300-410 Network Logging and Syslog • Complete Question Bank
Complete 300-410 Network Logging and Syslog question bank — all 0 questions with answers and detailed explanations.
A network engineer runs the following command on Router R1:
R1# show logging
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns, xml disabled, small buffer) Console logging: level debugging, 37 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level informational, 5 messages logged, xml disabled, filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 0 message lines logged
Logging to 192.168.1.100 (udp port 514, audit disabled,
link up), 0 message lines logged, xml disabled, filtering disabled
Logging Source Interface: Loopback0
Log Buffer (4096 bytes):
*Mar 1 00:01:23.456: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up *Mar 1 00:02:34.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
Based on this output, which statement is correct?
A network engineer runs the following command on Router R2:
R2# show logging | include %SYS-5-CONFIG_I *Mar 1 00:10:15.123: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 00:12:45.678: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 00:15:30.001: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 00:20:00.999: %SYS-5-CONFIG_I: Configured from console by console
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R3:
R3# show logging | include %OSPF-5-ADJCHG *Mar 1 00:05:10.123: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done *Mar 1 00:06:20.456: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired *Mar 1 00:07:30.789: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from DOWN to INIT, Received Hello *Mar 1 00:08:40.012: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from INIT to EXSTART, Event: start *Mar 1 00:09:50.345: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXSTART to EXCHANGE, Event: Negotiation Done *Mar 1 00:10:00.678: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXCHANGE to LOADING, Event: Exchange Done *Mar 1 00:11:10.901: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done *Mar 1 00:12:20.234: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R4:
R4# show logging | include %BGP-3-NOTIFICATION *Mar 1 00:01:05.123: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes *Mar 1 00:02:10.456: %BGP-3-NOTIFICATION: received from neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes *Mar 1 00:03:15.789: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R5:
R5# show logging | include %LINEPROTO-5-UPDOWN *Mar 1 00:00:10.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *Mar 1 00:00:20.456: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down *Mar 1 00:00:30.789: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *Mar 1 00:00:40.012: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down *Mar 1 00:00:50.345: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *Mar 1 00:01:00.678: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R6:
R6# show logging | include %SEC-6-IPACCESSLOGP *Mar 1 00:01:15.123: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12345) -> 192.168.1.1(80), 1 packet *Mar 1 00:01:20.456: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12346) -> 192.168.1.1(80), 1 packet *Mar 1 00:01:25.789: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12347) -> 192.168.1.1(80), 1 packet *Mar 1 00:01:30.012: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12348) -> 192.168.1.1(80), 1 packet
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R7:
R7# show logging | include %SYS-2-MALLOCFAIL *Mar 1 00:05:10.123: %SYS-2-MALLOCFAIL: Memory allocation failed for size 1024, from process 0x12345678, pool Processor *Mar 1 00:06:20.456: %SYS-2-MALLOCFAIL: Memory allocation failed for size 2048, from process 0x12345678, pool Processor *Mar 1 00:07:30.789: %SYS-2-MALLOCFAIL: Memory allocation failed for size 512, from process 0x12345678, pool Processor
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R8:
R8# show logging | include %LDP-5-NBRCHG *Mar 1 00:01:10.123: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is UP *Mar 1 00:02:20.456: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is DOWN *Mar 1 00:03:30.789: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is UP *Mar 1 00:04:40.012: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is DOWN
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R9:
R9# show logging | include %DMVPN-5-ADJCHG *Mar 1 00:01:05.123: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is UP *Mar 1 00:02:10.456: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is DOWN *Mar 1 00:03:15.789: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is UP *Mar 1 00:04:20.012: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is DOWN
Based on this output, what is the most likely problem?
Examine the following partial router configuration:
logging buffered 16384 logging console warnings logging monitor notifications logging trap debugging logging source-interface Loopback0 logging 192.168.1.100
What is the effect of this configuration?
Given the following partial configuration on a Cisco IOS-XE router:
logging host 10.1.1.1 transport tcp port 514 logging source-interface GigabitEthernet0/1 logging on
What is missing or incorrect in this configuration?
Refer to the following partial configuration:
logging console informational logging monitor debugging logging trap errors logging buffered 4096
Which statement is true about the logging levels?
Consider the configuration snippet:
logging 192.168.1.10 vrf Mgmt-intf logging source-interface Vlan1 logging trap 6
What is the effect of the 'logging trap 6' command?
Examine the following configuration:
logging host 10.1.1.1 logging host 10.1.1.2 logging host 10.1.1.3 logging origin-id hostname logging facility local7
What is the purpose of the 'logging origin-id hostname' command?
Given the configuration:
logging buffered 8192 warnings logging console alerts logging monitor critical
Which of the following is true?
