Home > IP Services Questions

IP Services Questions

August 17th, 2015 in ROUTE 300-101 Go to comments

Question 1

Explanation

The switch validates DHCP packets received on the untrusted interfaces of VLANs with DHCP snooping enabled. The switch forwards the DHCP packet unless any of the following conditions occur (in which case the packet is dropped):
+ The switch receives a packet (such as a DHCPOFFER, DHCPACK, DHCPNAK, or DHCPLEASEQUERY packet) from a DHCP server outside the network or firewall.
+ The switch receives a packet on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match. This check is performed only if the DHCP snooping MAC address verification option is turned on.
+ The switch receives a DHCPRELEASE or DHCPDECLINE message from an untrusted host with an entry in the DHCP snooping binding table, and the interface information in the binding table does not match the interface on which the message was received.
+ The switch receives a DHCP packet that includes a relay agent IP address that is not 0.0.0.0.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html#wp1101946

Question 2

Explanation

We can test the action of HSRP by tracking the loopback interface and decrease the HSRP priority so that the standby router can take the active role.

Question 3

Explanation

The “ip http secure-port

” is used to set the secure HTTP (HTTPS) server port number for listening.

Question 4

Explanation

This command shows IPsec Security Associations (SAs) built between peers. An example of the output of above command is shown below:

Router#show crypto ipsec sa
interface: FastEthernet0
    Crypto map tag: test, local addr. 12.1.1.1
   local  ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0)
   current_peer: 12.1.1.2
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 7767918, #pkts encrypt: 7767918, #pkts digest 7767918
    #pkts decaps: 7760382, #pkts decrypt: 7760382, #pkts verify 7760382
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, 
    #pkts decompress failed: 0, #send errors 1, #recv errors 0
     local crypto endpt.: 12.1.1.1, remote crypto endpt.: 12.1.1.2
     path mtu 1500, media mtu 1500
     current outbound spi: 3D3
     inbound esp sas:
      spi: 0x136A010F(325714191)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 3442, flow_id: 1443, crypto map: test
        sa timing: remaining key lifetime (k/sec): (4608000/52)
        IV size: 8 bytes
        replay detection support: Y
     inbound ah sas:
     inbound pcp sas:
inbound pcp sas:
outbound esp sas:
   spi: 0x3D3(979)
    transform: esp-3des esp-md5-hmac ,
    in use settings ={Tunnel, }
    slot: 0, conn id: 3443, flow_id: 1444, crypto map: test
    sa timing: remaining key lifetime (k/sec): (4608000/52)
    IV size: 8 bytes
    replay detection support: Y
outbound ah sas:
outbound pcp sas:

The first part shows the interface and cypto map name that are associated with the interface. Then the inbound and outbound SAs are shown. These are either AH or ESP SAs. In this case, because you used only ESP, there are no AH inbound or outbound SAs.

Note: Maybe “inbound crypto map” here mentions about crypto map name.

Comments
  1. Love Leo
    May 21st, 2016

    Can anybody tell me, what is “82Q” ???

  2. Need Help PLease
    October 4th, 2016

    All, I failed today with a 640. The ‘300-101: Implementing Cisco IP Routing’ exam is completely different then what is on this site. Not even close. There are maybe 10 questions that are the same… What happened???

  3. Swiss
    November 17th, 2016

    http://www.testmayor.com/300-101-test.html dumps is Valid. I took the test on Weds. 95% questions were from the Testmayor dumps. All questions and answers are valid, You’d better have to understand the technologies.

  4. MrsAliB
    November 28th, 2016

    I heard the dump ROUTE_Apr_2016 is no longer valid.
    Will there be a new dump soon?

  5. MrsAliB
    November 28th, 2016

    Please send it to ali.bos mail at outlook.

  6. Anonymous
    February 18th, 2017
  7. Vishnua
    April 1st, 2017

    Hello – the link not works anymore.
    can you please upload again?

  8. Hares
    May 23rd, 2017

    If you are looking to pass use the 358q dumps, the only one that is valid now.

  9. Hans A Hinton
    July 8th, 2017

    Certbus 2017 Newest Cisco 300-101 CCDP Exam VCE and PDF Dumps for Free Download!
    ☆ 300-101 CCDP Exam PDF and VCE Dumps : 402Q&As Instant Download: https://www.certbus.com/300-101.html [100% 300-101 Exam Pass Guaranteed or Money Refund!!]
    ☆ Free view online pdf on Certbus free test 300-101 PDF: https://www.certbus.com/online-pdf/300-101.pdf

  10. Dash
    July 19th, 2017

    For latest dumps with continuous update, contact me at darshendash @ gmail . com

  1. No trackbacks yet.