DUMPS BASE
EXAM DUMPS
CISCO 300-135
28% OFF Automatically For You Troubleshooting and Maintaining Cisco IP Networks
1.Refer to the statement.
How to correct it? A. change the source IP of tunnel0 B. change the destination IP of tunnel0 C. add tunnel key D. add static route to tunnel0 destination Answer: D Explanation: The %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error message means that the generic routing encapsulation (GRE) tunnel router has discovered a recursive routing problem. This condition is usually due to one of these causes: + A misconfiguration that causes the router to try to route to the tunnel destination address using the tunnel interface itself (recursive routing) + A temporary instability caused by route flapping elsewhere in the network So in this question maybe there is something wrong with the tunnel destination so we should add static route to solve it. Reference: https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gatewayroutingprotocoleigrp/22327-gre-flap.html
2.Something related to a firewall in the middle of the path and how to make it reachable. Which port should be allowed? A. port 47 B. port 50 C. TCP port 1723 Answer: C Explanation: The Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to an enterprise server by creating a VPN across TCP/IP-based data networks. PPTP encapsulates PPP packets into IP datagrams for transmission over the Internet or other public TCP/IP-based networks. PPTP establishes a tunnel for each communicating PPTP network server (PNS)-PPTP Access Concentrator (PAC) pair. After the tunnel is set up, PPP packets are exchanged using enhanced generic routing encapsulation (GRE). A call ID present in the GRE header indicates the session to which a particular PPP packet belongs. Network Address Translation (NAT) translates only the IP address and the port
number of a PPTP message. Static and dynamic NAT configurations work with PPTP without the requirement of the PPTP application layer gateway (ALG). However, Port Address Translation (PAT) configuration requires the PPTP ALG to parse the PPTP header and facilitate the translation of call IDs in PPTP control packets. NAT then parses the GRE header and translates call IDs for PPTP data sessions. The PPTP ALG does not translate any embedded IP address in the PPTP payload. The PPTP ALG is enabled by default when NAT is configured. NAT recognizes PPTP packets that arrive on the default TCP port, 1723, and invokes the PPTP ALG to parse control packets. NAT translates the call ID parsed by the PPTP ALG by assigning a global address or port number. Based on the client and server call IDs, NAT creates two doors based on the request of the PPTP ALG. (A door is created when there is insufficient information to create a complete NATsession entry. A door contains information about the source IP address and the destination IP address and port.) Two NAT sessions are created (one with the server call ID and the other with the client call ID) for two-way data communication between the client and server. NAT translates the GRE packet header for data packets that complies with RFC 2673. Reference: https://www.cisco.com/c/en/us/td/docs/iosxml/ios/ipaddr_nat/configuration/xe-16/natxe16-book/iadnat-pptp-pat.html
3.What is the output of the “show crypto ipsec sa | in indent”? A. local ident (addr/mask/prot/port): (20.1.1.1/255.255.255.0/0/47) B. local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0) C. local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/47) D. local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/1723/0) E. local ident (addr/mask/prot/port): (20.1.1.1/255.255.255.0/0/0) Answer: E Explanation: (note: If there is no “20.1.1.1/255.255.255.0/0/0” answer then we shoud choose “20.1.1.1/255.255.255.0/47/0” answer) This command show Phase 2 tunnel information (IPsec security associations (SAs) built between peers). An example of an encrypted tunnel is built between 20.1.1.1 and 10.1.1.1 and the output of the “show crypto ipsec sa” command is shown below:
The line “local ident (addr/mask/prot/port)� means local selector that is used for encryption and decryption.
4.What should be the next step after the problem is solved? A. document it B. knowledge transfer C. result analysis Answer: A Explanation: Cisco has broken this process into eight steps: 5. Define the problem. 6. Gather detailed information. 7. Consider probable cause for the failure. 8. Devise a plan to solve the problem. 9. Implement the plan. 10. Observe the results of the implementation. 11. Repeat the process if the plan does not resolve the problem. 12. Document the changes made to solve the problem. Although some online document does not mention about step 8 (document the changes) (like the link
http://www.ciscopress.com/articles/article.asp?p=1578504&seqNum=2) but this step is very important so that repeated issue can be solved quickly in the future.
