Done VRF

Question 1

Assuming that R1 is a CE router, which VRF is assigned to Gi0/0 on R1?

A. default VRF
B. VRF VPN_A
C. VRF VPN_B
D. management VRF

Answer 1

A. default VRF

Provider Edge router (PE router) is a device located at the edge of a service provider’s network that connects to customer networks (CE routers) and to other provider routers within the service provider’s network. (which is R2 here)

Customer Edge router (CE router) is a device located at the edge of a customer’s network, typically connecting to a service provider’s network. The CE router is owned and managed by the customer, and it serves as the demarcation point between the customer’s network and the service provider’s network. (R1 & R3 here)

VRF (Virtual Routing and Forwarding) is a technology used in computer networking to create multiple instances of a routing table within a router or a layer 3 switch. Each VRF instance operates as if it had its own router, with its own routing table, interfaces, and forwarding decisions.

Question 2

Which statement about route targets is true when using VRF-Lite?

A. Route targets control the import and export of routes into a customer routing table.
B. When BGP is configured, route targets are transmitted as BGP standard communities.
C. Route targets allow customers to be assigned overlapping addresses.
D. Route targets uniquely identify the customer routing table.

Answer 2

A. Route targets control the import and export of routes into a customer routing table.

Route targets are used mainly with exporting/importing route in MPBGP, but it could be use in VRF-lite during the route leaking between the VRF’s.

Question 3

Which technology does VXLAN use to provide segmentation for Layer 2 and Layer 3 traffic?
A. bridge domain
B. VLAN
C. VNI
D. VRF

Answer 3

C. VNI

Question 4

Refer to the exhibit.

An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEthernet1 interface. Which two commands must be added to the existing configuration to accomplish this task? (Choose two.)
A. Router(config-if)#ip address 192.168.1.1 255.255.255.0
B. Router(config-vrf)#address-family ipv4
C. Router(config-vrf)#ip address 192.168.1.1 255.255.255.0
D. Router(config-if)#address-family ipv4
E. Router(config-vrf)#address-family ipv6

Answer 4

A. Router(config-if)#ip address 192.168.1.1 255.255.255.0
B. Router(config-vrf)#address-family ipv4

Address family is configured under VRF definition and ip address on the interface configuration.

Question 5

Refer to the exhibit. Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP address of 192.168.1.200?

A.
ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 global
ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 global
ip route 192.168.1.0 255.255.255.0 Vlan10
ip route 172.16.1.0 255.255.255.0 Vlan20

B.
ip route vrf Customer1 172.16.1.1 255.255.255.255 172.16.1.1 global
ip route vrf Customer2 192.168.1.200 255.255.255.0 192.168.1.1 global
ip route 192.168.1.0 255.255.255.0 Vlan10
ip route 172.16.1.0 255.255.255.0 Vlan20

C.
ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 Customer2
ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 Customer1

D.
ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 Customer1
ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 Customer2

Answer 5

A.
ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 global
ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 global
ip route 192.168.1.0 255.255.255.0 Vlan10
ip route 172.16.1.0 255.255.255.0 Vlan20

Question 6

When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?

A. logging host 10.2.3.4 vrf mgmt transport tcp port 514
B. logging host 10.2.3.4 vrf mgmt transport udp port 514
C. logging host 10.2.3.4 vrf mgmt transport tcp port 6514
D. logging host 10.2.3.4 vrf mgmt transport udp port 6514

Answer 6

C. logging host 10.2.3.4 vrf mgmt transport tcp port 6514

TCP/514 - shell cmd
UDP/514 - syslog
TCP/6514 - syslog over TLS
UDP/6514 - syslog over DTLS

Question 7

Refer to the exhibit. What is required to configure a second export destination for IP address 192.168.10.1?

A. Specify a different UDP port.
B. Specify a different TCP port.
C. Configure a version 5 flow-export to the same destination.
D. Specify a different flow ID.
E. Specify a VRF.

