Thursday 24 January 2008

Cisco Certified Design Expert (CCDE) Certification

Introducing Cisco Certified Design Expert (CCDE) Certification

Responding to strong customer demand to assess and recognize Sr. Level Network Architecture skills in the market, Cisco is introducing a new premiere knowledge based certification focused on Network Infrastructure Design. - The Cisco Certified Design Expert (CCDE). The CCDE is an expert-level certification with content emphasis on expertise in network architecture, which is the capstone for Cisco’s design curriculum. In addition, passing the CCDE certification demands competencies of an experienced, seasoned, networking professional with a proven ability to interface with customers at the executive-level to ensure that business requirements are incorporated into successful designs.



What is a CCDE?


The successful CCDE-certified individual must have a demonstrated an ability to analyze and develop solutions which address planning, design, integration, optimization, operations, security and on-going support focused at the infrastructure of large 1000+ node customer networks.



The CCDE certification recognizes those with expert-level knowledge and skills in Infrastructure Design. The CCDE program is parallel to the CCIE program in terms of the expertise required and certification exam difficulty. It emphasizes network design principles and architectural theory of the network infrastructure and recognizes designers with the knowledge to assess network business requirements and translate them into technical specifications for successful designs.


Why Cisco Created the CCDE Program

Cisco created the CCDE program to respond to market demand in recognizing existing senior-level Network Designers and Architects while simultaneously providing senior Operations Engineers and Support Engineers with a validated professional development path into an Architectural role.

Cisco has found that organizations employing strong Network Designers and Architects consistently develop networks that are easier to maintain and troubleshoot. Properly executed, a well-designed network infrastructure aligned with a network-centric corporate business strategy leads to greater levels of efficiency and effectiveness - as well as potential competitive advantages like increased up-time, easier troubleshooting, increased performance, and simpler enhancements.



What are the exam requirements to attain CCDE?


To attain a CCDE certification a candidate will be tasked with passing two exams; a Qualification Exam, and a Practical exam. Similar to the CCIE program, there are no prerequisites to taking the Qualification exam and it is a 2 hour multiple-choice exam available at any worldwide Pearson VUE testing center. The Qualification exam, (ADVDESIGN) 352-001, assesses fundamental knowledge of networking theories, principles, protocols and technology.



Visit the CCDE program site for more details regarding the Qualification Exam (www.cisco.com/go/ccde)



The second exam, the practical exam, is still currently in development. It will be an eight-hour, practical scenario-based exam available in late 2008. Bookmark the CCDE programs page as more details are expected to follow as the development team progresses.



The qualification exam is now available at Pearson VUE testing facilities worldwide.

More questions? Access the latest information on CCDE at www.cisco.com/go/ccde.



Feedback regarding CCDE, contact ccde_feedback@cisco.com

Wednesday 16 January 2008

FR to ATM Service Interworking (FRF.8)

Network Diagram.-

C3620(s1/0) ---------- FR Cloud ---------- C7206 ---------- ATM Cloud ----------(atm4/0/0.50)C7500

Configurations.-
This document uses the configurations shown below.
· 3620 (Frame Relay Endpoint)
· 7206/PA−A3 (IWF)
· 7500 (ATM Endpoint)

3620 (Frame Relay Endpoint)
interface Serial1/0
ip address 10.10.10.1 255.255.255.0
encapsulation frame−relay IETF
frame−relay map ip 10.10.10.2 50
frame−relay interface−dlci 50
frame−relay lmi−type ansi
---------------------------------------------------
7206/PA−A3 (IWF)
frame−relay switching
!
interface Serial4/3
no ip address
encapsulation frame−relay IETF
frame−relay interface−dlci 50 switched
frame−relay lmi−type ansi
frame−relay intf−type dce
!
interface ATM5/0
no ip address
atm clock INTERNAL
no atm ilmi−keepalive
pvc 5/50
vbr−nrt 100 75
oam−pvc manage
encapsulation aal5mux fr−atm−srv
connect CISCO Serial4/3 50 ATM5/0 5/50 service−interworking
---------------------------------------------------
7500 (ATM Endpoint)
interface atm 4/0/0.50 multi
ip address 10.10.10.2 255.255.255.0
pvc 5/50
vbr−nrt 100 75 30
protocol ip 10.10.10.1


Verify.-
7200#show connect name CISCO
FR/ATM Service Interworking Connection: CISCO
Status − UP
Segment 1 − Serial4/3 DLCI 5
Segment 2 − ATM5/0 VPI 5 VCI 50
Interworking Parameters −
service translation
efci−bit 0
de−bit map−clp
clp−bit map−de

7200#show atm vc
VCD / Peak Avg/Min Burst
Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells Sts
2/0 2 0 5 PVC SNAP UBR 155000 UP
5/0 1 5 50 PVC FRATMSRV VBR 100 75 95 UP

7200#show interface serial 4/3
Serial4/3 is up, line protocol is up
Hardware is 4T/MC68360
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME−RELAY IETF, crc 16, loopback not set
Keepalive set (10 sec)
LMI enq sent 0, LMI stat recvd 0, LMI upd recvd 0
LMI enq recvd 21, LMI stat sent 21, LMI upd sent 0, DCE LMI up
LMI DLCI 0 LMI type is ANSI Annex D frame relay DCE
!−−− Look for "frame relay DCE" on the serial PA in the 7200 series.
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0
Last input 00:00:03, output 00:00:03, output hang never
Last clearing of "show interface" counters 00:08:43
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
21 packets input, 294 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
21 packets output, 329 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
5 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
3620#show interface serial
Serial1/0 is up, line protocol is up
Hardware is CD2430 in sync mode
Internet address is 10.10.10.1/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME−RELAY IETF, loopback not set
Keepalive set (10 sec)
LMI enq sent 82, LMI stat recvd 26, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE
!−−− Look for "frame relay DTE" on the Frame Relay endpoint.
Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0
Last input 00:00:03, output 00:00:03, output hang 4w5d
Last clearing of "show interface" counters 00:14:25
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/32 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 96 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
26 packets input, 404 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
82 packets output, 1148 bytes, 0 underruns
Cisco − Frame Relay to ATM Service Interworking (FRF.8) on the 7200 Series With a PA−A3
0 output errors, 0 collisions, 12 interface resets
0 output buffer failures, 0 output buffers swapped out
37 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up


7200#show frame pvc
PVC Statistics for interface Serial4/3 (Frame Relay DCE)
Active Inactive Deleted Static
Local 0 0 0 0
Switched 1 0 0 0
Unused 0 0 0 0
DLCI = 50, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial4/3
input pkts 0 output pkts 0 in bytes 0
out bytes 0 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
switched pkts 0
Detailed packet drop counters:
no out intf 0 out intf down 0 no out PVC 0
in PVC down 0 out PVC down 0 pkt too big 0
shaping Q full 0 pkt above DE 0 policing drop 0
pvc create time 00:10:53, last time pvc status changed 00:10:53

Tuesday 15 January 2008

How to used the Packet Tracer Simulator for CCNA

What is Packet Tracer?
Packet Tracer is a protocol simulator developed by Dennis Frezzo and his team at Cisco Systems. Packet Tracer (PT) is a powerful and dynamic tool that displays the various protocols used in networking, in either Real Time or Simulation mode. This includes layer 2 protocols such as Ethernet and PPP, layer 3 protocols such as IP, ICMP, and ARP, and layer 4 protocols such as TCP and UDP. Routing protocols can also be traced.
Purpose: The purpose of this lab is to become familiar with the Packet Tracer interface. Learn how to use existing topologies and build your own.
Requisite knowledge: This lab assumes some understanding of the Ethernet protocol. At this point we have not discussed other protocols, but will use Packet Tracer in later labs to discuss those as well.

