Home > GRE Tunnel

GRE Tunnel

August 1st, 2017 in ROUTE 300-101 Go to comments

Question 1

Explanation

GRE packets are encapsulated within IP and use IP protocol type 47

Question 2

Explanation

A GRE interface definition includes:

+ An IPv4 address on the tunnel
+ A tunnel source
+ A tunnel destination

Below is an example of how to configure a basic GRE tunnel:

interface Tunnel 0
ip address 10.10.10.1 255.255.255.0
tunnel source fa0/0
tunnel destination 172.16.0.2

In this case the “IPv4 address on the tunnel” is 10.10.10.1/24 and “sourced the tunnel from an Ethernet interface” is the command “tunnel source fa0/0”. Therefore it only needs a tunnel destination, which is 172.16.0.2.

Note: A multiple GRE (mGRE) interface does not require a tunnel destination address.

Question 3

Explanation

The tunnel interface is configured in default mode means the tunnel has been configured as a point-to-point (P2P) GRE tunnel. Normally, a P2P GRE Tunnel interface comes up (up/up state) as soon as it is configured with a valid tunnel source address or interface which is up and a tunnel destination IP address which is routable.

Under normal circumstances, there are only three reasons for a GRE tunnel to be in the up/down state:
+ There is no route, which includes the default route, to the tunnel destination address.
+ The interface that anchors the tunnel source is down.
+ The route to the tunnel destination address is through the tunnel itself, which results in recursion.

Therefore if a route towards the tunnel destination has not been configured then the tunnel is stuck in up/down state.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118361-technote-gre-00.html

Question 4

Explanation

In this question only answer A is a reasonable answer. When the state of the tunnel interface is continuously moving between up and down we must make sure the route towards the tunnel destination address is good. If it is not good then that route may be removed from the routing table -> the tunnel interface comes down.

Question 5

Explanation

The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 65535, most transmission links enforce a smaller maximum packet length limit, called an MTU. The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences since it allows routers to fragment IP datagrams as necessary. The receiving station is responsible for the reassembly of the fragments back into the original full size IP datagram.

Fragmentation and Path Maximum Transmission Unit Discovery (PMTUD) is a standardized technique to determine the maximum transmission unit (MTU) size on the network path between two hosts, usually with the goal of avoiding IP fragmentation. PMTUD was originally intended for routers in IPv4. However, all modern operating systems use it on endpoints.

The TCP Maximum Segment Size (TCP MSS) defines the maximum amount of data that a host is willing to accept in a single TCP/IP datagram. This TCP/IP datagram might be fragmented at the IP layer. The MSS value is sent as a TCP header option only in TCP SYN segments. Each side of a TCP connection reports its MSS value to the other side. Contrary to popular belief, the MSS value is not negotiated between hosts. The sending host is required to limit the size of data in a single TCP segment to a value less than or equal to the MSS reported by the receiving host.

TCP MSS takes care of fragmentation at the two endpoints of a TCP connection, but it does not handle the case where there is a smaller MTU link in the middle between these two endpoints. PMTUD was developed in order to avoid fragmentation in the path between the endpoints. It is used to dynamically determine the lowest MTU along the path from a packet’s source to its destination.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html (there is some examples of how TCP MSS avoids IP Fragmentation in this link but it is too long so if you want to read please visit this link)

Note: IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later.

Question 6

Explanation

A valid tunnel destination is one which is routable (which means the destination is present or there is a default route in the routing table). However, it does not have to be reachable -> Answer B is correct.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118361-technote-gre-00.html

For a tunnel to be up/up, the source interface must be up/up, it must have an IP address, and the destination must be reachable according to your own routing table.

Question 7

Question 8

Question 9

Explanation

GRE tunnel provides a way to encapsulate any network layer protocol over any other network layer protocol. GRE allows routers to act as if they have a virtual point-to-point connection to each other. GRE tunneling is accomplished by creating routable tunnel endpoints that operate on top of existing physical and/or other logical endpoints. Especially, IPsec does not support multicast traffic so GRE tunnel is a good solution instead (or we can combine both).

Question 10

Question 11

Explanation

When running GRE tunnel over IPSec, a packet is first encapsulated in a GRE packet and then GRE is encrypted by IPSec -> C is correct.

Question 12

Explanation

Four steps to configure GRE tunnel over IPsec are:

1. Create a physical or loopback interface to use as the tunnel endpoint. Using a loopback rather than a physical interface adds stability to the configuration.
2. Create the GRE tunnel interfaces.
3. Add the tunnel subnet to the routing process so that it exchanges routing updates across that interface.
4. Add GRE traffic to the crypto access list, so that IPsec encrypts the GRE tunnel traffic.

