Which statements in regards to route filtering are true? (Choose two.)

Which statements in regards to route filtering are true? (Choose two.)

  • Network security is the primary role of route filtering.
  • If no route filter exists for an interface, the packet is processed normally.
  • Route filtering on an interface cannot filter routes that originate from the same router.
  • The distribute-list command enables the administrator to filter redistributed routes.
  • The network keyword of the passive-interface command enables you identify the routes to advertise.
Explanation:
Distribute lists are used to filter inbound, outbound, or redistributed routing updates. Instead of using the passive-interface command, distribute lists enable you to selectively control which routes are processed.

If no distribute list is associated with the interface, the routing update packets are processed normally.

If a distribute list is associated with an interface, the routing update is compared to the access list that was specified in the distribute list. If a match is found to a permit statement, then the packet is forwarded. If a match is found to a deny statement, the packet is discarded. If no match is found, the implicit deny statement at the end of the access list will drop the packet.

Network security is not the primary role of route filtering. Its primary function is to reduce unnecessary routing update traffic.

Route filtering on an interface can filter routes that originate from the same router.

The network keyword of the passive-interface command does not enable you identify the routes to advertise.

Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify filtering with any protocol

 

Which of the following commands need to be configured on a RIPng router prior to enabling this routing protocol?

Which of the following commands need to be configured on a RIPng router prior to enabling this routing protocol?

  • ipv6 rip enable
  • ipv6 multicast-routing
  • ipv6 unicast-routing
  • ipv6 router rip
Explanation:

The ipv6 unicast-routing command should be used before enabling RIPng on a router. This command should be executed in global configuration mode of the router. IPv6 can then be enabled by using the ipv6 enable command on any of the interfaces of the router. The ipv6 unicast-routing command allows you to forward IPv6 unicast datagrams.

Routing Information Protocol Next Generation (RIPng) allows routers to learn about routes in an autonomous system. RIPng is an extension of the RIPv2 protocol to provide support IPv6 for future adherence.

The similarities between RIPv2 and RIPng are as follows:

Both protocols use User Datagram Protocol (UDP).
Both use distance vector algorithm to find the best route.
Both of them measure the metric in terms of hops.
Both have the same maximum hop count of 15 for valid routes.The differences between RIPv2 and RIPng are as follows:

RIPv2 learns IPv4 routes, whereas RIPng learns IPv6 routes
RIPv2 supports automatic summarization as IPv4 defines classful addresses, whereas RIPng does not support automatic summarization
RIPv2 uses UDP port 520, whereas RIPng supports port 521
RIPv2 requires authentication for RIP packets, whereas RIPng does not require RIP-specific authentication as IPv6 has an in-built IPsec authenticationThe ipv6 rip enable command should not be used because this command allows you to enable IPv6 RIP routing process on the interfaces of a router.You should not use the ipv6 multicast-routing command prior to enabling IPv6 on the router. This command is used after IPv6 is enabled on one or more interfaces of the router to allow multicast forwarding using Protocol Independent Multicast (PIM) and Multicast Listener Discovery (MLD) on all the IPv6-enabled interfaces.The ipv6 router rip command should not be used prior to enabling IPv6 because it allows you to enter the RIP for IPv6 router mode.

Objective:
Layer 3 Technologies
Sub-Objective:
Describe RIPng

 

With respect to modifying an OSPF router ID to a loopback address, which of the following statements are true?

With respect to modifying an OSPF router ID to a loopback address, which of the following statements are true?

  • OSPF is not as reliable if a loopback interface is configured.
  • Using a loopback address avoids wasting an additional IP address.
  • A loopback interface is not always active, and it can go “down” like a real interface.
  • The loopback address does not automatically appear in the routing table of neighboring OSPF routers, so it cannot be pinged from other routers unless you include it with a network statement on the router local to the loopback interface.
Explanation:
A loopback address does not automatically appear in neighboring routers’ routing tables, so it cannot be pinged for network troubleshooting.

A work-around for this problem is to add a network statement under OSPF that advertises the loopback address network so that other routers will know how to reach your loopback.

A loopback address is an IP address assigned to a loopback interface, which is a logical interface on a router that behaves like a physical interface. Their advantage is that, unlike physical interfaces, logical interfaces do not go down.

