executed the logging console 4 command. This command instructs the
syslog system to only display messages of levels 4, 3, 2 and 1 in severity. Since the message displayed is a
level 5 message, this command could not have been executed.
Objective:
Sub-Objective:
References:
Cisco > Catalyst 4500 Series Switch Software Configuration Guide, IOS XE 3.7.0E and IOS 15.2(3) >
Configuring System Message Logging > System Log Message Format
QUESTION 166
Which of the following translation mechanisms has the following characteristics?
Translates 1 to 1
Translates IPv6 to IPv6
Translates only the prefix
Is deployed at the network edge
A. NAT64
B. NAT44
C. NPTv6
D. NPTv4
Correct Answer: C
Section: (none)
Explanation
Explanation:
Network Prefix Translation (NPTv6) is a stateless method of translating the prefix of a received IPv6
address to another prefix without changing the host portion of the IPv6 address. Its mappings are 1 to 1,
and it translates only the prefix of the address.
NAT64 translates from IPv6 to IPv4 and vice versa. It does not translate from IPv6 to IPv6.
NAT44 translates from IPv4 to IPv4. It does not translate from IPv6 to IPv6.
There is IPv4 version of Network Prefix Translation, called NPTv4. IT does not translate from IPv6 to IPv6.
Objective:
Sub-Objective:
Describe IPv6 NAT
References:
RFC 6296 > IPv6-to-IPv6 Network Prefix Translation
Cisco > Publications and Merchandise > The Internet Protocol Journal > Issues > Volume 14, Number 2,
June 2011 > IPv6 Site Multihoming
QUESTION 167
You have applied the following configuration to Router71, as indicated in the following partial output of the
show run command:
A. This is a GLBP configuration

B. 171.16.6.100 is the IP address of the HSRP group
C. The numeral 1 is the number of the HSRP group
D. This router will be prevented from taking back over as active router when it recovers from a loss of its
Serial0 interface
Correct Answer: C
Section: (none)
Explanation
Explanation:
One is the number of the HSRP group. Hot Standby Routing Protocol (HSRP) can be used to provide
default gateway redundancy for computers sharing the same gateway. At least two routers are gathered
into a routing group, which in this case is numbered 1. One of the routers will answer ARP requests for the
standby IP address (in this case 171.16.6.100), which is the address the computers will have configured as
their default gateway. That router is called the active router. If that router goes down, then the other router
will start answering ARP requests for the standby IP address.
This is not a Gateway Load Balancing Protocol configuration. That is an alternative to HSRP which allows
both routers to be used while still providing backup to one another. That configuration would be different in
that it uses GLBP groups rather than standby groups, among other differences.
This router will be not prevented from taking back over as active router when it recovers from an outage of
its Serial 0 interface. The presence of the command standby 1 preempt indicates that the router can take
back over or preempt the other router when it recovers from an outage of its Serial 0 interface. The
command standby 1 track Serial0 tells the router to track the up/down state of its Serial 0 interface. If it
goes down, it knows to decrement its HSRP priority by 10 (the decrement value). This will drop its HSRP
priority to 95. We do not see the priority of the other router in the group, but if for example its priority is 100,
this configuration would allow it to take over as active router.
Objective:
Sub-Objective:
Configure and verify tracking objects
References:
Home > Support > Technology support > IP > IP application services > Troubleshoot and alerts >
Troubleshooting Technotes > How to Use the standby preempt and standby track Commands
QUESTION 168
You have been asked to troubleshoot the NTP configuration of a router named R70. After executing the
show run command, you receive the following partial output of the command that shows the configuration
relevant to NTP:
Based on this output, which of the following statements is true?
A. the time zone is set to 8 hours less than Pacific Standard time
B. the router will listen for NTP broadcasts on interface E0/0
C. the router will send NTP broadcasts on interface E0/0
D. the router will periodically update its software clock
Correct Answer: C
Section: (none)
Explanation
Explanation:
The router will send NTP broadcast on its E0/0 interface. The command ntp broadcast, when executed
under an interface, instructs the router to send NTP broadcast packets on the interface. Any devices on the
network that are set with the ntp broadcast client command on any interface will be listening for these NTP
broadcasts. While the clients will not respond in any way, they will use the information in the NTP broadcast
packets to synchronize their clocks with the information.
The time zone is not set to 8 hours less than Pacific Standard Time. The value -8 in the command clock
timezone PST -8 is the amount of hours offset from UTC time, not from the time zone stated in the
command.
The router will not listen for NTP broadcasts on the interface E0/0. The ntp broadcast command, when
executed under an interface, instructs the router to send NTP broadcast packets on the interface. To set
the interface to listen and use NTP broadcasts, you would execute the ntp broadcast client command on the
interface.
The router will not periodically update its software clock. The command ntp update-calendar configures the
system to update its hardware clock from the software clock at periodic intervals.
Objective:
Sub-Objective:
Configure and verify Network Time Protocol (NTP)
References:
Basic System Management > Setting Time and Calendar Services > Configuring NTP
QUESTION 169
Some of the technicians in your organization use the secure web interface to make some of the
configurations changes on the router R68. Today it was reported that a technician could not make a
connection to the secure web server. You execute a show run command on R68 and receive the following
output:
What must the technician do to make the connection to the secure web interface?
A. specify port 443 in the command

