2017 Apr 400-101 test

Q191. Which three statements about Cisco HDLC are true? (Choose three.) 

A. HDLC serial encapsulation provides asynchronous framing and error detection. 

B. Serial link keepalives are maintained by SLARP. 

C. HDLC serial encapsulation provides synchronous framing without retransmission. 

D. HDLC frame size can be reduced with MPPC compression. 

E. The interface is brought down after five ignored keepalives. 

F. The interface is brought down after three ignored keepalives. 

Answer: B,C,F 


Cisco High-Level Data Link Controller (HDLC) is the Cisco proprietary protocol for sending data over synchronous serial links using HDLC. Cisco HDLC also provides a simple control protocol called Serial Line Address Resolution Protocol (SLARP) to maintain serial link keepalives. For each encapsulation type, a certain number of keepalives ignored by a peer triggers the serial interface to transition to the down state. For HDLC encapsulation, three ignored keepalives causes the interface to be brought down. By default, synchronous serial lines use the High-Level Data Link Control (HDLC) serial encapsulation method, which provides the synchronous framing and error detection functions of HDLC without windowing or retransmission. 

Reference: http://www.cisco.com/c/en/us/td/docs/routers/access/800/819/software/configuration/Guide/ 819_SCG/6ser_conf.html#78662 

Q192. What is a reason for 6PE to use two MPLS labels in the data plane instead of one? 

A. 6PE allows penultimate hop popping and has a requirement that all P routers do not have to be IPv6 aware. 

B. 6PE does not allow penultimate hop popping. 

C. It allows MPLS traffic engineering to work in a 6PE network. 

D. It allows 6PE to work in an MPLS network where 6VPE is also deployed. 



Q. Why does 6PE use two MPLS labels in the data plane? 

A. 6PE uses two labels: 

. The top label is the transport label, which is assigned hop-by-hop by the Label Distribution Protocol (LDP) or by MPLS traffic engineering (TE). 

. The bottom label is the label assigned by the Border Gateway Protocol (BGP) and advertised by the internal BGP (iBGP) between the Provider Edge (PE) routers. 

When the 6PE was released, a main requirement was that none of the MPLS core routers (the P routers) had to be IPv6-aware. That requirement drove the need for two labels in the data plane. There are two reasons why the 6PE needs both labels. 

PHP Functionality 

If only the transport label were used, and if penultimate hop popping (PHP) were used, the penultimate hop router (the P router) would need to understand IPv6. 

With PHP, this penultimate hop router would need to remove the MPLS label and forward the packet as an IPv6 packet. This P router would need to know that the packet is IPv6 because the P router would need to use the correct Layer 2 encapsulation type for IPv6. (The encapsulation type is different for IPv6 and IPv4; for example, for Ethernet, the encapsulation type is 0x86DD for IPv6, while it is 0x0800 for IPv4.) If the penultimate hop router is not IPv6-capable, it would likely put the Layer 2 encapsulation type for IPv4 for the IPv6 packet. The egress PE router would then believe that the packet was IPv4. There is time-to-live (TTL) processing in both the IPv4 and IPv6 headers. In IPv6, the field is called Hop Limit. The IPv4 and IPv6 fields are at different locations in the headers. Also, the Header Checksum in the IPv4 header would also need to be changed; there is no Header Checksum field in IPv6. If the penultimate hop router is not IPv6-capable, it would cause the IPv6 packet to be malformed since the router expects to find the TTL field and Header Checksum field in the header. Because of these differences, the penultimate hop router would need to know it is an IPv6 packet. How would this router know that the packet is an IPv6 packet, since it did not assign a label to the IPv6 Forwarding Equivalence Class (FEC), and there is no encapsulation field in the MPLS header? It could scan for the first nibble after the label stack and determine that the packet is IPv6 if the value is 6. However, that implies that the penultimate hop router needs to be IPv6-capable. This scenario could work if the explicit null label is used (hence no PHP). However, the decision was to require PHP. 

Load Balancing 

Typical load balancing on a P router follows this process. The P router goes to the end of the label stack and determines if it is an IPv4 packet by looking at the first nibble after the label stack. 

. If the nibble has a value of 4, the MPLS payload is an IPv4 packet, and the P router load balances by hashing the source and destination IPv4 addresses. 

. If the P router is IPv6-capable and the value of the nibble is 6, the P router load balances by hashing the source and destination IPv6 addresses. 

