Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Latest Threads
arx06
Forum: CCNP ENARSI 300-410 Forum
Last Post: help_desk
04-14-2024, 02:20 PM
» Replies: 1
» Views: 389
AR538
Forum: CCNP ENARSI 300-410 Forum
Last Post: help_desk
04-14-2024, 09:54 AM
» Replies: 1
» Views: 312
Passed 4-1-24
Forum: CCNP ENARSI 300-410 Forum
Last Post: alextomko
04-01-2024, 07:01 PM
» Replies: 0
» Views: 252
Tab / ? allowed in Sims?
Forum: CCNP ENARSI 300-410 Forum
Last Post: alextomko
04-01-2024, 06:59 PM
» Replies: 1
» Views: 547
ENARSI 300-410 VRF Lab
Forum: Site News & Issues
Last Post: jupertino
03-28-2024, 07:02 AM
» Replies: 1
» Views: 1,035
ar338
Forum: CCNP ENARSI 300-410 Forum
Last Post: help_desk
03-13-2024, 11:50 AM
» Replies: 1
» Views: 607
ar338
Forum: CCNP ENARSI 300-410 Forum
Last Post: help_desk
03-13-2024, 11:45 AM
» Replies: 1
» Views: 575
EC450 WRONG
Forum: CCNP ENCOR 350-401 Forum
Last Post: col2hats
03-12-2024, 09:38 PM
» Replies: 0
» Views: 359
ar444
Forum: CCNP ENARSI 300-410 Forum
Last Post: pc_evans
03-12-2024, 05:34 PM
» Replies: 0
» Views: 389
AR135
Forum: CCNP ENARSI 300-410 Forum
Last Post: pc_evans
03-11-2024, 09:42 PM
» Replies: 0
» Views: 388

 
  AR537
Posted by: pc_evans - 03-02-2024, 06:03 PM - Forum: CCNP ENARSI 300-410 Forum - Replies (1)

R1#sh run | inc snmp
mmi snmp-timeout 180
R1#
R1#
R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#snmp-server community ccnp
R1(config)#
R1(config)#do sh snmp community

Community name: ILMI
Community Index: ILMI
Community SecurityName: ILMI
storage-type: read-only  active


Community name: ccnp
Community Index: ccnp
Community SecurityName: ccnp
storage-type: nonvolatile        active



Adding the command, 'snmp-server host 172.16.4.4 ccnp' has no impact on the output of 'show snmp community'.  There is no way to tell from the question if the command is present.



R1(config)#snmp-server host 172.16.4.4 ccnp
R1(config)#
R1(config)#
R1(config)#do sh snmp community

Community name: ILMI
Community Index: ILMI
Community SecurityName: ILMI
storage-type: read-only  active


Community name: ccnp
Community Index: ccnp
Community SecurityName: ccnp
storage-type: nonvolatile        active


The command snmp-server community ccnp 4 is present.  It requries the snmp server to only allow hosts permitted in access-list 4.


R1(config)#snmp-server community ccnp ?
  <1-99>      Std IP accesslist allowing access with this community string
  <1300-1999>  Expanded IP accesslist allowing access with this community
              string
  WORD        Access-list name
  ipv6        Specify IPv6 Named Access-List
  ro          Read-only access with this community string
  rw          Read-write access with this community string
  view        Restrict this community to a named MIB view
  <cr>

R1(config)#snmp-server community ccnp 4
R1(config)#
R1(config)#do sh snmp community

Community name: ILMI
Community Index: ILMI
Community SecurityName: ILMI
storage-type: read-only  active


Community name: ccnp
Community Index: ccnp
Community SecurityName: ccnp
storage-type: nonvolatile        active access-list: 4


R1(config)#

Print this item

  Passed the exam today
Posted by: knighthawk - 02-27-2024, 09:44 PM - Forum: CCNP ENARSI 300-410 Forum - Replies (3)

The questions in the practice test were exact.   3 out of the 4 Sims were also on the exam.  There was one Sim that almost tripped me up.   It is not in the practice test.  It references aaa authentication.    Smile

Print this item

  AR306
Posted by: pc_evans - 02-25-2024, 08:18 PM - Forum: CCNP ENARSI 300-410 Forum - Replies (1)

Why is address-family ipv6 multicast the correct answer?

Shouldn't the correct answer be 

router bgp 65000
no bgp default ipv4-unicast
address-family ipv6 unicast
network 2001:db8::/64

Print this item

  AR223
Posted by: pc_evans - 02-25-2024, 07:50 PM - Forum: CCNP ENARSI 300-410 Forum - Replies (1)

Configuring R1 as a route reflector server  and configuring R4 as a client is not possible.

R1 does not have a neighbor relationship with R4, if it did we wouldn't have a  problem.

Since there is no neighbor relationship between R1 and R4, it is impossible to enter the command.

R1(config-router)# neighbor <R4> router-reflector-client

Print this item

  AR110
Posted by: pc_evans - 02-25-2024, 07:30 PM - Forum: CCNP ENARSI 300-410 Forum - Replies (1)

Where is the distribute list seq 10 rule? Do you mean route-map seq 10?

Print this item

  ar413
Posted by: pc_evans - 02-24-2024, 09:42 PM - Forum: CCNP ENARSI 300-410 Forum - Replies (1)

I believe this question is misworded.  Should be IPv6 DHCP Guard. I am unable to find any reference to IPv4 DHCP Guard.


https://www.examtopics.com/discussions/c...iscussion/

https://www.cisco.com/c/en/us/td/docs/io...-guard.pdf

Print this item

  AR336
Posted by: pc_evans - 02-24-2024, 09:38 PM - Forum: CCNP ENARSI 300-410 Forum - Replies (1)

Correct answer is to configure to permit TCP ports higher than 1023.

