Home > Drag and Drop

Drag and Drop

July 7th, 2017 in ROUTE 300-101 Go to comments

Question 1

Explanation

NAT64 provides communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT). NAT64 requires a dedicated prefix, called NAT64 prefix, to recognize which hosts need IPv4-IPv6 translation. NAT64 prefix can be a Network-specific prefix (NSP), which is configured by a network administrator, or a well-known prefix (which is 64:FF9B::/96). When a NAT64 router receives a packet which starts with NAT64 prefix, it will proceed this packet with NAT64.

NAT64 is not as simple as IPv4 NAT which only translates source or destination IPv4 address. NAT64 translates nearly everything (source & destination IP addresses, port number, IPv4/IPv6 headers… which is called a session) from IPv4 to IPv6 and vice versa. So NAT64 “modifies session during translation”.

Question 2

Explanation

The order of the BGP states is: Idle -> Connect -> (Active) -> OpenSent -> OpenConfirm -> Established

+ Idle: No peering; router is looking for neighbor. Idle (admin) means that the neighbor relationship has been administratively shut down.
+ Connect: TCP handshake completed.
+ Active: BGP tries another TCP handshake to establish a connection with the remote BGP neighbor. If it is successful, it will move to the OpenSent state. If the ConnectRetry timer expires then it will move back to the Connect state. Note: Active is not a good state.
+ OpenSent: An open message was sent to try to establish the peering.
+ OpenConfirm: Router has received a reply to the open message.
+ Established: Routers have a BGP peering session. This is the desired state.

Reference: http://www.ciscopress.com/articles/article.asp?p=1565538&seqNum=3

Question 3

Explanation

The Challenge Handshake Authentication Protocol (CHAP) verifies the identity of the peer by means of a three-way handshake. These are the general steps performed in CHAP:
1) After the LCP (Link Control Protocol) phase is complete, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer.
2) The peer responds with a value calculated through a one-way hash function (Message Digest 5 (MD5)).
3) The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is successful. Otherwise, the connection is terminated.

This authentication method depends on a “secret” known only to the authenticator and the peer. The secret is not sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same secret set for mutual authentication.

Reference: http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/25647-understanding-ppp-chap.html

For more information about CHAP challenge please read our PPP tutorial.

Question 5

Explanation

AAA offers different solutions that provide access control to network devices. The following services are included within its modular architectural framework:
+ Authentication – The process of validating users based on their identity and predetermined credentials, such as passwords and other mechanisms like digital certificates. Authentication controls access by requiring valid user credentials, which are typically a username and password. With RADIUS, the ASA supports PAP, CHAP, MS-CHAP1, MS-CHAP2, that means Authentication supports encryption.
+ Authorization – The method by which a network device assembles a set of attributes that regulates what tasks the user is authorized to perform. These attributes are measured against a user database. The results are returned to the network device to determine the user’s qualifications and restrictions. This database can be located locally on Cisco ASA or it can be hosted on a RADIUS or Terminal Access Controller Access-Control System Plus (TACACS+) server. In summary, Authorization controls access per user after users authenticate.
+ Accounting – The process of gathering and sending user information to an AAA server used to track login times (when the user logged in and logged off) and the services that users access. This information can be used for billing, auditing, and reporting purposes.

Question 6

Question 7

Question 8

Explanation

NAT64 provides communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT). There are two different forms of NAT64, stateless and stateful:

+ Stateless NAT64: maps the IPv4 address into an IPv6 prefix. As the name implies, it keeps no state. It does not save any IP addresses since every v4 address maps to one v6 address. Stateless NAT64 does not conserve IP4 addresses.
+ Stateful NAT64 is a stateful translation mechanism for translating IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it is called stateful because it creates or modifies bindings or session state while performing translation (1:N translation). It supports both IPv6-initiated and IPv4-initiated communications using static or manual mappings. Stateful NAT64 converses IPv4 addresses.

NPTv6 stands for Network Prefix Translation. It’s a form of NAT for IPv6 and it supports one-to-one translation between inside and outside addresses

Question 9

Question 10

Question 11

Question 12

Question 13

Comments
Comment pages
1 2 1404
  1. Zaw
    February 27th, 2018

    @Digital TUT your membership is enough to pass the exam???

