Home > DMVPN Questions

DMVPN Questions

July 31st, 2017 in ROUTE 300-101 Go to comments

Note: If you are not sure about DMVPN, please read our DMVPN tutorial first.

Question 1

Explanation

From the output we learn that the logical address 10.2.1.2 is mapped to the NBMA address 10.12.1.2. Type “dynamic” means NBMA address was obtained from NHRP Request packet. Type “static” means NBMA address is statically configured. The “authoritative” flag means that the NHRP information was obtained from the Next Hop Server (NHS).

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html

Question 2

Explanation

When DMVPN tunnels flap, check the neighborship between the routers as issues with neighborship formation between routers may cause the DMVPN tunnel to flap. In order to resolve this problem, make sure the neighborship between the routers is always up.

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/29240-dcmvpn.html#Prblm1

Question 3

Explanation

DMVPN is not a protocol, it is the combination of the following technologies:

+ Multipoint GRE (mGRE)
+ Next-Hop Resolution Protocol (NHRP)
+ Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP…) (optional)
+ Dynamic IPsec encryption (optional)
+ Cisco Express Forwarding (CEF)

For more information about DMVPN, please read our DMVPN tutorial.

Question 4

Explanation

To allow communication to multiple sites using only one tunnel interface, we need to configure that tunnel in “multipoint” mode. Otherwise we have to create many tunnel interfaces, each can only communicate to one site.

DMVPN_Topo_mGRE.jpg

 

Question 5

Explanation

An mGRE tunnel inherits the concept of a classic GRE tunnel but an mGRE tunnel does not require a unique tunnel interface for each connection between Hub and spoke like traditional GRE. One mGRE can handle multiple GRE tunnels at the other ends. Unlike classic GRE tunnels, the tunnel destination for a mGRE tunnel does not have to be configured; and all tunnels on Spokes connecting to mGRE interface of the Hub can use the same subnet.

DMVPN_Topo_mGRE.jpg

For more information about DMVPN, please read our DMVPN tutorial.

Question 6

Explanation

GRE tunnels are the first thing we have to configure to create a DMVPN network so we should start troubleshooting from there. NHRP can only work properly with operating GRE tunnels.

Question 7

Question 8

Explanation

The “show crypto isakmp sa” command displays all current Internet Key Exchange (IKE) security associations (SAs) at a peer.

QM_IDLE state means this tunnel is UP and the IKE SA key exchange was successful, but is idle and may be used for subsequent quick mode exchanges. It is in a quiescent state (QM) -> Answers A, C, D are incorrect so answer B is the only suitable answer left.

Question 9

Explanation

The DMVPN is comprised of IPsec/GRE tunnels that connect branch offices to the data center. DMVPN troubleshooting requires the network engineer to verify neighbor links, routing and VPN peer connectivity. The GRE protocol is required to support routing advertisements. The VPN peer connection is comprised of IKE and IPsec security association exchanges.

The command “show crypto ipsec sa” is used to verify IPsec connectivity between branch office and data center router. We can also use this command to display the statistics of an active tunnel on a DMVPN network.

DMVPN_show_crypto_ipsec_sa.jpg

Note:
+ The command “show crypto isakmp sa” is used on DMVPN to verify IKE connectivity status to branch offices. The normal IKE state = QM IDLE for branch routers and data center routers.
+ The command “show crypto engine connection active” displays the total encrypts and decrypts per SA.

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/29240-dcmvpn.html

Question 10

Question 11

Question 12

Explanation

Both DMVPN Phase 2 and phase 3 support spoke to spoke communications (spokes talk to each other directly). In this case there is only an option of phase 2 (not phase 3) so it is the only correct answer.

Question 13

Explanation

Some documents say RIPv2 also supports DMVPN but EIGPR, OSPF and BGP are the better choices so we should choose them.

Question 14

Explanation

DMVPN is not a protocol, it is the combination of the following technologies:
+ Multipoint GRE (mGRE)
+ Next-Hop Resolution Protocol (NHRP)
+ Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP…) (optional)
+ Dynamic IPsec encryption (optional)
+ Cisco Express Forwarding (CEF)

DMVPN combines multiple GRE (mGRE) Tunnels, IPSec encryption and NHRP (Next Hop Resolution Protocol) to perform its job and save the administrator the need to define multiple static crypto maps and dynamic discovery of tunnel endpoints.

Question 15

Comments
  1. JennYC
    January 9th, 2017

    Hi guys. I really need this exam badly, can anyone send the latest dumps including the simulations please. Thank you in advance :*
    {email not allowed}

  2. Anonymous
    January 15th, 2017

    Please send dumps to telgin1980 -at- gmail – dot – com

  3. Anonymous
    January 31st, 2017

    Please send dumps to mpl80766atgmaildotcom

  4. ExamOnFeb21st2017
    February 17th, 2017

    @Anonymous

    please tell me if the dumps in drive you shared are valid?

    i have exam on feb 21 2017
    really appreciate if you can confirm

    thanks a lot for sharing the dumps. thank you sincerely.
    you are like a life saviour

  5. Anonymous
    February 18th, 2017

    Everyone swears by the dumps, so I’d say they’re valid. That’s what I’m studying.