Passive FTP is an FTP mode that can be requested by a client to alleviate the issues caused by client-side firewalls. Both the server and the client must support passive FTP for this process to work. When passive FTP is used, the client will initiate the connection to the server. This process is effective because most firewalls allow inbound traffic from sessions initiated by the client.   A passive FTP connection follows the following process:

  1. The client sends the PASV command to an FTP server on port 21. The source port is a random, high-numbered port. The destination port is 21.
  2. The server responds with the PORT command. The port command specifies a random, high-numbered (ephemeral) port that the client can connect to.
  3. The client initiates a connection to the server on this ephemeral port.
  4. The server responds with an ACK. The FTP session has now been established
 
Because the client initiates all connections, the client firewall will not block any traffic, as shown below:

https://documentation.meraki.com/MX/NAT_...%20is%2021.

Print this item

  AR224
Posted by: pc_evans - 02-24-2024, 09:26 PM - Forum: CCNP ENARSI 300-410 Forum - Replies (1)

The command 'ip dhcp relay information enable' does not exist

service dhcp enables dhcp server AND RELAY AGENT

Print this item

  AR 330
Posted by: pc_evans - 02-24-2024, 07:19 AM - Forum: CCNP ENARSI 300-410 Forum - Replies (3)

You cannot configure multiple vrfs on an ospf instance  you need a separate instance for each VRF.

If it was possible to configure multiple VRF's on an ospf instance,  using separate instances would not be wrong.

P2#sh run | section router
P2#
P2#
P2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P2(config)#router ospf 10 vrf Site-A
P2(config-router)#
*Feb 24 07:16:28.883: %OSPF-4-NORTRID: OSPF process 10 failed to allocate unique router-id and cannot start
P2(config-router)#router-id 10.10.10.10
P2(config-router)#exit
P2(config)#
P2(config)#router ospf 10 vrf SharedSites
%VRF specified does not match existing router
P2(config)#
P2(config)#
P2(config)#
P2(config)#router ospf 20 vrf SharedSites
P2(config-router)#
*Feb 24 07:17:31.696: %OSPF-4-NORTRID: OSPF process 20 failed to allocate unique router-id and cannot start
P2(config-router)#router-id 20.20.20.20
P2(config-router)#exit
P2(config)#
P2(config)#

Print this item

  AR 370
Posted by: pc_evans - 02-24-2024, 05:41 AM - Forum: CCNP ENARSI 300-410 Forum - Replies (1)

I built this in GNS3.  The ACL only prohibits TCP 179 and I was still getting  this debug
ICMP: dst (10.255.255.1) administratively prohibited unreachable rcv from 10.0.12.2

I used wireshark and realized that i was getting a notification via ICMP that the TCP attempt was prohibited by R2.  In short, the ACL blocks TCP 179, P2 uses ICMP to Notify PE1 of the prohibited TCP 179 traffic.  Thus the ICMP Unreachable.

https://drive.google.com/file/d/1JdEY_gy...sp=sharing


PE1#
PE1#debug ip tcp trans
TCP special event debugging is on
PE1#debug ip icmp
ICMP packet debugging is on
PE1#clear ip bgp *
PE1#
PE1#
PE1#
*Feb 24 05:28:02.013: %BGP-3-NOTIFICATION_MANY: sent to 1 sessions 6/4 (Administrative Reset) for all peers
PE1#
*Feb 24 05:28:07.362: TCBF7660230 created
*Feb 24 05:28:07.362: TCBF7660230 setting property TCP_VRFTABLEID (20) F7656CC4
*Feb 24 05:28:07.362: TCBF7660230 setting property TCP_MD5KEY (4) 0
*Feb 24 05:28:07.362: TCBF7660230 setting property TCP_ACK_RATE (37) F784127C
*Feb 24 05:28:07.362: TCBF7660230 setting property TCP_TOS (11) F7841290
*Feb 24 05:28:07.362: TCBF7660230 setting property TCP_PMTU (45) F7841248
*Feb 24 05:28:07.362: TCBF7660230 setting property TCP_RTRANSTMO (36) F7841278
*Feb 24 05:28:07.362:  tcp_uniqueport: using ephemeral max 65535
*Feb 24 05:28:07.362: TCP: Random local port generated 49575, network 1
*Feb 24 05:28:07.362: TCBF7660230 bound to 10.255.255.1.49575
*Feb 24 05:28:07.362: Reserved port 49575 in Transport Port Agent for TCP IP type 1
*Feb 24 05:28:07.362: TCBF7660230 getting property TCP_STRICT_ADDR_BIND (19)
*Feb 24 05:28:07.362: TCP: pmtu enabled,mss is now set to 1460
*Feb 24 05:28:07.362: TCP: sending SYN, seq 1784972807, ack 0
*Feb 24 05:28:07.362: TCP0: Connection to 10.255.255.3:179, advertising MSS 1460
*Feb 24 05:28:07.362: TCP0: state was CLOSED -> SYNSENT [49575 -> 10.255.255.3(179)]
*Feb 24 05:28:07.364: ICMP: dst (10.255.255.1) administratively prohibited unreachable rcv from 10.0.12.2
PE1#
*Feb 24 05:28:07.364: TCP0: ICMP destination unreachable received
*Feb 24 05:28:07.364: Released port 49575 in Transport Port Agent for TCP IP type 1 delay 240000
*Feb 24 05:28:07.364: TCP0: state was SYNSENT -> CLOSED [49575 -> 10.255.255.3(179)]
*Feb 24 05:28:07.364: TCB 0xF7660230 destroyed
PE1#und all

Print this item