Answer 7

A. Specify a different UDP port

Answer is A.
Proper syntax: ip flow-export destination {ip-address | hostname} udp-port

Question 8

Refer to the exhibit. VPN-A sends point-to-point traffic to VPN-B and receives traffic only from VPN-C. VPN-B sends point-to-point traffic to VPN-C and receives traffic only from VPN-A. Which configuration is applied?

A.
PE-2 vrf VPN-B
address-family ipv4 unicast
import route-target 100:1
export route-target 100:2

B.
PE-3 vrf VPN-B address-family ipv4 unicast
import route-target 100:2
export route-target 100:2

C.
PE-2 vrf VPN-B address-family ipv4 unicast
import route-target 100:2
export route-target 100:2

D.
PE-3 vrf VPN-B address-family ipv4 unicast
import route-target 100:1
export route-target 100:2

Answer 8

PE-3 vrf VPN-B address-family ipv4 unicast
import route-target 100:1
export route-target 100:2

Question 9

Which solution do IaaS service providers use to extend a Layer 2 segment across a Layer 3 network?

A. VXLAN
B. VTEP
C. VRF
D. VLAN

Answer 9

A. VXLAN

The answer is A. VXLAN.

VXLAN is a network virtualization technology that allows Layer 2 networks to be extended across Layer 3 networks. It uses a MAC-in-UDP encapsulation scheme to create a Layer 2 tunnel over a Layer 3 network.

IaaS service providers use VXLAN to extend Layer 2 segments across their networks so that customers can have a single Layer 2 network even if their devices are located in different locations. This allows customers to easily move their devices between locations without having to reconfigure their networks.

The other options are not correct:

• VTEP (Virtual Tunnel Endpoint) is a device that encapsulates and decapsulates VXLAN traffic.
• VRF (Virtual Routing and Forwarding) is a technology that allows multiple routing tables to exist on a single router.
• VLAN (Virtual Local Area Network) is a Layer 2 technology that segments a network into multiple broadcast domains.

Question 10

Refer to the exhibit. An engineer must configure an ERSPAN session with the remote end of the session 10.10.0.1. Which commands must be added to complete the configuration?

A.
Device(config)#monitor session 1 type erspan-source
Device(config-mon-erspan-src)#destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip address 10.10.0.1

B.
Device(config)#monitor session 1 type erspan-source
Device(config-mon-erspan-src)#destination
Device(config-mon-erspan-src-dst)#no vrf 1

C.
Device(config)#monitor session 1 type erspan-source
Device(config-mon-erspan-src)#destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip destination address 10.10.0.1

D.

Device(config)#monitor session 1 type erspan-destination
Device(config-mon-erspan-src)#source
Device(config-mon-erspan-src-dst)#origin ip address 10.1.0.1

Answer 10

A.
Device(config)#monitor session 1 type erspan-source
Device(config-mon-erspan-src)#destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip address 10.10.0.1

A- is correct missing ip address for the tunnel. So need to remove the extra config and add the ip address

Question 11

Answer 11

B.

1. enable
2. configure terminal
3. ip vrf vrf-name
4. rd route-distinguisher
5. import ipv4 unicast | multicast [prefix-limit] map route-map
6. exit
7. route-map map-tag [permit | deny] [sequence-number]
   etc…..

Its “B”

Question 12

Refer to the exhibit. An engineer attempts to create a configuration to allow the Blue VRF to leak into the global routing table, but the configuration does not function as expected. Which action resolves this issue?

A. Change the source network that is specified in access-list 101.
B. Change the access-list destination mask to a wildcard.
C. Change the access-list number in the route map.
D. Change the route-map configuration to VRF_BLUE.

Answer 12

B. Change the access-list destination mask to a wildcard.

Question 13

VRF

Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the remote endpoint but cannot see an ARP entry. Why is there no ARP entry?