Download User Guide : PT-UsingPacketTracer.pdf

Software Setup : PacketTracer401_setup(1/15/2008)

Pass4Sure 640-802v2.85 251Q&A

Exam Number/Code: 640-802
Exam Name: Cisco Certified Network Associate
Questons and Answers : 251 Q&As
Updated: 1/9/2008

Download here :640-8022_1_.85new_251Q.rar(1/15/2008)

Saturday 12 January 2008

Juniper Networks JUNOS Enterprise Routing Certification Fast Track Program

You have successfully transitioned to the JUNOS Enterprise Routing Certification Fast Track Program Curriculum page! You can now attain both your JUNOS Enterprise Routing Associate (JNCIA-ER) and JUNOS Enterprise Routing Specialist (JNCIS-ER) levels of certifications. Because you are already a certified networking professional, we estimate that it will take you approximately 8-10 hours to complete each certification exercise.

The JUNOS Enterprise Routing Certification Fast Track Curriculum page contains all the Juniper Networks Education Services courseware, lab guides and diagrams, technical manuals, and the tools you will need to become Juniper Networks JUNOS certified. Specifically, you have access to the following materials:

  • JUNOS as a Second Language (JSL) eLearning course
  • Operating Juniper Networks Routers in the Enterprise (OJRE) student and lab guides
  • Advanced Juniper Networks Routing in the Enterprise (AJRE) student and lab guides
  • Hardware and software technical documentation
  • Basic installation eLearning courses
  • Juniper Networks Certified Internet Associate–Enterprise Routing (JNCIA-ER) preassessment online exam
  • Juniper Networks Certified Internet Specialist–Enterprise Routing (JNCIS-ER) preassessment online exam

Now, to get you started on your way to attaining your JNCIA-ER and JNCIS-ER certifications, please do the following:

  • Step 1: Take the Juniper as a Second Language eLearning Course.
  • Step 2: Study the OJRE course material and the JNCIA-ER Exam Objectives.
  • Step 3: Review the hardware and software technical documentation, and the eLearning installation courses as needed.
  • Step 4: Take the survey.
  • Step 5: After your studying is complete, you’ll then need to pass the JNCIA-ER OR JNCIS-ER online Preassessment Exam by clicking the corresponding Preassessment Exam link on the left NOTE: .We strongly advise you to start with the JNCIA-ER and work your way up to the JNCIS-ER, however the JNCIA-ER is not a pre-requisite to the JNCIS-ER.
  • Step 6: After passing this Preassessment Exam you will receive a voucher to take the live JNCIA-ER or JNCIS-ER exam at any Prometric Testing Center worldwide – at not cost to you! Your voucher will be valid for 30 days only.
  • Step 7: If you have chosen to start with the JNCIA-ER certification, and you have successfully passed the exam, come back to the portal and earn a second voucher for the JNCIS-ER.
  • Step 8: Study the AJRE course material and the JNCIS-ER Exam Objectives.
  • Step 9: After your studying is complete you’ll then need to pass the JNCIS-ER online Preassessment Exam by clicking the corresponding Preassessment Exam link on the left.
  • Step 10: After passing this Preassessment Exam you will receive a voucher to take the live JNCIS-ER exam at any Prometric Testing Center worldwide – again at not cost to you! Your voucher will be valid for 30 days.

This program provides you a path to earn a total of two certifications at no charge, and will help you further advance your career as a multi-certified technical professional.

Juniper Networks Enterprise Routing Courseware and Related Materials

The following links and PDF files provide you with all you need to become Juniper Networks JUNOS certified in Enterprise Routing.

Juniper as a Second Language eLearning Course: For those of you who are familiar with Cisco's IOS, learning Juniper Networks JUNOS operating system is now made easy with JUNOS as a Second Language. Using an advanced graphical display, this course compares the similarities and the differences between both operating systems and shows the benefits of using JUNOS software. This 90 minute program is designed for network engineers who are already well-versed in Cisco's IOS software but who might not be as familiar with Juniper Networks JUNOS software. Upon completing this program, users who were new to the JUNOS software will now have a good familiarity with it and be a step closer to qualifying to attain the JNCIA-ER certification.

Select your language preference:

  • Operating Juniper Networks Routers in the Enterprise (OJRE): This is an introductory-level, instructor-led course that focuses on installation, configuration, and operational analysis of Juniper Networks routers in the enterprise environment. You have access to all courseware and lab materials. This is recommended training for the JNCIA-ER certification exam.
    • JNCIA-ER Exam Objectives
    • Student Guide - OJRE_SG_8.a-R.pdf
    • Lab Guide - OJRE_LGD_8.a-R.pdf
    • Lab Diagrams - OJRE_LD_8.a-R.pdf
  • Advanced Juniper Networks Routing in the Enterprise (AJRE): This lab-intensive, hands-on course provides an advanced look at routing and services configurations on Juniper Networks routers commonly used in the enterprise environment. You have access to all courseware and lab materials. This is recommended training for the JNCIS-ER certification exam.
    • JNCIS-ER Exam Objectives
    • Student Guide - AJRE_SG_8.a.pdf
    • Lab Guide - AJRE_LGD_8.a.pdf
    • Lab Diagrams - AJRE_LD_8.a.pdf
  • Hardware Technical Documentation: The hardware technical documentation provides detailed descriptions and instructions for installing Juniper Networks Enterprise Routers.
    • http://www.juniper.net/techpubs/hardware/
  • Software Technical Documentation: The software technical documentation provides detailed descriptions and instructions for configuring and troubleshooting Juniper Networks Enterprise Routers.
    • http://www.juniper.net/techpubs/software/jseries/
  • Basic Installation eLearning Courses: These self-paced Web-based training (WBT) courses describe the preinstallation considerations and the installation process for Enterprise Routers. They are designed to provide those who handle the hardware during the installation and service procedures with detailed handling demonstrations and technical information.
    • http://www.juniper.net/training/technical_education/#web
  • JNCIA-ER Preassesment Exam: Click the JNCIA-ER Exam link on the left to take the JNCIA-ER Preassessment Exam and receive your Prometric Learning Center voucher at no charge!
  • JNCIS-ER Preassesment Exam: Click the JNCIS-ER Exam link on the left to take the JNCIS-ER Preassessment Exam and receive your Prometric Learning Center voucher at no charge!

Juniper Networks Certified Code Exam.

JN0-120 - Juniper Networks Certified Internet Associate, E-series (JNCIA-E)
JN0-130 - Juniper Networks Certified Internet Specialist, E-series (JNCIS-E)
JN0-140 - Juniper Networks Certified Internet Associate, UAC (JNCIA-AC)
JN0-201 - Juniper Networks Certified Internet Associate, M-series (JNCIA-M)
JN0-310 - Juniper Networks Certified Internet Associate, WX (JNCIA-WX)
JN0-320 - Juniper Networks Certified Internet Associate, DX (JNCIA-DX) retiring 12/1/07
JN0-321 - Juniper Networks Certified Internet Associate, DX (JNCIA-DX) NEW Exam
JN0-303 - Juniper Networks Certified Internet Specialist, M-series (JNCIS-M)
JN0-341 - Juniper Networks Certified Internet Associate, ER (JNCIA-ER)
JN0-350 - Juniper Networks Certified Internet Specialist, ER (JNCIS-ER)
JN0-521 - Juniper Networks Certified Internet Associate, FWV (JNCIA-FWV)
JN0-531 - Juniper Networks Certified Internet Specialist, FWV (JNCIS-FWV)
JN0-541 - Juniper Networks Certified Internet Associate, IDP (JNCIA-IDP)
JN0-561 - Juniper Networks Certified Internet Associate, SSL (JNCIA-SSL) retiring 12/1/07
JN0-562 - Juniper Networks Certified Internet Associate, SSL (JNCIA-SSL) NEW Exam

JNCIS-ER Preassessment Exam.

Q1. Which attributes are automatically updated when a BGP update is sent to an EBGP
neighbor? (choose 2) A,D

A. BGP Next-hop attribute
B. Local Preference attribute
C. Multi Exit Descriminator (MED) attribute
D. AS-Path attribute
E. Origin attribute


Q2. Which statements are true about post-service-filters? (choose 3) A,C,D

A. A post-service-filter can only be used on input
B. A post-service-filter can be used on input, output or both
C. A post-service-filter is only applied to packets that are processed by a service-set
D. A post-service-filter is a standard stateless firewall-filter


Q3. For a given prefix 10.10.10.0/23 learned as an OSPF Internal Intra-Area, an OSPF
Internal Inter-Area and an OSPF AS External type 1, which route will be preferred? A

A. OSPF Internal Intra-Area route
B. OSPF Internal Inter-Area route
C. OSPF AS External type 1
D. Equal cost load sharing will occur if equal cost paths exist


Q4. Your enterprise is dual-homed to the same Service Provider using BGP, with two links
having bandwidth of STM1/OC3 and STM4/OC12 respectively. You want to influence all traffic
leaving your autonomous-system to use the STM/OC12 link.
Which BGP attributes can you modify to accomplish this goal? (choose 2) B,D

A. Set Local Preference in an import policy for routes learned from the neighbor on the
STM4/OC12 link to be 80
B. Set Local Preference in an import policy for routes learned from the neighbor on the
STM4/OC12 link to be 180
C. Configure the import-policy for the STM4/OC12 neighbor to set the ORIGIN attribute to
be INCOMPLETE
D. Configure the import-policy for the STM1/OC3 neighbor to as-path prepend the
neighbors autonomous-system twice
E. Configure the import-policy for the STM4/OC12 neighbor to as-path prepend the
neighbors autonomous-system twice















Q5. In the exhibit,
which export policy or policies will be applied to BGP neighbor 10.10.10.1? C


A. global-policy
B. group-policy
C. nbr-policy
D. all three policies
E. none of the policies


Q6. Which steps are required to configure an interface-style service set? (choose 5) A,B,C,D,F

A. Configure the service interface
B. Configure the service rules and rule-sets
C. Configure the service-set to include the service rules and/or rule-sets
D. Configure the service-set to be interface-style and which service interface to use
E. Configure routing to the service interface
F. Apply the service-set to the required interfaces


Q7. Which step is not recommended as part of a seamless RIP to OSPF IGP transition using
the overlay method? C

A. Configure all routers to ensure the existing RIP IGP has a better route preference than
the new OSPF IGP
B. Configure all routers to run OSPF
C. Redistribute all RIP routes into OSPF and vise versa
D. Ensure all routers have learned all networks via OSPF
E. Gracefully transition to OSPF by changing the route-preference of RIP to be higher than
OSPF


Q8. Which configuration step is required when configuring an OSPF NSSA area? C

A. You must configure nssa on all routers in the network
B. You must configure nssa under [ edit protocols ospf ]
C. You must configure nssa under [ edit protocols ospf area ]
D. You must configure nssa only on the Area Border Routers (ABR's)


Q9. Which statements below are valid JUNOS stateful-firewall rule match types? (choose 3) A,
B,D

A. destination-address-range
B. source-prefix-list
C. esp-spi
D. applications
E. interface-set























Q10. In the exhibit, which statement is true for the static route 11.11.11.0/24 that is evaluated
against the BGP export policy chain? D

A. The 11.11.11.0/24 prefix is accepted by policy P1 and advertised to neighbor
10.10.10.1
B. The 11.11.11.0/24 prefix is rejected by policy P1 and not advertised to neighbor
10.10.10.1
C. The 11.11.11.0/24 prefix is rejected by the policy P2
D. The 11.11.11.0/24 prefix is rejected by the BGP default policy
E. The 11.11.11.0/24 prefix is accepted by the BGP default policy




Q11. You want to determine which NAT pools have been configured on the router.
Which command will display this information (choose 1) D

A. show services nat available pools
B. show services pools
C. show services nat-pool-table
D. show services nat pools


Q12. Which statements best describe Enterprise connections to Service Providers? (choose 2) C,
D

A. Enterprises should always run BGP with their Service Providers when their CPE router
has parallel multiple links to the ISP router
B. When BGP is run in an enterprise network, all routers need to run BGP
C. Enterprises should use a static default route when there is only one entry/exit point out
of their network
D. Enterprises should use BGP when they are multi-homed and have a need to exercise
policy controls


Q13. Assuming the requirements for the establishment of an EBGP session between the
loopback0 interfaces of both routers. The local autonomous-system is defined as AS100 and
the neighbors autonomous-system is AS200.
The local autonomous-system is configured under [ routing-options autonomous-system
100 ]
Which statement is not true about Multihop External BGP peering sessions? A

A. Both peer-as 200 and type external parameters are required
B. Only peer-as 200 is required
C. You must configure the local-address parameter
D. You must configure the ttl for the multi-hop neighbor(s)
E. The local router must have a route to the eBGP neighbors configured address


Q14. In the exhibit, which statements are true for the NAT translation? (choose 2) B,C

A. The private/internal IP address that will be changed is 192.168.11.4
B. The private/internal IP addresses that will be changed are 10.222/16
C. The public/external IP address is 192.168.11.4
D. The private/internal IP addresses can be anything
E. The public/external IP address is 10.222.44.1


Q15. While monitoring the systems messages file, you encounter an entry that is frequently
repeated, but seems somewhat cryptic
Jun 8 14:12:28 R1 chassisd[2737]: CHASSISD_IFDEV_DETACH_PIC: ifdev_detach_pic(0/3)
Which command can you use to better understand the significance of this message? C

A. show syslog message CHASSISD_IFDEV_DETACH_PIC
B. show system message CHASSISD_IFDEV_DETACH_PIC
C. help syslog CHASSISD_IFDEV_DETACH_PIC
D. show system error log CHASSISD_IFDEV_DETACH_PIC


Q16. In the exhibit, which statements are valid entries for the "State" field? (choose 3) B,D,E

A. Monitor
B. Watch
C. Listen
D. Drop
E. Forward


Q17. The security policy for your company specify that access for all operations staff to network
devices will migrate to the TACACS+ protocol. The RADIUS protocol is currently deployed and
will be the preferred method for authentication
What configuration is required on the JUNOS routers to ensure that only when network
connectivity issues resulting in the TACACS+ and RADIUS being inaccessible allow locally
defined users to login to the routers? C

A. set system authentication-order [radius tacplus password]
B. set system authentication-order [tacplus radius password]
C. set system authentication-order [radius tacplus]
D. set system authentication-order [tacplus radius]


Q18. Which statements are true about Queuing on M-Series and J-Series routers (choose 3) B,C,
E

A. All M-Series routers support up to 8 hardware queues
B. All J-Series routers support up to 8 queues
C. Forwarding-classes map to queues
D. Voice Traffic is automatically classified as expedited-forwarding (EF) and sent to queue
1
E. The default queue/forwarding class associations are
a. Queue 0 - best-effort
b. Queue 1 - expedited-forwarding
c. Queue 2 - assured-forwarding
d. Queue 3 - network-control


Q19. You need to determine which VPN technology is best suited to provide enterprise branch
office connectivity. The requirements are that the solution should be:
cost-effective does not have stringent security requirements need not support legacy protocols
should be simple to manage for the customer
should also provide Internet access on the same physical interface Which technologies/
solutions are best suited? D

A. Traditional overlay L2VPN based on Frame-Relay, ATM or Leased lines
B. MPLS based L2VPN
C. IPSec VPN
D. MPLS based L3VPN
E. GRE tunnel VPN


Q20. You need to ensure that a branch office which is connected to the Service Provider with a
link speed of 128K does not get overwhelmed with traffic from the head office which has a link
speed of 2Mbps. Juniper Networks J-Series routers are deployed as CPE devices in both
locations.
Which mechanism is best suited? D

A. Police traffic exceeding 128Kbps to the branch site at the head office
B. Upgrade the branch sites bandwidth to 2 Mbps to ensure traffic limits are not exceeded
C. Apply Class of Service to ensure that the most important traffic is prioritized
D. Apply JUNOS Virtual Channels at the head office to ensure branch office sites are not
overwhelmed with too much traffic


Q21. Which statements are true regarding Class of Service configuration in JUNOS? (choose 4)
A,C,D,E

