Act now and download your Cisco ccnp routing and switching route 300 101 test today! Do not waste time for the worthless Cisco ccnp routing and switching route 300 101 official cert guide tutorials. Download Up to date Cisco Implementing Cisco IP Routing exam with real questions and answers and begin to learn Cisco ccnp route 300 101 pdf with a classic professional.
Q1. Refer to the following access list.
access-list 100 permit ip any any log
After applying the access list on a Cisco router, the network engineer notices that the router CPU utilization has risen to 99 percent. What is the reason for this?
A. A packet that matches access-list with the "log" keyword is Cisco Express Forwarding switched.
B. A packet that matches access-list with the "log" keyword is fast switched.
C. A packet that matches access-list with the "log" keyword is process switched.
D. A large amount of IP traffic is being permitted on the router.
Logging-enabled access control lists (ACLs) provide insight into traffic as it traverses the
network or is dropped by network devices. Unfortunately, ACL logging can be CPU intensive and can
negatively affect other functions of the network device. There are two primary factors that contribute to the
CPU load increase from ACL logging: process switching of packets that match log-enabled access control
entries (ACEs) and the generation and transmission of log messages. Reference: http://www.cisco.com/
Q2. A router receives a routing advertisement for the same prefix and subnet from four different routing protocols. Which advertisement is installed in the routing table?
Q3. The following configuration is applied to a router at a branch site:
ipv6 dhcp pool dhcp-pool
If IPv6 is configured with default settings on all interfaces on the router, which two dynamic IPv6 addressing mechanisms could you use on end hosts to provide end-to-end connectivity? (Choose two.)
Q4. A company's corporate policy has been updated to require that stateless, 1-to-1, and IPv6 to IPv6 translations at the Internet edge are performed. What is the best solution to ensure compliance with this new policy?
NPTv6 provides a mechanism to translate the private internal organization prefixes to public globally
reachable addresses. The translation mechanism is stateless and provides a 1:1 relationship between the internal addresses and external addresses. The use cases for NPTv6 outlined in the RFC include peering with partner networks, multi homing, and redundancy and load sharing.
Q5. For security purposes, an IPv6 traffic filter was configured under various interfaces on the local router. However, shortly after implementing the traffic filter, OSPFv3 neighbor adjacencies were lost. What caused this issue?
A. The traffic filter is blocking all ICMPv6 traffic.
B. The global anycast address must be added to the traffic filter to allow OSPFv3 to work properly.
C. The link-local addresses that were used by OSPFv3 were explicitly denied, which caused the neighbor relationships to fail.
D. IPv6 traffic filtering can be implemented only on SVIs.
OSPFv3 uses link-local IPv6 addresses for neighbor discovery and other features, so if any IPv6 traffic
filters are implemented be sure to include the link local address so that it is permitted in the filter list.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx- os/unicast/configuration/
Q6. An organization decides to implement NetFlow on its network to monitor the fluctuation of traffic that is disrupting core services. After reviewing the output of NetFlow, the network engineer is unable to see OUT traffic on the interfaces. What can you determine based on this information?
A. Cisco Express Forwarding has not been configured globally.
B. NetFlow output has been filtered by default.
C. Flow Export version 9 is in use.
D. The command ip flow-capture fragment-offset has been enabled.
We came across a recent issue where a user setup a router for NetFlow export but was unable to see the
OUT traffic for the interfaces in NetFlow Analyzer. Every NetFlow configuration aspect was checked and
nothing incorrect was found. That is when we noticed the `no ip cef' command on the router. CEF was
enabled at the global level and within seconds, NetFlow Analyzer started showing OUT traffic for the
interfaces. This is why this topic is about Cisco Express Forwarding.
What is switching?
A Router must make decisions about where to forward the packets passing through. This decision-making
process is called "switching". Switching is what a router does when it makes the following decisions:
1.Whether to forward or not forward the packets after checking that the destination for the packet is
2.If the destination is reachable, what is the next hop of the router and which interface will the router use to
get to that destination.
What is CEF?
CEF is one of the available switching options for Cisco routers. Based on the routing table, CEF creates its
own table, called the Forwarding Information Base (FIB). The FIB is organized differently than the routing
table and CEF uses the FIB to decide which interface to send traffic from. CEF offers the following
1.Better performance than fast-switching (the default) and takes less CPU to perform the same task.
2.When enabled, allows for advanced features like NBAR
3.Overall, CEF can switch traffic faster than route-caching using fast-switching
How to enable CEF?
CEF is disabled by default on all routers except the 7xxx series routers. Enabling and Disabling CEF is
easy. To enable CEF, go into global configuration mode and
enter the CEF command.
