yu

VPN Questions

Question 1
Which is the way to enable the control word in an L2 VPN dynamic pseudowire connection on router R1?
A.
R1(config)# pseudowire-class cw-enable
R1(config-pw-class)# encapsulation mpls
R1(config-pw-class)# set control-word
B.
R1(config)# pseudowire-class cw-enable
R1(config-pw-class)# encapsulation mpls
R1(config-pw-class)# enable control-word
C.
R1(config)# pseudowire-class cw-enable
R1(config-pw-class)# encapsulation mpls
R1(config-pw-class)# default control-word
D.
R1(config)# pseudowire-class cw-enable
R1(config-pw-class)# encapsulation mpls
R1(config-pw-class)# control-word

Answer: D
Question 2
Refer to the exhibit.
R1
!
ip vrf R2
rd 1:1
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.252
!
router eigrp 100
no auto-summary
address-family ipv4 vrf R2
network 192.168.0.0 0.0.0.255
!
R2
!
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.252
!
router eigrp 100
no auto-summary
network 192.168.0.2 0.0.0.1
!
Which two corrective actions could you take if EIGRP routes from R2 fail to reach R1? (Choose two)
A. Configure R2 to use a VRF to send routes to R1.
B. Configure the autonomous system in the EIGRP configuration of R1.
C. Correct the network statement on R2.
D. Add the interface on R1 that is connected to R2 into a VRF.

Answer: B D
Explanation
In this question we are running VRF Lite on R1. VRF Lite is also knows as “VRF without running MPLS”. This is an example of how to configure VRF Lite with EIGRP:
ip vrf FIRST
rd 1:1
!
ip vrf SECOND
rd 1:2
!
router eigrp 1
no auto-summary
!
address-family ipv4 vrf FIRST
network 10.1.1.1 0.0.0.0
no auto-summary
autonomous-system 200
exit-address-family
!
address-family ipv4 vrf SECOND
network 10.1.2.1 0.0.0.0
no auto-summary
autonomous-system 100
exit-address-family
!
interface FastEthernet0/0
ip vrf forwarding FIRST
ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/1
ip vrf forwarding SECOND
ip address 10.1.2.1 255.255.255.0
The above example creates two VRFs (named “FIRST” and “SECOND”). VRF “FIRST” runs on EIGRP AS 200 while VRF “SECOND” runs on EIGRP AS 100. After that we have to add interfaces to the appropriate VRFs. From this example, back to our question we can see that R1 is missing the “autonomous-system …” command under “address-family ipv4 vrf R2″. And R1 needs an interface configured under that VRF.
Note: R2 does not run VRF at all! Usually R2 resides on customer side.
Question 3
Refer to the exhibit.
VPN_route-target_import_export.jpg
Which two statements about the VPN solution are true? (Choose two)
A. Customer A and customer B will exchange routes with each other.
B. R3 will advertise routes received from R1 to R2.
C. Customer C will communicate with customer A and B.
D. Communication between sites in VPN1 and VPN2 will be blocked.
E. R1 and R2 will receive VPN routes advertised by R3.

Answer: C E (and D ?)
Explanation
+ VPN1 exports 10:1 while VPN3 imports 10:1 so VPN3 can learn routes of VPN1.
+ VNP1 imports 10:1 while VNP3 export 10:1 so VNP1 can learn routes of VPN3.
-> Customer A can communicate with Customer C
+ VPN2 exports 20:1 while VPN3 imports 20:1 so VPN3 can learn routes of VPN2.
+ VPN2 imports 20:1 while VPN3 exports 20:1 so VPN2 can learn routes of VPN3.
-> Customer B can communicate with Customer C
Therefore answer C is correct.
Also answer E is correct because R1 & R2 import R3 routes.
Answer A is not correct because Customer A & Customer B do not import routes which are exported by other router. Customer A & B can only see Customer C.
Answer B is not correct because a router never exports what it has learned through importation. It only exports its own routes.
Answer D is correct because two VPN1 and VPN2 cannot see each other. Maybe in this question there are three correct answers.
Question 4
Refer to the exhibit.
vrf definition one
rd 1:1
route-target export 100:1
route-target import 100:1
!
address-family ipv4
route-target import 100:2
exit-address-family
!
address-family ipv6
route-target export 100:3
route-target import 100:3
exit-address-family
Which statement is true about a VPNv4 prefix that is present in the routing table of vrf one and is advertised from this router?
A. The prefix is advertised only with route target 100:1.
B. The prefix is advertised with route targets 100:1 and 100:2.
C. The prefix is advertised only with route target 100:3.
D. The prefix is not advertised.
E. The prefix is advertised with route targets 100:1,100:2, and 100:3.

Answer: A
Question 5
What is the purpose of Route Target Constraint?
A. to avoid using route reflectors in MPLS VPN networks
B. to avoid using multiple route distinguishers per VPN in MPLS VPN networks
C. to be able to implement VPLS with BGP signaling
D. to avoid sending unnecessary BGP VPNv4 or VPNv6 updates to the PE router
E. to avoid BGP having to perform route refreshes

Answer: D
Explanation
Some service providers have a very large number of routing updates being sent from RRs to PEs, using considerable resources. A PE does not need routing updates for VRFs that are not on the PE; therefore, the PE determines that many routing updates it receives are “unwanted.” The PE can filter out the unwanted updates using Route Target Constraint.
Question 6
Refer to the exhibit.
interface GigabitEthernet0
ip vrf forwarding Mgmt-intf
ip address 1.1.1.1 255.255.255.0
!
ip access-list extended telnet-acl
permit tcp any 1.1.1.1 0.0.0.0 eq 23 log
!
line vty 0 4
access-class telnet-acl in
transport input telnet
Why is the router not accessible via Telnet on the GigabitEthernet0 management interface?
A. The wrong port is being used in the telnet-acl access list.
B. The subnet mask is incorrect in the telnet-acl access list.
C. The log keyword needs to be removed from the telnet-acl access list..
D. The access class needs to have the vrf-also keyword added.

Answer: D
Explanation
The correct command should be “access-class telnet-acl in vrf-also”. If you do not specify the vrf-also keyword, incoming Telnet connections from interfaces that are part of a VRF are rejected.
Question 7
Refer to the exhibit.
!
ip vrf Cust123
rd 200:3000
export map Cust123mgmt
route-target export 200:3000
!
route-map Cust123mgmt permit 10
set extcommunity rt 200:9999
What will be the extended community value of this route?
A. RT:200:3000 RT:200:9999
B. RT:200:9999 RT:200:3000
C. RT:200:3000
D. RT:200:9999

Answer: D
Previous
Next Post »