Cisco 400-101 Free Practice Questions

Answer: A,C,E 

Explanation: 

Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication, normal traffic passes through the port. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/configuration/guide/scg3750/sw8021x.pdf 

Answer: A,E 

Answer: A,B 

Explanation: 

IBGP routes have an Administrative distance of 200, while EBGP have an AD of 20. Here we see that the BGP routes have an AD value of 200. 

With OSPF, external routes fall under two categories, external type 1 and external type 2. 

The difference between the two is in the way the cost (metric) of the route is being calculated. The cost of a type 2 route is always the external cost, irrespective of the interior cost to reach that route. A type 1 cost is the addition of the external cost and the internal cost used to reach that route. The metric for E2 routes do not change when advertising to other routers. 

Answer: B,C 

Answer: A,C,H 

Answer: A,B,D 

Explanation: 

Basic Management TLV Set 

This set includes the following five TLVs used in LLDP: 

. Port description TLV: Provides a description of the port in an alpha-numeric format. The value equals the ifDescr object, if the LAN device supports RFC 2863. 

. System name TLV: Provides the system's assigned name in an alpha-numeric format. The value equals the sysName object, if the LAN device supports RFC 3418. 

. System description TLV: Provides a description of the network entity in an alpha-numeric format. This includes system's name and versions of hardware, operating system and networking software supported in the device. The value equals the sysDescr object, if the LAN device supports RFC 3418. 

. System capabilities TLV: Indicates the primary function(s) of the device and whether or not these functions are enabled in the device. The capabilities are indicated by two octects. Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device and Station respectively. Bits 8 through 15 are reserved. 

. Management address TLV: Indicates the addresses of the local LLDP agent. Other remote managers can use this address to obtain information related to the local device. 

Reference: http://www.eetimes.com/document.asp?doc_id=1272069 

Answer: B 

Explanation: 

Show NHRP: Examples 

The following is sample output from the show ip nhrp command: 

Router# show ip nhrp 

10.0.0.2 255.255.255.255, tunnel 100 created 0:00:43 expire 1:59:16 

TypE. dynamic Flags: authoritative 

NBMA address: 10.1111.1111.1111.1111.1111.1111.1111.1111.1111.11 

10.0.0.1 255.255.255.255, Tunnel0 created 0:10:03 expire 1:49:56 

TypE. static Flags: authoritative 

The fields in the sample display are as follows: 

Flags: 

authoritative—Indicates that the NHRP information was obtained from the Next Hop Server or router that maintains the NBMA-to-IP address mapping for a particular destination. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html 

Answer: A,C,D 

Explanation: 

Here are the steps: 

1. Configure a hostname for the router using these commands. 

yourname#configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

yourname (config)#hostname LabRouter 

LabRouter(config)# 

2. Configure a domain name with the ip domain-name command followed by whatever you would like your domain name to be. I used CiscoLab.com. 

LabRouter(config)#ip domain-name CiscoLab.com 

3. We generate a certificate that will be used to encrypt the SSH packets using the crypto key generate rsa command. 

Take note of the message that is displayed right after we enter this command. “The name for the keys will bE. LabRouter.CiscoLab.com” — it combines the hostname of the router along with the domain name we configured to get the name of the encryption key generated; this is why it was important for us to, first of all, configure a hostname then a domain name before we generated the keys. 

Notice also that it asks us to choose a size of modulus for the key we’re about to generate. 

The higher the modulus, the stronger the encryption of the key. For our example, we’ll use a modulus of 1024. 

Answer: C,E 

Explanation: 

It is good to know the UplinkFast and BackboneFast behavior before you start the migration process. 

Here, the Access1 switch runs Cisco IOS. This output is taken before migration to the rapid-PVST+ mode: 

Access1#show spanning-tree vlan 10 

VLAN0010 

Spanning tree enabled protocol ieee 

Root ID Priority 24586 

Address 0015.63f6.b700 

Cost 3019 

Port 107 (FastEthernet3/0/1) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 49162 (priority 49152 sys-id-ext 10) 

Address 000f.f794.3d00 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 300 

Uplinkfast enabled 

Interface Role Sts Cost Prio.Nbr Type 

Fa3/0/1 Root FWD 3019 128.107 P2p 

Fa3/0/2 Altn BLK 3019 128.108 P2p 

Access1#show spanning-tree summary 

Switch is in pvst mode 

Root bridge for: none 

Extended system ID is enabled 

Portfast Default is disabled 

PortFast BPDU Guard Default is enabled 

Portfast BPDU Filter Default is disabled 

Loopguard Default is disabled 

EtherChannel misconfig guard is enabled 

UplinkFast is enabled 

BackboneFast is enabled 

Configured Pathcost method used is short 

Name Blocking Listening Learning Forwarding STP Active 

VLAN0010 1 0 0 1 2 

VLAN0020 1 0 0 1 2 

2 vlans 2 0 0 2 4 

This output is taken after the mode is changed to rapid-PVST+: 