. If the P router is not IPv6-capable and the value of the nibble is not 4 (it could be 6 if the packet is an IPv6 packet), the P router determines it is not an IPv4 packet and makes the load balancing decision based on the bottom label. In the 6PE scenario, imagine there are two egress PE routers advertising one IPv6 prefix in BGP towards the ingress PE router. This IPv6 prefix would be advertised with two different labels in BGP. Hence, in the data plane, the bottom label would be either of the two labels. This would allow a P router to load balance on the bottom label on a per-flow basis. If 6PE used only the transport label to transport the 6PE packets through the MPLS core, the P routers would not be able to load balance these packets on a per-flow basis unless the P routers were IPv6-capable. If the P routers were IPv6-capable, they could use the source and destination IPv6 addresses in order to make a load balancing decision. 

Reference: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/116061-qa-6pe-00.html 


Drag each traceroute text character on the left to its meaning on the right. 


Q194. Which AS_PATH attribute can you use to prevent loops when implementing BGP confederations? 






Q195. Which two message types allow PIM snooping to forward multicast traffic? (Choose two.) 

A. hello messages 

B. leave messages 

C. membership query messages 

D. bidirectional PIM DF election messages 

Answer: A,D 

Q196. Which packet does a router receive if it receives an OSPF type 4 packet? 

A. hello packet 

B. database descriptor packet 

C. link state update packet 

D. link state request packet 

E. link state acknowledge packet 


Q197. Which technology facilitates neighbor IP address resolution in DMVPN? 


B. mGRE 

C. a dynamic routing protocol 




NHRP Used with a DMVPN 

NHRP is used to facilitate building a VPN and provides address resolution in DMVPN. In this context, a VPN consists of a virtual Layer 3 network that is built on top of an actual Layer 3 network. The topology you use over the VPN is largely independent of the underlying network, and the protocols you run over it are completely independent of it. The VPN network (DMVPN) is based on GRE IP logical tunnels that can be protected by adding in IPsec to encrypt the GRE IP tunnels. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html#w p1057255 

Q198. Refer to the exhibit. 

Which technology does the use of bi-directional BPDUs on all ports in the topology support? 



C. Bridge Assurance 

D. Loop Guard 

E. Root Guard 




Spanning Tree Bridge Assurance 

. Turns STP into a bidirectional protocol 

. Ensures spanning tree fails “closed” rather than “open” 

. If port type is “network” send BPDU regardless of state 

. If network port stops receiving BPDU it’s put in BA-inconsistent state 

Bridge Assurance (BA) can help protect against bridging loops where a port becomes designated because it has stopped receiving BPDUs. This is similar to the function of loop guard. 

Reference: http://lostintransit.se/tag/convergence/ 

Q199. Which command drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value, and also causes the Security Violation counter to increment? 

A. switchport port-security violation protect 

B. switchport port-security violation drop 

C. switchport port-security violation shutdown 

D. switchport port-security violation restrict 



When configuring port security violation modes, note the following information: 

. protect—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value. 

. restrict—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment. 

. shutdown—Puts the interface into the error-disabled state immediately and sends an SNMP trap notification. 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.html 

Q200. Refer to the exhibit. 

If the remaining configuration uses default values, what is the expected output of the show mls qos queue-set command? 





A. Exhibit A 

B. Exhibit B 

C. Exhibit C 

D. Exhibit D 



mls qos queue-set output qset-idthreshold queue-id drop-threshold1 drop-threshold2 reserved-threshold maximum-threshold 

Configure the WTD thresholds, guarantee the availability of buffers, and configure the maximum memory allocation for the queue-set (four egress queues per port). 

By default, the WTD thresholds for queues 1, 3, and 4 are set to 100 percent. The thresholds for queue 2 are set to 200 percent. The reserved thresholds for queues 1, 2, 3, 

and 4 are set to 50 percent. The maximum thresholds for all queues are set to 400 percent. 

. For qset-id , enter the ID of the queue-set specified in Step 2. The range is 1 to 2. 

. For queue-id , enter the specific queue in the queue-set on which the command is performed. The range is 1 to 4. 

. For drop-threshold1 drop-threshold2 , specify the two WTD thresholds expressed as a percentage of the queue’s allocated memory. Th e range is 1 to 3200 percent. 

. For reserved-threshold , enter the amount of memory to be guaranteed (reserved) for the queue expressed as a percentage of the allocated memory. The range is 1 to 100 percent. 

. For maximum-threshold , enable a queue in the full condition to obtain more buffers than are reserved for it. This is the maximum memory the queue can have before the packets are dropped if the common pool is not empty. The range is 1 to 3200 percent 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/1 2-2_55_se/configuration/guide/3750xscg/swqos.html