ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-410 All Questions

View all questions & answers for the 300-410 exam
Go to Exam

Exam 300-410 topic 1 question 138 discussion

Actual exam question from Cisco's 300-410
Question #: 138
Topic #: 1
[All 300-410 Questions]


Refer to the exhibit. The engineer configured and connected Router2 to Router1. The link came up but could not establish a Telnet connection to Router1 IPv6 address of 2001:DB8::1.
Which configuration allows Router2 to establish a Telnet connection to Router1?

  • A. ipv6 unicast-routing
  • B. permit ICMPv6 on access list INGRESS for Router2 to obtain IPv6 address
  • C. permit ip any any on access list EGRESS2 on Router1
  • D. IPv6 address on GigabitEthernet0/0
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by [deleted] at Aug. 1, 2021, 6:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MP_iBGP
Highly Voted 3 years, 8 months ago
Correct answer is B because when R1 will send nd ra to R2 for its autoconfig, its access-list INGRESS will drop it. LAB for test : R2#show ipv6 access-list IPv6 access list INGRESS permit ipv6 2001:DB8::/64 any (1 match) sequence 10 deny ipv6 2001:DB8::/32 any sequence 20 permit icmp any any (5 matches) sequence 30 R2#telnet 2001:db8::1 Trying 2001:DB8::1 ... Open R1>
upvoted 19 times
5f44e95
3 weeks, 5 days ago
You are wrong. The access list will permit the RA from Router 1. D is correct. The SLAAC config on R2 cannot work because of the suppression of the RA on the interface.
upvoted 1 times
...
donjime
3 years, 8 months ago
RA are suppressed by the comand ipv6 nd ra suppress on the interface
upvoted 2 times
[Removed]
3 years, 5 months ago
You're right.. It stops that router from advertising but it doesnt stop it from responding to RA messages.. Add the icmp to the acl and it will be able to generate an ipv6 address since autoconfig is enabled. I also labbed to verify...
upvoted 7 times
bk989
10 months, 3 weeks ago
there is an implicit ipv6 nd any any in ipv6 access-lists unless you configure an ipv6 deny any any. Our R2 IS NOT ENABLED for RS advertisesments. We enable RS advertisements with "ipv6 enable". hence our R2 has to wait for R1 interval of RA packets (about every 30 seconds I believe). So we need to enable an IPv6 address manually. Answer is D.
upvoted 2 times
...
...
...
asans
3 years, 2 months ago
B is correct, permitting icmp on R2 enables it to receive RA with the prefix info and thus generate an IPv6 address. D works but the key here is to use the ipv6 address autoconfig feature rather the manual IPv6 address
upvoted 3 times
...
wts
3 years, 3 months ago
What message exactly contains address 2001:DB8::/32 in the source and what does it matter if what is forbidden is allowed by the line above? All of these messages should use link-local addresses (FE80::/64) as their source. I believe the results of your test, but how to explain it?
upvoted 1 times
...
...
lcy1
Highly Voted 3 years, 4 months ago
tested in lab - A doesn't work, unless B is done. B by itself doesn't help without A D helps instantly. So it depends how many answers cisco wants on real exam - if one, then it is D, if two, then it is AB
upvoted 10 times
...
deech
Most Recent 3 months, 2 weeks ago
Selected Answer: B
B is correct
upvoted 1 times
...
Valkyrie17
7 months ago
Selected Answer: B
The access list blocks it.
upvoted 1 times
...
AonDuine
10 months ago
Selected Answer: C
Correct answer is c This change will allow the Telnet traffic between Router2 and Router1 by adjusting the restrictive ACL on Router1 that is currently blocking all outgoing IP traffic, including Telnet.
upvoted 3 times
...
bf10690
10 months, 3 weeks ago
Selected Answer: D
I just tested this in my lab and the only thing that solved the issue was D. It is very possible that some combination of B and C might solve the issue by letting Router2 get an IPv6 address, but D solves the problem immediately by itself.
upvoted 2 times
...
bk989
10 months, 3 weeks ago
there is an implicit permit ipv6 nd any any in ipv6 access-lists unless you configure an ipv6 deny any any. Our R2 IS NOT ENABLED for RS advertisesments. We enable RS advertisements with "ipv6 enable". hence our R2 has to wait for R1 interval of RA packets (about every 30 seconds I believe). So we need to enable an IPv6 address manually. Answer is D.
upvoted 1 times
bk989
10 months, 3 weeks ago