B. specify port 1025 in the command
C. disable the HTTP server first
D. enable the secure server
Correct Answer: B
Section: (none)
Explanation
Explanation:
The partial output of the show run command indicates that the port number of the HTTPS interface has
been changed to 1025. This is indicted by the presence of this command in the configuration:
ip http secure-port 1025
That is not the default port configuration of 443. Therefore, anyone wishing to connect to the secure server
will need to reference the new port number in the command. If you change the HTTPS port number, clients
attempting to connect to the HTTPS server must specify the port number in the URL, in this format:
https://device:port_number
In this syntax, port_number is the HTTPS port number.
It will not help for the technician to reference port 443 in the command, because that is no longer the port
number of the secure server. It is now 1025.
It is not required to disable the HTTP server to use the HTTPS server, although it is a best practice to do
so.
There is no need to enable the secure server. We can see it has been enabled by the presence of this
command in the configuration:
ip http secure-server
Objective:
Sub-Objective:
Configure and verify device management
References:
Cisco IOS HTTP Services Command Reference > clear ip http client cookie through show ip http server
secure status > ip http secure-port
QUESTION 170
You just received the following system message.
*Mar 1 18:46:11:553 %SYS-5-CONFIG_I: Configured from console by vty2

(10.34.195.36)
(Switch-2)
With this message in mind, which of the following commands were executed on the device? (Choose all
that apply.)
A. logging console level notifications

B. logging console level 4
C. service timestamps log datetime msec
D. service timestamps log datetime
Correct Answer: AC
Section: (none)
Explanation
Explanation:
The two commands that must have been executed to produce output in that format are logging console
level notifications and service timestamps log datetime msec.
The logging console level notifications command species that all messages at level 5 (notifications and
above) will be sent to the console. This is not entered by the number of the message type, but the name of
the message type.
The service timestamps log datetime msec command specifies that a timestamp up to the millisecond
should be included in all messages that include the time.
While the logging console level command can be used with a level number on some devices, notifications
are level 5, not 4.
The service timestamps log datetime command specifies that a timestamp should be included in all
messages, but it will not include the millisecond. Better logging functionality can be achieved by using the
msec keyword to help organize tightly spaced events.
The logging history command can specify the proper level of messages to reduce unnecessary messages.
Objective:
Sub-Objective:
References:
Catalyst 2960 and 2960-S Software Configuration Guide, 12.2(55)SE > Configuring System Message
Logging
Cisco > Cisco IOS Embedded Syslog Manager Command Reference > logging console
Cisco > Cisco IOS Configuration Fundamentals Command Reference > R through setup > service
timestamps
QUESTION 171
Which of the following statements is NOT true of NPTv6?
A. is transport agnostic
B. translates the entire IPv6 address to another IPv6 address
C. is check sum neutral
D. translates only the IPv6 prefix
Correct Answer: B
Section: (none)
Explanation
Explanation:
Network Prefix Translation (NPTv6) is a stateless method of translating the prefix of a received IPv6
address to another prefix without changing the host portion of the IPv6 address. Some of its characteristics
are:
It supports both transports that perform checksums on the IP header and those that do not.
It provides a 1 to 1 relationship between the inside and outside prefixes.
It translates only the prefix, and not the entire address.
Objective:
Sub-Objective:
Describe IPv6 NAT
References:
Cisco > Publications and Merchandise > The Internet Protocol Journal > Issues > Volume 14, Number 2,
June 2011 > IPv6 Site Multihoming
Howfunky...a place with useless technical content!>IPv6 to IPv6 Network Prefix Translation or NPTv6
QUESTION 172
You are configuring NAT64 to allow communication between a host running IPv6 and a server running IPv4.
The router R1 sits between the host and the server. The router's Fa0/2/7 interface is connected to the IPv6
host, and the Fa0/2/6 interface is connected to the IPv4 server.
The IPv6 host has an IPv6 address of 2001::a00:1/128 and the IPv4 server is at 10.0.0.1. Below is the
relevant configuration on R1:
When the IPv4 server responds to the IPv6 host, what IPv6 address will be in the source address in the
packet?
A. 2001::a001
B. 2001::A00:B
C. 3001::a00:1
D. 2001::A00:A
Correct Answer: C
Section: (none)
Explanation
Explanation:
NAT64 is a solution when IPv6 hosts need to communicate with IPv4-only servers. When the translation
occur on the router the IPv4 address 10.0.0.1 will converted to hex as a00:1 and will be attached to the end
of the stateful prefix of 3001::/96 that was configured on the router interface connected to the IPv4 server.
The result will be 3001::a00:1.
The address will not be 2001::a001. The prefix that will be attached to the hex version of 10.0.0.1 will not be
that of the interface fa0/2/7 but will be the prefix that was configured on that interface for nat64 translation
which is 3301::/96.
The address will not be 2001::a00:b. That is the IPv6 address on the interface connected to the IPv6 host,
but that address is not used for IPv4 to IPv6 communication. A translated address will be generated by
converting the IPv4 address of the IPv4 host to hex and attaching it to the IPv6 prefix configured on the
interface connected to the IPv4 server.
The address will not be 2001::A00:A. That is the IPv6 address of the IPv6 host. That was statically mapped
to 10.0.0.10 in the configuration and as such will be the IPv4 address used by the IPv6 host on the IPv4
side of the router.
Objective:
Sub-Objective:
Describe IPv6 NAT
References:
Stateful Network Address Translation 64 (PDF)
QUESTION 173
Your network team is assessing options available to translate IPv6 address to IPv4 addresses. You have
focused your attention on the variants of NAT64. One of your requirements is the conservation of IPv4
addresses.
Which of the following versions of NAT 64 helps to conserve IPv4 addresses?
A. stateless
B. manual
C. static
D. stateful
Correct Answer: D
Section: (none)
Explanation
Explanation:
One of the characteristics of stateful NAT64 is that it conserves IPv4 addresses. NAT64 is a version of
network address translation that translates IPv6 address to IPv4 and vice versa. It has two variants,
stateless and stateful. The following table describes some of the major differences between the two:
NAT64 has neither the variant static nor the variant manual.
Objective:
Sub-Objective:
Describe IPv6 NAT
References:
Home > Products & services > Cisco IOS and NX-OS software > Cisco IOS technologies > Enterprise ipv6
solution > Data sheets and literature > White papers > NAT64 Technology: Connecting IPv6 and IPv4
Networks > Technologies Facilitating IPv6/IPv4 Translation
QUESTION 174
The network team is reviewing its options with regard to network address translation. Now that the network
has been completely changed over to IPv6, you need a mechanism to translate from the private IPv6
addresses inside your network to public IPv6 addresses. You would like for these mappings to be one-to-
one.
Which of the following performs this function?
A. stateful NAT64
B. NPT6
C. NAT44
D. stateless NAT 64
Correct Answer: B
Section: (none)
Explanation
Explanation:
NPT6 is a version of NAT that translates private IPv6 addresses to public or global IPv6 addresses. It is a
stateless mechanism and requires a one-to-one mapping of private to global IPv6 addresses.
Neither version of NAT64 translates from private IPv6 addresses to public or global IPv6 addresses. Both
stateful and stateless NAT64 translate from IPv4 to IPv6.
NAT44 does translate private IPv6 addresses to public or global IPv6 addresses, but it is stateful in
operation. It does not perform one-to-one mappings.
Objective:
Sub-Objective:
Describe IPv6 NAT
References:
QUESTION 175
Your network team is assessing options available to translate IPv6 address to IPv4 addresses.
In which of the following scenarios is stateless NAT64 NOT supported as a solution?
A. translating from an IPv4 network to an IPv6 network

B. translating from an IPv6 network to an IPv4 network
C. translating from the IPv6 Internet to an IPv4 network
D. translating from an IPv6 network to the IPv4 Internet
Correct Answer: C
Section: (none)
Explanation
Explanation:
Stateless NAT64 does not support translating from the IPv6 Internet to an IPv4 network. NAT64 is a version
of network address translation that translates IPv6 address to IPv4 and vice versa. It has two variants,
stateless and stateful. In stateless translation, mappings are created using an algorithm, but those
mappings are not maintained while translation is being performed. Stateful NAT64 both creates and
maintains mappings during translation.
Due to the fact it does not maintain mappings, stateless NAT64 supports all of the options given except
translating from the IPv6 Internet to an IPv4 network.
Objective:
Sub-Objective:
Describe IPv6 NAT
References:
QUESTION 176
You are implementing IP SLA and would like to use it to measure hop-by-hop response time between a
Cisco router and any IP device on the network.
Which of the following IP SLA operations would you use for this?
A. ICMP path echo operation

B. Internet Control Message Protocol Echo Operation
C. UDP Jitter Operation for VoIP
D. UDP Jitter Operation
Correct Answer: A
Section: (none)
Explanation
Explanation:
The ICMP path echo operation discovers the path using the traceroute command, and then measures
response time between the source router and each intermittent hop in the path. IP SLAs allow users to
monitor network performance between Cisco routers or from either a Cisco router to a remote IP device.
The Internet Control Message Protocol (ICMP) Echo Operation measures end-to-end response time
between a Cisco router and any IP-enabled device. Response time is computed by measuring the time
taken between sending an ICMP echo request message to the destination and receiving an ICMP echo
reply. It does not measure hop-by-hop response time.
The UDP Jitter Operation for VoIP is an extension to the current jitter operations with specific
enhancements for VoIP. The enhancements allow this operation to calculate voice quality scores and
simulate the codec's directly in CLI and the MIB. It does not measure hop-by-hop response time.
The UDP Jitter Operation is designed to measure the delay, delay variance, and packet loss in IP networks
by generating active UDP traffic. It does not measure hop-by-hop response time.
Objective:
Sub-Objective:
Describe SLA architecture
References:
Home > Support > Technology support > IP > IP application services > Technology information >
Technology white paper > Cisco IOS IP Service Level Agreements User Guide
QUESTION 177
You have implemented the following IP SLA configuration, as shown in the following partial output of the
show run command:
ip sla 1
dns cow.cisco.com name-server 10.52.128.30
ip sla schedule 1 start-time now
A. it will find the response time to resolve the DNS name cow.cisco.com
B. it will find the response time to connect to the DNS server at 10.52.128.30
C. it will start in one minute
D. it will gather data from one minute
Correct Answer: A
Section: (none)
Explanation
Explanation:
It will find the response time to resolve the DNS name cow.cisco.com. Domain Name System (DNS)
response time is computed by calculating the difference between the time taken to send a DNS request and
the time a reply is received. The Cisco IOS IP SLAs DNS operation queries for an IP address if the user
specifies a hostname, or queries for a hostname if the user specifies an IP address.
It will not find the response time to connect to the DNS server at 10.52.128.30. That is the IP address of the
DNS server being used for the operation (10.52.128.30). However, it will measure the response time to
resolve the DNS name cow.cisco.com.
It will not start in one minute. It will start immediately, as indicated by the start-time now parameter.
It will not gather data for one minute. The numeral 1 in the first line refers to the IP SLA number, and the
numeral 1 in the last line refers to the IP SLA number to be scheduled.
Objective:
Sub-Objective:
Configure and verify IP SLA
References:
Home > Support > Technology support > IP > IP application services > Technology information >
Technology white paper > Cisco IOS IP Service Level Agreements User Guide
QUESTION 178
A TFTP server, a DNS server, and a TACACS server are residing in the 192.168.5.0/24 subnet. Their IP
addresses are 192.168.5.2, 192.168.5.3, and 192.168.5.4, respectively.
You would like to configure the routers to forward UDP broadcasts to these servers.
Which of the following commands or sets of commands would configure this to occur using the LEAST
number of commands?