For example:
Router(config)# interface loopback 0
Router(config-if)# ip address 172.17.1.1 255.255.255.0

In the example, a loopback IP address is used by OSPF to provide its router ID. This type of address is preferred because it is assumed to be more stable than a router ID tied to a physical interface. The traditional problem with a router ID tied to a physical interface is that if the physical interface were to go down, the router would have to change its router ID to some other value. That would cause the OSPF neighbor relationships to reset and change values in the link-state advertisements (LSAs), causing a disruption to the OSPF area.

With this consideration in mind, OSPF is more reliable when using a loopback interface than using a physical interface.

Using a loopback address does not avoid wasting an additional IP address. The address must still be unique.

A loopback interface is always active, and it cannot go “down” as a physical interface can.

Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify OSPF operations

 

If you executed the show ip ospf database command, which keyword would you add to the command to produce the following output?

If you executed the show ip ospf database command, which keyword would you add to the command to produce the following output?

300-410 Part 05 Q08 064

300-410 Part 05 Q08 064

  • router
  • summary
  • network
  • external
Explanation:
The output was produced with the summary keyword. When the show ip ospf database command is executed, any of several keywords can be used to specify the type of link-state advertisements (LSAs) to display. The output LS Type: Summary Links(Network) indicates that these are summary links. Summary LSAs are generated by an area border router (ABR) and will be displayed when you execute the summary keyword. These are Type 3 LSAs.

The router keyword was not used. If this keyword had been used, the LS Type line would have included Router Links instead of Summary Links. Router LSAs are Type 1 LSAs.

The network keyword was not used. If this keyword had been used the LS Type line would have included Network Links instead of Summary Links. Network LSAs are Type 2 LSAs.

The external keyword was not used. If this keyword had been used the LS Type line would have included AS External Links instead of Summary Links. External LSAs are Type 5 LSAs.

Objective:
Layer 3 Technologies
Sub-Objective:
Describe OSPF packet types

 

You are configuring BGP speakers RouterA and RouterB to authenticate one another. The following conditions exist: RouterA has an IP address of 192.168.5.3 RouterB has an IP address of 192.168.5.2 Both routers reside in AS 6550. Which of the following commands will result in successful authentication?

You are configuring BGP speakers RouterA and RouterB to authenticate one another. The following conditions exist:

RouterA has an IP address of 192.168.5.3

RouterB has an IP address of 192.168.5.2

Both routers reside in AS 6550.

Which of the following commands will result in successful authentication?

  • neighbor 192.168.5.2 password routera executed on RouterA
    neighbor 192.168.5.3 password routerb executed on RouterB
  • neighbor 192.168.5.2 password routerb executed on RouterA
    neighbor 192.168.5.3 password routera executed on RouterB
  • neighbor 192.168.5.2 password routera executed on RouterA
    neighbor 192.168.5.3 password routera executed on RouterB
  • neighbor 192.168.5.2 password routera executed on RouterA
  • neighbor 192.168.5.2 password routerb executed on RouterB
Explanation:
The following command pair should be used to configure successful authentication:

neighbor 192.168.5.2 password routera executed on RouterA
neighbor 192.168.5.3 password routera executed on RouterB

When setting the keys for authentication, the keys must match. The keys do not need to be the names of either router, and should be a combination of letters numbers and symbols. In this example, both keys are set to the value routera.

The following two command pairs are incorrect because the keys do not match:

neighbor 192.168.5.2 password routera executed on RouterA
neighbor 192.168.5.3 password routerb executed on RouterB

and

neighbor 192.168.5.2 password routerb executed on RouterA
neighbor 192.168.5.3 password routera executed on RouterB

If you executed the debug ip bgp command to perform troubleshooting with either of these configurations in place, the error message you would see would be as follows:

%TCP-6-BADAUTH: Invalid MD5 digest from 192.168.5.3 (12293) to 192.168.5.2 (179)

In the error message, the numbers in parentheses are the port numbers used for the attempted communication.

The single commands would be incorrect because the key has only been configured on one end:

neighbor 192.168.5.2 password routera executed on RouterA

and

neighbor 192.168.5.2 password routerb executed on RouterB

If you executed the debug ip bgp command to troubleshoot with either of these configurations in place, you would see the following message:

%TCP-6-BADAUTH: No MD5 digest from 192.168.5.3 (12293) to 192.168.5.2 (179)

Objective:
Layer 3 Technologies
Sub-Objective:
Describe, configure, and verify BGP peer relationships and authentication

 

The exhibit contains portions of RouterA’s BGP configuration and IP routing table. Which IP network addresses, that were not learned using BGP, will be present in BGP advertisements from RouterA?

