CCNP 642-832 EXAM 4

QUESTION 30

Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1

and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client 1 is not able to reach the WebServer at 209.65.200.241. Initial troubleshooting shows that R1 is also

not able to reach the WebServer. R1 also does not have any active BGP neighbor.

Configuration on R1

router bgp 65001

no synchronization

bgp log-neighbor-changes

network 209.65.200.224 mask 255.255.255.252

neighbor 209.65.200.226 remote-as 65002

no auto-summary

!

access-list 30 permit host 209.65.200.241

access-list 30 deny 10.1.0.0 0.0.255.255

access-list 30 deny 10.2.0.0 0.0.255.255

!

interface Serial0/0/0/1

ip address 209.65.200.224 255.255.255.252

ip nat outside

ip access-group 30 in

The Fault Condition is related to which technology?

A. IP Access

B. IP NAT

C. BGP

D. IPv4 layer 3 security

Answer: D

Explanation/Reference:

Explanation:

Based on the configuration shown, we can see that only the web server is allowed access on R1 according

to the access list. BGP uses TCP port 179 to establish a peering relationship, and we can see that the BGP

routers that needs to peer with R1 is not allowed to do so, so they are not able to exchange routes. So the

problem is with IP Access List.

QUESTION 31

Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client 1 is not able to reach the WebServer at 209.65.200.241. Initial troubleshooting shows that R1 is also

not able to reach the WebServer. R1 also does not have any active BGP neighbor.

Configuration on R1

router bgp 65001

no synchronization

bgp log-neighbor-changes

network 209.65.200.224 mask 255.255.255.252

neighbor 209.65.200.226 remote-as 65002

no auto-summary

!

access-list 30 permit host 209.65.200.241

access-list 30 deny 10.1.0.0 0.0.255.255

access-list 30 deny 10.2.0.0 0.0.255.255

!

interface Serial0/0/0/1

ip address 209.65.200.224 255.255.255.252

ip nat outside

ip access-group 30 in

What is the solution of the fault condition?

A. Under the ip access-list 30 configuration add the permit ip 209.65.200.224 0.0.0.3 any command

B. Remove Deny Statements from access-list 30

C. Change neighbor 209.65.200.226 remote-as 65002 statement to neighbor 209.65.200.226 remote-as

65001

D. Use extended access-list instead of standard access-list

Answer: A

Explanation/Reference:

Explanation:

Based on the configuration shown, we can see that only the web server is allowed access on R1 according

to the access list. BGP uses TCP port 179 to establish a peering relationship, and we can see that the BGP

routers that needs to peer with R1 is not allowed to do so, so they are not able to exchange routes. By

allowing all IP packets from the 209.65.200.224/30 network, BGP would be established and connectivity

would be restored.

QUESTION 32

Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1

and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP server.Configuration on DSW1

vlan access-map test1 10

drop

match ip address 10

!

vlan filter test1 vlan-list 10

!

ip access-list standard 10

permit 10.2.0.0 0.0.255.255

!

Interface VLAN10

ip address 10.2.1.1 255.255.255.0

!

On which device is the fault condition located?

A. R4

B. DSW1

C. Client 1

D. FTP Server

Answer: B

Explanation/Reference:

Explanation:

Since Client1 is not able to ping DSW1 we can deduce that the problem lies with DSW1. Upon closer

examination we see that the VLAN filter list being applied to this device is filtering out the network that

DSW is on.

QUESTION 33

Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1

and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP Server.

Configuration on DSW1

vlan access-map test1 10

drop

match ip address 10

!

vlan filter test1 vlan-list 10

!

ip access-list standard 10

permit 10.2.0.0 0.0.255.255

!

Interface VLAN10

ip address 10.2.1.1 255.255.255.0

!The Fault Condition is related to which technology?

A. VLAN ACL / Port ACL

B. InterVLAN communication

C. DHCP

D. IP Access List

Answer: A

Explanation/Reference:

Explanation:

Since Client1 is not able to ping DSW1 we can deduce that the problem lies with DSW1. Upon closer

examination we see that the VLAN filter list being applied to this device is filtering out the network that

DSW is on. So the problem is VLAN Access Map.

QUESTION 34

Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1

and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client 1 is getting an IP address from the DHCP server but is not able to ping DSW1 or the FTP.

Configuration on DSW1

vlan access-map test1 10

drop

match ip address 10

!

vlan filter test1 vlan-list 10

!

ip access-list standard 10

permit 10.2.0.0 0.0.255.255

!

Interface VLAN10

ip address 10.2.1.1 255.255.255.0

!

What is the solution of the fault condition?

A. Configurationure Static IP Address on Client 1

B. Change the IP Address of VLAN 10 on DSW1

C. Add Permit any statement to access-list 10

D. Under the global configuration mode Remove vlan filter test1 from DSW1

Answer: D

Explanation/Reference:

Explanation:

Since Client1 is not able to ping DSW1 we can deduce that the problem lies with DSW1.Upon closer

examination we see that the VLAN filter list being applied to this device is filtering out the network thatDSW is on. If we remove this filter list connectivity would be restored.

QUESTION 35

Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1

and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client one is getting a 169.x.x.x IP address and is not able to ping Client 2 or DSW1. Inital troubleshooting

shows that port Fa1/0/1 on ASW1 is in errdisable state.