A. ip helper-address 192.168.5.2 69
ip helper-address 192.168.5.3 53
B. ip helper-address 192.168.5.2
ip helper-address 192.168.5.3
C. ip helper-address 192.168.50 69 53 49
D. ip helper-address 192.168.5.255
Correct Answer: D
Section: (none)
Explanation
Explanation:
The only command required is ip helper-address 192.168.5.255. This command is a directed broadcast to
the subnet on which the servers reside which will cause all servers to receive the broadcast. Each server
will process only the packets aimed at the port on which they are listening.
It not necessary to specify any port numbers because the ip helper-address command will forward to the
following ports by default:
NTP - port 37
TACACs - port 49
DNS - port 53
BootP - port 67
TFTP - port 69
NetBIOS Name server - port 137
NetBIOS Datagram server - port 138
While the following command set would work, it does not contain the least number of commands:
It is not required to specify each server and its respective port number.
The following command set would also have the desired results, because port numbers are not required for
the default services:
However, this is not the least number of commands you can execute to achieve the solution.
The command ip helper-address 192.168.50 69 53 49 would not work because it is addressed to the
network number of the subnet to which the servers are connected. To send to them all requires a directed
broadcast.
Objective:
Sub-Objective:
References:
Cisco Press > Articles > Cisco Networking Academy > CCNP 1: Advanced IP Addressing Management
Cisco > Cisco IOS IP Application Services Command Reference > ip helper-address
QUESTION 179
You are configuring Netflow and you are explaining its operation to your assistant. He wants to know what
constitutes a flow.
Which of the following items are NOT used to distinguish one flow from another?
A. source IP address
B. destination IP address
C. source port number
D. Layer 2 protocol type
Correct Answer: D
Section: (none)
Explanation
Explanation:
Layer 2 protocol type is not used to distinguish one flow from another. A flow in Netflow refers to an
individual communication session between two devices. A flow is defined by the combination of the
following seven key fields:
Source IP address
Destination IP address
Source port number
Destination port number
Layer 3 protocol type
Type of service (ToS)
Input logical interface
Objective:
Sub-Objective:
Configure and verify Cisco NetFlow
References:
NetFlow Configuration Guide, Cisco IOS Release 12.4T > Cisco IOS NetFlow Overview
QUESTION 180
Examine the output of the show ip flow export command:
Which statement is true regarding the results?
A. 15 export packets were dropped because there was insufficient memory to create the export packet
B. 3 export packets were dropped because CEF was unable to switch or forward the packet to the process
level
C. 61 packets were dropped because the send queue was full
D. 8 flows were exported
Correct Answer: C
Section: (none)
Explanation
Explanation:
Sixty-one packets were dropped because the send queue was full. The last line in the output, 61 export
packets were dropped due to output drops, will result when the send queue is full.
Fifteen packets were not dropped because there was insufficient memory to create the export packet.
Drops that occurred from insufficient memory are indicated with the line 3 flows failed due to lack of export
packet, and there were only three of them.
Three export packets were not dropped because CEF was unable to switch or forward the packet to the
process level. Drops that occurred because CEF was unable to switch or forward the packet, are indicated
with the line 15 export packets were dropped due to no fib, and there were fifteen of them.
Eleven flows were sent, not eight. The eleven flows were sent in eight datagrams.
Objective:
Sub-Objective:
Configure and verify Cisco NetFlow
References:
Cisco > Cisco IOS NetFlow Command Reference > show ip flow export
Home > Products & services > Cisco IOS and NX-OS software > Cisco IOS Technologies > Management
instrumentation > Cisco IOS NetFlow > Data sheets and literature > Introduction to Cisco IOS NetFlow - A
Technical Overview
QUESTION 181
You need to configure a Cisco router to act as a DHCP server and provide the following services:
Hand out IP addresses for subnet 10.10.0.0/16
Set the domain name for the clients to "Cisco"
Set the DNS server to 10.10.0.1
Set the default gateway to 10.10.0.1
Prevent IP address conflicts with 6 print servers that have consecutive permanently assigned addresses
starting at 10.10.0.20.
Which of the following sets of commands will successfully accomplish this?
A. Router1(config)# service dhcp