The exhibit contains portions of RouterA’s BGP configuration and IP routing table.

300-410 Part 05 Q06 063

300-410 Part 05 Q06 063

Which IP network addresses, that were not learned using BGP, will be present in BGP advertisements from RouterA?

  • 172.16.0.0/16
  • 172.16.16.0/24
  • 172.16.24.0/20
  • No IGP networks will be advertised because synchronization is disabled.
Explanation:
The auto-summary command can affect which networks, identified by using the network command, will be advertised. Using the existing BGP configuration, the router will not announce the 172.16.16.0/24 subnet. Instead, it will announce the classful address 172.16.0.0/16 when the IP routing table maintained by the IGP contains any subnet of that classful address.

The network command directly affects what network is advertised in BGP. If the network command does not also include a network mask, and if auto-summary is enabled, the classful address of 172.16.0.0/16 is advertised any time that the router learns about a 172.16.0.0 subnet via its Interior Gateway Protocol (IGP), such as OSPF or EIGRP. In the exhibit, the routing table does contain entries of the 172.16.16.0/24 and 172.16.24.0/24 subnets that were learned by using the IGP.

If auto-summary is disabled by using the no auto-summary command, only networks in the routing table that are exact matches to the network commands are advertised. For example, to have the router announce only the 172.16.16.0/24 subnet learned via its IGP, you should alter the network command’s IP address and include the subnet mask as follows:

network 172.16.16.0 mask 255.255.255.0

A combination of network statements and route statements can be used to advertise a subset of networks that exist. Examine the output shown below:

router bgp 68410
network 192.168.24.0 255.255.252.0
neighbor 172.16.8.5 remote-as 68441
ip route 192.168.24.0 255.255.252.0 null 0

The router is configured to advertise a summary route to the network 192.168.24.0 255.255.252.0. Consider the following networks:

192.168.24.0/24
192.168.25.0/24
192.168.26.0/24
192.168.32.0/24

If this router was connected to those networks, and received a packet destined for 192.168.25.1, it would successfully route the packet because the summary address (where the summarization is the result of the mask 255.255.252.0) is designed to include all of the subnets above except for 192.168.32.0/24. Therefore, all subnets except 192.168.32.0/24 will be advertised by the network and ip route statements with the summary mask.

Note: Whenever changes are made to a routing policy or to an access list that is used by a routing policy, the change will not be reflected in the routing tables of the receiving routers until the BGP session has been cleared with the clear ip bgp command.

The BGP synchronization rule specifies that networks will not be advertised or used via iBGP unless it also has been learned through an IGP. If synchronization is disabled, iBGP will advertise a network without also learning it through an IGP.

Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify eBGP (IPv4 and IPv6 address families)

 

Refer to the following exhibit. You executed the following commands on all three routers in OSPF AS 1: The ipv6 cef command in the global configuration mode The interface serial command in the global configuration mode The ipv6 address command in the interface configuration mode The ipv6 ospf area command in the interface configuration mode You run the show ipv6 traffic command and observe that IPv6 packets are not being exchanged between the OSPF routers. Which of the following commands should be configured on the routers to fix the problem?

Refer to the following exhibit.

300-410 Part 05 Q05 061

300-410 Part 05 Q05 061

You executed the following commands on all three routers in OSPF AS 1:
The ipv6 cef command in the global configuration mode
The interface serial command in the global configuration mode
The ipv6 address command in the interface configuration mode
The ipv6 ospf area command in the interface configuration mode

You run the show ipv6 traffic command and observe that IPv6 packets are not being exchanged between the OSPF routers.

Which of the following commands should be configured on the routers to fix the problem?

  • ipv6 enable
  • ip address
  • ipv6 router ospf
  • ipv6 unicast-routing
Explanation:
The ipv6 unicast-routing command should be used on all of the routers to rectify the problem. The ipv6 unicast-routing command allows the forwarding of IPv6 packets. You should execute the ipv6 unicast-routing command in the global configuration mode.

