Multi Protocol Label Switching (MPLS) is a data-carrying mechanism that belongs to the family of packet-switched networks. For an MPLS label, if the stack bit is set to1, which option is true?
A. The stack bit will only be used when LDP is the label distribution protocol
B. The label is the last entry in the label stack.
C. The stack bit is for Cisco implementations exclusively and will only be used when TDP is the label
D. The stack bit is reserved for future use.
Graceful Restart Router Operation
Graceful Restart Initiation
The restarting router becomes aware that it should start the graceful restart process when the network administrator issues the appropriate command or when an RP reloads and forces and Redundancy Facility (RF) switchover. The length of the grace period can be set by the network administrator or calculated by the OSPF software of the restarting router. In order to prevent the LSAs from the restarting router from aging out, the grace period should no t exceed an LSA refresh time of 1800 seconds. In preparation for graceful restart, the restarting router must perform the following action before its software can be reloaded: The restarting router must ensure that its forwarding table is updated and will remain in place during the restart. No OSPF shutdown procedures are performed since neighbor routers must act as if the restarting router is still in service. The OSPF software is reloaded on the router (it undergoes graceful restart). OSPF Processes during Graceful Restart After the router has reloaded; it must modify its OSPF processes until it reestablishes full adjacencies with all former fully adjacent OSPF neighbors. During graceful restart, the restarting router modifies its OSPF processes in the following ways:
The restarting router does not originate LSAs with LS types 1, 5, or 7 so that the other routers in the OSPF domain will use the LSAs that the restarting router had originated prior to reloading. The router does not modify or flush any self-originated LSAs. The restarting router runs its OSPF routing calculations in order to return any OSPF virtual links to operation.
However, the restarting router does not install OSPF routes into the system’s forwarding table, and the router relies on the forwarding entries that it had installed prior to undergoing the graceful restart process. If the restarting router determines that is was the Designated Router on a given segment prior to the graceful restart, it will reelect itself.
Graceful Restart Process Exit
The restarting router exits the graceful restart process when one of the following events occur:
The router has reestablished all adjacencies. The graceful restart was successful. The router receives an LSA that is inconsistent with an LSA from the same router prior to the graceful restart. The inconsistency can be mean either that the router does not support the graceful restart feature or that the router has terminated its helper mode for some reason. The graceful restart was unsuccessful. The grace period has expired. The graceful restart was not successful. Once the restarting router has completed the graceful restart process, it returns to normal OSPF operation, reoriginating LSAs based on the current state of the router and updating its forwarding tables based on current link-state database contents. At this time, it flushes the grace-lsa’s that it had originated during the initiation of the graceful restart process.
You work as a network engineer for the company, you want to configure two BGP speakers to
form an EBGP session across a firewall. On the engineer’s network, the firewall always permits
TCP sessions that are initiated from the inside network (the network attached to the inside
interface of the firewall). What prerequisite is there for enabling BGP to run on this network?
A. EBGP multihop will need to be configured for this to work.
B. This should work with normal BGP peering, with no additional configuration on the BGP speakers
or the firewall.
C. The BGP protocol port must be opened on the firewall
D. There is no way to make BGP work across a firewall.
If TCP Port 179 is open for BGP than eBGP multihop must also be enabled Because BGP uses unicast TCP packets on port 179 to communicate with its peers, you can configure PIX1 and PIX2 to allow unicast traffic on TCP port 179. This way, BGP peering can be established between the routers that are connected through the firewall. Redundancy and the desired routing policies can be achieved through the manipulation of the BGP attributes.
The neighbor ebgp-multihop command enables BGP to override the default one hop eBGP limit because it changes the Time to Live (TTL) of eBGP packets from the default value of 1
ASA/PIX: BGP through ASA Configuration Example
For the following LMI types, which three can be configured for use with Frame Relay on a Cisco
router? (Choose three.)
