Router Configuration: IPv6 Packet & Static Routes

Questions and Answers

Refer to the exhibit. What will router R1 do with a packet that has a destination IPv6 address of 2001:db8:cafe:5::1?

• Forward the packet out GigabitEthernet0/0
• Forward the packet out Serial0/0/0 (correct)
• Forward the packet out GigabitEthernet0/1
• Drop the packet

Refer to the exhibit. Currently router R1 uses an EIGRP route learned from Branch2 to reach the 10.10.0.0/16 network. Which floating static route would create a backup route to the 10.10.0.0/16 network in the event that the link between R1 and Branch2 goes down?

• `ip route 10.10.0.0 255.255.0.0 Serial 0/0/0 100`
• `ip route 10.10.0.0 255.255.0.0 209.165.200.225 100` (correct)
• `ip route 10.10.0.0 255.255.0.0 209.165.200.226 100`
• `ip route 10.10.0.0 255.255.0.0 209.165.200.225 50`

Refer to the exhibit. R1 was configured with the static route command ip route 209.165.200.224 255.255.255.224 S0/0/0 and consequently users on network 172.16.0.0/16 are unable to reach resources on the Internet. How should this static route be changed to allow user traffic from the LAN to reach the Internet?

• Change the destination network and mask to `0.0.0.0 0.0.0.0` (correct)
• Add the next-hop neighbor address of `209.165.200.226`.
• Change the exit interface to S0/0/1.
• Add an administrative distance of 254.

Which option shows a correctly configured IPv4 default static route?

ip route 0.0.0.0 0.0.0.0 S0/0/0 (D)

Refer to the exhibit. Which static route command can be entered on R1 to forward traffic to the LAN connected to R2?

ipv6 route 2001:db8:12:10::/64 S0/0/1 fe80::2 (A)

What is a method to launch a VLAN hopping attack?

Introducing a rogue switch and enabling trunking (B)

A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation?

MAC address table overflow (D)

Refer to the exhibit. A network administrator is configuring a router as a DHCPv6 server. The administrator issues a show ipv6 dhcp pool command to verify the configuration. Which statement explains the reason that the number of active clients is 0?

The state is not maintained by the DHCPv6 server under stateless DHCPv6 operation. (B)

Refer to the exhibit. A network administrator configured routers R1 and R2 as part of HSRP group 1. After the routers have been reloaded, a user on Host1 complained of lack of connectivity to the Internet The network administrator issued the show standby brief command on both routers to verify the HSRP operations. In addition, the administrator observed the ARP table on Host1. Which entry should be seen in the ARP table on Host1 in order to gain connectivity to the Internet?

The virtual IP address and the virtual MAC address for the HSRP group 1 (B)

Refer to the exhibit. How is a frame sent from PCA forwarded to PCC if the MAC address table on switch SW1 is empty?

SW1 floods the frame on all ports on SW1, excluding the port through which the frame entered the switch. (D)

An administrator is trying to remove configurations from a switch. After using the command erase startup-config and reloading the switch, the administrator finds that VLANs 10 and 100 still exist on the switch. Why were these VLANs not removed?

Because these VLANs are stored in a file that is called vlan.dat that is located in flash memory, this file must be manually deleted. (C)

Refer to the exhibit. A network administrator has connected two switches together using EtherChannel technology. If STP is running, what will be the end result?

STP will block one of the redundant links. (D)

What is a secure configuration option for remote access to a network device?

Configure SSH. (A)

Which wireless encryption method is the most secure?

WPA2 with AES (B)

After attaching four PCs to the switch ports, configuring the SSID and setting authentication properties for a small office network, a technician successfully tests the connectivity of all PCs that are connected to the switch and WLAN. A firewall is then configured on the device prior to connecting it to the Internet. What type of network device includes all of the described features?

Wireless router (D)

Refer to the exhibit. Host A has sent a packet to host B. What will be the source MAC and IP addresses on the packet when it arrives at host B?

Source MAC: 00E0.FE91.7799 Source IP: 10.1.1.10 (B)

Refer to the exhibit. In addition to static routes directing traffic to networks 10.10.0.0/16 and 10.20.0.0/16, Router HQ is also configured with the following command: ip route 0.0.0.0 0.0.0.0 serial 0/1/1 What is the purpose of this command?

