Done VRF Flashcards
Assuming that R1 is a CE router, which VRF is assigned to Gi0/0 on R1?
A. default VRF
B. VRF VPN_A
C. VRF VPN_B
D. management VRF
A. default VRF
Provider Edge router (PE router) is a device located at the edge of a service provider’s network that connects to customer networks (CE routers) and to other provider routers within the service provider’s network. (which is R2 here)
Customer Edge router (CE router) is a device located at the edge of a customer’s network, typically connecting to a service provider’s network. The CE router is owned and managed by the customer, and it serves as the demarcation point between the customer’s network and the service provider’s network. (R1 & R3 here)
VRF (Virtual Routing and Forwarding) is a technology used in computer networking to create multiple instances of a routing table within a router or a layer 3 switch. Each VRF instance operates as if it had its own router, with its own routing table, interfaces, and forwarding decisions.
Which statement about route targets is true when using VRF-Lite?
A. Route targets control the import and export of routes into a customer routing table.
B. When BGP is configured, route targets are transmitted as BGP standard communities.
C. Route targets allow customers to be assigned overlapping addresses.
D. Route targets uniquely identify the customer routing table.
A. Route targets control the import and export of routes into a customer routing table.
Route targets are used mainly with exporting/importing route in MPBGP, but it could be use in VRF-lite during the route leaking between the VRF’s.
Which technology does VXLAN use to provide segmentation for Layer 2 and Layer 3 traffic?
A. bridge domain
B. VLAN
C. VNI
D. VRF
C. VNI
Refer to the exhibit.
An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEthernet1 interface. Which two commands must be added to the existing configuration to accomplish this task? (Choose two.)
A. Router(config-if)#ip address 192.168.1.1 255.255.255.0
B. Router(config-vrf)#address-family ipv4
C. Router(config-vrf)#ip address 192.168.1.1 255.255.255.0
D. Router(config-if)#address-family ipv4
E. Router(config-vrf)#address-family ipv6
A. Router(config-if)#ip address 192.168.1.1 255.255.255.0
B. Router(config-vrf)#address-family ipv4
Address family is configured under VRF definition and ip address on the interface configuration.
Refer to the exhibit. Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP address of 192.168.1.200?
A.
ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 global
ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 global
ip route 192.168.1.0 255.255.255.0 Vlan10
ip route 172.16.1.0 255.255.255.0 Vlan20
B.
ip route vrf Customer1 172.16.1.1 255.255.255.255 172.16.1.1 global
ip route vrf Customer2 192.168.1.200 255.255.255.0 192.168.1.1 global
ip route 192.168.1.0 255.255.255.0 Vlan10
ip route 172.16.1.0 255.255.255.0 Vlan20
C.
ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 Customer2
ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 Customer1
D.
ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 Customer1
ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 Customer2
A.
ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 global
ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 global
ip route 192.168.1.0 255.255.255.0 Vlan10
ip route 172.16.1.0 255.255.255.0 Vlan20
When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?
A. logging host 10.2.3.4 vrf mgmt transport tcp port 514
B. logging host 10.2.3.4 vrf mgmt transport udp port 514
C. logging host 10.2.3.4 vrf mgmt transport tcp port 6514
D. logging host 10.2.3.4 vrf mgmt transport udp port 6514
C. logging host 10.2.3.4 vrf mgmt transport tcp port 6514
TCP/514 - shell cmd
UDP/514 - syslog
TCP/6514 - syslog over TLS
UDP/6514 - syslog over DTLS
Refer to the exhibit. What is required to configure a second export destination for IP address 192.168.10.1?
A. Specify a different UDP port.
B. Specify a different TCP port.
C. Configure a version 5 flow-export to the same destination.
D. Specify a different flow ID.
E. Specify a VRF.
A. Specify a different UDP port
Answer is A.
Proper syntax: ip flow-export destination {ip-address | hostname} udp-port
Refer to the exhibit. VPN-A sends point-to-point traffic to VPN-B and receives traffic only from VPN-C. VPN-B sends point-to-point traffic to VPN-C and receives traffic only from VPN-A. Which configuration is applied?
A.
PE-2 vrf VPN-B
address-family ipv4 unicast
import route-target 100:1
export route-target 100:2
B.
PE-3 vrf VPN-B address-family ipv4 unicast
import route-target 100:2
export route-target 100:2
C.
PE-2 vrf VPN-B address-family ipv4 unicast
import route-target 100:2
export route-target 100:2
D.
PE-3 vrf VPN-B address-family ipv4 unicast
import route-target 100:1
export route-target 100:2
PE-3 vrf VPN-B address-family ipv4 unicast
import route-target 100:1
export route-target 100:2
Which solution do IaaS service providers use to extend a Layer 2 segment across a Layer 3 network?