A. Behavior Aggregate (BA) classifiers are configured under
[edit class-of-service classifiers]
B. Behavior Aggregate (BA) classifiers are applied under
[edit interfaces class-of-service]
C. scheduler-maps are needed to link forwarding-classes to schedulers
D. RED/WRED profiles configured under [edit class-of-service drop-profiles] must be
referenced in schedulers to take effect
E. Rewrite-rules are configured under [edit class-of-service rewrite-rules] and must be
applied to the logical interfaces defined under [edit class-of-service interfaces]
F. Schedulers are configured under [edit class-of-service schedulers] and may include
a. forwarding-class
b. transmit-rate
c. priority
d. buffer-size


Q22. Which statements are true about Policing/Rate Limiting (choose 2) A,C

A. Policing is a useful tool for protecting the network from non-compliant sources
B. Token-bucket policers can not be used on all interface types
C. Policers can be used to protect the network against DoS/DDoS attacks
D. Policers can only be configured on ingress


Q23. Which command can be used to determine which sockets the router has in either a listen
or established state? B

A. show netstat sockets
B. show system connections
C. show running protocols
D. show connections up


Q24. During the establishment of an IPSec VPN, the routers negotiate which parameters will be
used for the establishment of the IPSec Security Association (SA) using proposals that define
these parameters.
Which statements are true about configuring IPSec proposals? (choose 3) C,D,F
[edit services ipsec-vpn ipsec proposal p1]
luser@Junos-router#

A. set authentication algorithm blowfish
B. set encryption algorithm rsa
C. set encryption algorithm aes-256-cbc
D. set protocol esp
E. set protocol ip
F. set lifetime 86400


Q25. You need to verify that the IPSec VPN that you have just configured on a J-Series router is
operating correctly.
Which commands could be used to verify this? (choose 2) C,D

A. show ike security-associations
B. show ipsec security-associations
C. show services ipsec-vpn ike security-associations
D. show services ipsec-vpn ipsec security-associations


Q26. Which statements are true for Class of Service ingress processing (choose 2) B,E

A. Rewrite codepoints
B. Multifield classification
C. Scheduling
D. Shaping
E. RateLimiting/Policing


Q27. Which three commands are valid syntax?' A,C,D

A. set then reject
B. set then discard
C. set then accept
D. set then next-policy
E. set then metric2 20 accept


Q28. Which configuration step is required when configuring an OSPF NSSA area? C

A. You must configure nssa on all routers in the network
B. You must configure nssa under [ edit protocols ospf ]
C. You must configure nssa under [ edit protocols ospf area ]
D. You must configure nssa only on the Area Border Routers (ABR's)


Q29. Which statement is true about prefix-lists? (choose 2) B,C

A. They are always exact matches when used in firewall-filters
B. They are always orlonger matches when used in firewall-filters
C. They are always exact matches when used in routing policies
D. They are always orlonger matches when used in routing policies


Q30. You are at the [ firewall family inet filter actions term u-decide] Yoiurconfiguration
hierarchy.
Which three commands are valid syntax? A,C,E

A. set then reject tcp-reset
B. set then source-class
C. set then accept log syslog sample count PKTS
D. set then next-policy
E. set then forwarding-class


Q31. Which statement is true if a route does not match any terms in a policy chain? D

A. The route is automatically accepted
B. The route is automatically rejected',false
C. The accept/reject decision must be specified in the final policy',false
D. The accept/reject decision is based on the protocols default policy


Q32. Which OSPF LSA is not flooded in an OSPF Stub Area? D

A. Router LSA\'s (Type 1)
B. Network LSA\'s (Type 2)
C. Summary LSA\'s (Type 3)
D. ASBR Summary LSA\'s (Type 4)

Q. Which statement is true for the order of the selection of the BGP active route? D
A. AS-Path -> Local-Preference -> Origin -> MED
B. MED -> Origin -> AS-Path -> Local-Preference
C. Local-Preference -> Origin -> AS-Path -> MED
D. Local-Preference -> AS-Path -> Origin -> MED


Q33. Which statements are true about Internal BGP configurations? (choose 3) B,C,D

A. Only directly connected neighbors need be configured
B. Usually the IP address of the loopback0 interface is used for the IBGP sessions
C. Use of the local-address configuration statement is required
D. The IGP is used to route packets between remote neighbors
E. When multiple links exist between neighbors, there needs to be multiple neighbors
configured


Q34. In a network which does not use Route Reflectors, which statements are true about BGP
readvertisement rules? (choose 2) B,E

A. When learned from External BGP, readvertise to only IBGP neighbors
B. When learned from External BGP, readvertise to both IBGP and other EBGP neighbors
C. When learned from Internal BGP, readvertise to only IBGP
D. When learned from Internal BGP, readvertise to both IBGP and EBGP neighbors
E. When learned from Internal BGP, readvertise to only EBGP


Q35.You have multiple routes to the same destination using the default route preference.
Which source of routing information will be selected? A

A. OSPF Internal
B. RIP
C. OSPF External
D. Internal BGP
E. External BGP


Q36. Which of the following configuration statements must be added to the sample configuration
to redistribute RIP prefixes into all OSPF areas? A

A. set export rip-2-ospf
B. set area 0 export rip-2-ospf
set area 10 export rip-2-osp
set area 20 export rip-2-ospf
C. set area 20 nssa default-lsa default-metric 1
D. set area all export rip-2-ospf


Q37. Which statements are true about service-filters? (choose 3) B,C,E

A. A service-filter can only be used on input
B. A service-filter can be used on input, output or both
C. A service-filter cannot match multicast traffic
D. A service-filter is a standard stateless firewall-filter
E. A service-filter can only be used with interface-style service-sets


Q38. Which statements are true about the Networks Address Translations (NAT) options that
JUNOS supports? (choose 3) A,C,D
A. Source Dynamic
B. Destination Dynamic
C. Source Static
D. Destination Static


Q39. Which statements are true about the Networks Address Translations (NAT) types that
JUNOS supports? (choose 4) A,B,C,E

A. Source Static 1:1 translation
B. Destination Static 1:1 translation
C. Source Dynamic many:1 translation (PAT)
D. Destination Dynamic 1:1 translation
E. Source Dynamic 1:1 translation
Q. Which statements below are valid JUNOS stateful-firewall rule actions and action modifiers?
(choose 2) C

A. discard
B. log
C. syslog
D. sample


Q40. Which statements are true about the IPSec VPN implementation for protecting transit data
on M-Series and J-Series routers? (choose 2) C,D

A. Only data integrity is supported with Authentication Header (AH)
B. Only data privacy is supported with Encapsulating Security Payload (ESP)
C. Both data integrity with Authentication Header (AH) and data privacy with Encapsulating
Security Paylpoad (ESP) are supported
D. Only tunnel mode is supported
E. Only transport mode is supported


Q41. Which statements are true about Application Layer Gateways (ALG\'s)? (choose 3) A,B,E

A. ALG\'s allow the router to interact with protocols at layer 4 and above
B. ALG\'s allow the router to inspect the payload of connections
C. ALG\'s allow the router to translate protocols
D. ALG\'s are required for all connections
E. Custom ALG definitions can be configured


Q42. Which statements below are valid JUNOS nat rule match types and actions? (choose 3) A,D,
F

A. from source-address
B. from destination-address-range
C. from source-prefix-list
D. then translated translation-type source dynamic
E. then count
F. then no-translation


Q43. Which statements below best describe the role of Class of Service (choose 2) B,D

A. CoS is designed to make the network faster
B. CoS provides mechanisms for categorizing traffic
C. CoS is designed to reduce congestion
D. CoS allows network devices to prioritize traffic based on category
E. CoS always improves network performance


Q44. Which statements are true for Class of Service traffic classification (choose 3) B,D,E

A. Behavior Aggregate (BA) classification is based on examining various fields in the IP header
B. Multifield (MF) classification is based on examining various fields in the IP header
C. Behavior Aggregate (BA) classifiers are most commonly used at the edge of the network
D. Behavior Aggregate (BA) classifiers are most commonly used in the network core
E. Behavior Aggregate (BA) classification is based on examining codepoints


Q45. The components of scheduling include priority, transmission-rate, buffer-size and
congestion avoidance (RED).