Packets with a destination network that is not 10.10.0.0/16 or is not 10.20.0.0/16 or is not a directly connected network will be forwarded to the Internet. (A)

What protocol or technology disables redundant paths to eliminate Layer 2 loops?

STP (B)

Refer to the exhibit. Based on the exhibited configuration and output, why is VLAN 99 missing?

Because VLAN 99 has not yet been created (C)

Which two VTP modes allow for the creation, modification, and deletion of VLANs on the local switch? (Choose two.)

server (B), transparent (C)

Which three steps should be taken before moving a Cisco switch to a new VTP management domain? (Choose three.)

Select the correct VTP mode and version. (C), Configure the switch with the name of the new management domain. (E), Reboot the switch. (F)

A network administrator is preparing the implementation of Rapid PVST+ on a production network. How are the Rapid PVST+ link types determined on the switch interfaces?

Link types are determined automatically. (A)

Refer to the exhibit. All the displayed switches are Cisco 2960 switches with the same default priority and operating at the same bandwidth. Which three ports will be STP designated ports? (Choose three.)

fa0/21 (B), fa0/20 (E), fa0/13 (F)

How will a router handle static routing differently if Cisco Express Forwarding is disabled?

Ethernet multiaccess interfaces will require fully specified static routes to avoid routing inconsistencies. (D)

Compared with dynamic routes, what are two advantages of using static routes on a router? (Choose two.)

They improve network security. (B), They use fewer router resources. (D)

Refer to the exhibit. Which route was configured as a static route to a specific network using the next-hop address?

S 10.17.2.0/24 [1/0] via 10.16.2.2 (B)

What is the effect of entering the spanning-tree portfast configuration command on a switch?

It enables portfast on a specific switch interface. (D)

What is the IPv6 prefix that is used for link-local addresses?

FE80::/10 (D)

Which two statements are characteristics of routed ports on a multilayer switch? (Choose two.)

In a switched network, they are mostly configured between switches at the core and distribution layers. (A), They are not associated with a particular VLAN. (D)

Successful inter-VLAN routing has been operating on a network with multiple VLANs across multiple switches for some time. When an inter-switch trunk link fails and Spanning Tree Protocol brings up a backup trunk link, it is reported that hosts on two VLANs can access some, but not all the network resources that could be accessed previously. Hosts on all other VLANS do not have this problem. What is the most likely cause of this problem?

The allowed VLANs on the backup link were not configured correctly. (D)

Which command will start the process to bundle two physical interfaces to create an EtherChannel group via LACP?

channel-group 2 mode auto (A)

What action takes place when a frame entering a switch has a multicast destination MAC address?

The switch will forward the frame out all ports except the incoming port. (C)

A junior technician was adding a route to a LAN router. A traceroute to a device on the new network revealed a wrong path and unreachable status. What should be done or checked?

Check the configuration of the exit interface on the new static route. (B)

Select the three PAgP channel establishment modes. (Choose three.)

desirable (B), on (D), auto (F)

A static route has been configured on a router. However, the destination network no longer exists. What should an administrator do to remove the static route from the routing table?

Remove the route using the no ip route command. (D)

Refer to the exhibit. What can be concluded about the configuration shown on R1?

R1 is configured as a DHCPv4 relay agent. (C)

Which data-plane-level protocol or technology allows data to transmit over redundant switch links?

EtherChannel (C)

Refer to the exhibit. Which three hosts will receive ARP requests from host A, assuming that port Fa0/4 on both switches is configured to carry traffic for multiple VLANs? (Choose three.)

host F (D), host C (E), host D (F)

What is the primary reason an attacker would launch a MAC address overflow attack?

so that the attacker can see frames that are destined for other hosts (C)

During the AAA process, when will authorization be implemented?

Immediately after successful authentication against an AAA data source (C)

Flashcards

2001:db8:cafe:5::1 routing

Forwards the packet out Serial0/0/0

Floating static route

ip route 10.10.0.0 255.255.0.0 209.165.200.225 100

Correct default static route

Change to: ip route 0.0.0.0 0.0.0.0 S0/0/0

IPv4 default static route

ip route 0.0.0.0 0.0.0.0 S0/0/0

R1 static route command

ipv6 route 2001:db8:12:10::/64 S0/0/1 fe80::2

Launch a VLAN attack

Introducing a rogue switch and enabling trunking

Macof tool targets

MAC address table overflow

Stateless DHCPv6 operation

The state is not maintained by the DHCPv6 server under stateless DHCPv6 operation.

