300-410 IPv6 Traffic Filtering and uRPF • Complete Question Bank
Complete 300-410 IPv6 Traffic Filtering and uRPF question bank — all 0 questions with answers and detailed explanations.
A network engineer runs the following command on Router R1:
R1# show ipv6 interface gigabitethernet 0/0
GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 Global unicast address(es): 2001:DB8:1:1::1, subnet is 2001:DB8:1:1::/64 Joined group address(es): FF02::1 FF02::2 ICMP redirects are enabled ICMP unreachables are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 1000 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. IPv6 uRPF: strict mode (drop invalid packets)
Based on this output, what is the operational state of uRPF on this interface?
A network engineer runs the following command on Router R1:
R1# show ipv6 interface tunnel 0
Tunnel0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 Global unicast address(es): 2001:DB8:2::1, subnet is 2001:DB8:2::/64 Joined group address(es): FF02::1 FF02::2 ICMP redirects are enabled ICMP unreachables are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds IPv6 uRPF: loose mode (allow default route)
Based on this output, what is the uRPF configuration on this interface?
A network engineer runs the following command on Router R1:
R1# show ipv6 access-list FILTER-IPv6
IPv6 access list FILTER-IPv6
permit ipv6 2001:DB8:1::/48 any sequence 10
deny ipv6 any any sequence 20Based on this output, what is the effect of this access list when applied to an interface?
A network engineer runs the following command on Router R1:
R1# show ipv6 interface gigabitethernet 0/0 | include uRPF
IPv6 uRPF: strict mode
Based on this output, which statement is true?
A network engineer runs the following command on Router R1:
R1# show ipv6 interface gigabitethernet 0/0 | include uRPF
IPv6 uRPF: loose mode
Based on this output, what is the operational state of uRPF on this interface?
A network engineer runs the following command on Router R1:
R1# show ipv6 access-list DENY-REMOTE
IPv6 access list DENY-REMOTE
deny ipv6 2001:DB8:2::/48 any sequence 10
permit ipv6 any any sequence 20Based on this output, what is the effect of this access list when applied to an interface?
A network engineer runs the following command on Router R1:
R1# show ipv6 interface gigabitethernet 0/0 | include uRPF
IPv6 uRPF: strict mode (allow default route)
Based on this output, what is the uRPF configuration on this interface?
A network engineer runs the following command on Router R1:
R1# show ipv6 interface gigabitethernet 0/0
GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 Global unicast address(es): 2001:DB8:1:1::1, subnet is 2001:DB8:1:1::/64 Joined group address(es): FF02::1 FF02::2 ICMP redirects are enabled ICMP unreachables are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 1000 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. IPv6 uRPF: strict mode (drop invalid packets) Inbound access list: FILTER-IPv6
Based on this output, which two features are configured on this interface?
A network engineer runs the following command on Router R1:
R1# show ipv6 access-list PERMIT-ONLY
IPv6 access list PERMIT-ONLY
permit ipv6 2001:DB8:3::/48 any sequence 10
Based on this output, what is the effect of this access list when applied to an interface?
Examine the following IPv6 ACL applied to an interface:
ipv6 access-list FILTER
permit ipv6 any any fragments deny ipv6 any any interface GigabitEthernet0/1
ipv6 traffic-filter FILTER in
What is the effect of this configuration?
Consider the following configuration:
ipv6 access-list BLOCK-ICMP
deny icmp any any echo-request deny icmp any any echo-reply permit ipv6 any any interface GigabitEthernet0/2
ipv6 traffic-filter BLOCK-ICMP in
Which statement is true?
Review the following configuration:
ipv6 access-list FILTER
permit tcp 2001:db8:1::/48 any eq 80 permit tcp 2001:db8:1::/48 any eq
443
deny ipv6 any any interface GigabitEthernet0/3
ipv6 traffic-filter FILTER out
What is the effect of this configuration?
