20 01 2012
CCNP 642-832 EXAM 4
QUESTION 30
Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1
and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client 1 is not able to reach the WebServer at 209.65.200.241. Initial troubleshooting shows that R1 is also
not able to reach the WebServer. R1 also does not have any active BGP neighbor.
Configuration on R1
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.65.200.226 remote-as 65002
no auto-summary
!
access-list 30 permit host 209.65.200.241
access-list 30 deny 10.1.0.0 0.0.255.255
access-list 30 deny 10.2.0.0 0.0.255.255
!
interface Serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
ip access-group 30 in
The Fault Condition is related to which technology?
A. IP Access
B. IP NAT
C. BGP
D. IPv4 layer 3 security
Answer: D
Explanation/Reference:
Explanation:
Based on the configuration shown, we can see that only the web server is allowed access on R1 according
to the access list. BGP uses TCP port 179 to establish a peering relationship, and we can see that the BGP
routers that needs to peer with R1 is not allowed to do so, so they are not able to exchange routes. So the
problem is with IP Access List.
QUESTION 31
Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client 1 is not able to reach the WebServer at 209.65.200.241. Initial troubleshooting shows that R1 is also
not able to reach the WebServer. R1 also does not have any active BGP neighbor.
Configuration on R1
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.65.200.226 remote-as 65002
no auto-summary
!
access-list 30 permit host 209.65.200.241
access-list 30 deny 10.1.0.0 0.0.255.255
access-list 30 deny 10.2.0.0 0.0.255.255
!
interface Serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
ip access-group 30 in
What is the solution of the fault condition?
A. Under the ip access-list 30 configuration add the permit ip 209.65.200.224 0.0.0.3 any command
B. Remove Deny Statements from access-list 30
C. Change neighbor 209.65.200.226 remote-as 65002 statement to neighbor 209.65.200.226 remote-as
65001
D. Use extended access-list instead of standard access-list
Answer: A
Explanation/Reference:
Explanation:
Based on the configuration shown, we can see that only the web server is allowed access on R1 according
to the access list. BGP uses TCP port 179 to establish a peering relationship, and we can see that the BGP
routers that needs to peer with R1 is not allowed to do so, so they are not able to exchange routes. By
allowing all IP packets from the 209.65.200.224/30 network, BGP would be established and connectivity
would be restored.
QUESTION 32
Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1
and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP server.Configuration on DSW1
vlan access-map test1 10
drop
match ip address 10
!
vlan filter test1 vlan-list 10
!
ip access-list standard 10
permit 10.2.0.0 0.0.255.255
!
Interface VLAN10
ip address 10.2.1.1 255.255.255.0
!
On which device is the fault condition located?
A. R4
B. DSW1
C. Client 1
D. FTP Server
Answer: B
Explanation/Reference:
Explanation:
Since Client1 is not able to ping DSW1 we can deduce that the problem lies with DSW1. Upon closer
examination we see that the VLAN filter list being applied to this device is filtering out the network that
DSW is on.
QUESTION 33
Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1
and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP Server.
Configuration on DSW1
vlan access-map test1 10
drop
match ip address 10
!
vlan filter test1 vlan-list 10
!
ip access-list standard 10
permit 10.2.0.0 0.0.255.255
!
Interface VLAN10
ip address 10.2.1.1 255.255.255.0
!The Fault Condition is related to which technology?
A. VLAN ACL / Port ACL
B. InterVLAN communication
C. DHCP
D. IP Access List
Answer: A
Explanation/Reference:
Explanation:
Since Client1 is not able to ping DSW1 we can deduce that the problem lies with DSW1. Upon closer
examination we see that the VLAN filter list being applied to this device is filtering out the network that
DSW is on. So the problem is VLAN Access Map.
QUESTION 34
Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1
and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP.
Configuration on DSW1
vlan access-map test1 10
drop
match ip address 10
!
vlan filter test1 vlan-list 10
!
ip access-list standard 10
permit 10.2.0.0 0.0.255.255
!
Interface VLAN10
ip address 10.2.1.1 255.255.255.0
!
What is the solution of the fault condition?
A. Configurationure Static IP Address on Client 1
B. Change the IP Address of VLAN 10 on DSW1
C. Add Permit any statement to access-list 10
D. Under the global configuration mode Remove vlan filter test1 from DSW1
Answer: D
Explanation/Reference:
Explanation:
Since Client1 is not able to ping DSW1 we can deduce that the problem lies with DSW1.Upon closer
examination we see that the VLAN filter list being applied to this device is filtering out the network thatDSW is on. If we remove this filter list connectivity would be restored.
QUESTION 35
Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1
and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client one is getting a 169.x.x.x IP address and is not able to ping Client 2 or DSW1. Inital troubleshooting
shows that port Fa1/0/1 on ASW1 is in errdisable state.