An example of configuring GRE Tunnel is shown below:

interface Tunnel0
ip address 192.168.16.2 255.255.255.0
tunnel source FastEthernet1/0
tunnel destination 14.38.88.10
tunnel mode gre ip

Note: The last command is enabled by default so we can ignore it in the configuration)

(Reference: CCNP Routing and Switching Quick Reference)

Question 13

Explanation

The address of the crypto isakmp key (line “crypto isakmp key ******* address 172.16.1.2”) should be 192.168.2.1, not 172.16.1.2 -> A is correct.

Question 14

Explanation

The access-list must also support GRE traffic with the “access-list 102 permit gre host 192.168.1.1 host 192.168.2.1” command -> B is correct.

Below is the correct configuration for GRE over IPsec on router B1 along with descriptions.

Configure_GRE_tunnel_over_IPsec.jpg

The interface tunnel configuration is rather simple so I don’t post it here.

Question 15

Explanation

The “tunnel destination” in interface tunnel should be 192.168.2.1, not 172.16.1.2 -> D is correct.

Comments
  1. New Dumps
    January 30th, 2017

    100%, guaranteed passing material get Download package, (AllinONE) that you need to clear exam.
    All 5 Tickets in Packet Tracer
    149+41 Qs in VCE Player and PDF

    http://rebrand.ly/ccnac5f48

  2. Anonymous
    February 1st, 2017

    Is the 183q worth looking at, or stick to TAGWA and 149q????

  3. Malik
    February 1st, 2017

    please send me valid dumps, I have exam tomorrow….

    Pleeeeeeeeeeaaaaaaaaaase help zaibalammalik at gmail

  4. Anonymous
    March 7th, 2017

    Passed today,
    Studied the Cisco Official study guide and the question from 9tut.
    20 of the questions were from this dumps I found part of the questions here https://drive.google.com/open?id=0B5mAFqgydmCzTGd0VU9nQVZEaEE

    Good luck all!

  5. Almond
    April 1st, 2017

    FOR THOSE WHO JUST RECENTLY TOOK THE 300-101 EXAM. Please send me the latest dumps. I will take exam this week. Thank you for help. Please help me. :(

    Send it here:
    infinityme143(@)(gmail)(dot)(Com)

  6. mills
    April 5th, 2017

    are the ccnp route questions and sims currently on this digitaltut.com site valid now? please i need to know my exam is next week.

  7. Anonymous
    May 29th, 2017

    Hello Folks, I took the CCNP 300-101 yesterday and unfortunately I failed because the dump that I had was invalid. If anyone has the latest version, please send me to {email not allowed} and I can compare it with my exam and guarantee whether it is valid or not. for any of those who are planning to take it please be advised that the one with 149 questions is invalid.

  8. Tan
    June 1st, 2017

    i am going to take the exam soon, but i do not have the valid dump yet.
    Anyone can share with me ?

    incredibletbf At hotmail dot com

    Thank you in advance

  9. Anonymous
    June 30th, 2017

    can u guys please sende me the latest dumps on miguelfilipe_20_01 @ hotmail . com

  10. Request
    August 21st, 2017

    Hop all of you will be fine and doing well. if any one have the latest dumps would you please send to {email not allowed}

  11. Anonymous
    August 25th, 2017

    Failed today with 760 pts…all labs the same..loads of new questions ..and simlets…all dumps outdated..study hard chaps
    And also loads of routers commands questions for IPv6 EVN and NAT-PT

  12. Anonymous
    August 25th, 2017

    Failed today with 760pts….although I cleared all my labs , loads of new questions ,don’t trust any dumps…study hard chaps….and loads of simlet ( IPV6 , ACL, NAT, NAT-PT ETC ETC )

    ACL very important ( IPV6 and IPV4 both)

    I was using my old 642-902 books :(, please get the new cert guide for CCNP route 300-101)

  13. Steffy
    August 28th, 2017

    Hello everyone, for latest valid dump with continuous update, please contact me at steffyshirls @ gmail .com

  14. anony
    August 31st, 2017

    ALL dumps are valid here

  15. toto
    September 12th, 2017

    Send me the last dumps for ccnp 300-101with this email ta2010ab @ gmail . com

  16. davidmeiker
    September 12th, 2017

    Question 4
    A network engineer has configured GRE between two IOS routers. The state of the tunnel interface is continuously oscillating between up and down. What is the solution to this problem?

    A. Create a more specific static route to define how to reach the remote router.
    B. Create a more specific ARP entry to define how to reach the remote router.
    C. Save the configuration and reload the router.
    D. Check whether the internet service provider link is stable

    Answer: i think is “D”… not “A”

    because if it puts in up/up it means it is in fact reacheable and we can do nothing at the ISP side, we just have 1 way out and it is the gateway of the ISP.

    ¿what do you think?

  17. Howaythelad
    September 20th, 2017

    Best place to get the latest dumps

  18. hugojay
    October 10th, 2017

    please can someone send me the latest dumps for ccnp 300-101 with this email ugoeji4engine @ yahoo . com

  19. Anonymous
    October 24th, 2017

    Hi All,
    Question No 13 is repeated twice in the quiz. There are 2 answers for Q13 in the quiz:

    1. The crypto isakmp configuration is not correct.
    2. The interface tunnel configuration is not correct.

    Which is the correct answer? Please help.