ARP table on Host1

The virtual IP address and the virtual MAC address for the HSRP group 1

Layer 2 switch frame forwarding

Frame forwarding decisions are based on MAC address and port mappings in the CAM table.

Interconnected Cisco LAN switches

The broadcast domain expands to all switches.

Link state and Interface

Layer 1 problem is down/down

Empty MAC address table

SW1 floods the frame on all ports on SW1, excluding the port through which the frame entered the switch.

VLANs not removed

Because these VLANs are stored in a file that is called vlan.dat that is located in flash memory, this file must be manually deleted.

Default VLAN

All switch ports are assigned to this VLAN after initial bootup of the switch

STP with EtherChannel

STP will block one of the redundant links.

Secure remote network access

Configure SSH.

Wireless encryption

WPA2 with AES

Source MAC/IP arriving at Host B

Source MAC: 00E0.FE91.7799, Source IP: 10.1.1.10

Purpose of the command

Packets with a destination network that is not 10.10.0.0/16 or is not 10.20.0.0/16 or is not a directly connected network will be forwarded to the Internet.

Disables redundant Layer 2 loops

STP

VLAN 99 missing

because VLAN 99 has not yet been created

Moving a Cisco switch to a new VTP management domain

Configure the switch with the name of the new management domain.

Rapid PVST+ link types

Link types are determined automatically.

STP designated ports

fa0/13, fa0/21, and fa0/11

How a router handles traffic on the network

Ethernet multiaccess interfaces will require fully specified static routes to avoid routing inconsistencies.

Advantages of static routes

They use fewer router resources.

Static route configured to specific network

S 10.17.2.0/24 [1/0] via 10.16.2.2

spanning-tree portfast configuration

It enables portfast on a specific switch interface.

IPv6 prefix for link-local addresses

FE80::/10

Routed Ports and Multilayer Switch

In a switched network, they are mostly configured between switches at the core and distribution layers. And They are not associated with a particular VLAN.

Inter-VLAN Routing

The allowed VLANs on the backup link were not configured correctly.

bundle two physical interfaces

interface range GigabitEthernet 0/4 – 5

MAC address destination

The switch will forward the frame out all ports except the incoming port.

Static route of the routing table

Remove the route using the no ip route command.

PAgP channel establishment

auto, desirable, on

Study Notes

Router R1 Configuration with IPv6 Packet

• Router R1 forwards the packet out Serial0/0/0 as the IPv6 route table indicates that the destination IPv6 address 2001:db8:cafe:5::1 would use the default route s::/0

EIGRP Route Backup on Router R1

• Floating static route to create a backup route: ip route 10.10.0.0 255.255.0.0 209.165.200.225 100
• Router R1 uses an EIGRP route (Administrative Distance 90) to reach the 10.10.0.0/16 network.
• A floating static route must have an administrative distance greater than 90
• The next hop address should correspond to the serial interface IP address of Branch1 (209.165.200.225).

Correcting a Static Route on Router R1

• To allow user traffic from the LAN to reach the Internet, change the destination network and mask to 0.0.0.0 0.0.0.0
• The original static route on R1 was incorrectly configured
• The correct destination network and mask is 0.0.0.0 0.0.0.0.

IPv4 Default Static Route Configuration

• A correctly-configured IPv4 default static route: ip route 0.0.0.0 0.0.0.0 S0/0/0.
• The static route ip route 0.0.0.0 0.0.0.0 S0/0/0 is considered a default static route will match all destination networks.

IPv6 Static Route Configuration

• The correct static route command: ipv6 route 2001:db8:12:10::/64 S0/0/1 fe80::2.

VLAN Hopping Attack Method

• Introducing a rogue switch and enabling trunking is a method to launch a VLAN hopping attack.

Cybersecurity Analyst's LAN Attack Target

• A cybersecurity analyst using the macof tool to evaluate switch configurations is targeting MAC address table overflow.
• Macof is a network attack tool mainly used to flood LAN switches with MAC addresses.