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0001
Interface FastEthernet1/0/2
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0002
On which device is the fault condition located?
A. DSW1
B. ASW1
C. Client 1
D. FTP Server
Answer: B
Explanation/Reference:
Explanation:
In this case we know that the client is unable to get an IP address via DHCP because it has an APIPA
(Automatic Private IP Addressing), which is a 169.x.x.x IP address. We also know that the switch port on
ASW1 is in an errdisable state, which tells us that the issue is with ASW1.
QUESTION 36
Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1
and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client one is getting a 169.x.x.x IP address and is not able to ping Client 2 or DSW1. Inital troubleshootingshows that port Fa1/0/1 on ASW1 is in errdisable state.
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0001
Interface FastEthernet1/0/2
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0002
The Fault Condition is related to which technology?
A. VLAN Access Map
B. InterVLAN communication
C. DHCP
D. Port Security
Answer: D
Explanation/Reference:
Explanation:
The biggest issue is that the ASW1 switch port connecting the client is in errdisable state.Upon closer
examination, we can see that port security has been configured on this port to only allow clients with a
MAC address of 0000.0000.0001 to connect to the network. Since this is not the MAC address of Client1,
the issue is with the port security configuration.
QUESTION 37
Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1
and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client one is getting a 169.x.x.x IP address and is not able to ping Client 2 or DSW1. Inital troubleshooting
shows that port Fa1/0/1 on ASW1 is in errdisable state.
Configurationon ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0001
Interface FastEthernet1/0/2
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0002
What is the solution of the fault condition?
A. Configurationure Static IP Address on Client 1B. Change the IP Address of VLAN 10 on DSW1
C. Issue shutdown command followed by no shutdown command on port fa1/0/1 -2 on ASW1
D. In Configuration mode, using the interface range Fa 1/0/1 -2, then no switchport-security interface
configuration commands. Then in exec mode clear errdisable interface fa 1/0/1, then clear errdisable
interface fa 1/0/2 commands
E. Issue no switchport port-security mac-address 0000.0000.0001 command on port fa1/0/1 -2 on ASW1
Answer: D
Explanation/Reference:
Explanation:
To allow Client1 to access the network, we must remove the port security configuration command that is
allowing only the device with a MAC address of 0000.0000.0001. Since this port will still be in an errdisable
state after this, we must also issue a shutdown/no shutdown to enable the port.
QUESTION 38
Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1
and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP Server.
They are able to ping each other.
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport access vlan 1
!
Interface FastEthernet1/0/2
switchport mode access
switchport access vlan 1
On which device is the fault condition located?
A. DSW1
B. ASW1
C. Client 1
D. FTP Server
Answer: B
Explanation/Reference:
Explanation:
Since the Clients are getting ip 169.x.x.x, we know that DHCP is not working. However, upon closer
examination of the ASW1 configuration we can see that the problem is not with DHCP, but the fact that the
clients have been configured for the wrong VLAN. According to the network diagram, these clients should
be in VLAN 10, not VLAN 1 so the problem area is the configuration of ASW1.
QUESTION 39Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1
and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP Server.
They are able to ping each other.
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport access vlan 1
!
Interface FastEthernet1/0/2
switchport mode access
switchport access vlan 1
The Fault Condition is related to which technology?
A. Access vlans
B. InterVLAN communication
C. DHCP
D. Port Security
Answer: A
Explanation/Reference:
Explanation:
Since the Clients are getting ip 169.x.x.x, we know that DHCP is not working. However, upon closer
examination of the ASW1 configuration we can see that the problem is not with DHCP, but the fact that the
clients have been configured for the wrong VLAN. According to the network diagram, these clients should
be in VLAN 10, not VLAN 1. So the problem is related to VLAN.
QUESTION 40
Following ticket consists of a problem description and existing configuration on the device.
TROUBLE TICKET STATEMENT:
The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1
and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,
network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating
that client 1 cannot ping the 209.65.200.241 (internet Server).
show run
Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP Server.
They are able to ping each other.
Configuration on ASW1
Interface FastEthernet1/0/1
switchport mode access
switchport access vlan 1!
Interface FastEthernet1/0/2
switchport mode access
switchport access vlan 1
What is the solution of the fault condition?
A. Given an IP address to VLAN 1 on DSW1
B. Change the IP Address of VLAN 10 on DSW1
C. In Configuration mode, using the interface range Fastethernet 1/0/1 -2, then switchport access vlan 10
command.
D. Give static IP addresses to Client 1 and Client 2
Answer: C
Explanation/Reference:
Explanation:
The "switchport access vlan 10" change on the ports connecting the clients will correctly add both clients
to the correct VLAN and move them from VLAN 1 to VLAN 10.
CCNP 642-832 EXAM 3 CCNP 642-832 EXAM 5