Home > IP Services Questions

IP Services Questions

July 16th, 2017 in ROUTE 300-101 Go to comments

Question 1

Explanation

The switch validates DHCP packets received on the untrusted interfaces of VLANs with DHCP snooping enabled. The switch forwards the DHCP packet unless any of the following conditions occur (in which case the packet is dropped):
+ The switch receives a packet (such as a DHCPOFFER, DHCPACK, DHCPNAK, or DHCPLEASEQUERY packet) from a DHCP server outside the network or firewall.
+ The switch receives a packet on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match. This check is performed only if the DHCP snooping MAC address verification option is turned on.
+ The switch receives a DHCPRELEASE or DHCPDECLINE message from an untrusted host with an entry in the DHCP snooping binding table, and the interface information in the binding table does not match the interface on which the message was received.
+ The switch receives a DHCP packet that includes a relay agent IP address that is not 0.0.0.0.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html#wp1101946

Question 2

Explanation

We can test the action of HSRP by tracking the loopback interface and decrease the HSRP priority so that the standby router can take the active role.

Question 3

Explanation

The “ip http secure-port

” is used to set the secure HTTP (HTTPS) server port number for listening.

Question 4

Explanation

This command shows IPsec Security Associations (SAs) built between peers. An example of the output of above command is shown below:

Router#show crypto ipsec sa
interface: FastEthernet0
    Crypto map tag: test, local addr. 12.1.1.1
   local  ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0)
   current_peer: 12.1.1.2
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 7767918, #pkts encrypt: 7767918, #pkts digest 7767918
    #pkts decaps: 7760382, #pkts decrypt: 7760382, #pkts verify 7760382
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, 
    #pkts decompress failed: 0, #send errors 1, #recv errors 0
     local crypto endpt.: 12.1.1.1, remote crypto endpt.: 12.1.1.2
     path mtu 1500, media mtu 1500
     current outbound spi: 3D3
     inbound esp sas:
      spi: 0x136A010F(325714191)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 3442, flow_id: 1443, crypto map: test
        sa timing: remaining key lifetime (k/sec): (4608000/52)
        IV size: 8 bytes
        replay detection support: Y
     inbound ah sas:
     inbound pcp sas:
inbound pcp sas:
outbound esp sas:
   spi: 0x3D3(979)
    transform: esp-3des esp-md5-hmac ,
    in use settings ={Tunnel, }
    slot: 0, conn id: 3443, flow_id: 1444, crypto map: test
    sa timing: remaining key lifetime (k/sec): (4608000/52)
    IV size: 8 bytes
    replay detection support: Y
outbound ah sas:
outbound pcp sas:

The first part shows the interface and cypto map name that are associated with the interface. Then the inbound and outbound SAs are shown. These are either AH or ESP SAs. In this case, because you used only ESP, there are no AH inbound or outbound SAs.

Note: Maybe “inbound crypto map” here mentions about crypto map name.

Comments
  1. Love Leo
    May 21st, 2016

    Can anybody tell me, what is “82Q” ???

  2. Need Help PLease
    October 4th, 2016

    All, I failed today with a 640. The ‘300-101: Implementing Cisco IP Routing’ exam is completely different then what is on this site. Not even close. There are maybe 10 questions that are the same… What happened???

  3. MrsAliB
    November 28th, 2016

    I heard the dump ROUTE_Apr_2016 is no longer valid.
    Will there be a new dump soon?

  4. MrsAliB
    November 28th, 2016

    Please send it to ali.bos mail at outlook.

  5. Vishnua
    April 1st, 2017

    Hello – the link not works anymore.
    can you please upload again?

  6. Hares
    May 23rd, 2017

    If you are looking to pass use the 358q dumps, the only one that is valid now.

  7. r2d2
    September 14th, 2017

    pls send 358q dumps an mail admin @ iskramedia . ru

  1. No trackbacks yet.