A service provider network uses OSPF with route summarization on Area Border Routers (ABRs). Router R1 (ABR) has the configuration:
router ospf 1
area 1 range 10.1.0.0 255.255.240.0
area 1 range 10.1.16.0 255.255.240.0
Router R2 (internal to area 1) shows:
R2# show ip route ospf
10.1.0.0/20 is subnetted, 1 subnetsO IA 10.1.0.0/20 [110/2] via 10.2.1.1, 00:00:15, Serial0/0/0
10.1.16.0/20 is subnetted, 1 subnets
O IA 10.1.16.0/20 [110/2] via 10.2.1.1, 00:00:10, Serial0/0/0
10.1.32.0/20 [110/3] via 10.2.1.2, 00:00:05, Serial0/0/1
R2 is missing a route to 10.1.48.0/20. What is the root cause?
Two OSPF domains are redistributed into each other on router R1. R1 has:
router ospf 1
redistribute ospf 2 subnets
router ospf 2
redistribute ospf 1 subnets
Router R2 (in OSPF 1) shows: R2# show ip route ospf
O E2 10.1.1.0/24 [110/20] via 10.2.1.1, 00:00:05, Serial0/0/0 O E2 10.2.1.0/24 [110/20] via 10.2.1.1, 00:00:05, Serial0/0/0
R2# traceroute 10.1.1.1 source 10.2.1.2
Type escape sequence to abort. Tracing the route to 10.1.1.1 1 10.2.1.1 4 msec 4 msec 4 msec 2 10.1.1.1 8 msec 8 msec 8 msec
R2# traceroute 10.2.1.1 source 10.1.1.2
Type escape sequence to abort. Tracing the route to 10.2.1.1 1 10.1.1.1 4 msec 4 msec 4 msec 2 10.2.1.1 8 msec 8 msec 8 msec Traffic between the two domains is taking suboptimal paths. What is the root cause?
In an iBGP network, router R1 has:
router bgp 65000
bgp bestpath as-path multipath-relax
neighbor 10.1.1.2 route-map SET-MED in
route-map SET-MED permit 10 set metric 50
neighbor 10.1.1.3 route-map SET-MED2 in
route-map SET-MED2 permit 10 set metric 100
Router R2 shows: R2# show ip bgp 192.168.1.0/24
BGP routing table entry for 192.168.1.0/24, version 2 Paths: (2 available, best #2) Path #1: via 10.1.1.1, metric 50 Path #2: via 10.1.1.4, metric 100
R2# show ip route 192.168.1.0
Routing entry for 192.168.1.0/24 Known via "bgp 65000", distance 200, metric 100 Last update from 10.1.1.4 00:00:10 Serial0/0/1 R2 is choosing the path with higher metric. What is the root cause?
Two routers R1 and R2 are connected via Ethernet. R1 has:
interface GigabitEthernet0/0 ip ospf network point-to-point
R2 has default OSPF network type (broadcast). R1 shows:
R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:35 10.1.1.2 GigabitEthernet0/0
R2 shows:
R2# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.1 1 FULL/DR 00:00:30 10.1.1.1 GigabitEthernet0/0
R1 is not installing OSPF routes from R2. What is the root cause?
EIGRP network with routers R1, R2, R3. R1 has:
router eigrp 100 network 10.0.0.0
R2 has:
router eigrp 100 network 10.0.0.0
R3 has:
router eigrp 100 network 10.0.0.0
R1 shows:
R1# show ip eigrp topology 10.1.1.0/24
EIGRP-IPv4 Topology Entry for 10.1.1.0/24 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 128256 Routing Descriptor Blocks:
10.2.1.2 (Serial0/0/0), from 10.2.1.2, Send flag is 0x0
Composite metric is (128256/156160), Route is Internal
10.3.1.3 (Serial0/0/1), from 10.3.1.3, Send flag is 0x0
Composite metric is (156160/128256), Route is Internal
R1# show ip route 10.1.1.0
Routing entry for 10.1.1.0/24 Known via "eigrp 100", distance 90, metric 128256 Last update from 10.2.1.2 on Serial0/0/0 R1 is using the path with higher feasible distance as successor. What is the root cause?
DMVPN network with hub R1 and spoke R2. R1 has:
interface Tunnel0 ip address 172.16.1.1 255.255.255.0
tunnel source GigabitEthernet0/0 tunnel mode gre multipoint
ip nhrp network-id 1 ip nhrp authentication cisco123
R2 has:
interface Tunnel0 ip address 172.16.1.2 255.255.255.0
tunnel source GigabitEthernet0/0 tunnel mode gre multipoint
ip nhrp network-id 1 ip nhrp nhs 172.16.1.1 ip nhrp authentication cisco123
R2 shows:
R2# show dmvpn
Legend: Attrb -> S: Static, D: Dynamic, I: Incomplete NHRP domain: 1
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHC:172.16.1.2, NBMA:10.2.2.2 (no NHRP mappings)
R2# ping 172.16.1.1 source 172.16.1.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) What is the root cause?