Explanation of DHCPv6 Server Configuration

• The state is not maintained by the DHCPv6 server under stateless DHCPv6 operation
• With stateless DHCPv6, indicated by the command ipv6 nd other-config-flag
• the DHCPv6 server doesn't maintain state information because client IPv6 addresses are not managed by the DHCP server
• Clients configure their IPv6 addresses by combining the prefix/prefix-length and a self-generated interface ID
• The ipv6 dhcp pool configuration doesn't need to specify the valid IPv6 address range.
• Clients use the link-local address of the router interface as the default gateway address
• The default gateway address is not necessary.

HSRP Group and ARP Table Entry

• The ARP table on Host1 needs to have the virtual IP address and the virtual MAC address for the HSRP group 1 to gain Internet connectivity
• Hosts send an ARP request to the default gateway, which is the virtual IP address
• ARP replies from the HSRP routers contain the virtual MAC address.

Frame Forwarding Decision of Layer 2 Switch

• Frame forwarding decisions are based on MAC address and port mappings in the CAM table.

Broadcast Domain Expansion in Cisco LAN Switches

• The broadcast domain expands to all switches after multiple Cisco LAN switches are interconnected.
• LAN switches do not filter broadcast frames, resulting in interconnected switches forming one large broadcast domain.

Link State to Interface and Protocol Status

• Layer 1 Problem: down/down
• Layer 2 Problem: up/down
• Disabled: administratively down
• Operational: up/up

Frame Forwarding with Empty MAC Address Table

• SW1 floods the frame on all ports on SW1, excluding the port used to enter the switch.
• When a switch powers on, the MAC address table is empty
• Switches forward based on the destination MAC address in the frame header
• If the destination MAC address is not in the switch table, the switch floods the frame out all ports except the incoming port

VLAN Storage on Switches

• These VLANs are stored in the file called vlan.dat, located in flash memory, and must be manually deleted.
• Standard range VLANs (1-1005) are stored on the switch in this file
• Erasing the startup configuration and reloading a switch does not automatically remove these VLANs

VLAN Types

• Native VLAN: Carries untagged traffic
• Management VLAN: Has an IP address and subnet mask allowing switch access via HTTP, Telnet, SSH, or SNMP
• Default VLAN: All switch ports are assigned to this VLAN after the switch's initial bootup
• Data VLANs: Configured to carry user-generated traffic

Etherchannel Technology with STP

• STP will block one of the redundant links when EtherChannel technology is used
• By default, STP is enabled on switch devices and will block redundant links to prevent loops.

Secure Configuration Option for Remote Network Access

• Configure SSH for remote access to a network device

Most Secure Wireless Encryption Method

WPA2 with AES is the most secure wireless encryption method

Network Device Features and Configuration

A wireless router includes all features described: a firewall appliance

Source and IP Addresses on Packet Arrival

• Source MAC: 00E0.FE91.7799 and Source IP: 10.1.1.10 on packet arrival
• Layer 2 addresses change at each hop as the packet is de-encapsulated and re-encapsulated
• Layer 3 addresses remain the same

Purpose command for Router HQ Configuration

• Packets with a destination network that is not 10.10.0.0/16 or 10.20.0.0/16 or a directly connected network will be forwarded to the Internet
• The command ip route 0.0.0.0 0.0.0.0 serial 0/1/1 configures a default route.

Layer 2 Loop Elimination

• STP disables redundant paths to eliminate Layer 2 loops.

Missing VLAN 99

• The VLAN 99 hasn't yet been created.

VTP Modes for VLAN Management

• Server and transparent VTP modes allow creation, modification, and deletion of VLANs on the local switch

Steps for Moving a Cisco Switch toVTP Management Domain

• Three steps to take:
  • Configure the switch with the name of the new management domain
  • Select the correct VTP mode and version
  • Configure the switch to synchronize with other switches in the domain by resetting the VTP counters

Rapid PVST+ Link Type Determination

• Link types are determined automatically when Rapid PVST+ is implemented

STP Designated Ports on Cisco Switches

• STP designated ports: fa0/13, fa0/21, fa0/11
• Switch with the lowest MAC address becomes the root bridge with same default priority and bandwidth
• All ports would be designated ports with the switch of lowest MAC addresses

Router Handling Static Routing with Cisco Express Forwarding

• Ethernet multiaccess interfaces require fully specified static routes to avoid routing inconsistencies

Advantages of Static vs Dynamic Routes

• Using static routes: improve network security and use fewer router resources

Static Route with Next-Hop Address

• Route configured as a static route to a specific network using the next-hop: S 10.17.2.0/24 [1/0] via 10.16.2.2