A. When VRFs are used, ARP protocol must be enabled in each VRF.
B. The ping command must be executed in the global routing table.
C. Interface FastEthernet0/0 is configured in VRF CUST-A, so the ARP entry is also in that VRF.
D. When VRFs are used, ARP protocol is disabled in the global routing table.

Answer 13

C. Interface FastEthernet0/0 is configured in VRF CUST-A, so the ARP entry is also in that VRF.

Question 14

Refer to the exhibit. Which set of commands is required to configure and verify the VRF for Site 1 Network A on router R1?

A.
R1#ip routing
R1#(config)#ip vrf 100
R1#(config-vrf)#rd 100:1
R1#(config-vrf)# address family ipv4

R1(config)#interface Gi0/2
R1(config-if)#ip address 10.0.1.1 255.255.255.0
R1#show ip route

B.
R1#ip routing
R1#(config)#ip vrf 100

R1(config)#interface Gi0/2
R1(config-if)#ip address 10.0.1.1 255.255.255.0
R1#showip route

C.
R1#ip routing
R1#(config)#ip vrf 100

R1(config)#interface Gi0/2
R1(config-if)#ip vrf forwarding 100
R1(config-if)#ip address 10.0.1.1 255.255.255.0
R1#show ip vrf

D.
R1#ip routing
R1#(config)#ip vrf 100

R1(config)#interface Gi0/2
R1(config-if)#ip address 10.0.1.1 255.255.255.0
R1#show ip vrf

Answer 14

C.
R1#ip routing
R1#(config)#ip vrf 100

R1(config)#interface Gi0/2
R1(config-if)#ip vrf forwarding 100
R1(config-if)#ip address 10.0.1.1 255.255.255.0
R1#show ip vrf

Question 15

Refer to the exhibit. An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs 10, 20, and 30. Which command must be added to complete this configuration?

A. Device(config-mon-erspan-src-dst)# no vrf 1
B. Device(config-mon-erspan-src)# no filter vlan 30
C. Device(config-mon-erspan-src-dst)# mtu 1460
D. Device(config-mon-erspan-src-dst}# erspan-id 6

Answer 15

B. Device(config-mon-erspan-src)# no filter vlan 30

Question 16

You have configured router R1 with multiple VRF’s in order to support multiple customer VPN networks. If you wanted to see the best path for the 10.2.1.0.24 route in VRF Green, what command would you use?

A. show ip route vrf Green 10.2.1.0
B. show ip route 10.2.1.0 vrf Green
C. show route all 10.2.1.0
D. show ip route 10.2.1.0 Green

Answer 16

A. show ip route vrf Green 10.2.1.0

Question 17

Refer to the exhibit.

The administrator must extend the configuration of the switch to perform remote logging using syslog according to these requirements:
* syslog server: 203.0.113.11 reachable through Gi0/0
* initial message severity: notifications
* message transport: reliable

Which two commands must be added to the configuration to accomplish this goal? (Choose two.)

A. logging monitor notifications
B. logging host 203.0.113.11 vrf Mgmt-vrf transport tcp
C. logging source-Interface GigabitEthernet0/0 vrf Mgmt-vrf
D. logging trap notifications
E. logging host 203.0.113.11 vrf Mgmt-vrf

Answer 17

B. logging host 203.0.113.11 vrf Mgmt-vrf transport tcp
D. logging trap notifications

Community vote distribution
BD (71%)
BC (16%)
8%

Question 18

Refer to the exhibit. The administrator configures an ERSPAN session, but no packets are received on the destination host. Which action is required to complete the configuration?

A. Ensure that the ERSPAN destination addresses are not reachable through the Mgmt-vrf VRF.
B. Ensure that the ERSPAN destination is reachable from the switch.
C. Configure the ERSPAN destination VLAN as an RSPAN VLAN.
D. Enable the ERSPAN session.

Answer 18

D. Enable the ERSPAN session