MPLS network with LDP enabled. Routers R1 and R2 are directly connected. R1 has: mpls ip
interface Serial0/0/0
mpls ip R2 has: mpls ip
interface Serial0/0/0
mpls ip R1 shows:
R1# show mpls ldp neighbor
Peer LDP Ident: 10.2.2.2:0; Local LDP Ident: 10.1.1.1:0 TCP connection: 10.2.2.2.646 - 10.1.1.1.646 State: Oper; Msgs sent/rcvd: 10/10; Downstream Up time: 00:00:30 LDP discovery sources: Serial0/0/0, Src IP addr: 10.2.2.2
R1# show mpls forwarding-table
Local tag Outgoing tag Prefix Bytes tag switched Outgoing interface 16 Untagged 10.3.3.0/24 0 Serial0/0/0 R2 shows:
R2# show mpls forwarding-table
Local tag Outgoing tag Prefix Bytes tag switched Outgoing interface 16 17 10.3.3.0/24 0 Serial0/0/0 R1 is not installing a label for 10.3.3.0/24 from R2. What is the root cause?
Router R1 has an ACL applied to its VTY lines for SSH access: access-list 10 permit 10.1.1.0 0.0.0.255 line vty 0 4
access-class 10 in transport input ssh R1 also has CoPP policy: class-map match-all SSH-CLASS match access-group name SSH-ACL policy-map COPP
class SSH-CLASS
police cir 8000 bc 1500 conform-action transmit exceed-action drop R2 (10.1.1.2) shows:
R2# ssh -l admin 10.2.2.1
% Connection refused by remote host
R2# telnet 10.2.2.1
Trying 10.2.2.1 ... % Connection timed out; remote host not responding What is the root cause?
Two VRFs on router R1: VRF A and VRF B. R1 has:
ip vrf A
rd 100:1 route-target export 100:1 route-target import 100:2
ip vrf B
rd 100:2 route-target export 100:2 route-target import 100:1 R1 shows:
R1# show ip route vrf A B 10.1.1.0/24 [200/0] via 10.2.2.2, 00:00:10 R1# show ip route vrf B B 10.1.1.0/24 [200/0] via 10.2.2.2, 00:00:10 Router R2 (in VRF A) can ping 10.1.1.1, but router R3 (in VRF B) cannot. What is the root cause?
A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:
R1# debug ip packet
Output: IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 3 IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 4 IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 5
What does this output indicate?
A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:
R1# show logging
Output: Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 100 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: level debugging, 100 messages logged Trap logging: level informational, 100 messages logged
Logging to 192.168.1.100 (udp port 514, audit disabled)
What does this output indicate?
A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:
R1# debug ip ospf adj
Output: OSPF: 2 Way Communication to 10.0.0.2 on GigabitEthernet0/0, state 2WAY OSPF: Send hello to 224.0.0.5 on GigabitEthernet0/0 OSPF: Rcv DBD from 10.0.0.2 on GigabitEthernet0/0 seq 0x1E opt 0x52 flag 0x7 len 32 OSPF: NBR negotiation done. We are the SLAVE OSPF: Exchange done with 10.0.0.2 on GigabitEthernet0/0 OSPF: Build router LSA for area 0, router ID 10.0.0.1
What does this output indicate?
A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:
R1# debug ip bgp updates
Output: BGP(0): 10.0.0.2 rcvd UPDATE w/ attr: nexthop 10.0.0.2, origin i, path 65002 BGP(0): 10.0.0.2 rcvd 10.1.1.0/24 BGP(0): 10.0.0.2 rcvd UPDATE w/ attr: nexthop 10.0.0.2, origin i, path 65002 65003 BGP(0): 10.0.0.2 rcvd 10.2.2.0/24
What does this output indicate?
A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:
R1# show ip route summary
Output: Route Source Networks Subnets Overhead Memory (bytes) connected 0 2 0 0 static 0 0 0 0 ospf 1 5 10 0 0 bgp 65001 3 5 0 0
Total 8 17 0 0
What does this output indicate?
A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:
R1# show mpls ldp neighbor detail
Output: Peer LDP Ident: 10.0.0.2:0, Local LDP Ident: 10.0.0.1:0 TCP connection: 10.0.0.2.646 - 10.0.0.1.646 State: Oper; Msgs sent/rcvd: 100/100; Downstream Up time: 00:10:00 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.0.0.2 Addresses bound to peer LDP Ident:
10.0.0.2 10.1.1.2 10.2.2.2
What does this output indicate?
A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:
R1# show ip nhrp detail
Output:
10.1.1.1/32 via 10.0.0.2, Tunnel0 created 00:05:00, expire 01:55:00
Type: dynamic, Flags: authoritative NBMA address: 192.168.1.2
10.2.2.2/32 via 10.0.0.3, Tunnel0 created 00:04:00, expire 01:56:00
Type: dynamic, Flags: authoritative NBMA address: 192.168.1.3
What does this output indicate?
A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:
R1# show crypto engine connections active
Output:
Crypto Engine Connections
ID Type Algorithm State Connection-ID 1 IPsec AES256-SHA Active 100 2 IPsec AES256-SHA Active 101 3 ISAKMP SHA Active 200
What does this output indicate?
A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:
R1# show policy-map control-plane input class class-default
Output: Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any police: cir 1000000 bps, bc 31250 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
What does this output indicate?