Router1(config)# ip dhcp pool IPPool
Router1(dhcp-config)# network 10.10.0.0 255.255.0.0
Router1(dhcp-config)# domain-name Cisco
Router1(dhcp-config)# dns-server 10.10.0.1
Router1(dhcp-config)# default-router 10.10.0.1
Router1(dhcp-config)# exit
Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25
B. Router1(config)# service dhcp
Router1(config)# dhcp pool IPPool
C. Router1(config)# service dhcp
Router1(dhcp-config)# default-gateway 10.10.0.1
D. Router1(config)# service dhcp
Router1(config)# ip dhcp excluded-address 10.10.0.20 - 10.10.0.25
Correct Answer: A
Section: (none)
Explanation
Explanation:
The following command sequence is correct:
Router1(config)# service dhcp

The Router1(config)# service dhcp command enables the DHCP process. It is enabled by default, but this
command may be needed if it has been disabled.
The Router1(config)# ip dhcp pool IPPool command creates a DHCP pool named IPPool.
The Router1(dhcp-config)# network 10.10.0.0 255.255.0.0 command specifies the subnet and mask for
which the DHCP process will be handing out IP addresses. Unless otherwise specified, it is assumed that
the assignment will start with the first address on the subnet and end with the last address on the subnet; in
this case, 10.10.0.1 through 10.10.0.255.
The Router1(dhcp-config)# domain-name Cisco command sets the domain name for the clients to "Cisco."
The Router1(dhcp-config)# dns-server 10.10.0.1 command sets the DNS server IP address for the clients
to 10.10.0.1.
The Router1(dhcp-config)# default-router 10.10.0.1 command sets the default gateway for the clients to
10.10.0.1.
The Router1(dhcp-config)# exit command exits back to global config mode.
The Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25 command configures the DHCP
process not to hand out addresses 10.10.0.20 through 10.10.0.25 so that there is no conflict with the print
servers. This command is technically not a dhcp-config command, but if it is issued in the dhcp-config
mode, the router will exit to global config mode and invoke the command.
The other options are incorrect due to incorrect syntax or command mode.
Objective:
Sub-Objective:
References:
Cisco > Cisco IOS IP Addressing Services Configuration Guide, Release 12.4 > Part 3: DHCP > DHCP
Overview
QUESTION 182
Your network team is assessing options available to translate IPv6 address to IPv4 addresses.
Which of the following is an advantage of NAT64 over NAT-PT as a translation option?
A. DNS64 and NAT64 functions are completely separated

