Refer to the exhibit. An administrator is troubleshooting a time synchronization problem for the router's time to another Cisco IOS XE-based device that has recently undergone security hardening.
Which action resolves the issue?
A.
NTP service is disabled and must be enabled on 10.1.255.40.
B.
Ensure that the CPE router has a valid route to 10.1.255.40 for NTP and rectify if not reachable.
C.
Allow NTP in the ingress ACL on 10.1.255.40 by permitting UDP destined to port 123.
D.
Allow NTP in the ingress ACL on 10.1.255.40 by permitting TCP destined to port 123.
Sorry, i was wrong, also labbed it and Zizu007 is right.
When filtered by access list:
Jan 30 10:22:13.908: ICMP: dst (181.16.2.6) administratively prohibited unreachable rcv from 181.16.2.5
When NTP is turned off on master:
*Jan 30 10:13:20.287: ICMP: dst (181.16.2.6) port unreachable rcv from 181.16.2.5
So in this case NTP needs to be enabled.
The show ntp associations shows that the CPE router is configured with 10.1.255.40 as its NTP server, but that it is not in NTP synchronization with this server.
The fact that “reach” is 0 also confirms that the NTP server is unreachable.
The reason for the lack of NTP synchronization is that NTP packets (UDP port 123) from the CPE router are reaching 10.1.255.40, but the NTP service is not running on 10.1.255.40 or the port is closed, so ICMP port unreachable message is returned instead because the NTP service is not running or the port is closed on the 10.1.255.40 side.
Therefore, the correct answer is A.
R1#sh ntp associations
%NTP is not enabled.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ntp ser
R1(config)#ntp server 192.168.1.254
R1(config)#exit
R1#sh ntp associations
address ref clock st when poll reach delay offset disp
~192.168.1.254 0.0.0.0 16 - 64 0 0.0 0.00 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
R1#
*Mar 1 00:00:47.115: %SYS-5-CONFIG_I: Configured from console by console
R1#
IOU2(config)#ntp master
IOU2(config)#ntp master 1
IOU2(config)#ntp master
IOU2(config)#ntp master 1
look at the when column
The output of the show ntp associations command has a column called 'when'. This shows the
number of seconds since the last time the local device received time information from that server.
page 11
https://www.alliedtelesis.com/sites/default/files/documents/configuration-guides/ntp_feature_overview_guide.pdf
IOU1#show ntp associations
address ref clock st when poll reach delay offset disp
~1.1.1.2 .LOCL. 1 13 64 1 1.000 0.500 189.44
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
look at the when column
The output of the show ntp associations command has a column called 'when'. This shows the
number of seconds since the last time the local device received time information from that server.
page 11
https://www.alliedtelesis.com/sites/default/files/documents/configuration-guides/ntp_feature_overview_guide.pdf
ICMP is a different protocol used primarily for network diagnostic tools like ping and traceroute. It is used to send error messages and operational information indicating, for example, that a service is unreachable.
The "port unreachable" messages you see in the exhibit are ICMP messages indicating that the destination device (10.1.255.40) is not accepting packets on the specified port (likely UDP port 123, used by NTP).
if filtered by ACL this msg will show up:
R3#
ICMP: dst (10.0.12.1) administratively prohibited unreachable rcv from 10.1.255.40
R3#
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.300-410 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Patrick1234
Highly Voted 2 years, 3 months agoZizu007
Highly Voted 2 years, 3 months agotest190502
Most Recent 7 months agobeartshu
8 months, 1 week agobk989
8 months, 2 weeks agobk989
8 months, 2 weeks agobk989
8 months, 2 weeks agotubirubs
8 months, 2 weeks ago[Removed]
9 months, 1 week agoaqwsdfghjklp
1 year, 5 months agoPatrick1234
2 years, 3 months agojuliop
2 years, 4 months agoZizu007
2 years, 3 months ago