Which statements are true about Scheduling on MSeries
and J-Series routers (choose 4) A,B,C,D

A. Priority defines the order of which queues will be serviced
B. By default all queues are low priority
C. The queue priorities on J-Series routers are
a. High
b. Medium-high
c.
Medium-low
d. Low
D. By default the buffer-size is distributed equally amongst available queues
E. Congestion avoidance with RED by default results in 50% drop when the corresponding
queue is 50% full


Q46. You need to verify that packets are being correctly classified and sent to the appropriate queue on a J-Series router with interface se-3/0/0.

Which commands or tools could
be used to verify this information? (choose 2) A,D

A. how interfaces queue se-3/0/0
B. show class-of-service interface se-3/0/0
C. show interfaces se-3/0/0 queue-statistics
D. show interfaces detail se-3/0/0


Q47. Which statements are true regarding Multilink Frame Relay (MLFR)? (choose 2) A,D

A. FRF.15 is similar to Multilink PPP (MLPPP) and operates end-to-end
B. FRF.16 is similar to Multilink PPP (MLPPP) and operates end-to-end
C. FRF.15 makes it possible to connect a Customer Premise Equipment (CPE) device with
multiple connections to the Provider Edge (PE) device as a single logical connection
D. FRF.16 makes it possible to connect a Customer Premise Equipment (CPE) device with
multiple connections to the Provider Edge (PE) device as a single logical connection


Q48. The enterprise network you manage is tightening security of all network devices. You are
tasked to ensure that optimum security of the routers is achieved without interruption to any
legitimate protocols or services that are required to run and manage this network.


Which commands should be run to ensure all services and protocols are included in
the router protection filters? (choose 4) A,B,D,F

A. Configuration mode show system
B. Configuration mode show snmp
C. Configuration mode show services
D. Configuration mode show protocols
E. Configuration mode show firewall
F. Operation mode show system connections
G. Operation mode show system statistics


Q49. Which statements are true about the use of next-hop style service sets over interface-style
service sets when using IPSec VPNs? B

A. Supports securing traffic to remote endpoint
B. Supports routing protocols directly over IPSec
C. Supports multiple remote endpoints
D. Supports having multiple local endpoints in the same service-set


Q50. M-Series and J-Series routers? (choose 2) C,D

A. Only data integrity is supported with Authentication Header (AH)
B. Only data privacy is supported with Encapsulating Security Payload (ESP)
C. Both data integrity with Authentication Header (AH) and data privacy with Encapsulating
Security Paylpoad (ESP) are supported
D. Only tunnel mode is supported


Q51. Which statements are true about IPSec-over-GRE Tunnels? (choose 2) A,D

A. ipsec-over-gre are GRE tunnels that are secured by IPSec
B. ipsec-over-gre are IPSec tunnels that are routed over GRE
C. If the GRE and IPSec endpoints are the same, you should use a next-hop style service-set
D. If the GRE and IPSec endpoints are the same, you should use a interface style service-set


Q52. The IPSec VPN you have just configured is not establishing. To troubleshoot this you have
configured the router with traceoptions as below.

[edit services ipsec-vpn]

user@Junos-router# show traceoptions
file size 1m files 5;
flag ike;
[edit
services ipsec-vpn]

Which commands could be used to monitor this? (choose 2) C,F

A. show log ipsec-vpn
B. show log messages
C. show log kmd
D. monitor start ipsec-vpn
E. monitor start messages
F. monitor start kmd


Q53. Which command can be used to determine whether the SNMP process is running? C

A. show process snmp
B. show snmp daemon
C. show system processes
D. show task snmp


Q54. Which command can be used monitor the temperature of the components in a Juniper
Networks enterprise router? C

A. show chassis temperature
B. show system temperature
C. show chassis environment
D. show temperature


Q55. Which statements are true about multilink-ppp? Which mechanism is best suited? B

A. multilink-ppp can only be configured on ISDN interfaces on a J-Series router
B. multilink-ppp allows for the increase in overall throughput by combining the bandwidth of
two or more physical links
C. multilink-ppp can only be configured in combination with a valid CRTP configuration
D. multilink-ppp requires multiple IP pt-to-pt links over PPP to provide redundancy


Q56. Which statements are true about Compressed Real-Time Transport Protocol? (choose 2) A,C

A. CRTP is intended to reduce serialization delay
B. CRTP must be configured with multiple links
C. CRTP can be configured with a single link
D. CRTP compresses both UDP and TCP headers


Q57. The routers configuration in the exhibit does not have the router-id configured. Which area
will the loopback interface of the router be included in the Router LSA (Type 1)? D

A. Area 0.0.0.0
B. Area 0.0.0.20
C. No Areas
D. Area 0.0.0.0 and Area 0.0.0.20

JNCIA-ER Preassessment Exam.

1. Which directory is used to store the three most recent configuration rollback files?(A)

A. /config
B. /var/tmp
C. /var/home
D. /config/rollback
2. What will load a factory default configuration onto your router if you do not have access to the router CLI?(D)

A. Press the power button for less than 5 seconds.
B. Press the power button for more than 5 seconds.
C. Press the configuration button for less than 5 seconds.
D. Press the configuration button for more than 5 seconds.
3. Which three daemons are contained in the JUNOS software? (Choose three.)(B C D)

A. VPN
B. Chassis
C. Management
D. Routing Protocol
4. Which CLI command displays the time the router last booted?(D)

A. show time
B. show clock
C. show system boot
D. show system uptime
5. Which represents a valid method for obtaining an IP address during an autoinstallation process?(D)

A. RIP
B. BGP
C. OSPF
D. DHCP
6. Which CLI command displays the hardware currently installed in the router?(C)

A. show chassis alarms
B. show system hardware
C. show chassis hardware
D. show system environment
7. Which two statements regarding the JUNOS software user authentication methods are correct? (Choose two.)(A B)

A. All users must be configured locally on the router.
B. Multiple authentication methods can be configured.
C. Only one authentication method can be configured.
D. Multiple users can authenticate using a common local user account.
8. Which CLI command displays any active alarms on the router?(B)

A. show system alarms
B. show chassis alarms
C. show system environment
D. show chassis environment
9. Which major J-Web menu should you use to send an ICMP echo request packet to a neighboring router?(C)

A. Monitor
B. Manage
C. Diagnose
D. Configuration
10. What is one way to activate the rescue configuration on a J-series router?(C)

A. Issue the load rescue command.
B. Issue the commit rescue command.
C. Issue the rollback 1 command and commit.
D. Issue the rollback rescue command and commit.
11. Why would you apply an import policy to a protocol?(D)

A. to restrict traffic that enters your router
B. to redistribute routes between protocols
C. to modify route properties of routes you send to other routers
D. to modify route properties of routes received from other routers
12. Which CLI command displays the current RIP configuration on a J-series router?(D)

A. show protocols rip
B. show configuration rip
C. show rip configuration
D. show configuration protocols rip
13. To observe trace output on the terminal screen in real time, what command must be executed?(D)

A. debug
B. monitor start
C. terminal monitor
D. Trace file
14. Where do you configure a RIP neighbor in the CLI?(D)

A. under [routing rip neighbor]
B. under [protocols rip neighbor]
C. under [routing rip group "group-name" neighbor]
D. under [protocols rip group "group-name" neighbor]
15. Which J-Web window pane allows you to view and manage licenses?(B)

A. Monitor
B. Manage
C. Diagnose
D. Configuration
16. Which type of routing protocol is RIP?(D)

A. link state
B. path vector
C. policy based
D. distance vector
17. When using the J-Web interface to configure RIP, which two policies are automatically configured by the router? (Choose two.)(C D)

A. Import policy to block RIP routes.
B. Import policy to block direct routes.
C. Export policy to advertise RIP routes.
D. Export policy to advertise direct routes.
18. Where do you configure static routes in the Junos CLI?(D)

A. under [static route]
B. under [protocols static]
C. under [policy-options static]
D. under [routing-options static]
19. Which CLI command displays routes received from a RIP neighbor?(D)

A. show rip route "neighbor"
B. show rip receive-route "neighbor"
C. show route protocol rip "neighbor"
D. show route receive-protocol rip "neighbor"
20. Which protocol family must be configured on an interface to allow ICMP traffic to be received?(B)