B. DNS64 and NAT64 functions are completely integrated
C. NAT64 only works over an Ethernet network
D. NAT64 will be unable to reconstruct fragments packets if they are fragmented by an intermediate IPv4
router
Correct Answer: A
Section: (none)
Explanation
Explanation:
DNS64 and NAT64 functions are completely separated when using NAT64. In NAT-PT these two functions
are tightly coupled, which reduces flexibility and is why NAT-PT has been deprecated, with the IETF
proposing NAT64 as its viable successor.
DNS64 and NAT64 functions are not completely integrated in NAT64, so this is not an advantage of NAT64
over NAT-PT as a translation option.
NAT64 works over non- Ethernet networks. It is NAT-PT that does only works on Ethernet networks.
Therefore, this is not an advantage of NAT 64 over NAT-PT.
NAT64 can reconstruct fragments packets if they are fragmented by an intermediate IPv4 router. It is NAT-
PT that will be unable to reconstruct fragments packets if they are fragmented by an intermediate IPv4
router, so this is not an advantage of NAT 64 over NAT-PT.
Objective:
Sub-Objective:
Describe IPv6 NAT
References:
Home > Products & services > Cisco IOS and NX-OS software > Cisco IOS technologies > Enterprise IPv6
QUESTION 183
You configured a device as an IP SLA responder using the following configuration:
Which line indicates that the device is not a Cisco device?
A. frequency 30
B. timeout 1000
C. tcp-connect 10.0.0.1 23 control disable
D. tag FLL-RO
Correct Answer: C
Section: (none)
Explanation
Explanation:
The IP SLA TCP connect operation is used to gather statistics on connection-oriented services. The tcp-
connect 10.0.0.1 23 control disable command specifies the IP address to which the responder should
respond, the port number on which to respond and it disables the control protocol normally used to inform
the responder to temporarily enable the port specified .by the configuration in the sender. When the
responder is a non-Cisco device, a well-known port number must be chosen and the control protocol should
be disabled on the responder. When a Cisco device is the responder, then any port number can be chosen
and the control protocol should be left enabled.
The frequency 30 command specifies how often the test should occur in seconds. It is not changed in any
way as a result of the responder being a non-Cisco device.
The timeout 1000 command specifies in milliseconds the amount of time an IP SLAs operation waits for a
response from its request packet. It is not changed in any way as a result of the responder being a non-
Cisco device.
The tag FLL-RO command simply applies a user-specified identifier to the IP SLAs operation and is
changed in any way as a result of the responder being a non-Cisco device.
Objective:
Sub-Objective:
References:
IP SLAs Configuration Guide, Cisco IOS Release 15M&T > Configuring IP SLAs TCP Connect Operations
Cisco > Cisco IOS IP SLAs Command Reference > tcp-connect
QUESTION 184
Which command is NOT mandatory for inclusion in a plan to implement IP Service Level Agreements
(SLAs) to monitor IP connections and traffic?
A. ip sla
B. ip sla schedule
C. ip sla reset
D. icmp-echo
Correct Answer: C
Section: (none)
Explanation
Explanation:
The ip sla reset command is not mandatory for an implementation plan to configure IP SLAs for monitoring
IP connections and traffic. This command causes the IP SLA engine to either restart or shutdown. As a
result, all IP SLAs operations are stopped, IP SLA configuration information is erased, and IP SLAs are
restarted. The IP SLAs configuration information will need to be reloaded to the engine.
The following commands are essential to the implementation plan:
ip sla
ip sla schedule
icmp-echo
The ip sla command allows you to configure IP SLAs operations. When you execute this command in the
global configuration mode, it enables the IP SLA configuration mode. In the IP SLA configuration mode, you
can configure different IP SLA operations. You can configure up to 2000 operations for a given IP SLA ID
number.
The icmp-echo command allows you to monitor IP connections and traffic on routers by creating an IP SLA
ICMP Echo operation. This operation monitors end-to-end response times between routers.
The ip sla schedule command allows you to schedule the IP SLA operation that has been configured. With
this command, you can specify when the operation starts, how long the operation runs, and the how long
the operation gathers information. For example, if you execute the ip sla schedule 40 start-time now life
forever command, the IP SLA operation with the identification number 40 immediately starts running. This is
because the now keyword is specified for the start-time parameter. The forever keyword with the life
parameter indicates that the operation keeps collecting information indefinitely. Note that you cannot re-
configure the IP SLA operation after you have executed the ip sla schedule command.
The information gathered by an IP SLA operation is typically stored in RTTMON-MIB. A Management