A sample configuration to enable OSPF for IPv6 on the S0/1 interface of rtrA is as follows:

300-410 Part 05 Q05 062

300-410 Part 05 Q05 062

The ipv6 enable command is not required if an IPv6 address has been configured on an interface. If it is executed with no IPv6 addresses configured, the interfaces will use the link local IPv6 addresses that each interface generates automatically.

The ip address command is not required to fix the problem because this command is used to specify an IPv4 address to a router interface. The use of this command depends on the type of tunneling mechanism used. In this case, no tunneling mechanism is being used.

The ipv6 router ospf command does not rectify the problem because this command is used to enter the router configuration mode for OSPF for IPv6. Using this command is optional and does not affect the activation of OSPF for IPv6 on the routers.

Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify OSPF for IPv6

 

Click the Exhibit(s) button to view an EIGRP network. The partial output of the show running-config command on the rtrB router is as follows: Which of the following subnets are blocked through the Fa0/0 interface of rtrB while sending updates to rtrC? (Choose all that apply.)

Click the Exhibit(s) button to view an EIGRP network. The partial output of the show running-config command on the rtrB router is as follows:

 

300-410 Part 05 Q04 059

300-410 Part 05 Q04 059

300-410 Part 05 Q04 060

300-410 Part 05 Q04 060

Which of the following subnets are blocked through the Fa0/0 interface of rtrB while sending updates to rtrC? (Choose all that apply.)

  • 172.161.9.0/24
  • 172.161.35.0/18
  • 172.161.64.0/28
  • 172.161.88.0/22
  • 172.161.111.0/25
  • 172.161.247.0/30
Explanation:
The 172.161.9.0/24, 172.161.111.0/25 and 172.161.247.0/30 subnets are blocked through the Fa0/0 interface of rtrB while sending updates to rtrC. The following lines in the output create an IP prefix list named blk_A:

ip prefix-list blk_A deny 172.161.0.0/16 ge 24 le 30
ip prefix-list blk_A permit 0.0.0.0/0 le 32

The blk_A list blocks the subnets that exactly match the first 16 most significant bits as 172.161.0.0. The ge keyword indicate that the subnet mask for the 172.161.0.0 subnets must be greater than or equal to 24 bits. Similarly, the le keyword indicates that the mask for the 172.161.0.0 subnets should be less than or equal to 30 bits. Therefore, all subnets of 172.161.0.0 network with masks 24, 25, 26, 27, 28, 29, and 30 are blocked.

The second line permits all other routes to be passed on. The subnets that match the blk_A prefix list are 172.161.9.0/24, 172.161.111.0/25, 172.161.247.0/30, and 172.161.64.0/28.

The line distribute-list prefix blk_A out indicates that the distribute-list command applies the blk_A prefix list to all the outgoing interfaces. This implies that if rtrB receives an update about the 172.161.9.0/24, 172.161.111.0/25, 172.161.247.0/30 or 172.161.64.0/28 subnets, they are blocked. In this case, the 172.161.64.0/28 is not blocked through the Fa0/0 interface to rtrC because it is directly connected.

The 172.161.35.0/18 and 172.161.88.0/22 subnets are not blocked through the Fa0/0 interface of rtrB to rtrC. This is because both these subnets are outside the range of prefix masks 24 through 30; hence, these two subnets are allowed through the Fa0/0 interface.

Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify filtering with any protocol

 

Which conditions will prevent two EIGRP routers from becoming neighbors? (Choose two.)

Which conditions will prevent two EIGRP routers from becoming neighbors? (Choose two.)

  • Their K-values do not match.
  • Their hold times do not match.
  • Their AS numbers do not match.
  • Their hello intervals do not match.
Explanation:
EIGRP routers will not become neighbors if the K-values do not match or if the autonomous system (AS) numbers do not match. They also will not become neighbors if EIGRP is not enabled for the proper networks on the local and remote routers. However, routers can become neighbors if their hello intervals and hold times do not match.

The AS number is designed to control the routers with which a router can communicate. If the AS numbers do not match, EIGRP will not exchange routes between the two routers by design and definition.

The K-values are flags that state whether a certain metric component, such as Load, is used. They must match because they regulate how the metric values are calculated. If one router is just using bandwidth and delay to calculate its metric, and another is using bandwidth, delay, and load; they could make contradictory routing decisions that would lead to a routing loop. Because of this possibility, EIGRP requires that the K-values must match before it will allow the routers to exchange routes.