I was wrong. The implicit permit icmp nd any any is denied because of the deny statement> Pause here for a moment. Did you notice the steps differ a little from IPv4? There is an added step before the implicit deny any. Recall that IPv6 relies on the Neighbor Discovery Protocol (NDP) NA (neighbor advertisement) and NS (neighbor solicitation) messages to determine the MAC address associated with an IPv6 address. Therefore, the implicit permit icmp nd entries for NA and NS messages have been added before the implicit deny any, so they are not denied: permit icmp any any nd-na permit icmp any any nd-ns However, because these are implicit permit statements, all statically entered commands come before them. Therefore, if you issue the deny ipv6 any any log command at the end of an IPv6 ACL, as you might be accustomed to doing in IPv4, you will break the NDP process because NA and NS messages will be denied. Therefore, when troubleshooting NDP, keep in mind that an ACL might be the reason it is not working.
upvoted 1 times
bk989
10 months, 3 weeks ago
Text above is from OCG. Also the RS messages is enabled on R2 with ipv6 address autoconfig. Hence the icmp is being denied for neighbor discovery. So we need to permit the RA in the access list
upvoted 1 times
bk989
10 months, 3 weeks ago
interface Ethernet0/0 no ip address ipv6 address autoconfig ipv6 nd ra suppress ipv6 traffic-filter INGREE in ipv6 access-list INGREE permit ipv6 2001:DB8::/64 any permit icmp any any deny ipv6 2001:DB8::/32 any ! *Aug 13 02:10:33.076: %SYS-5-CONFIG_I: Configured from console by console IOU2#telnet 2001:db8::1 Trying 2001:DB8::1 ... Open Password required, but none set Answer is D though, as it immediately solves our problem
upvoted 1 times
...
...
...
...
[Removed]
11 months, 2 weeks ago
Selected Answer: D
it´s D the only thing we should configure is ipv6 on the interface instead of ipv4 only.
upvoted 1 times
...
bk989
1 year, 3 months ago
permit ipv6 nd na is on by default on IPv6 access-lists, unless you explicitly define a deny ipv6 any any. hence B is wrong, as there is no ipv6 ping deny in action here. D solves this problem. From OCG chapter 21: Recall that IPv6 relies on the Neighbor Discovery Protocol (NDP) NA (neighbor advertisement) and NS (neighbor solicitation) messages to determine the MAC address associated with an IPv6 address. Therefore, the implicit permit icmp nd entries for NA and NS messages have been added before the implicit deny any, so they are not denied: permit icmp any any nd-na permit icmp any any nd-ns They trying to trick you with B. Anwer is D.
upvoted 2 times
...
samael666
1 year, 8 months ago
Correct answer is D. A. it says the link came up, so is enable by default B. on IPv6 ACLs is enabled by default C. it has nothing to do with it D. is the only choice, but consider that there is a autonconfig command so withouht this it will work as well.
upvoted 3 times
...
guy276465281819372
1 year, 10 months ago
Selected Answer: D
D would solve this question in instant
upvoted 2 times
...
sgtmajvimy
1 year, 11 months ago
Selected Answer: B
B is correct, its configured for autoconfig, the ACL blocks R2 from getting the RA from R1.
upvoted 1 times
...
inteldarvid
1 year, 11 months ago
Selected Answer: D
sorry my answer before, I thinking about this question for a while, and the correct answer is "D" and not "B". The key command is "ipv6 nd ra suppress" we are blocking RA ads on IPV6 and an ACL that allows ICMPv6 is not needed we are already blocking it. It's option "D"
upvoted 2 times
...
MicMillon
1 year, 11 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
inteldarvid
1 year, 11 months ago
Selected Answer: B
option B is correct: https://docs.ruckuswireless.com/fastiron/08.0.60/fastiron-08060-securityguide/GUID-4F7DBEAC-7D2F-4FE2-86A8-94C376D63B2E.html
upvoted 1 times
...
MicMillon
1 year, 12 months ago
Selected Answer: B
correct answer is B. its not C because thats only blocking ipv4, and its not D because its using auto-discovery to assign v6 address
upvoted 1 times
...
Malasxd
2 years, 1 month ago
Selected Answer: B
I would chose "B". Nothin works without "A", but we don't know whether it was inserted or not in both routers. C is definily not right. EGRESS2 is a IPv4 ACL and it's does not works for IPv6 packets. D Would not work because R2 would need use NDP to discover R1's MAC address, and NDP works with ICMP that is blocked by INGRESS ACL.
upvoted 1 times
Malasxd
2 years, 1 month ago
I forgot to mention one thing. The address of NDP and RS/RA packets are link-local address. Because of that the INGRESS ACL does not allow them in sequence 10.
upvoted 1 times
HungarianDish_111
2 years, 1 month ago
A) #ipv6 unicast-routing -> Yes, I agree, normally it should be enabled first. Stil, setting ipv6 addresses manually is enough for a basic communication between directly connected neighbors. Just test it. B) permit ICMPv6 -> It is not needed if the ipv6 address is already configured manually. Setting an ipv6 address is enough for telnet to work.
upvoted 3 times
...
...
HungarianDish_111
2 years, 1 month ago
"D" actually works. Test it. Setting an ipv6 address manually is enough for telnet to work. permit ICMPv6 is not necessary in this case, as NDP is not used for ipv6 address configuration here.
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel