Refer to the exhibit. An administrator is setting up above shown routers to enable MVPN with mGRE mode. What would be the recommended interface configuration that must be done by the engineer to make it to work?
A.
interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel source 10.0.0.1 tunnel mode IPSec multipoint
B.
interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel source 10.0.0.1 tunnel mode gre multipoint
C.
interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp network-id 1 tunnel source 172.17.0.1 tunnel mode IPsec multipoint
D.
interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel source 10.0.0.1 tunnel destination 172.17.0.2 tunnel mode IPsec multipoint
C. interface Tunnel0
description mGRE - DMVPN Tunnel
ip address 10.0.0.1 255.255.255.0
ip nhrp network-id 1
tunnel source 172.17.0.1
tunnel mode IPsec multipoint
here is your C : tunnel mode IPsec is the issue mate...they want mGRE
"tunnel source" = physical interface
tunnel mode gre multipoint
Do one of the following:
tunnel protection ipsec profile name
tunnel protection psk key
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-16-11/sec-conn-dmvpn-xe-16-11-book/sec-conn-dmvpn-dmvpn.html
I choose B, the configuration seems correct except the @IP tunnel source which should be: 172.17.0.1
I think C is wrong because the config missed "ip nhrp map multicast dynamic" and the config tunnel mode IPsec multipoint does not exist !
None of the possible answers are correct, the most similar is B, but the tunnel source must be the NMBA of the external interface or the physical IP of that interface. In all the others, the "tunnel mode IPsec multipoint" command does not exist. Personally, I'm going for B. I hope that the tunnel source command is an error and that the ENARSI test works well.
Here is an example of an ipsec multipoint tunnel:
interface Tunnel0
ip address 2.2.2.2 255.255.255.0
ip ospf network point-to-multipoint
ip ospf 1 area 0
tunnel mode ipsec ipv4
Although the configuration command in C does not exist, it is the only answer that has a correct source interface. However with answer C in my lab the tunnel is in a down state.
here is an example of answer B:
interface Tunnel0
ip address 2.2.2.2 255.255.255.0
no ip redirects
ip nhrp network-id 1
ip ospf network point-to-multipoint
ip ospf 1 area 0
tunnel source 2.2.2.2
tunnel mode gre multipoint
IOU1(config-if)#do ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/6 ms
IOU1(config-if)#
only answer is C or B.
B technically works although if we advertise our tunnel in a routing protocol we have a flap.
Also if we do choose answer B the spokes can't ping to the hub( see below).
Answer =C
Hub:
interface Tunnel0
ip address 2.2.2.2 255.255.255.0
no ip redirects
ip nhrp network-id 1
ip ospf network point-to-multipoint
ip ospf 1 area 0
tunnel source 2.2.2.2
tunnel mode gre multipoint
Spoke:
interface Tunnel0
ip address 2.2.2.3 255.255.255.0
no ip redirects
ip nhrp map 2.2.2.2 1.1.1.1
ip nhrp network-id 1
ip nhrp nhs 2.2.2.2
tunnel source Ethernet0/0
tunnel mode gre multipoint
IOU2(config-if)#do ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
....
Hub:
IOU1(config-if)#tunnel source e0/0
IOU1(config-if)#
Spoke:
IOU2(config-if)#do ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/4/6 ms
IOU2(config-if)#
So B seems wrong although it is technically able to be configured. I go with C.
there is no right answer...
ACD are excluded because:
R1(config-if)#tunnel mode ipsec multipoint
^
% Invalid input detected at '^' marker.
And B is excluded because tunnel source cannot be tunnel itself
You pointed out the issue with this question really clearly. B and C are partly correct, you can argue what is better, in essence they are are both "least wrong". Anyway, i agree C is less wrong if you have an opinion on it anyway.
Answers relies on the question it self, it says that mgre tunnel must be setup and the only command that allows that is tunnel mode gre multipoint. Im going with B
"tunnel mode IPsec multipoint" doesn't seem like a valid command at all. But the options A and B using tunnel source as tunnel IP itself so they can't be correct too. WTF is this nonsense...
C1-HUB(config-if)#tunnel mode ipsec ?
ipv4 over IPv4
ipv6 over IPv6
C1-HUB(config-if)#tunnel mode ipsec ipv4 ?
v6-overlay Overlay traffic v6
<cr>
C1-HUB(config-if)#tunnel mode ipsec ipv4
This section is not available anymore. Please use the main Exam Page.300-410 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kebkim
Highly Voted 2 years, 6 months agoCiscoTerminator
3 months, 3 weeks agoraw007
2 years agoHungarianDish_111
Highly Voted 2 years, 1 month agoFenix7
Most Recent 1 month, 2 weeks ago1chung
1 month, 2 weeks agoyasmiine
2 months agopackl74
7 months, 3 weeks agobk989
9 months, 3 weeks agobk989
9 months, 3 weeks agobk989
9 months, 3 weeks agobk989
9 months, 3 weeks agobk989
9 months, 3 weeks agobk989
10 months ago[Removed]
11 months agochinopla
12 months agokaupz
1 year, 6 months agoPietjeplukgeluk
1 year agodapardo
12 months agoBrand
1 year, 9 months agointeldarvid
1 year, 11 months agoforccnp
2 years, 3 months agoLilienen
2 years, 4 months agosylvesterbello1
2 years, 5 months agojarz
2 years, 5 months ago