Information Base (MIB) is a database hosting information required for the management of routers or
network devices. The RTTMON-MIB is a Cisco-defined MIB intended for Cisco IOS IP SLAs. RTTMON MIB
acts as an interface between the Network Management System (NMS) applications and the Cisco IOS IP
SLAs operations.
Objective:
Sub-Objective:
References:
Cisco > Support > Technology Support > IP > IP Application Services > Technology Information >
Technology White Paper > Cisco IOS IP Service Level Agreements User Guide
Cisco IOS IP SLAs Command Reference > icmp-echo through probe-packet priority > ip sla
Cisco IOS IP SLAs Command Reference > icmp-echo through probe-packet priority > ip sla schedule
Cisco > Cisco IOS IP SLAs Command Reference > icmp-echo
QUESTION 185
Which of the following IPv4 to IPv6 migration techniques does not separate DNS and the translation
process?
A. NAT-PT
B. stateless NAT64
C. stateful NAT64
D. MAP-T
Correct Answer: A
Section: (none)
Explanation
Explanation:
Network Address Translation-Protocol Translation (NAT-PT) and DNS are inseparable, which is one of the
reasons why NAT-PT has been deprecated. Network Address Translation IPv6 to IPv4, or NAT64, is
superior to the NAT-PT technique because this solution has complete separation of the functions of NAT64
and DNS64.
Stateless NAT64 is a version of NAT64 that does not maintain a binding or session state when it performs
Address Family Translation (AFT). As such, it cannot be used in some of the implementations in which
stateful NAT 64 can. However, in this method, DNS and the translation process are independent.
Stateful NAT64 creates or modifies bindings or session state while performing translation. For this reason, it
can be used to translate from an IPv4 network to an IPv6 network if static mappings are created, which
stateless NAT64 cannot.
Mapping of Address and Ports using Translation (MAP-T) is a method of creating mappings to provide
connectivity for IPv4 hosts across an IPv6 domain. Its operation is not connected to DNS.
Objective:
Sub-Objective:
Describe IPv6 NAT
References:
Home > Products & services > Cisco IOS and nx-os software > Cisco IOS technologies > Enterprise IPv6
solutions > Data sheets and literature > NAT64 Technology: Connecting IPv6 and IPv4 Networks
QUESTION 186
What would be a use case for the HSRP configuration below?
A. used to switch the active role to the other router in the HSRP group during a maintenance window
B. used to prevent this router from ever relinquishing the active role
C. used to prevent this router from ever performing the active role
D. used to allow preemption over multiple peers
Correct Answer: A
Section: (none)
Explanation
Explanation:
By tracking the loopback interface and decrementing the priority if it goes down, technicians would have a
method of moving the active role to the other router by disabling the loopback interface. This method is less
disruptive than disabling any of the physical interfaces. Although no decrement value has been specified, a
default decrement of 10 will occur.
This configuration would not be used to prevent this router from ever relinquishing the active role. That
would defeat the purpose of Hot Standby Routing Protocol (HSRP), which is to provide failover by
relinquishing the active role to the other router.
This configuration would not be used to prevent this router from ever performing the active role. That would
defeat the purpose of HSRP which is to provide failover by this router taking the active role when there is an
issue with the other router.
This configuration would not be used to allow preemption over multiple peers. When more than two routers
are in an HSRP group, the active router is allowed preemption over multiple peers by default.
Objective:
Sub-Objective:
Configure and verify tracking objects
References:
Home > Support > Technology support > IP > IP application services > Troubleshoot and alerts >
Troubleshooting Technotes > How to use the standby preempt and standby track commands
QUESTION 187
You asked your assistant to implement port address translation on the edge router of your network, which
uses the S0 interface to connect to the ISP. When she is finished, you review the configuration by executing
the show run command and receive the following results related to the configuration:
Which of the following statements are true of the configuration?
A. the wrong interfaces are configured as inside and outside

B. the command establishing the pool of public IP addresses is incorrect
C. the ip nat inside source list command references a non-existent access list
D. the ip nat inside source list command references a non-existent NAT pool
Correct Answer: A
Section: (none)
Explanation
Explanation:
The wrong interfaces are configured as inside and outside. The Serial 0 interface which leads to the ISP
should be set as outside, and the E0 interface should be the inside address. As it is set now, these settings
are reversed.
The command establishing the pool of public IP addresses is correct. It establishes a pool of one public IP
address, which is what you would do if you were configuring PAT. PAT uses a single public IP address for
all translations.
The ip nat inside source list command references a correct access list number 7 and a correct NAT pool
name of ourpool. The access list is used to determine computers that are allowed to have their traffic
translated.
Objective:
Sub-Objective:
Configure and verify IPv4 Network Address Translation (NAT)
References:
Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 > Configuring NAT > Configuring Dynamic
NAT and PAT
QUESTION 188
Your assistant is interested in gathering statistics about connection-oriented operations.
Which of the following should be done to enhance the accuracy of the information gathered?
A. configure an IP SLA responder on the destination device

B. configure an IP SLA responder on the source device
C. schedule the operation on the destination device
D. add the verify-data command to the configuration of the operation
Correct Answer: A
Section: (none)
Explanation
Explanation:
Any IP SLA operations accuracy can be enhanced by configure an IP SLA responder on the destination
device. It is important to note that only Cisco devices support the configuration as a responder.
You do not configure an IP SLA responder on the source device. You schedule the operation on the source
device and the destination device is the one that is configured as a responder.
You do not schedule the operation on the destination device. You schedule the operation on the source
device and the destination device is the one that is configured as a responder.
Adding the verify-data command to the configuration of the operation will not enhance the accuracy of the
information gathered. When data verification is enabled, each operation response is checked for corruption.
Use the verify-data command with caution during normal operations because it generates unnecessary
overhead.
Objective:
Sub-Objective:
References:
IP SLAs Configuration Guide, Cisco IOS Release 15M > Configuring IP SLAs TCP Connect Operations
QUESTION 189
Which of the following commands configures an SNMP host to authenticate a user by username and send
clear text notifications, the receipt of which will be acknowledged by the receiver?
A. Router(config)# snmp-server host 192.168.5.5 informs version 3 noauth CISCO

