Home > Access List

Access List

September 20th, 2015 in ROUTE 300-101 Go to comments

Question 1

Explanation

The first answer is not correct because the 10.0.0.0 network range is not correct. It should be 10.0.0.0. to 10.255.255.255.

Question 2

Explanation

Logging-enabled access control lists (ACLs) provide insight into traffic as it traverses the network or is dropped by network devices. Unfortunately, ACL logging can be CPU intensive and can negatively affect other functions of the network device. There are two primary factors that contribute to the CPU load increase from ACL logging: process switching of packets that match log-enabled access control entries (ACEs) and the generation and transmission of log messages.

Process switching is the slowest switching methods (compared to fast switching and Cisco Express Forwarding) because it must find a destination in the routing table. Process switching must also construct a new Layer 2 frame header for every packet. With process switching, when a packet comes in, the scheduler calls a process that examines the routing table, determines which interface the packet should be switched to and then switches the packet. The problem is, this happens for the every packet.

Reference: http://www.cisco.com/web/about/security/intelligence/acl-logging.html

Question 3

Explanation

If you use the “debug ip packet” command on a production router, you can bring it down since it generates an output for every packet and the output can be extensive. The best way to limit the output of debug ip packet is to create an access-list that linked to the debug. Only packets that match the access-list criteria will be subject to debug ip packet. For example, this is how to monitor traffic from 1.1.1.1 to 2.2.2.2

access-list 100 permit ip 1.1.1.1 2.2.2.2
debug ip packet 100

Note: The “debug ip packet” command is used to monitor packets that are processed by the routers routing engine and are not fast switched.

Question 4

Question 5

Comments
Comment pages
1 2 3 4 1058
  1. Anonymous
    January 27th, 2017

    please send me the latest valid dump to revladimir @ mail . ru

  2. Jane woken
    February 2nd, 2017

    can somebody tell me please that what is the last question of 40Q of TAGWA , in my life there is no answer of question “Meaning of priority 0 configured in ospf router?” .

  3. Jane woken
    February 2nd, 2017

    can somebody tell me please that what is the last question of 40Q of TAGWA , in my life there is no answer of question “Meaning of priority 0 configured in ospf router?” . Plus what it the correct answer for the following questions?
    Question 2
    Refer to the following configuration command.
    router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
    Which statement about the command is true?
    A. Any packet that is received in the inside interface with a source IP port address of
    172.16.10.8:80 is translated to 172.16.10.8:8080.
    B. Any packet that is received in the inside interface with a source IP port address of
    172.16.10.8:8080 is translated to 172.16.10.8:80.
    C. The router accepts only a TCP connection from port 8080 and port 80 on IP address
    172.16.10.8.
    D. Any packet that is received in the inside interface with a source IP address of 172.16.10.8
    is redirected to port 8080 or port 80.
    Answer:?

    and

    Question 28
    A network engineer wants to ensure an optimal end-to-end delay bandwidth product. The delay is
    less than 64 KB. Which TCP feature ensures steady state throughput?
    A. Window scaling
    B. Network buffers
    C. Round-trip timers
    D. TCP acknowledgments
    Answer:?

    some people said the answer is wrong of TAGWA file. Please help

  4. Vince
    February 2nd, 2017

    you want NAT to redirect packets from the outside destined for 172.16.10.8:80 to
    172.16.10.8:8080. You can use a
    static nat
    command in order to translate the TCP port number
    to achieve this. A sample configuration is shown here.
    Configuring NAT to Redirect TCP Traffic to Another TCP Port or Address
    Note that the configuration description for the static NAT command indicates any packet received
    in the inside interface with a source address of 172.16.10.8:8080 is translated to 172.16.10.8:80.
    This also implies that any packet received on the outside interface with a destination address of
    172.16.10.8:80 has the destination translated to 172.16.10.8:8080.
    The final step is to verify that NAT is operating as intended.
    show ip nat translations
    Pro Inside global Inside local Outside local Outside global
    tcp 172.16.10.8:80 172.16.10.8:8080 — —
    Example: Using NAT During a Network Transition
    Deploying NAT is useful when you need to readdress devices on the network or when you replace
    one device with another. For instance, if all devices in the network use a particular server and this
    NAT Router
    interface ethernet 0
    ip address 172.16.10.1 255.255.255.0
    ip nat inside
    !— Defines Ethernet 0 with an IP address and as a NAT
    inside interface.
    interface serial 0 ip address
    200.200.200.5 255.255.255.252 ip nat outside
    !—
    Defines serial 0 with an IP address and as a NAT outside
    interface.
    ip nat inside source static tcp 172.16.10.8
    8080 172.16.10.8 80
    !— Static NAT command that states
    any packet received in the inside !— interface with a
    source IP address of 172.16.10.8:8080 is !— translated
    to 172.16.1

    http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.pdf

  5. Anonymous
    February 4th, 2017

    Jane, ospf priority only comes into play when you’re talking a broadcast network (think Ethernet). In this case, a DR and BDR are elected. To be able to participate in the election process, the ospf priority on an interface must be 1 or greater. If it’s set to 0, it will not participate in this election process.

  6. Anonymous
    February 4th, 2017

    Can someone explain why answer D (and not A) is correction for question 4?

  7. Arlen
    February 4th, 2017

    Which prefix is matched by the command ip prefix-list name permit 10.8.0.0/16 ge 24 le 24?

    A. 10.9.1.0/24
    B. 10.8.0.0/24
    C. 10.8.0.0/16
    D. 10.8.0.0/23

    Correct Answer: B

    Download newest Cisco 300-101 dumps pdf question from http://www.dumps4download.com/300-101-dumps.html

  8. PassCCNP
    February 4th, 2017

    who have got latest 300-101 dump pls send to azecisconetwork at gmail.com

  9. Abu
    February 6th, 2017

    Abu February 6th, 2017
    anyone have 300-101 up to date dumps, I have 300-115 up to date dumps. we can exchange. email me ayousufzai at gmail.com

  10. george
    February 11th, 2017

    At this link it said: “If you enable CEF and then create an access list that uses the log keyword, the packets that match the access list are not CEF switched. They are fast switched. Logging disables CEF.”

    http://www.cisco.com/c/en/us/td/docs/ios/12_2/switch/configuration/guide/fswtch_c/xcfcef.html#wp1000943

    I’m confused…What is correct?

  11. Kraig
    February 14th, 2017

    En la parte menos pública accesible de la web
    donde se transan secretos industriales y póliticos y se comercia con todo género de recursos y commodities, muchos de ellos ilegales. http://www.braintuitions.com/index.php/component/k2/itemlist/user/611209

  12. Wilburn Stefano
    February 23rd, 2017

    This info is priceless. How can I find out more?|

    http://www.JpJpknRtUM.com/JpJpknRtUM

  13. sig
    February 28th, 2017

    SOS,Someone,please send latest dumbs to sigm3618@gmail dot com

  14. Anonymous
    March 7th, 2017
  15. Anonymous
    March 25th, 2017

    Could you please send me the latest dumps of CCNP Route (300-101)!!! {email not allowed}

  16. Passed
    March 27th, 2017

    149+41+15 is 100% good in exam now
    Exam Questions Dumps at below page including all labs in GNS3 format. Working VCE player also included in package.

    http://rebrand.ly/ccnpr370d

Comment pages
1 2 3 4 1058
  1. No trackbacks yet.