B. ANSI – Annex D
C. Q.931 – Annex B
D. Q.933 – Annex A
ANSI-617d (ANSI or annex D) LMI type, DLCI 0
: Serial1(in): Status, myseq 3
: RT IE 1, length 1, type 0
: KA IE 3, length 2, yourseq 4 , myseq 3
: PVC IE 0? , length 0? , dlci 100, status 0?
: PVC IE 0? , length 0? , dlci 200, status 0?
Q933a (CCITT or annex A) LMI type, DLCI 0
: Serial1(in): Status, myseq 1
: RT IE 51, length 1, type 0
: KA IE 53, length 2, yourseq 2 , myseq 1
: PVC IE 0?7, length 0? , dlci 100, status 0?
: PVC IE 0?7, length 0? , dlci 200, status 0?
Cisco LMI type, DLCI 1023
: Serial1(in): Status, myseq 68
: RT IE 1, length 1, type 0
: KA IE 3, length 2, yourseq 68, myseq 68
: PVC IE 0? , length 0? , dlci 100, status 0? , bw 0 : PVC IE 0? , length 0? , dlci 200, status 0? , bw 0
A user has no network connectivity. A check of the associated port indicates that the interface is up, the line protocol is down. Which item would most likely cause this problem?
A. Speed mismatch
B. Incorrect encapsulation
C. MTU set too low
D. Duplex mismatch
If there is duplex mismatch, there will be connectivity, but there will be errors and late collisions. Incorrect encapsulation – This is a user connectivity, so it is an ethernet connection, no encapsulation configuration.
If MTU is different on each device or too low, there might problems in data transfer but the line protocol will not go down
Which three statements are true about Source Specific Multicast? (Choose three.)
A. Is best suited for applications that are in the one-to-many category.
B. SSM uses shortest path trees only.
C. The use of SSM is recommended when there are many sources and it is desirable to keep the
amount of mroute state in the routers in the network to a
D. There are no RPs to worry about
The Source Specific Multicast feature is an extension of IP multicast where datagram traffic is forwarded to receivers from only those multicast sources to which the receivers have explicitly joined. For multicast groups configured for SSM, only source-specific multicast distribution trees (no shared trees) are created.
The current IP multicast infrastructure in the Internet and many enterprise intranets is based on the PIM- SM protocol and Multicast Source Discovery Protocol (MSDP). These protocols have proven to be reliable, extensive, and efficient. However, they are bound to the complexity and functionality limitations of the Internet Standard Multicast (ISM) service model. For example, with ISM, the network must maintain knowledge about which hosts in the network are actively sending multicast traffic. With SSM, this information is provided by receivers through the source address(es) relayed to the last hop routers by IGMP v3lite or URD. SSM is an incremental response to the issues associated with ISM and is intended to coexist in the network with the protocols developed for ISM. In general, SSM provides a more advantageous IP multicast service for applications that utilize SSM.
ISM service is described in RFC 1112. This service consists of the delivery of IP datagrams from any source to a group of receivers called the multicast host group. The datagram traffic for the multicast host group consists of datagrams with an arbitrary IP unicast source address S and the multicast group address G as the IP destination address. Systems will receive this traffic by becoming members of the host group. Membership to a host group simply requires signalling the host group through IGMP Version 1, 2, or 3. In SSM, delivery of datagrams is based on (S, G) channels. Traffic for one (S, G) channel consists of datagrams with an IP unicast source address S and the multicast group address G as the IP destination address. Systems will receive this traffic by becoming members of the (S, G) channel. In both SSM and ISM, no signalling is required to become a source. However, in SSM, receivers must subscribe or unsubscribe to (S, G) channels to receive or not receive traffic from specific sources. In other words, receivers can receive traffic only from (S, G) channels that they are subscribed to, whereas in ISM, receivers need not know the IP addresses of sources from which they receive their traffic. The proposed standard approach for channel subscription signalling utilizes IGMP INCLUDE mode membership reports, which are only supported in Version 3 of IGMP. SSM can coexist with the ISM service by applying the SSM delivery model to a configured subset of the IP multicast group address range. The Internet Assigned Numbers Authority (IANA) has reserved the address range 22.214.171.124 through 126.96.36.199 for SSM applications and protocols. Cisco IOS software allows SSM configuration for an arbitrary subset of the IP multicast address range 188.8.131.52 through 184.108.40.206.