EIGRP does not require that the hello and hold times match. Although this flexibility can be helpful, it can also lead to unforeseen problems if they are accidentally mismatched. The hello interval is the amount of time in seconds to wait before sending another hello packet. The hold time is the amount of time in seconds to wait before declaring a link to be down.

Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify EIGRP neighbor relationship and authentication

 

You are configuring EIGRP on a spoke router in a hub-and-spoke topology. In an effort to keep the routing table small, the hub router has been configured to send only a default route to the remote routers. What command would you use on the spoke routers to enable them to send only connected and summary routes to the hub router, and prevent the hub router from sending a query to the spoke router when a route is lost elsewhere?

You are configuring EIGRP on a spoke router in a hub-and-spoke topology. In an effort to keep the routing table small, the hub router has been configured to send only a default route to the remote routers.

What command would you use on the spoke routers to enable them to send only connected and summary routes to the hub router, and prevent the hub router from sending a query to the spoke router when a route is lost elsewhere?

  • eigrp stub
  • eigrp stub static
  • eigrp passive
  • eigrp stub receive-only
Explanation:
The eigrp stub command is used to configure a router to send only connected and summary routes to its neighboring router. For example, examine the following output of the show ip route command that was executed on a router configured as a stub router:

router10#show ip route
C 172.16.5.0/24 is directly connected, Serial 0
D 192.168.7.0/24 [90/16523564] via 172.16.4.1, 00:21:20, Serial 1
D 172.16.0.0/16 is a summary, 00:21:23, Null 0
C 172.16.4.0/24 is directly connected, Serial 2

The routes that will be advertised are 172.16.5.0/24, 172.16.4.0/24, and the summary route 172.16.0.0/16. The first two is directly connected routes, and the last is the summary route that is auto configured by the EIGRP process.

When the stub feature is enabled on a router, the router will announce itself as a stub router. Neighbor routers will not query a stub router for alternate routes when a route is lost elsewhere in the network. The EIGRP stub feature works well in hub-and-spoke topologies when the goal is to minimize the amount of EIGRP bandwidth and processing associated with the spoke router. The eigrp stub command has the following syntax:

eigrp stub [receive-only | connected | static | summary]

When you do not specify any keywords with the command, connected and summary are used by default.
receive-only: Prevents the router from sending any connected or summary routes.
connected: Instructs the router to send connected routes.
static: Instructs the router to send static routes that were redistributed by using the redistribute static command.
summary: Instructs the router to send summary routes.

These parameters can be combined to resolve various problems, as seen in the following image:

300-410 Part 05 Q02 058

300-410 Part 05 Q02 058

Router A is not receiving the route to the 172.16.1.0/16 network because Router B, which stands between Router A and C, is configured with the eigrp stub-receive-only command. This is resulting in hosts from the corporate office being unable to connect to hosts in the 172.16.0.0/16 network. If there were a legitimate reason to keep Router B configured with the eigrp stub-receive-only command, the problem could be solved by executing the following command set on Router A:

routerA(config)# router eigrp 20
routerA(config-router)# ip summary-address eigrp 20 172.16.0.0 255.255.0.0
routerA(config-router)# eigrp stub connected summary

This command set would create a summary address for the 172.16.0.0/16 network and then advertise it to the corporate office as a result of using the eigrp stub connected summary command. The inclusion of the connected parameter ensures that the directly connected networks will also be advertised, to ensure that hosts in the corporate office can reach the 172.16.0.0/16 network.

The eigrp stub static command instructs the router to send static routes that were redistributed by using the redistribute static command. Examine the EIGRP configuration shown below:

<output omitted>
ip route 10.4.4.0 255.255.255.0 10.4.3.10
Route eigrp 200
No auto-summary
Redistribute static 1000 1 255 1 1500
Network 10.4.1.0 0.0.0.3.
Network 10.4.2.0 0.0.0.255
Eigrp stub static

With this configuration, the router would not advertise any of the networks defined in the network statements, but would only advertise the static route configured with the line ip route 10.4.4.0 255.255.255.0 10.4.3.10.

Eigrp passive is not a valid Cisco command.

Eigrp stub receive-only will cause the router to not advertise any routes. The router will only receive updates.

Objective:
Layer 3 Technologies
Sub-Objective:
Configure and verify EIGRP stubs