Access1#show spanning-tree vlan 10 

VLAN0010 

Spanning tree enabled protocol rstp 

Root ID Priority 24586 

Address 0015.63f6.b700 

Cost 3019 

Port 107 (FastEthernet3/0/1) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 49162 (priority 49152 sys-id-ext 10) 

Address 000f.f794.3d00 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 300 

UplinkFast enabled but inactive in rapid-pvst mode 

Interface Role Sts Cost Prio.Nbr Type 

Fa3/0/1 Root FWD 3019 128.107 P2p 

Fa3/0/2 Altn BLK 3019 128.108 P2p 

Access1#show spanning-tree summary 

Switch is in rapid-pvst mode 

Root bridge for: none 

Extended system ID is enabled 

Portfast Default is disabled 

PortFast BPDU Guard Default is enabled 

Portfast BPDU Filter Default is disabled 

Loopguard Default is disabled 

EtherChannel misconfig guard is enabled 

UplinkFast is enabled but inactive in rapid-pvst mode 

BackboneFast is enabled but inactive in rapid-pvst mode 

Configured Pathcost method used is short 

Name Blocking Listening Learning Forwarding STP Active 

VLAN0010 1 0 0 1 2 

VLAN0020 1 0 0 1 2 

2 vlans 2 0 0 2 4 

You can see in the show spanning-tree summary command output that UplinkFast and BackboneFast are enabled, but are inactive in rapid-PVST mode. 

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/72836-rapidpvst-mig-config.html#upback1 

Answer: D 

Explanation: 

Verifying the Configuration: Example In the following example, the show mpls l2transport vc command shows the following information (in bold) about the VCs: 

. VC 101 has been assigned a preferred path called Tunnel1. The default path is disabled because the preferred path specified that the default path should not be used if the preferred path fails. 

. VC 150 has been assigned an IP address of a loopback address on PE2. The default path can be used if the preferred path fails. 

Router# show mpls l2transport vc detail 

Local interface. Gi0/0/0.1 up, line protocol up, Eth VLAN 222 up 

Destination address: 10.16.16.16, VC ID. 101, VC status: up 

Preferred path: Tunnel1, active 

Default path: disabled

Tunnel label: 3, next hop point2point 

Output interfacE. Tu1, imposed label stack {17 16} 

Create timE. 00:27:31, last status change timE. 00:27:31 

Signaling protocol: LDP, peer 10.16.16.16:0 up 

MPLS VC labels: local 25, remote 16 

Group ID. local 0, remote 6 

MTU: local 1500, remote 1500 

Remote interface description: 

Sequencing: receive disabled, send disabled 

VC statistics: 

packet totals: receive 10, send 10 

byte totals: receive 1260, send 1300 

packet drops: receive 0, send 0 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2sr/12_2sra/feature/guide/srtunsel.html#wp10 57815 

Answer: C,F 

Answer: D 

Explanation: 

MED is an optional nontransitive attribute. MED is a hint to external neighbors about the preferred path into an autonomous system (AS) that has multiple entry points. The MED is also known as the external metric of a route. A lower MED value is preferred over a higher value. Example at reference link below: 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13759-37.html 

Answer: B 

Explanation: 

As noted above, when a route goes into the active state, the router queries its neighbors to find a path to the pertinent network. At this point, the router starts a three minute active timer by which time it must receive replies from all queried neighbors. If a neighbor has feasible successors for the route, it will recalculate its own local distance to the network and report this back. However, if a neighbor does not have a feasible successor, it also goes into active state. In some cases, multiple routers along multiple query paths will go into active state as routers continue to query for the desired route. In most cases, this process will yield responses from all queried routers and the sought after route will transition back into the passive state within the three minute SIA query timer. In the case that none of the queried routers can provide a feasible successor, the route is cleared. In some cases, a response is not received between two neighbor routers because of link failures, congestion or some other adverse condition in either the network or on the queried router, and the three minute active timer expires on the router originating the query. When this happens, the querying router that did not receive a response logs a “DUAL-3-SIA” or “stuck-in-active” error for the route and then drops and restarts its adjacency with the non-responding router 

Reference: http://www.packetdesign.com/resources/technical-briefs/diagnosing-eigrp-stuck-active 

Answer: D 

Explanation: 

A common problem when using Open Shortest Path First (OSPF) is routes in the database don't appear in the routing table. In most cases OSPF finds a discrepancy in the database so it doesn't install the route in the routing table. Often, you can see the Adv Router is not-reachable message (which means that the router advertising the LSA is not reachable through OSPF) on top of the link-state advertisement (LSA) in the database when this problem occurs. Here is an example: 

Adv Router is not-reachable 

LS agE. 418 

Options: (No TOS-capability, DC) 

LS TypE. Router 

Links Link State ID. 172.16.32.2 

Advertising Router: 172.16.32.2 

LS Seq Number: 80000002 

Checksum: 0xFA63 

Length: 60 

Number of Links: 3 

There are several reasons for this problem, most of which deal with mis-configuration or a broken topology. When the configuration is corrected the OSPF database discrepancy goes away and the routes appear in the routing table. 