B. Router(config)# snmp-server host 192.168.5.5 traps version 3 auth CISCO
C. Router(config)# snmp-server host 192.168.5.5 informs version 2c CISCO
D. Router(config)# snmp-server host 192.168.5.5 informs version 3 authpriv CISCO
Correct Answer: A
Section: (none)
Explanation
Explanation:
The command snmp-server host 192.168.5.5 informs version 3 noauth CISCO will configure the host to
authenticate a user by username and send clear text notifications. The receiver will then acknowledge
receipt of the notification. The keyword informs indicates that an inform message type will be used. Unlike a
trap, an inform message is acknowledged by the receiver.
The version 3 keyword indicates that version 3 is in use, which is the ONLY version that supports
authentication and encryption. Finally, the noauth keyword specifies authentication by username only and
no encryption.
The command snmp-server host 192.168.5.5 traps version 3 auth CISCO configures the host to send traps
rather than informs.
The command snmp-server host 192.168.5.5 informs version 2c CISCO specifies version 2c, which only
support community string-based authentication.
The command snmp-server host 192.168.5.5 informs version 3 authpriv CISCO specifies the keyword
authpriv, which indicates encryption will be used and authentication based on HMAC-MD5 or HMAC-SHA
algorithms.
Objective:
Sub-Objective:
References:
Configuring SNMP Support > Understanding SNMP > SNMP Versions
Cisco IOS Network Management Command Reference > snmp-server engineID local through snmp trap
link-status > snmp-server host
QUESTION 190
Recently you had a serious problem with a router and contacted TAC. They told you a core dump of the
system would have been helpful in diagnosing the issue. You would like to configure the router to make a
full copy of the memory image the next time the router experiences the type of issue that can generate a
core dump.
Which of the following is NOT a supported method of setting up a core dump?
A. TFTP
B. rcp
C. Flash disk
D. HTTP
Correct Answer: D
Section: (none)
Explanation
Explanation:
A core dump cannot be sent to a location using HTTP. The four supported methods for dumping a copy of
the router's memory image are:
TFTP
FTP
rcp
Flash disk
To use File Transfer Protocol (FTP) to configure a core dump, execute the following commands:
ip ftp usename username
ip ftp password password
exception protocol ftp
exception dump a.b.c.d
To use Trivial File Transfer Protocol (TFTP) to configure a core dump, execute the following commands:
To use remote copy protocol (rcp) to configure a core dump, execute the following commands:
exception protocol rcp
Finally, to send a core dump to a Flash drive, execute the following commands:
exception crashinfo file flash:filename
Objective:
Sub-Objective:
Configure and verify device management
References:
Home > Support > Creating Core Dumps
Cisco > Cisco IOS Basic System Management Command Reference > A through M Commands >
exception dump
Cisco > Cisco IOS Basic System Management Command Reference > exception protocol
Cisco > Cisco IOS Basic System Management Command Reference > exception crashinfo file

Nneettwwoorrkkiinnggv3 PDF

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Nneettwwoorrkkiinnggv3 PDF

Încărcat de

Drepturi de autor:

Formate disponibile

300-101.examcollection.premium.exam.

Implementing Cisco IP Routing (ROUTE)

ipv6 route tunnel

A. tunnel mode ipv6ip

The types of tunneling mechanisms supported by IPv6 are:

A. 2002::c0a8:2d01/64 to the Fa0/1 interface of rtrA

A. the IPv6 address of the tunnel source is 172.168.111.65::

A. Embedding IPv6 packets into IPv4 packets

Correct Answer: ABE

The partial output of the show running-config command on rtrA is as follows:

The partial output of the show running-config command on rtrB is as follows:

A. router(config-if)# mtu 1492

All other answers are invalid commands due to incorrect syntax.

Which of the following statements is NOT true?

A. These are the default entries in an FIB table

Prefix Next Hop Interface

Prefix Next Hop Interface

A. There is a NAT-PT router on either end of the tunnel.

Correct Answer: BCE

A. the interface is a multipoint interface

What is this behavior called and what causes it?

A. jitter, caused by lack of QoS

A. IPv4 and IPv6 are running simultaneously on rtrA

ipv6 unicast routing

What behavior caused this?

What would be the correct translation?

A. source MAC address

Which of the following statements is true of the configuration of R1?

ip ospf network point-to-point

A. The hello interval for OSPF will change to 30 seconds

A. the credentials are being sent in clear text

The authentication protocol used is seen in the following line of output:

A. PPP options are negotiated

During the PPP Session Phase, the following steps occur:

What command is missing?

The first step includes these three sub-tasks:

A. ip ospf network broadcast

Correct Answer: CFG

ip ospf network [{broadcast | nonbroadcast | point-to-multipoint | point-to-multipoint

The command parameters are as follows:

Router(config)# interface serial 0.1 point-to-point

Router5# show ip route ospf

O IA 10.0.0.0/8 [110/65] via 5.0.0.2, 00:00:20, Serial1/1/0

- indicates that the route was learned from OSPF.

The full legend of the possible route codes is below:

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

RouterA(config)# router rip

RouterA(config)# router rip

RouterA(config)# router rip

RouterA(config)# router rip

A. show ip route eigrp

An example of partial output of the command is below:

A. Router(config-router)# list 5 distance 220

The correct syntax for the distance command is shown below:

distance weight [address mask [ access-list-number | name]

Router(config)# router rip

Router(config)#access-list 5 permit 10.0.0.0 255.0.0.0

Routing Protocol is "eigrp 77"

Router# debug ip eigrp

Router# debug eigrp packet

Router# show ip eigrp traffic

What is the problem?

A. The access list was applied to the wrong interface.