Configuration on ASW1

Interface FastEthernet1/0/1

switchport mode access

switchport port-security

switchport port-security mac-address 0000.0000.0001

Interface FastEthernet1/0/2

switchport mode access

switchport port-security

switchport port-security mac-address 0000.0000.0002

On which device is the fault condition located?

A. DSW1

B. ASW1

C. Client 1

D. FTP Server

Answer: B

Explanation/Reference:

Explanation:

In this case we know that the client is unable to get an IP address via DHCP because it has an APIPA

(Automatic Private IP Addressing), which is a 169.x.x.x IP address. We also know that the switch port on

ASW1 is in an errdisable state, which tells us that the issue is with ASW1.

QUESTION 36

Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1

and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client one is getting a 169.x.x.x IP address and is not able to ping Client 2 or DSW1. Inital troubleshootingshows that port Fa1/0/1 on ASW1 is in errdisable state.

Configuration on ASW1

Interface FastEthernet1/0/1

switchport mode access

switchport port-security

switchport port-security mac-address 0000.0000.0001

Interface FastEthernet1/0/2

switchport mode access

switchport port-security

switchport port-security mac-address 0000.0000.0002

The Fault Condition is related to which technology?

A. VLAN Access Map

B. InterVLAN communication

C. DHCP

D. Port Security

Answer: D

Explanation/Reference:

Explanation:

The biggest issue is that the ASW1 switch port connecting the client is in errdisable state.Upon closer

examination, we can see that port security has been configured on this port to only allow clients with a

MAC address of 0000.0000.0001 to connect to the network. Since this is not the MAC address of Client1,

the issue is with the port security configuration.

QUESTION 37

Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1

and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client one is getting a 169.x.x.x IP address and is not able to ping Client 2 or DSW1. Inital troubleshooting

shows that port Fa1/0/1 on ASW1 is in errdisable state.

Configurationon ASW1

Interface FastEthernet1/0/1

switchport mode access

switchport port-security

switchport port-security mac-address 0000.0000.0001

Interface FastEthernet1/0/2

switchport mode access

switchport port-security

switchport port-security mac-address 0000.0000.0002

What is the solution of the fault condition?

A. Configurationure Static IP Address on Client 1B. Change the IP Address of VLAN 10 on DSW1

C. Issue shutdown command followed by no shutdown command on port fa1/0/1 -2 on ASW1

D. In Configuration mode, using the interface range Fa 1/0/1 -2, then no switchport-security interface

configuration commands. Then in exec mode clear errdisable interface fa 1/0/1, then clear errdisable

interface fa 1/0/2 commands

E. Issue no switchport port-security mac-address 0000.0000.0001 command on port fa1/0/1 -2 on ASW1

Answer: D

Explanation/Reference:

Explanation:

To allow Client1 to access the network, we must remove the port security configuration command that is

allowing only the device with a MAC address of 0000.0000.0001. Since this port will still be in an errdisable

state after this, we must also issue a shutdown/no shutdown to enable the port.

QUESTION 38

Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1

and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP Server.

They are able to ping each other.

Configuration on ASW1

Interface FastEthernet1/0/1

switchport mode access

switchport access vlan 1

!

Interface FastEthernet1/0/2

switchport mode access

switchport access vlan 1

On which device is the fault condition located?

A. DSW1

B. ASW1

C. Client 1

D. FTP Server

Answer: B

Explanation/Reference:

Explanation:

Since the Clients are getting ip 169.x.x.x, we know that DHCP is not working. However, upon closer

examination of the ASW1 configuration we can see that the problem is not with DHCP, but the fact that the

clients have been configured for the wrong VLAN. According to the network diagram, these clients should

be in VLAN 10, not VLAN 1 so the problem area is the configuration of ASW1.

QUESTION 39Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1

and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP Server.

They are able to ping each other.

Configuration on ASW1

Interface FastEthernet1/0/1

switchport mode access

switchport access vlan 1

!

Interface FastEthernet1/0/2

switchport mode access

switchport access vlan 1

The Fault Condition is related to which technology?

A. Access vlans

B. InterVLAN communication

C. DHCP

D. Port Security

Answer: A

Explanation/Reference:

Explanation:

Since the Clients are getting ip 169.x.x.x, we know that DHCP is not working. However, upon closer

examination of the ASW1 configuration we can see that the problem is not with DHCP, but the fact that the

clients have been configured for the wrong VLAN. According to the network diagram, these clients should

be in VLAN 10, not VLAN 1. So the problem is related to VLAN.

QUESTION 40

Following ticket consists of a problem description and existing configuration on the device.

TROUBLE TICKET STATEMENT:

The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1

and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status,

network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating

that client 1 cannot ping the 209.65.200.241 (internet Server).

show run

Client 1 and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1 or the FTP Server.

They are able to ping each other.

Configuration on ASW1

Interface FastEthernet1/0/1

switchport mode access

switchport access vlan 1!

Interface FastEthernet1/0/2

switchport mode access

switchport access vlan 1

What is the solution of the fault condition?

A. Given an IP address to VLAN 1 on DSW1

B. Change the IP Address of VLAN 10 on DSW1

C. In Configuration mode, using the interface range Fastethernet 1/0/1 -2, then switchport access vlan 10

command.

D. Give static IP addresses to Client 1 and Client 2

Answer: C

Explanation/Reference:

Explanation:

The "switchport access vlan 10" change on the ports connecting the clients will correctly add both clients

to the correct VLAN and move them from VLAN 1 to VLAN 10.

Leave a Reply