A. ip
B. inet
C. icmp
D. management
21. Which statement describes the function of a routing policy?(D)

A. It controls the size of routing protocol packets.
B. It allows routing protocols to be auto configured.
C. It allows for the configuration and management of user permissions.
D. It controls routing information transferred in and out of the routing table.
22. A JUNOS router has a packet filter configured under [edit firewall family inet]. Which two statements accurately reflect the operation of this packet filter? (Choose two.)(B C)

A. It maintains protocol state.
B. It does not maintain protocol state.
C. It processes packets independently of a particular flow.
D. It processes packets within the context of a particular flow.
23. Why would you apply an export policy to a routing protocol?(B)

A. to allow a route to be accepted into your routing table
B. to allow a route to be advertised out of your routing table
C. to allow a route to have a higher metric in your routing table
D. to prevent a route from entering your routing table
24. Which CLI command displays all static routes in the routing table?(D)

A. show static all
B. show route static
C. show static route
D. show route protocol static
25. Which routing technology is often used when a customer is single-homed to a service provider?(B)

A. RIP
B. BGP
C. Static
D. OSPF

Friday 11 January 2008

Ethernet/VLAN to ATM AAL5 L2VPN Interworking

This feature module explains how to configure L2VPN Pseudowire Switching, which extends layer 2 virtual private network (L2VPN) pseudowires across an interautonomous system (inter-AS) boundary or across
two separate multiprotocol label switching (MPLS) networks.

There is a scenario:

(CE1)7600-----FE VLAN(dot1q)-----(PE1)7200VXR(NPE300)----FE----(PE2)7200VXR(NPE400)----atm----(ATM cloud)------frame relay------(CE2)2811

PE1:
pseudowire-class inter-ether
encapsulation mpls
interworking ip

interface Loopback0
ip address 172.16.255.1 255.255.255.255
no ip directed-broadcast
ip router isis

interface FastEthernet0/0
ip address 172.16.0.1 255.255.255.252
no ip directed-broadcast
ip router isis
full-duplex
tag-switching ip

interface FastEthernet2/0
no ip address
no ip directed-broadcast
full-duplex
no cdp enable

interface FastEthernet2/0.2741
encapsulation dot1Q 2741
no ip directed-broadcast
xconnect 172.16.255.2 2741 pw-class inter-ether

PE-MOF-1#show xconnect interface fastEthernet 2/0.2741
Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State
UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP ac Fa2/0.2741:2741(Eth VLAN) UP mpls 172.16.255.2:2741 UP

PE-MOF-1#show mpls l2transport vc 2741 detail
Local interface: Fa2/0.2741 up, line protocol up, Eth VLAN 2741 up
MPLS VC type is Eth VLAN, interworking type is IP
Destination address: 172.16.255.2, VC ID: 2741, VC status: up
Preferred path: not configured
Default path: active
Next hop: 172.16.0.2
Output interface: Fa0/0, imposed label stack {33}
Create time: 01:40:49, last status change time: 01:40:49
Signaling protocol: LDP, peer 172.16.255.2:0 up
Targeted Hello: 172.16.255.1(LDP Id) -> 172.16.255.2
MPLS VC labels: local 47, remote 33
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 0, send 1496
byte totals: receive 0, send 153888
packet drops: receive 0, seq error 0, send 0

===============================================

PE2:
pseudowire-class inter-ether
encapsulation mpls
interworking ip

interface Loopback0
ip address 172.16.255.2 255.255.255.255
no ip directed-broadcast
ip router isis

interface FastEthernet0/0
ip address 172.16.0.2 255.255.255.252
no ip directed-broadcast
ip router isis
duplex full
speed auto
tag-switching ip

interface ATM2/0
mtu 1500
bandwidth 155000
no ip address
no ip directed-broadcast
ip route-cache flow input
no ip route-cache cef
atm sonet stm-1
atm uni-version 3.0
no atm enable-ilmi-trap
no atm ilmi-keepalive

interface ATM2/0.2 point-to-point
no ip directed-broadcast
no atm enable-ilmi-trap
snmp trap link-status
pvc 11/101 l2transport
cbr 448
encapsulation aal5snap
xconnect 172.16.255.1 2741 pw-class inter-ether

PE-MOF-2#show xconnect interface atm2/0.2
Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State
UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP ac AT2/0.2:11/101(ATM AAL5) UP mpls 172.16.255.1:2741 UP

PE-MOF-2#show mpls l2transport vc 2741 detail
Local interface: AT2/0.2 up, line protocol up, ATM AAL5 11/101 up
MPLS VC type is ATM AAL5, interworking type is IP
Destination address: 172.16.255.1, VC ID: 2741, VC status: up
Preferred path: not configured
Default path: active
Next hop: 172.16.0.1
Output interface: Fa0/0, imposed label stack {47}
Create time: 03:56:21, last status change time: 01:44:15
Signaling protocol: LDP, peer 172.16.255.1:0 up
Targeted Hello: 172.16.255.2(LDP Id) -> 172.16.255.1
MPLS VC labels: local 33, remote 47
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 3027, send 0
byte totals: receive 311436, send 0
packet drops: receive 0, seq error 0, send 0

===============================================
CE1:
interface fe 2/0.2741
en dot1q 2741
ip add 172.24.114.25 255.255.255.252

===============================================
CE2:
interface Serial1/0.1 point-to-point
ip address 172.24.114.26 255.255.255.252
no ip directed-broadcast
frame-relay interface-dlci 201

VPLS (Virtual Private LAN Service)

A proposed IETF standard, VPLS is a class of VPN that supports the connection of multiple sites in a single bridged domain over a managed IP/Multi-protocol Label Switching (MPLS) network.

The goal is to overcome the limitations of ATM and frame relay for providing a protocol-transparent, any-to-any, full-mesh service across a WAN.

All services in a VPLS appear to be on the same LAN, regardless of location. This removes complexity from enterprise networks, and lets carriers scale the networks.

A VPLS presents an Ethernet interface to customers, simplifying the LAN/WAN boundary for service providers and customers, and enabling rapid and flexible service provisioning, because the service bandwidth is not tied to the physical interface. A 100M bit/sec interface can support a service-level agreement with anywhere from 1M to 100M bit/sec of customer traffic, typically in increments of 1M bit/sec.

A VPLS uses edge routers that can learn, bridge and replicate on a per-VPLS basis. These routers are connected by a full mesh of MPLS label switched path (LSP) tunnels, enabling any-to-any connectivity. Multiple services can be carried within each LSP tunnel.

All services in a VPLS are identified by a unique virtual channel label, which is exchanged between each pair of edge routers.

Edge routers use these virtual channel labels to demultiplex traffic arriving from different VPLS nodes over the same LSP tunnel. Label switch routers in the path switch traffic based on the outer (transport) label, so the virtual channel label is only visible to the final edge router, where the service terminates.

As traffic arrives on access ports, edge routers collect customers' media access control (MAC) addresses. Each router populates the addresses in a forwarding information base, or table of MAC addresses, it maintains for each VPLS node. All customer traffic is switched according to MAC addresses, and forwarded across the service provider network using the appropriate LSP tunnels.

Because most companies use routers for their WAN connections, the edge routers in a VPLS are exposed only to a single MAC address at each customer location, thus each edge router can scale to support thousands of VPLS services.