    Thanks

  20. Mahi
    November 2nd, 2017

    Guys anyone having dumps, my CCNP expiring this month and I m left with Route

    penigimahidhar at gmail dot come

  21. Anonymous
    November 7th, 2017

    Please help me dumps I need to take exams next month
    acushla4real at gmail dot com

  22. Pablo
    November 9th, 2017

    Passed, if you go the exam study the 440q dumps.

  23. durshen
    November 11th, 2017

    Hi guys, I have the valid dump with me and I’m wiling to share. Please contact me via durshen81 @ gmail .com

  24. Jarrod
    November 14th, 2017

    Passed, it-libraries questions are still good. check the comments on this forum for the new questions since there are a couple of them posted here.

  25. Kent
    November 14th, 2017

    Confirming the 21q dumps are valid.

  26. Carlo
    November 21st, 2017

    Passed with the 539q dumps, all questions were from there.

  27. Nicky
    November 26th, 2017

    Where 539q dumps can be found

  28. Percy
    November 28th, 2017

    Passed used the 21q dumps from IT-Libraries

  29. Clinton
    November 28th, 2017

    Passed today, used the 440q dumps from IT-Libraries . you can find them for free with a google search

  30. bob
    December 4th, 2017

    are the quizzes on here not current exam questions?

  31. Lunchi
    December 9th, 2017
  32. Lunchi
    December 9th, 2017
  33. durshen
    December 13th, 2017

    Hi friends, I’m having the valid dump with me and I’m wiling to share. Please contact me via durshen81 @ gmail .com

  34. durshen
    December 19th, 2017

    Hi buddies, I have the valid dump with me and I’m wiling to share. Please contact me via durshen81 @ gmail .com

  35. Deeks
    December 30th, 2017

    Guys, work hard, know the stuff yourself, and do not fall for mischievous traps like you see above. Good luck!

  36. Anonymous
    January 10th, 2018

    The answers in Q^ seems to be contradicting.. it this correct?
    Question 6

    Which two statement about GRE tunnel interface are true?
    A. A tunnel can be established when a source the source interface is in the up/down state
    B. A tunnel destination must be routable, but it can be unreachable
    C. To establish a tunnel the source interface must be a loopback
    D. To establish a tunnel the source interface must be up/up state
    E. A tunnel destination must be a physical interface that is on up/up state

    Answer: B D

  37. Anonymous
    January 14th, 2018

    plz someone explain me

  38. Anonymous
    January 14th, 2018

    plz someone explain me question5, why we dont use ip mtu ? I thinl TCP MSS is only for tcp endpoints and wouldnt prevent fragmentation in routers between

  39. Clifford
    February 5th, 2018

    Smashed my route exam today, 9xx used the dumps from it libraries and tut.

  40. Anonymous
    February 5th, 2018

    q13, q14 and q15,

    i am not sure why in OSPF process, “network 172. 16.1.0” (GRE tunnel ip address) statement is NOT needed?

    shouldn’t we enable tunnel subnet in routing process per Q12 exaplanation?

  41. Me
    February 22nd, 2018

    please send latest valid dumps to carz96 @ ymail.com. thx!

  42. Marcus
    March 10th, 2018

    I tried to reproduce Q13-Q15 examples in a lab and now suppose the basic concept of this configuration has a many mistakes.

    First, it has a gross blunder with OSPF network configuration. With ‘network’ command under ‘router ospf’ section we must use the wildcard mask 0.0.0.15, NOT 0.0.0.240. And then, again, 0.0.0.31 instead 0.0.0.224.
    Second, it miss tunnel subnet (172.16.1.0) in list of networks under ‘router ospf’ section, so neighborship relationship cannot be formed and exchange of routing updates will not work.
    Third and mainly, interfaces of f0/0 has an addresses 192.168.1.1/24 and 192.168.2.1/24 respectively. In this case routers interfaces is inaccesslible for each other and IPSec tunnel cannot be established. To solve this we must specify a static routes for neighbor’s interface on each routers. For example: ip route 192.168.2.1 255.255.255.255 fa0/0.
    Fourth, network commands for 192.168.1.0/24 and 192.168.2.0/24 are not neccessary, because it doesn’t work by default and meaningless if we configure a static route manually.

    I applied changes I mentioned above and now it’s works well. I’m not sure about ACL, but now tunnel on both sides is up/up, the neighbor relationship is formed and I can see all routes in the routing table.

  43. SoftyCat
    April 3rd, 2018

    Plz send latest dumbs here:
    abdinasir_94 @ hot mail .co .uk

  44. Troco
    April 16th, 2018

    Plaese if someone have a new DUMP CCNP send i will do the exame in this month
    troco97gmail.com

  45. unstoppable
    April 22nd, 2018

    @marcus,
    your sharing is greatly appreciate!

  1. No trackbacks yet.