When an SSM range is defined, existing IP multicast receiver applications will not receive any traffic when they try to use addresses in the SSM range (unless the application is modified to use explicit (S, G) channel subscription or is SSM enabled through URD).
Which is the result of enabling IP Source Guard on an untrusted switch port that does not have
DHCP snooping enabled?
A. DHCP requests will be switched in the software, which may result in lengthy response times.
B. The switch will run out of ACL hardware resources.
C. All DHCP requests will pass through the switch untested.
D. The DHCP server reply will be dropped and the client will not be able to obtain an IP address.
DHCP snooping is a feature that provides network security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding database. DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. DHCP snooping allows all DHCP messages on trusted ports, but it filters DHCP messages on untrusted ports. Cisco switches can use DHCP snooping feature to mitigate this type of attack. When DHCP snooping is enabled, switch ports are classified as trusted or untrusted. Trusted ports are allowed to send all types of DHCP messages while untrusted ports can send only DHCP requests. If a DHCP reply is seen on an untrusted port, the port is shut down.
By default, if you enable IP source guard without any DHCP snooping bindings on the port, a default port access-list (PACL) that denies all IP traffic expect the DHCP Request (DHCP Discover) is installed on the port. Therefore the DHCP Server can hear the DHCP Request from the Client but its reply is filtered by the switch and the client can’t obtain an IP address -> D is correct. Some useful information about DHCP snooping & IP Source Guard:
When enabled along with DHCP snooping, IP Source Guard checks both the source IP and source MAC addresses against the DHCP snooping binding database (or a static IP source entry). If the entries do not match, the frame is filtered. For example, assume that theshow ip dhcp snooping binding command displays the following binding table entry:
MacAddress IpAddress LeaseSec Type VLAN Interface
01:25:4A:5E:6D:25 10.0.0.20 6943 dhcp- 2 FastEthernet0/1 snooping
If the switch receives an IP packet with an IP address of 10.0.0.20, IP Source Guard forwards the packet only if the MAC address of the packet is 01:25:4A:5E:6D:25.
On the basis of the definitions of different services in various RFCs, traffic with Expedited
Forwarding per-hop behavior should be marked as which of these?
A. IP ToS of 0xEF
B. IP experimental ECN
C. DSCP decimal 5
D. Binary value of 101110
The assured forwarding (AF) model is used to provide priority values to different data applications. The Expedited Forwarding (EF) model is used to provide resources to latency (delay) sensitive real- time, interactive traffic. The EF model uses one marking — DSCP 46. DSCP 46 is backward compatible with an IP Precedence value of 5 as seen in the following binary pattern:
101110 = DSCP 46
The EF marking of 46 does NOT follow the drop preference rules of the assured forwarding model.
NOT think that the 11 means high drop preference. The EF model is used for voice over IP media traffic (RTP) by default in most vendors phones. Cisco IP Phones mark signaling packets (SCCP or SIP) to CS3 (24), while media (RTP) is marked to EF (DSCP 46) by default. All EF traffic is normally mapped to the priority queue (PQ) on Cisco switches and routers. The priority queue guarantees three critical services:
Jitter (delay variation)
The three most significant bits of 101 are only considered if IP Precedence was being used. The binary digits of 4 2 1 are used to factor the 101 binary pattern when only three digits are under consideration. The DSCP binary pattern of 101110 (46) uses six digits or binary values-32 16 8 4 2 1. It is good to know how to convert a DSCP decimal value to an entire ToS octet (byte) values as well. The ToS byte uses all eight bits, while the DSCP is only using the leading six digits. The EF pattern discussed above will become 10111000 when considering the entire octet. Notice the two least significant zeros that were added to the 101110 binary pattern. Many network management utilities will only allow administrators to configure or display the entire ToS byte. A ping V from a Microsoft operating system requires setting the entire ToS byte. An extended ping from a Cisco router will also allow administrators to see the entire ToS byte. Sniffer Pro LAN and Wire Shark sniffers show the entire ToS field as well. IP accounting shows the entire ToS byte, while Netflow shows the ToS byte in hexadecimal format. The ToS byte value for EF is as follows:
128 64 32 16 8 4 2 1
1 0 1 1 1 0 0 0
A DSCP value of 46 results in a ToS byte value of 184. Although you can mark a ping with a ToS value of 184, the ICMP (ping) traffic will probably not be mapped to the proper application class. In the next blog, we will learn QoS models for using markings for different application classes.