Examine this configuration:
interface GigabitEthernet0/4
ipv6 address 2001:db8:2::1/64 ipv6 verify unicast source reachable-via any
What is the effect of the 'ipv6 verify unicast source reachable-via any' command?
Consider the following configuration:
ipv6 access-list FILTER
permit ipv6 2001:db8:3::/48 any deny ipv6 any any interface GigabitEthernet0/5
ipv6 traffic-filter FILTER in ipv6 verify unicast source reachable-via rx
A packet arrives on GigabitEthernet0/5 with source 2001:db8:3::100 and destination 2001:db8:4::1. The route for 2001:db8:3::/48 points out interface GigabitEthernet0/6. What happens?
Review this configuration:
route-map RMAP permit 10 match ipv6 address prefix-list PREFIX set interface null0 ! ipv6 prefix-list PREFIX seq 5 permit 2001:db8:5::/48 !
interface GigabitEthernet0/6
ipv6 verify unicast source reachable-via any allow-default
What is the purpose of the 'allow-default' keyword?
A network engineer runs the following command to troubleshoot an IPv6 traffic filtering issue:
R1# show ipv6 access-list FILTER
IPv6 access list FILTER
permit ipv6 2001:DB8:1::/48 any sequence 10
deny ipv6 2001:DB8:2::/48 any sequence20
permit ipv6 any any sequence 30
What does this output indicate?
A network engineer runs the following command to verify IPv6 uRPF operation:
R1# show ipv6 interface GigabitEthernet0/0 | include verify
IPv6 verify source: strict
What does this output indicate?
A network engineer runs the following command to debug IPv6 traffic filtering:
R1# debug ipv6 packet access-list FILTER detail
IPv6 packet debugging is on for access list FILTER (detail)
*Mar 1 00:01:23.456: IPv6: source 2001:DB8:2::1 (GigabitEthernet0/0) *Mar 1 00:01:23.456: dest 2001:DB8:3::1 (GigabitEthernet0/1) *Mar 1 00:01:23.456: traffic class 0, flowlabel 0, hlim 64, next header 6 (TCP) *Mar 1 00:01:23.456: denied by access-list FILTER
What does this output indicate?
A network engineer runs the following command to verify IPv6 uRPF drops:
R1# show ipv6 traffic | include verify
0 verify source drops, 0 verify source suppressed drops
What does this output indicate?
A network engineer runs the following command to debug IPv6 uRPF:
R1# debug ipv6 verify
IPv6 verify debugging is on
*Mar 1 00:02:34.567: IPv6 verify: source 2001:DB8:4::1 on GigabitEthernet0/0 *Mar 1 00:02:34.567: no route to source
What does this output indicate?
A network engineer runs the following command to verify IPv6 access-list hits:
R1# show ipv6 access-list FILTER | include matches
permit ipv6 2001:DB8:1::/48 any sequence 10 (10 matches)
deny ipv6 2001:DB8:2::/48 any sequence 20 (5 matches)
permit ipv6 any any sequence 30 (100 matches)What does this output indicate?
A network engineer runs the following command to verify IPv6 uRPF on an interface:
R1# show ipv6 interface GigabitEthernet0/0 | include verify|suppress
IPv6 verify source: strict IPv6 verify source suppress: disabled
What does this output indicate?
A network engineer runs the following command to debug IPv6 uRPF with detailed information:
R1# debug ipv6 verify detail
IPv6 verify debugging is on (detail)
*Mar 1 00:03:45.678: IPv6 verify: source 2001:DB8:5::1 on GigabitEthernet0/0 *Mar 1 00:03:45.678: route to source via GigabitEthernet0/1, not same as input interface
What does this output indicate?
A network engineer runs the following command to verify IPv6 traffic filtering with logging:
R1# show logging | include FILTER *Mar 1 00:04:56.789: %IPV6_ACL-6-ACCESSLOGDP: list FILTER denied tcp 2001:DB8:2::1(12345) -> 2001:DB8:3::1(80), 1 packet
What does this output indicate?