Troubleshooting and Maintaining Cisco IP Networks (TSHOOT)

Question No: 1 – (Topic 1)

Which statement is true about an IPsec/GRE tunnel?

  1. The GRE tunnel source and destination addresses are specified within the IPsec transform set.

  2. An IPsec/GRE tunnel must use IPsec tunnel mode.

  3. GRE encapsulation occurs before the IPsec encryption process.

  4. Crypto map ACL is not needed to match which traffic will be protected.

Answer: C

Question No: 2 – (Topic 1)

Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs? (Choose three.)

  1. allows dynamic routing over the tunnel

  2. supports multi-protocol (non-IP) traffic over the tunnel

  3. reduces IPsec headers overhead since tunnel mode is used

  4. simplifies the ACL used in the crypto map

  5. uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration

Answer: A,B,D

Question No: 3 – (Topic 1)

You are troubleshooting an issue with a GRE tunnel between R1 and R2 and find that routing is OK on all intermediary routers. The tunnel is up on R1, but down on R2. Which two possible issues can prevent the tunnel from coming up? (Choose Two)

  1. The tunnel does not come up unless traffic is sent through it.

  2. The tunnel source interface is down on R2.

  3. No specific route interface is down on R2.

  4. R2 does not know how to reach the tunnel destination.

  5. The tunnel keep alive timer doesn’t match on R1 and R2.

    Answer: B,D Explanation:

    Four Different Tunnel States

    There are four possible states in which a GRE tunnel interface can be:

    1. Up/up – This implies that the tunnel is fully functional and passes traffic. It is both adminstratively up and it#39;s protocol is up as well.

    2. Adminstratively down/down – This implies that the interface has been administratively shut down.

    3. Up/down – This implies that, even though the tunnel is administratively up, something causes the line protocol on the interface to be down.

    4. Reset/down – This is usually a transient state when the tunnel is reset by software. This usually happens when the tunnel is misconfigured with a Next Hop Server (NHS) that is it#39;s own IP address.

      When a tunnel interface is first created and no other configuration is applied to it, the interface is not shut by default:

      Question No: 4 – (Topic 1)

      When troubleshooting an EIGRP connectivity problem, you notice that two connected EIGRP routers are not becoming EIGRP neighbors. A ping between the two routers was successful. What is the next thing that should be checked?

      1. Verify that the EIGRP hello and hold timers match exactly.

      2. Verify that EIGRP broadcast packets are not being dropped between the two routers with the show ip EIGRP peer command.

      3. Verify that EIGRP broadcast packets are not being dropped between the two routers with the show ip EIGRP traffic command.

      4. Verify that EIGRP is enabled for the appropriate networks on the local and neighboring router.

Answer: D

Question No: 5 – (Topic 1)

Which IPsec mode will encrypt a GRE tunnel to provide multiprotocol support and reduced overhead?

  1. 3DES

  2. multipoint GRE

  3. tunnel

  4. transport

Answer: D

Question No: 6 – (Topic 1)

Refer to exhibit.

The tunnel between R2 and R5 is not coming up. R2, R4 and R5 do not have any routing information sources other than OSPF and no route filtering is implemented anywhere in the network. Which two actions fix the issue? (Choose Two)

  1. Redistribute connected routes to OSPF on R5.

  2. Change the tunnel destination on R2 to

  3. Advertise interface Lo0 to OSPF on R5.

  4. Configure a static route on R5 to via

  5. Fix the OSPF adjacency issue between R2 and r5.

Answer: A,C Explanation:

In order for the tunnel to be established between R2-R5 ,the R2 should have a path for the route in its own routing table , and because the ospf is the only routing protocol here , so R5 has to advertise the route, and that is possible through these option:

1-redistribute connected route to ospf on R5 2-Advertise interface lo0 to OSPF on R5

For knowing more about the rules for the gre channel to be established, check the link below:

http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118361- technote-gre-00.html

Question No: 7 – (Topic 1)

Refer to the exhibit.

How would you confirm on R1 that load balancing is actually occurring on the default- network (

  1. Use ping and the show ip route command to confirm the timers for each default network resets to 0.

  2. Load balancing does not occur over default networks; the second route will only be used for failover.

  3. Use an extended ping along with repeated show ip route commands to confirm the

    gateway of last resort address toggles back and forth.

  4. Use the traceroute command to an address that is not explicitly in the routing table.

Answer: D

Question No: 8 – (Topic 1)

R1 and R2 are directly connected using interface Ethernet0/0 on both sides. R1 and R2 were not becoming adjacent, so you have just configured R2 interface Ethernet0/0 as network type broadcast. Which two statements are true?

  1. Three OSPF routers are in the network segment connected to

  2. R1 installs a route to as O.

  3. R2 is not an OSPF ABR.

  4. R1 interface Ethernet0/0 is configured as OSPF type point to point.

  5. R1 installs a route to as O IA.

  6. both routers R1 and R2 are neighbors and R2 IS BDR.

Answer: E,F Explanation:

-For the Answer 5 quot;R1 installs a route to as O IAquot;:

That because the route belong to another area (area1).

-for the Answer 6 quot;both routers R1 and R2 are neighbors, and R2 IS BDRquot;:

Here clearly the question, say that R1 and R2 are not adjacent, but that not mean they are not neighbors, from the

output of quot;show ip ospf neighborquot; command we can see clearly that routers R1 and R2 are neighbors, and actually the

R2 is BDR.

There different between adjacent and neighbor, neighborsquot; and quot;adjacentquot;. Two terminologies that doesn#39;t mean the

same thing, but can often be misused in a discussion. Neighbors in this case means quot;show up as neighbors while using

the show ip ospf neighbors commandquot;. While quot;adjacentquot; means they are fully exchanging topology information.

For further information check the links below: https://learningnetwork.cisco.com/message/564573#564573 http://blog.ine.com/2008/01/08/understanding-ospf-network-types/

Question No: 9 – (Topic 1)

Refer to the Exhibit:

Which output is expected in the blank line for the OSPF adjacency process?

  1. DOWN




Answer: B Explanation:

You can check the output of quot;debug ip ospf adjquot; here:

Question No: 10 – (Topic 1)

Which three keywords are supported in the ip header option?

  1. Timeout

  2. Type of service

  3. Validate

  4. Timestamp

  5. Record

  6. Strict

Answer: D,E,F