13.Loopback from R1 can’t ping loopback of R3 (192.168.254.1/24). An ACL is configured on R3 that only permits 192.168.0.0 0.0.0.255. What changes need to occur so R1 can ping R3 loopback? A. ip access-list extended 101 no 30 30 permit 192.168.0.0 0.0.0.255 B. ip access-list extended 101 no 30 30 permit 192.168.0.0 0.0.255.255 C. ip access-list extended 101 no 100 Answer: B Explanation: (Modify access-list, no entry 30 and re-add it changing the netmask to 192.168.0.0 0.0.255.255)
14.Which enables uRPF? A. enable CEF B. enable VRF Answer: A
15.Which command is used to check the SSH version? A. show ip ssh B. show crypto key mypubkey rsa C. show ssh sessions Answer: A Explanation: R1# show ip ssh Connection Version Encryption Username HMAC Server Hostkey IP Address Inbound: 1 SSH-2 3des-cbc Raymond hmac-sha1 ssh-dss 10.120.54.2 Outbound: 6 SSH-2 aes256-cbc Steve hmac-sha1 ssh-dss 10.37.77.15 SSH-v2.0 enabled; hostkey: DSA(1024), RSA(2048)
16.PMTUD (Path MTU Discovery) not working, what is the issue?
A. Local router MTU is 1500 B. Local router MTU is 1400 C. Router in the path has “no ip host unreachable� configured D. Router in path has ICMP Redicrects enabled Answer: C
17.Topology with three switches which are connected to each other via Gi0/0 & Gi0/1. All interfaces are configured in VLAN 100 and voice VLAN 101. Duplex mismatch between two switches (one interface in full duplex which the opposite interface in half duplex). Spanning tree is detecting a loop in the network, what is causing the loop. A. duplex mismatch B. speed mismatch C. vlan missconfiguration Answer: A Explanation: Duplex mismatch is a configuration issue where one side of the network is set to one duplex mode and the other to another duplex mode. Having one bridge on half duplex and the other on full duplex results in collisions that cause bridging loops
18.Which statement about the INTERNET ACL is true? ipv6 access-list INTERNET permit ipv6 2001:DB8:AD59:BA21::/64 2001:DB8:C0AB:BA::/64 permit tcp 2001:DB8:AD59:BA21::/64 2001:DB8:C0AB:BA13::/64 eq telnet permit tcp 2001:DB8:AD59:BA21::/64 any eq http permit ipv6 2001:DB8:AD59::/48 any deny ipv6 any any log A. The denied entries will be logged because of the explicit deny ipv6 any any log line B. A packet with source address of 2001:DB80:AD59:BA21:101:CAB:64:38 destined to port 80 will be permitted C. HTTPS traffic from the 2001:DB80:AD59:BA21::/64 subnet will automatically be permitted along with HTTP traffic D. A packet with source address 2001:DB8:AD59:ACC0:2020:882:DB8:1125 will be denied Answer: A
19.Something related to permit FTP in all management hosts A. Policy-map B. Control-plane C. Access-list D. Class-map
Answer: B
20. HSRP Case You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the network problems.
You have received notification from network monitoring system that link between R1 and R5 is down and you noticed that the active router for HSRP group 1 has not failed
over to the standby router for group 1. You are required to troubleshoot and identify the issue. A. There is an HSRP group track command misconfiguration B. There is an HSRP group priority misconfiguration C. There is an HSRP authentication misconfiguration D. There is an HSRP group number mismatch E. This is not an HSRP issue; this is routing issue. Answer: A Explanation: When looking at the HSRP configuration of R1, we see that tracking has been enabled, but that it is not tracking the link to R5, only the link to R2:
R1 should be tracking the Eth 0/1 link, not 0/0 to achieve the desired affect.
21.The following debug messages are noticed for HSRP group 2. But still neither R1 nor R2 has identified one of them as standby router. Identify the reason causing the issue. Note: only show commands can be used to troubleshoot the ticket. R1# 'Mar 26 11:17:39.234: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254 'Mar 26 11:17:40.034: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP 172.16.10.254 R1#
'Mar 26 11:17:40.364: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254 R1# 'Mar 26 11:17:41.969: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254 172.16.20.254 'Mar 26 11:17:53.338: HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri130vlP 172.16.10.254 'Mar 26 11:17:53.633: HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254 A. HSRP group priority misconfiguration B. There is an HSRP authentication misconfiguration C. There is an HSRP group number mismatch D. This is not an HSRP issue: this is DHCP issue. E. The ACL applied to interface is blocking HSRP hello packet exchange Answer: E Explanation: On R1 we see that access list 102 has been applied to the Ethernet 1/0 interface:
This access list is blocking all traffic to the 224.0.0.102 IP address, which is the multicast address used by HSRP.
GET FULL VERSION OF 300-135 DUMPS