  6. Lost
    March 24th, 2017

    I just took test 24 March
    Half of the questions are not in the dumps
    Route test

  7. noname
    March 31st, 2017

    I took the exam 30 march my score 770 more than 15 questions are not in the dumps

  8. RocketRaccoon
    April 25th, 2017

    I was going through CCNP Route and Tshoot Book and i couldn’t find the configuration part. I just wanted to know if DMVPN, mGRE, IPSec is part of the exam? In exam syllabus it says, Describe only.

  9. Risa
    July 25th, 2017

    Dear Friend,

    Anybody have latest questions of 300-101, I failed the test yesterday(7-Jul-17) and my ccnp expiry within 10 days,
    Yesterday I scored only 700, all drag and drop questions are new also many new question , but lab is same

    Would someone help me…..pls
    my email id is “risaglobal at hotmail dot com”

  10. Anonymous
    August 25th, 2017

    Failed today with 760pts….although I cleared all my labs , loads of new questions ,don’t trust any dumps…study hard chaps….and loads of simlet ( IPV6 , ACL, NAT, NAT-PT ETC ETC )

    ACL very important ( IPV6 and IPV4 both)

    I was using my old 642-902 books :(, please get the new cert guide for CCNP route 300-101)

  11. Steffy
    August 28th, 2017

    Hello everyone, for latest valid dump with continuous update, please contact me at steffyshirls @ gmail .com

  12. Anonymous
    August 31st, 2017

    i failed today. i got 780. The questions are just not in the books i used cisco 300-101. i don’t understand cisco

  13. Lallas
    September 1st, 2017

    Juste fail today all new question but Sim is the same please can someone help with new question

  14. Anonymous
    September 6th, 2017

    @Lallas @Anonymous August 31st, 2017

    Which questions and answers did you use for the exam. From this website?

    I had the exam on 30/8/17 failed 700 points. I see many questions here on the website back, but it is certainly not complete.

  15. R101
    November 4th, 2017

    Which two commands must you configure on a DMVPN hub to enable phase 3? (Choose two)
    A. ip nhrp interest
    B. ip nhrp redirect
    D. ip network-id
    E. ip nhrp map
    F. ip redirects

    in it’me v1.3 dump, the answer is BC, but somewhere is DE, which is correct ?

  16. durshen
    November 11th, 2017

    Hi guys, I have the valid dump with me and I’m wiling to share. Please contact me via durshen81 @ gmail .com

  17. Dwight
    November 14th, 2017

    Scored 9xx, used dumps from IT-Libraries. You can find them on the net for free or in the comments here.

  18. Sean
    November 28th, 2017

    Passed, if you go the exam study the 440q dumps.

  19. conip
    December 2nd, 2017

    @R101

    Im strugling with this question and its a words play.

    Generaly
    on hub you don’t need “ip nhrp shortcut” – it is needed on spokes to enable phase 3
    hub also need np nhrp map ___dynamic____ and ip nhrp network-id but
    assuming its already in place for phase 2.

    What the hell the author had in mind ??? dunno

  20. durshen
    December 13th, 2017

    Hi friends, I’m having the valid dump with me and I’m wiling to share. Please contact me via durshen81 @ gmail .com

  21. jrocky
    February 24th, 2018

    About Q11:

    A. ip nhrp interest -> Specifies an IP access list that controls NHRP requests.
    B. ip nhrp redirect -> in hub: tells the initiator spoke to look for a better path to the destination spoke than through the Hub
    C. ip nhrp shortcut -> in spokes: overwrite the CEF table on the spoke.
    D. ip network id -> nothing to do with NHRP… lacks of nhrp word.
    E. ip nhrp map -> Used in DMVPN static mapping… so not a requirement for phase 3
    F. ip redirects -> it seems that it has nothing to do with NHRP…

    If D would be “ip nhrp network-id”, the answer should be B,D. But here, it seems that the only two that make some sense are B,C.
    @conip is right about the wording… tricky.

  22. candidiase tratamento local
    March 10th, 2018

    Que tiрo ԁe digicam fοi usado ? É um decente boa qualidade . https://photoshopcreative.co.uk/user/couvecomรฉrcio2

  23. hugeex
    April 13th, 2018

    Hi friends, I’m having the valid dump with me and I’m wiling to share. Please contact me via fanayatason @ gmail .com

  1. No trackbacks yet.