Spanning-Tree Portfast Configuration Effect

• Spanning-tree portfast enables portfast on a specific switch interface

IPv6 Prefix for Link-Local Addresses

• The following IPv6 prefix: FE80::/10

Characteristics of Routed Ports

• In a switched network, they are mostly configured between switches at the core and distribution layers. Not associated with any particular VLAN

Inter-VLAN Routing Issue

• The allowed VLANs on the backup link were not configured correctly, causing inaccess to network resources when a trunk link fails

EtherChannel Creation via LACP

• interface range GigabitEthernet 0/4 - 5 command bundles two physical interfaces to create etherchannel group via LACP

Multicast Destination MAC Address Action

• The switch will forward the frame out all ports except the incoming port.

Wrong Path and Unreachable LAN Routers

• Check the configuration of the exit interface on the new static route.

PAgP Channel Establishment Modes

• The three PAgP(Port Aggregation Protocol) channel establishment modes are auto, desirable, and on.

Removing Static Routes

• To remove the static route use the no ip route command

Interface Configuration as DHCPv4 Relay Agent

• If an IP helper is configured as dhcp4, the ip helper-address command was applied on the wrong interface.

Wireless Router Settings Affecting Network Security

• The SSID is broadcast and a well-known administrator password is set.

SNMP Log Messages Sent to the SNMP Server's

• Messages called traps are generated by network devices and sent to the SNMP server

VLAN Interface Tab

• The administrator should create Wlan using WLANS Tab

DHCP IPv4 Addresses on an AP

• To reduce outsiders intercepting data or accessing wireless network by using a well known address range

WLC Functions with Split MAC

Frame queuing, and packet priorities

Switch Port Enhacements for STP stability

• All Port-Fast Enabled ports

Mitigating BPDU attacks

• Rogue switches on a network

Dynamic ARP Inspection with DHCP Snooping Requirements

• It relies on the setting is the trusted and un-trusted ports set by DHCP snooping.

Router R1 Neighbor Relationship

• Change the Admin distance to 120

Metric for IPv6 Data Packet

• The result is 2682112

Remote Management Configuration

• Remote Management configurations require IP address, Default getaway, and vty line

Stateful DHCPv6 Requirements

• IPv6 nd other-config-flag

Wireless Configuration

• Configure 5Ghz band for streaming multimedia and time sensitive traffic

New ISP Checkpoints

• New ISP checks should ensure the old default state has been removed from the company edge routers.

MAC address table population elements

• The information a switch used to populated a map address table is the source Mac Address and the incoming port

Switch configuration review elements.

• A review of switch s1 requires EtherChannel for multiple physical parts in 1 logical link.

Static Router Configuration

• A floating static router

Action with Mac Address Unicast destination

• The switch forwards with the specified.

Commands for IPv4 Address

• The commands needed are -R1 config interfaces and ip helper address 10.2.0.250

Load Balancing mechanisms is for protocol/technology.

-Etherchannel

VLAN attack mitigation protocols/solutions

-DTP

DHCPv6 without Address

• Router informing via a ipv6 unicast that it has data (ipv6 unicast)

Inter VLAN review and check

• Vlan and number

Interconnecting Router and Switch for Trunks

• The three pairs of trunking is dynamic auto - dynamic auto Dynamic desirable- trunk Dynamic desirable - dynamic auto

Static Router vs Internal

• Check routing table missing a static route

Overlapping channel assignments (Wireless)

• Wireless channels is channels 1,6, and 11

WLAN Security and Credential

• A key matches the key on he AP

ARP on VLAN

ARP request is between host with broadcast

Port Fast

• The effects of entering shutdown will. Disable a unused port.

Mac over flow

• The primary reasons for attacks will be the attacker can see fames that are destined for another host

10. 37

Authorization implemented when.

• immediately after success

DHCPv6 and PC

• The router informs via a message that something is wrong,

Radius access control

to restrict Access to the local wlan with authorized autheniticaied useres.

Which of the component combines to form a bridge ID.

Bridge protory Mac Address Extended system address

VLAN's, and which tap configuration with the WPA policy

In the 3504's, click WLANS summary

Description

Explore Router R1 configuration with IPv6 packet forwarding and EIGRP route backup. Learn how to create a floating static route and correct static route configurations for internet access. Understand IPv4 default static route configuration.