A. VXLAN
B. VTEP
C. VRF
D. VLAN
A. VXLAN
The answer is A. VXLAN.
VXLAN is a network virtualization technology that allows Layer 2 networks to be extended across Layer 3 networks. It uses a MAC-in-UDP encapsulation scheme to create a Layer 2 tunnel over a Layer 3 network.
IaaS service providers use VXLAN to extend Layer 2 segments across their networks so that customers can have a single Layer 2 network even if their devices are located in different locations. This allows customers to easily move their devices between locations without having to reconfigure their networks.
The other options are not correct:
- VTEP (Virtual Tunnel Endpoint) is a device that encapsulates and decapsulates VXLAN traffic.
- VRF (Virtual Routing and Forwarding) is a technology that allows multiple routing tables to exist on a single router.
- VLAN (Virtual Local Area Network) is a Layer 2 technology that segments a network into multiple broadcast domains.
Refer to the exhibit. An engineer must configure an ERSPAN session with the remote end of the session 10.10.0.1. Which commands must be added to complete the configuration?
A.
Device(config)#monitor session 1 type erspan-source
Device(config-mon-erspan-src)#destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip address 10.10.0.1
B.
Device(config)#monitor session 1 type erspan-source
Device(config-mon-erspan-src)#destination
Device(config-mon-erspan-src-dst)#no vrf 1
C.
Device(config)#monitor session 1 type erspan-source
Device(config-mon-erspan-src)#destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip destination address 10.10.0.1
D.
Device(config)#monitor session 1 type erspan-destination
Device(config-mon-erspan-src)#source
Device(config-mon-erspan-src-dst)#origin ip address 10.1.0.1
A.
Device(config)#monitor session 1 type erspan-source
Device(config-mon-erspan-src)#destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip address 10.10.0.1
A- is correct missing ip address for the tunnel. So need to remove the extra config and add the ip address
B.
- enable
- configure terminal
- ip vrf vrf-name
- rd route-distinguisher
- import ipv4 unicast | multicast [prefix-limit] map route-map
- exit
- route-map map-tag [permit | deny] [sequence-number]
etc…..
Its “B”
Refer to the exhibit. An engineer attempts to create a configuration to allow the Blue VRF to leak into the global routing table, but the configuration does not function as expected. Which action resolves this issue?
A. Change the source network that is specified in access-list 101.
B. Change the access-list destination mask to a wildcard.
C. Change the access-list number in the route map.
D. Change the route-map configuration to VRF_BLUE.
B. Change the access-list destination mask to a wildcard.
VRF
Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the remote endpoint but cannot see an ARP entry. Why is there no ARP entry?
A. When VRFs are used, ARP protocol must be enabled in each VRF.
B. The ping command must be executed in the global routing table.
C. Interface FastEthernet0/0 is configured in VRF CUST-A, so the ARP entry is also in that VRF.
D. When VRFs are used, ARP protocol is disabled in the global routing table.
C. Interface FastEthernet0/0 is configured in VRF CUST-A, so the ARP entry is also in that VRF.
Refer to the exhibit. Which set of commands is required to configure and verify the VRF for Site 1 Network A on router R1?
A.
R1#ip routing
R1#(config)#ip vrf 100
R1#(config-vrf)#rd 100:1
R1#(config-vrf)# address family ipv4
R1(config)#interface Gi0/2
R1(config-if)#ip address 10.0.1.1 255.255.255.0
R1#show ip route
B.
R1#ip routing
R1#(config)#ip vrf 100
R1(config)#interface Gi0/2
R1(config-if)#ip address 10.0.1.1 255.255.255.0
R1#showip route
C.
R1#ip routing
R1#(config)#ip vrf 100
R1(config)#interface Gi0/2
R1(config-if)#ip vrf forwarding 100
R1(config-if)#ip address 10.0.1.1 255.255.255.0
R1#show ip vrf
D.
R1#ip routing
R1#(config)#ip vrf 100
R1(config)#interface Gi0/2
R1(config-if)#ip address 10.0.1.1 255.255.255.0
R1#show ip vrf
C.
R1#ip routing
R1#(config)#ip vrf 100
R1(config)#interface Gi0/2
R1(config-if)#ip vrf forwarding 100
R1(config-if)#ip address 10.0.1.1 255.255.255.0
R1#show ip vrf
Refer to the exhibit. An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs 10, 20, and 30. Which command must be added to complete this configuration?
A. Device(config-mon-erspan-src-dst)# no vrf 1
B. Device(config-mon-erspan-src)# no filter vlan 30
C. Device(config-mon-erspan-src-dst)# mtu 1460
D. Device(config-mon-erspan-src-dst}# erspan-id 6
B. Device(config-mon-erspan-src)# no filter vlan 30