CCNA, CCNP and CCIE Cisco Pass4Sure

CCNA 640-802
http://www.pass4sure.org.cn/exam/p4s/cisco/ccna/Pass4sure_CCNA_640-802.rar
http://www.pass4sure.org.cn/exam/p4s/cisco/ccna/Pass4sure_CCNA_640-802_v2.85_Q_A245.rar
http://www.pass4sure.org.cn/exam/p4s/cisco/ccna/Pass4sure_CCNA_640_802_v2.93_pdf.rar
http://www.pass4sure.org.cn/exam/p4s/cisco/ccna/Pass4ure_CCNA_640-802_v2.93_word.rar


CCNP
http://www.pass4sure.org.cn/exam/p4s/cisco/ccnp/Pass4sure_CCNP_642-901_v2.85.rar
http://www.pass4sure.org.cn/exam/p4s/cisco/ccnp/Pass4sure_CCNP_642-892_v2.93.rar
http://www.pass4sure.org.cn/exam/p4s/cisco/ccnp/Pass4sure_CCNP_642-845 v2.85.rar
http://www.pass4sure.org.cn/exam/p4s/cisco/ccnp/Pass4sure_CCNP_642-812_v2.85.rar
http://www.pass4sure.org.cn/exam/p4s/cisco/ccnp/Pass4sure_CCNP_642_825_v2.93.zip

CCIE
http://www.pass4sure.org.cn/exam/p4s/cisco/ccie/pass4sure_ccie_350-018_2.12.rar
http://www.pass4sure.org.cn/exam/p4s/cisco/ccie/Pass4sure_CCIE_SP_350-029.rar
http://www.pass4sure.org.cn/exam/p4s/cisco/ccie/p4s_ccie_350-001_2.83.rar
http://www.pass4sure.org.cn/exam/p4s/cisco/ccie/Pass4sure.Cisco.350-027.Exam.Q.And.A.V2.31.rar

ICND Test

Q1) Which two functions can LAN switches and bridges provide? (Choose two.) (Source: Introducing Basic Layer 2 Switching and Bridging Functions)
A) packet routing
B) jitter avoidance
C) address learning
D) store and forward decision
E) loop avoidance using the Spanning Tree Protocol
C, E

Q2) Ethernet switching or bridging _____ the available bandwidth of a network by creating _____ network segments.
A) increases, shared
B) decreases, shared
C) increases, dedicated
D) decreases, dedicated
C

Q3) Which is required for STP to detect a topology change?
A) when a BPDU is not received within two seconds
B) when a device does not respond to a handshake message
C) when the max_age timer has expired without receiving a BPDU
D) when a device does not respond quickly enough to a handshake request
C

Q4) Which command restricts port usage to no more than ten devices?
A) switchport secure 10
B) switchport max-mac-count 10
C) switchport port-security maximum 10
D) switchport port-security 10 max-mac
C

Q5) Which feature is required for a VLAN to span two switches? (Source: Introducing VLAN Operations)
A) a trunk to connect the switches
B) a router to connect the switches
C) a bridge to connect the switches
D) a VLAN configured between the switches
A

Q6) What primary benefit does VTP offer? (Source: Introducing VLAN Operations)
A) allows trunking to provide redundancy
B) minimizes redundancy on a switched network
C) allows you to run several VLANs over a single trunk
D) minimizes misconfigurations and configuration inconsistencies
D

Q7) What is the logical sequence for configuring a Catalyst switch port to be in VLAN 3? (Source: Configuring VLANs)
A) Create the VLAN, then assign the port to the VLAN.
B) Assign the port to the VLAN; all VLANs are created by default.
C) Create the VLAN, assign ports to the default VLAN
D) Assign the port to the VLAN; this also creates the VLAN with a default name.
A

Q8) When you are deleting a VLAN from a VTP domain, where should the change be performed? (Source: Configuring VLANs)
A) on a switch in VTP server mode
B) on every switch in VTP client mode
C) on a switch in VTP transparent mode
D) on every switch, regardless of VTP mode
A

Q9) What does the command ip route 186.157.5.0 255.255.255.0 10.1.1.3 specify? (Source: Introducing Routing)
A) Both 186.157.5.0 and 10.1.1.3 use a mask of 255.255.255.0.
B) The router should use network 186.157.5.0 to get to address 10.1.1.3.
C) You want the router to trace a route to network 186.157.5.0 via 10.1.1.3.
D) The router should use address 10.1.1.3 to get to devices on network 186.157.5.0.
D

Q10) Which of the following protocols is an example of an exterior gateway protocol? (Source: Introducing Routing)
A) RIP
B) BGP
C) IGRP
D) EIGRP
B

Q11) When a router receives a packet with a destination address that is within an unknown subnetwork of a directly attached network, what is the default behavior if the ip classless command is not enabled? (Source: Introducing Routing)
A) drop the packet
B) forward the packet to the default route
C) forward the packet to the next hop for the directly attached network
D) broadcast the packet through all interfaces except the one on which it was received
A

Q12) What is the purpose of link-state advertisements? (Source: Introducing Link-State and Balanced Hybrid Routing)
A) to construct a topological database
B) to specify the cost to reach a destination
C) to determine the best path to a destination
D) to verify that a neighbor is still functioning
A

Q13) Which command displays the amount of time since the router heard from an EIGRP neighbor? (Source: Enabling EIGRP)
A) show ip eigrp traffic
B) show ip eigrp topology
C) show ip eigrp interfaces
D) show ip eigrp neighbors
D

Q14) Which subnet mask would be appropriate for a class C address used for 9 LANs, each with 12 hosts? (Source: Implementing Variable-Length Subnet Masks)
A) 255.255.255.0
B) 255.255.255.224
C) 255.255.255.240
D) 255.255.255.252
C

Q15) What does a Cisco router do with a packet when it matches an ACL permit statement? (Source: Introducing ACLs)
A) discards the packet
B) returns the packet to its originator
C) sends the packet to the output interface
D) holds the packet for further processing
C

Q16) A system administrator wants to configure an IP standard ACL on a Cisco router to allow only packets from all hosts on the subnet 10.1.1.0/24 from entering an interface on a router. Which ACL configuration accomplishes this goal? (Source: Configuring IP ACLs)
A) access-list 1 permit 10.1.1.0
B) access-list 1 permit 10.1.1.0 host
C) access-list 99 permit 10.1.1.0 0.0.0.255
D) access-list 100 permit 10.1.1.0 0.0.0.255
C

Q17) The following is an ACL that is entered on a Cisco router.
access-list 135 deny tcp 172.16.16.0 0.0.15.255 172.16.32.0 0.0.15.255 eq telnet
access-list 135 permit ip any any

If this ACL is used to control incoming packets on ethernet0, which three statements are true? (Choose three.) (Source: Configuring IP ACLs)
A) Address 172.16.1.1 will be denied Telnet access to address 172.16.37.5.
B) Address 172.16.31.1 will be permitted FTP access to address 172.16.45.1.
C) Address 172.16.1.1 will be permitted Telnet access to address 172.16.32.1.
D) Address 172.16.16.1 will be permitted Telnet access to address 172.16.32.1.
E) Address 172.16.16.1 will be permitted Telnet access to address 172.16.50.1.
F) Address 172.16.30.12 will be permitted Telnet access to address 172.16.32.12.
B, C, E

Q18) Which Cisco IOS command would you use to define a pool of global addresses to be allocated as needed? (Source: Scaling the Network with NAT and PAT)
A) ip nat pool
B) ip nat inside pool
C) ip nat outside pool
D) ip nat inside source static
A


Q19) Which packet type is used in the PPP link establishment phase? (Source: Configuring Serial Point-to-Point Encapsulation)
A) LCP
B) PAP
C) NCP
D) CHAP
A

Q20) With CHAP, how does a remote node respond to a challenge message? (Source: Configuring Serial Point-to-Point Encapsulation)
A) with a hash value
B) with a return challenge
C) with a clear text password
D) with an encrypted password
A

Q21) What does the ppp authentication chap pap command configure? (Source: Configuring Serial Point-to-Point Encapsulation)
A) CHAP authentication will always be used.
B) Either CHAP or PAP will be used, selected at random for security.
C) CHAP authentication will be used unless the remote router requests PAP.
D) If authentication fails using CHAP, then PAP authentication is attempted.
D

Q22) Which VC status state on a Cisco router indicates that the local connection to the Frame Relay switch is working but the remote router connection to the Frame Relay switch is not working? (Source: Introducing Frame Relay)
A) LMI state
B) active state
C) deleted state
D) inactive state
D


Q23) Which address must be mapped on a Frame Relay VC to the local DLCI? (Source: Introducing Frame Relay)
A) port address
B) source port address
C) network layer address
D) data-link layer address
C

Q24) In which situation will you configure a static Frame Relay map? (Source: Configuring Frame Relay)
A) when compression is not set on the interface
B) when the remote router does not support Inverse ARP
C) when the remote router does not support Frame Relay
D) when the network layer address of the destination router interface is not set
B