Reason 1: Network Type Mismatch 

Let's use the following network diagram as an example: 

R4-4K 

R1-7010 

interface Loopback0 

ip address 172.16.33.1 255.255.255.255 

interface Serial2 

ip address 172.16.32.1 255.255.255.0 

ip ospf network broadcast 

router ospf 20 

network 172.16.0.0 0.0.255.255 area 0 

interface Loopback0 

ip address 172.16.30.1 255.255.255.255 

! 

interface Serial1/0 

ip address 172.16.32.2 255.255.255.0 

clockrate 64000 

router ospf 20 

network 172.16.0.0 0.0.255.255 area 0 

R4-4K(4)# show ip ospf interface serial 2 

Serial2 is up, line protocol is up 

Internet Address 172.16.32.1/24, Area 0 

Process ID 20, Router ID 172.16.33.1, Network Type BROADCAST, Cost: 64 

Transmit Delay is 1 sec, State DR, Priority 1 

Designated Router (ID) 172.16.33.1, Interface address 172.16.32.1 

Backup Designated router (ID) 172.16.32.2, Interface address 172.16.32.2 

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 

Hello due in 00:00:08 

Neighbor Count is 1, Adjacent neighbor count is 1 

Adjacent with neighbor 172.16.32.2 (Backup Designated Router) 

Suppress hello for 0 neighbor(s) 

R1-7010(5)# show ip ospf interface serial 1/0 

Serial1/0 is up, line protocol is up 

Internet Address 172.16.32.2/24, Area 0 

Process ID 20, Router ID 172.16.32.2, Network Type POINT_TO_POINT, Cost: 64 

Transmit Delay is 1 sec, State POINT_TO_POINT, 

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 

Hello due in 00:00:02 

Neighbor Count is 1, Adjacent neighbor count is 1 

Adjacent with neighbor 172.16.33.1 

Suppress hello for 0 neighbor(s) 

As you can see above, Router R4-4K is configured for broadcast, and Router R1-7010 is configured for point-to-point. This kind of network type mismatch makes the advertising router unreachable. 

R4-4K(4)# show ip ospf database router 172.16.32.2 

Adv Router is not-reachable 

LS agE. 418 

Options: (No TOS-capability, DC) 

LS TypE. Router Links 

Link State ID. 172.16.32.2 

Advertising Router: 172.16.32.2 

LS Seq Number: 80000002 

Checksum: 0xFA63 

Length: 60 

Number of Links: 3 

Link connected to: another Router (point-to-point) 

(Link ID) Neighboring Router ID. 172.16.33.1 

(Link Data) Router Interface address: 172.16.32.2 

Number of TOS metrics: 0 

TOS 0 Metrics: 64 

Link connected to: a Stub Network 

(Link ID) Network/subnet number: 172.16.32.0 

(Link Data) Network Mask: 255.255.255.0 

Number of TOS metrics: 0 

TOS 0 Metrics: 64 

R1-7010(5)# show ip ospf database router 172.16.33.1 

Adv Router is not-reachable 

LS agE. 357 

Options: (No TOS-capability, DC) 

LS TypE. Router Links 

Link State ID. 172.16.33.1 

Advertising Router: 172.16.33.1 

LS Seq Number: 8000000A 

Checksum: 0xD4AA 

Length: 48 

Number of Links: 2 

Link connected to: a Transit Network 

(Link ID) Designated Router address: 172.16.32.1 

(Link Data) Router Interface address: 172.16.32.1 

Number of TOS metrics: 0 

TOS 0 Metrics: 64 

You can see that for subnet 172.16.32.0/24, Router R1-7010 is generating a point-to-point link and Router R4-4K is generating a transit link. This creates a discrepancy in the link-state database, which means no routes are installed in the routing table. 

R1-7010(5)# show ip route 

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks 

C 172.16.32.0/24 is directly connected, Serial1/0 

C 172.16.30.1/32 is directly connected, Loopback0 

Solution 

To solve this problem, configure both routers for the same network type. You can either change the network type of Router R1-7010 to broadcast, or change Router R4-4K's serial interface to point-to-point. 

Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7112-26.html 

Answer: E 

Explanation: 

MED and AS path prepending can both be used to influence the way incoming traffic from other Autonomous Systems get sent to the local AS, but they provide no guarantee as the other AS ultimately has the final word in how they send traffic. Since local preference is preferred over MED in the BGP decision process, the other AS can configure local preference to override the MED settings you have configured.