Prior to 802.1w, Cisco implemented a number of proprietary enhancements to 802.1D to improve
convergence in a Layer 2 network. Which statement is correct?
A. Only UplinkFast and BackboneFast are specified in 802.1w; PortFast must be manually
B. Only PortFast is specified in 802.1w; UplinkFast and BackboneFast must be manually configured.
C. None of the proprietary Cisco enhancements are specified in 802.1w.
D. PortFast, UplinkFast, and BackboneFast are specified in 802.1w.
Spanning-tree PortFast causes a spanning-tree port to enter the forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch ports connected to a single workstation or server to allow those devices to connect to the network immediately, rather than waiting for spanning tree to converge.
UplinkFast provides fast convergence after a spanning-tree topology change and achieves load balancing between redundant links using uplink groups. An uplink group is a set of ports (per VLAN), only one of which is forwarding at any given time. Specifically, an uplink group consists of the root port (which is forwarding) and a set of blocked ports, except for self-looping ports. The uplink group provides an alternate path in case the currently forwarding link fails. BackboneFast is initiated when a root port or blocked port on a switch receives inferior BPDUs from its designated bridge. An inferior BPDU identifies one switch as both the root bridge and the
designated bridge. When a switch receives an inferior BPDU, it indicates that a link to which the switch is not directly connected (an indirect link) has failed (that is, the designated bridge has lost its connection to the root bridge). Under normal spanning-tree rules, the switch ignores inferior BPDUs for the configured maximum aging time, as specified by the aging time variable of the “set spantree MaxAge” command. The switch tries to determine if it has an alternate path to the root bridge. If the inferior BPDU arrives on a blocked port, the root port and other blocked ports on the switch become alternate paths to the root bridge. (Self-looped ports are not considered alternate paths to the root bridge.) If the inferior BPDU arrives on the root port, all blocked ports become alternate paths to the root bridge. If the inferior BPDU arrives on the root port and there are no blocked ports, the switch assumes that it has lost connectivity to the root bridge, causes the maximum aging time on the root to expire, and becomes the root switch according to normal spanning-tree rules. If the switch has alternate paths to the root bridge, it uses these alternate paths to transmit a new kind of PDU called the Root Link Query PDU. The switch sends the Root Link Query PDU out all alternate paths to the root bridge. If the switch determines that it still has an alternate path to the root, it causes the maximum aging time on the ports on which it received the inferior BPDU to expire. If all the alternate paths to the root bridge indicate that the switch has lost connectivity to the root bridge, the switch causes the maximum aging times on the ports on which it received an inferior BPDU to expire. If one or more alternate paths can still connect to the root bridge, the switch makes all ports on which it received an inferior BPDU its designated ports and moves them out of the blocking state (if they were in blocking state), through the listening and learning states, and into the forwarding state.
In Frame Relay, FECN messages indicating congestion are sent or received by which of
A. Sent by the destination
B. Received by the sender
C. Received by the destination
D. Sent by the sender
Which statement is correct in reference to IPv6 multicast?
A. IPv6 multicast uses Multicast Listener Discovery.
B. The first 8 bits of an IPv6 multicast address are always FF (1111 1111).
C. IPv6 multicast requires MSDP.
D. PIM dense mode is not part of IPv6 multicast.
If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.