Q25) Which Cisco IOS command correctly configures a static map of the remote IP address (10.16.0.2) to the local data-link connection identifier (DLCI) (110)? (Source: Configuring Frame Relay)
A) frame-relay map dlci 110 ip 10.16.0.2
B) frame-relay inverse-arp ip 10.16.0.2 110
C) frame-relay arp ip 10.16.0.2 110 broadcast
D) frame-relay map ip 10.16.0.2 110 broadcast
D

Q26) The following line is taken from the output of the debug frame-relay lmi command:

1w2d: PVC IE 0x7, length 0x6, dlci 10, status 0x2, bw 0

What does the dlci 10, status 0x2 indicate? (Source: Configuring Frame Relay)
A) DLCI 10 is inactive, and the status is deleted.
B) DLCI 10 is active, and the status is “added” and “active.”
C) DLCI 10 is active, and the status is “added” and “inactive.”
D) DLCI 10 is inactive, and the status is “added” and “inactive.”
B

Q27) Given the following configuration statements, what kind of traffic will trigger a DDR call? (Source: Configuring Dial-on-Demand Routing)
? dialer-list 1 protocol ip list 101
? access-list 101 deny tcp any any eq telnet
? access-list 101 deny tcp any any eq ftp
? access-list 101 permit ip any any
A) all IP traffic
B) FTP and Telnet traffic
C) all IP traffic except TCP
D) all IP traffic except Telnet and FTP
D

Q28) Which Cisco IOS command allows all IP traffic to initiate a DDR call without using an access list? (Source: Configuring Dial-on-Demand Routing)
A) dialer-list 1 protocol ip deny
B) dialer-list 1 protocol ip permit
C) dialer-list 1 protocol ip list 101
D) dialer-group 1 protocol ip permit
B

Q29) Which Cisco IOS command specifies a bandwidth limit on a link that causes a second DDR link to be established? (Source: Configuring Dial-on-Demand Routing)
A) dialer map
B) dialer-group
C) dialer idle-timeout
D) dialer load-threshold
D


Q30) What information does the debug isdn q931 command display? (Source: Configuring Dial-on-Demand Routing)
A) PPP authentication information
B) negotiation of link compression
C) call setup and teardown messages
D) data being transmitted over a DDR link
C

CCNA Certification

The Cisco CCNA network associate certification validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks, including implementation and verification of connections to remote sites in a WAN. This new curriculum includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills. This new curriculum also includes (but is not limited to) the use of these protocols: IP, Enhanced Interior Gateway Routing Protocol (EIGRP), Serial Line Interface Protocol Frame Relay, Routing Information Protocol Version 2 (RIPv2),VLANs, Ethernet, access control lists (ACLs)

Exam Number: 640-802 CCNA
Associated Certifications: CCNA
Duration: 90 Minutes (50-60 questions)
Available Languages: English

The following topics are general guidelines for the content likely to be included on the Cisco Certified Network Associate exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Describe how a network works

  • Describe the purpose and functions of various network devices
  • Select the components required to meet a network specification
  • Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network
  • Describe common networked applications including web applications
  • Describe the purpose and basic operation of the protocols in the OSI and TCP models
  • Describe the impact of applications (Voice Over IP and Video Over IP) on a network
  • Interpret network diagrams
  • Determine the path between two hosts across a network
  • Describe the components required for network and Internet communications
  • Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered model approach
  • Differentiate between LAN/WAN operation and features

Configure, verify and troubleshoot a switch with VLANs and interswitch communications

  • Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
  • Explain the technology and media access control method for Ethernet networks
  • Explain network segmentation and basic traffic management concepts
  • Explain basic switching concepts and the operation of Cisco switches
  • Perform and verify initial switch configuration tasks including remote access management
  • Verify network status and switch operation using basic utilities (including: ping, traceroute, telnet, SSH, arp, ipconfig), SHOW & DEBUG commands
  • Identify, prescribe, and resolve common switched network media issues, configuration issues, auto negotiation, and switch hardware failures
  • Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q)
  • Describe how VLANs create logically separate networks and the need for routing between them
  • Configure, verify, and troubleshoot VLANs
  • Configure, verify, and troubleshoot trunking on Cisco switches
  • Configure, verify, and troubleshoot interVLAN routing
  • Configure, verify, and troubleshoot VTP
  • Configure, verify, and troubleshoot RSTP operation
  • Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network.
  • Implement basic switch security (including: port security, trunk access, management vlan other than vlan1, etc.)

Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network.

  • Describe the operation and benefits of using private and public IP addressing
  • Explain the operation and benefits of using DHCP and DNS
  • Configure, verify and troubleshoot DHCP and DNS operation on a router.(including: CLI/SDM)
  • Implement static and dynamic addressing services for hosts in a LAN environment
  • Calculate and apply an addressing scheme including VLSM IP addressing design to a network
  • Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment
  • Describe the technological requirements for running IPv6 in conjunction with IPv4 (including: protocols, dual stack, tunneling, etc).
  • Describe IPv6 addresses
  • Identify and correct common problems associated with IP addressing and host configurations

Configure, verify, and troubleshoot basic router operation and routing on Cisco devices

  • Describe basic routing concepts (including: packet forwarding, router lookup process)
  • Describe the operation of Cisco routers (including: router bootup process, POST, router components)
  • Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts
  • Configure, verify, and troubleshoot RIPv2
  • Access and utilize the router to set basic parameters.(including: CLI/SDM)
  • Connect, configure, and verify operation status of a device interface
  • Verify device configuration and network connectivity using ping, traceroute, telnet, SSH or other utilities
  • Perform and verify routing configuration tasks for a static or default route given specific routing requirements
  • Manage IOS configuration files. (including: save, edit, upgrade, restore)
  • Manage Cisco IOS.
  • Compare and contrast methods of routing and routing protocols
  • Configure, verify, and troubleshoot OSPF
  • Configure, verify, and troubleshoot EIGRP
  • Verify network connectivity (including: using ping, traceroute, and telnet or SSH)
  • Troubleshoot routing issues
  • Verify router hardware and software operation using SHOW & DEBUG commands.
  • Implement basic router security

Explain and select the appropriate administrative tasks required for a WLAN

  • Describe standards associated with wireless media (including: IEEE WI-FI Alliance, ITU/FCC)
  • Identify and describe the purpose of the components in a small wireless network. (Including: SSID, BSS, ESS)
  • Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point
  • Compare and contrast wireless security features and capabilities of WPA security (including: open, WEP, WPA-1/2)
  • Identify common issues with implementing wireless networks. (Including: Interface, missconfiguration)

Identify security threats to a network and describe general methods to mitigate those threats

  • Describe today's increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats
  • Explain general methods to mitigate common security threats to network devices, hosts, and applications
  • Describe the functions of common security appliances and applications
  • Describe security recommended practices including initial steps to secure network devices

Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network.

  • Describe the purpose and types of ACLs
  • Configure and apply ACLs based on network filtering requirements.(including: CLI/SDM)
  • Configure and apply an ACLs to limit telnet and SSH access to the router using (including: SDM/CLI)
  • Verify and monitor ACLs in a network environment
  • Troubleshoot ACL issues
  • Explain the basic operation of NAT
  • Configure NAT for given network requirements using (including: CLI/SDM)
  • Troubleshoot NAT issues

Implement and verify WAN links

  • Describe different methods for connecting to a WAN
  • Configure and verify a basic WAN serial connection
  • Configure and verify Frame Relay on Cisco routers
  • Troubleshoot WAN implementation issues
  • Describe VPN technology (including: importance, benefits, role, impact, components)
  • Configure and verify a PPP connection between Cisco routers

Technician certifications

The first stage of Cisco's certification system is the "Associate" level and begins with Cisco Certified Entry Networking Technician (CCENT) certification as an interim step to Associate level or directly with CCNA and CCDA certifications. The CCENT covers only basic networking knowledge, and does not get involved with the more technical aspects of the Cisco curriculum. The CCNA Discovery curriculum covers most of what is required to pass this exam.
 
eXTReMe Tracker