Router# config t
Router(config)# ip cef
To disable CEF, simply use the `no' form of the command, ie. `no ip cef`.
Why CEF Needed when enabling NetFlow ?
CEF is a prerequisite to enable NetFlow on the router interfaces. CEF decides through which interface
traffic is exiting the router. Any NetFlow analyzer product will calculate the OUT traffic for an interface
based on the Destination Interface value present in the NetFlow packets exported from the router. If the
CEF is disabled on the router, the NetFlow packets exported from the router will have "Destination
interface" as "null" and this leads NetFlow Analyzer to show no OUT traffic for the interfaces. Without
enabling the CEF on the router, the NetFlow packets did not mark the destination interfaces and so
NetFlow Analyzer was not able to show the OUT traffic for the interfaces. Reference: https://
Q7. Refer to the exhibit.
A network administrator checks this adjacency table on a router. What is a possible cause for the incomplete marking?
A. incomplete ARP information
B. incorrect ACL
C. dynamic routing protocol failure
D. serial link congestion
To display information about the Cisco Express Forwarding adjacency table or the hardware Layer 3-
switching adjacency table, use the show adjacency command.
Reasons for Incomplete Adjacencies
There are two known reasons for an incomplete adjacency:
The router cannot use ARP successfully for the next-hop interface.
After a clear ip arp or a clear adjacency command, the router marks the adjacency as incomplete. Then it
fails to clear the entry.
In an MPLS environment, IP CEF should be enabeled for Label Switching. Interface level command ip
route-cache cef No ARP Entry When CEF cannot locate a valid adjacency for a destination prefix, it punts
the packets to the CPU for ARP resolution and, in turn, for completion of the adjacency.
Q8. A network administrator uses IP SLA to measure UDP performance and notices that packets on one router have a higher one-way delay compared to the opposite direction. Which UDP characteristic does this scenario describe?
C. connectionless communication
D. nonsequencing unordered packets
Cisco IOS IP SLAs provides a proactive notification feature with an SNMP trap. Each measurement
operation can monitor against a pre-set performance threshold.
Cisco IOS IP SLAs generates an SNMP trap to alert management applications if this threshold is crossed.
Several SNMP traps are available: round trip time, average jitter, one-way latency, jitter, packet loss, MOS, and connectivity tests.
Here is a partial sample output from the IP SLA statistics that can be seen:
router#show ip sla statistics 1
Round Trip Time (RTT) for Index 55
Latest RTT: 1 ms
Latest operation start time: *23:43:31.845 UTC Thu Feb 3 2005 Latest operation return code: OK
Number Of RTT: 10 RTT Min/Avg/Max: 1/1/1 milliseconds Latency one-way time:
Number of Latency one-way Samples: 0
Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds Destination to Source Latency
one way Min/Avg/Max: 0/0/0 milliseconds
Q9. Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and Cisco Express Forwarding?
D. Cisco Easy VPN
Explanation: Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a virtual
private network (VPN) supported on Cisco IOS-based routers and Unix-like Operating Systems based on
the standard protocols, GRE, NHRP and IPsec. This DMVPN provides the capability for creating a
dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers,
including IPsec (Internet Protocol Security) and ISAKMP (Internet Security Association and Key
Management Protocol) peers. DMVPN is initially configured to build out a hub-and-spoke network by
statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is
required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes can be
dynamically built on demand (dynamic-mesh) without additional configuration on the hubs or spokes. This
dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke
networks. DMVPN is combination of the following technologies:
Multipoint GRE (mGRE)
Next-Hop Resolution Protocol (NHRP)
Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)
Dynamic IPsec encryption
Cisco Express Forwarding (CEF)
Topic 5, Infrastructure Security
53. Which traffic does the following configuration allow?
ipv6 access-list cisco
permit ipv6 host 2001:DB8:0:4::32 any eq ssh
line vty 0 4
ipv6 access-class cisco in
A. all traffic to vty 0 4 from source 2001:DB8:0:4::32
B. only ssh traffic to vty 0 4 from source all
C. only ssh traffic to vty 0 4 from source 2001:DB8:0:4::32
D. all traffic to vty 0 4 from source all
Here we see that the IPv6 access list called "cisco" is being applied to incoming VTY connections to the
router. IPv6 access list has just one entry, which allows only the single IPv6 IP address of 2001:DB8:0:4::32 to connect using SSH only.
Q10. Which statement about dual stack is true?
A. Dual stack translates IPv6 addresses to IPv4 addresses.
B. Dual stack means that devices are able to run IPv4 and IPv6 in parallel.
C. Dual stack translates IPv4 addresses to IPv6 addresses.
D. Dual stack changes the IP addresses on hosts from IPv4 to IPv6 automatically.