  2. RPM
    April 6th, 2018

    Where can i find DHCP and adverse network congestion DnD ?

  3. EAGLE_EYE
    April 15th, 2018

    @RPM

    ip dhcp relay information option –> add suboption and the remote ID suboption

    ip dhcp relay information check –> Verify relay information option (in forwarded BOOTREPLY)

    ip dhcp relay information policy …… –> Define reforwarding rules (for a DHCP relay agent)

    ip dhcp relay information subscriber-id –> enable a service provider to add a unique ID

    ip dhcp relay information –> configured in global configuration mode applies to all interface

  4. Anonymous
    July 11th, 2018

    Hi guys,
    hopefully all are fine. i want to tell you that i will buy the dumps of CCNP Route 300-101 after 5 days. these dumps are 100% valid and only 224 Questions and Answers, 19 Simulations and only 7 Labs. Total (250) if anyone wants the dumps, please contact me on my email. {email not allowed}

  5. Anonymous
    July 11th, 2018

    Hi guys,
    hopefully all are fine. i want to tell you that i will buy the dumps of CCNP Route 300-101 after 5 days. these dumps are 100% valid and only 224 Questions and Answers, 19 Simulations and only 7 Labs. Total (250) if anyone wants the dumps, please contact me on my email. (email is not allowed so, my email is hafiznabeel.safeint (that is gmail account) ;)

  6. Anonymous
    July 17th, 2018

    i can’t see the question, its that normal?

  7. Sorlags
    November 15th, 2018

    New Drag&Drop with PPP on Frame Realy

    I found a example like the exam here : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/wan_frly/configuration/15-mt/wan-frly-15-mt-book/wan-pppofr.html#GUID-1CB0E01F-B4AF-4CF6-9863-D116BBD13C2B. I was the DTE exercise

    exercise

    interface serial 0
    ” BLANK ”
    encapsulation frame-relay
    ” BLANK ” — I know there is 2 blank on interface serial 0 but I don’t remember the existing command and the blank

    #about sub-interface (it’s write like that in the exam)
    ” BLANK ”
    ” BLANK ”

    interface Virtual-Template1
    ip unnumbered ethernet 0
    ” BLANK ”

    Possibility
    D&D 1 : ” no ip address ”
    D&D 2 : ” interface serial 0/0.1 point-to-point ”
    D&D 3 : ” interface serial 0/0.100 ”
    D&D 4 : ” frame-relay interface-dlci 32 ppp virtual-template1 ”
    D&D 5 : ” another think about virtual-template ”
    D&D 6 : ” ip unnumbered ethernet 0 ”
    D&D 7 : ” ppp authentication chap ”
    D&D 8 : ” frame-relay lmi-type ansi ”

    Answer
    interface serial 0
    ” no ip address ”
    encapsulation frame-relay
    ” frame-relay lmi-type ansi ”
    !
    ” interface serial 0.1 point-to-point ”
    ” frame-relay interface-dlci 32 ppp virtual-template1 ”
    !
    interface Virtual-Template1
    ip unnumbered ethernet 0
    ” ppp authentication chap ”

    I hope it’s will help you :)

  8. Sorlags
    November 15th, 2018

    new D&D with stateful and stateless NAT64

    This link can help : https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676277.pdf (end of page 3 specialy)

  9. anynomous
    November 18th, 2018

    Question no 3 the answer is differ from the reference link provided. Take note!

  10. Retaker
    November 23rd, 2018

    With regards to Q7 – see this link http://www.ciscopress.com/articles/article.asp?p=170744&seqNum=5

    and it informed that:

    “RADIUS combines authentication and authorization and separates accounting, thus allowing less flexibility in implementation.”

  11. Sitter
    December 11th, 2018

    Sorlags is absolutely correct. The drag and drop he has mentioned appeared in my failure test just last week. Revise this !!

  12. Dec 2018 – drag and….
    December 11th, 2018

    mandatory check – Drag and drop each NAT64 description from the left onto the corresponding NAT64 type on the right. It was in last week as well.

Comment pages
1 2 1404
  1. No trackbacks yet.