Refer to the exhibit. The administrator is troubleshooting a BGP peering between PE1 and PE3 that is unable to establish. Which action resolves the issue?
A.
Disable sending ICMP unreachables on P2 to allow PE1 to establish a session with PE3.
B.
P2 must have a route to PE3 to establish a BGP session to PE1.
C.
Remove the traffic filtering rules on P2 blocking the BGP communication between PE1 and PE3.
D.
Ensure that the PE3 loopback address is used as a source for BGP peering to PE1.
PE1 is trying to use PE3 loopback address for peering, so "D" is really important in this case.
"C" is unrelated to BGP. "debug ip icmp" shows administratively prohibited message for ICMP from R2. Only for ICMP and not for TCP. ICMP is unrelated to the BGP TCP process.
One more thing, they are not directly connected, so may need to enable multihop.
Answer is C
Tested in LAB each line is exactly the same and it was logical.
In the question, the "rcv from is the P2 interface", not any of the PE3 ip
*Jul 25 19:26:42.589: TCP: sending SYN, seq 956756274, ack 0
*Jul 25 19:26:42.589: TCP0: Connection to 1.1.1.1:179, advertising MSS 1460
*Jul 25 19:26:42.589: TCP0: state was CLOSED -> SYNSENT [54184 -> 1.1.1.1(179)]
*Jul 25 19:26:42.590: ICMP: dst (8.8.8.8) administratively prohibited unreachable rcv from 50.50.50.2
*Jul 25 19:26:42.590: TCP0: ICMP destination unreachable received
*Jul 25 19:26:42.590: Released port 54184 in Transport Port Agent for TCP IP type 1 delay 240000
*Jul 25 19:26:42.590: TCP0: state was SYNSENT -> CLOSED [54184 -> 1.1.1.1(179)]
*Jul 25 19:26:42.590: TCB 0xF6773FC0 destroyed
I added an ACL inbound on P2 (link between PE1 and P2) denying bgp port 179
After the lab , can confirm the answer is C
*Jan 31 00:17:19.534: TCP0: timeout #1 - timeout is 4000 ms, seq 993483321
*Jan 31 00:17:19.534: TCP: (37954) -> 10.255.255.3(179)
*Jan 31 00:17:19.534: TCP0: ICMP destination unreachable received
*Jan 31 00:17:19.534: Released port 37954 in Transport Port Agent for TCP IP type 1 delay 240000
*Jan 31 00:17:19.534: TCP0: state was SYNSENT -> CLOSED [37954 -> 10.255.255.3(179)]
*Jan 31 00:17:19.534: TCB 0xC05E7458 destroyed
PE1#
Answer is C tested in lab. We don't need update source loopback 0 on both routers when peering with loopback addresses, and only one router, this depends on who is the passive and active neighbors.
The debug output shows ICMP messages indicating that packets are being administratively prohibited, which suggests that there might be filtering rules blocking the BGP communication.
Therefore, the action that would resolve the issue is:
C. Remove the traffic filtering rules on P2 blocking the BGP communication between PE1 and PE3.
The answer is C
. Why? If PE1 is LISTEN state, PE2 establishes adjacecny with no loopback:
PE1 debug:
*Jul 29 02:29:56.979: %BGP-5-ADJCHANGE: neighbor 10.255.255.3 Up
l 29 02:30:54.499: TCP0: ACK timeout timer expired
*Jul 29 02:30:55.258: Reserved port 0 in Transport Port Agent for TCP IP type 0
*Jul 29 02:30:55.258: TCP: connection attempt to port 179
*Jul 29 02:30:55.258: TCP: sending RST, seq 0, ack 3901546674
*Jul 29 02:30:55.258: TCP: sent RST to 10.0.12.2:35886 from 10.255.255.1:179
*Jul 29 02:30:55.258: Released port 0 in Transport Port Agent for TCP IP type 0 delay 240000
*Jul 29 02:30:55.258: TCP0: state was LISTEN -> CLOSED [0 -> UNKNOWN(0)]
*Jul 29 02:30:55.276: TCB 0xF6CD1488 destroyed
On P:
ip access-list extended test
deny tcp 10.255.255.0 0.0.0.255 any eq bgp
deny tcp 10.255.255.0 0.0.0.255 eq bgp any
deny tcp any eq bgp any
deny tcp any any eq bgp
permit ip any any
int e0/0
ip access-class TEST in
on PE1
do clear ip bgp *
*Jul 29 02:40:52.387: TCP0: Connection to 10.255.255.3:179, advertising MSS 1460
*Jul 29 02:40:52.387: TCP0: state was CLOSED -> SYNSENT [22789 -> 10.255.255.3(179)]
PE1(config-router)#
*Jul 29 02:40:52.387: TCP0: ICMP destination unreachable received
*Jul 29 02:40:52.387: Released port 22789 in Transport Port Agent for TCP IP type 1 delay 240000
*Jul 29 02:40:52.387: TCP0: state was SYNSENT -> CLOSED [22789 -> 10.255.255.3(179)]
*Jul 29 02:40:52.387: TCB 0xF6CD1798 destroyed
PE1(config-router)#do sh ip bgp summ
BGP router identifier 10.255.255.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.255.3 4 100 0 0 1 0 0 00:01:16 Idle
PE1(config-router)#
on P2
no ip access-group test in
I believe its D.
Debug ICMP is turned on and is confusing the messages..but the TCP error messages just show the TCP session timing out indicating a routing issue.
Should be C. neighborship still comes up without update-source loopback command on PE3. "Administratively prohibited unreachable" message is generated when acl is applied.
This section is not available anymore. Please use the main Exam Page.300-410 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HungarianDish_111
Highly Voted 1 year, 11 months agoSolidSnake74
Highly Voted 1 year, 9 months ago1chung
Most Recent 1 week, 2 days agodeech
4 weeks, 1 day agoSammy3637
3 months agomajdlarbi
4 months, 1 week agowwwwaaaa
4 months, 1 week agoValkyrie17
5 months agobk989
8 months agotubirubs
8 months, 1 week agobk989
9 months, 1 week agobk989
9 months, 1 week agobk989
9 months, 1 week agobk989
9 months, 1 week agobk989
9 months, 1 week agobk989
9 months, 1 week ago[Removed]
9 months, 1 week agoNot_That_Guy
1 year, 3 months ago[Removed]
1 year, 3 months agosayed_2908
1 year, 3 months agoZamanR
1 year, 4 months ago[Removed]
1 year, 4 months agoGhauri777
1 year, 6 months ago