Question 81 of 2,152
IPv6 Tunneling TechniqueshardMultiple ChoiceObjective-mapped

Quick Answer

The answer is that Site B’s IPv4 address is private and not reachable from Site A, as 6to4 requires public IPv4 addresses on both ends. This is because a 6to4 automatic tunnel derives its IPv6 prefix from the embedded IPv4 address using the 2002::/16 format, so if Site B uses a private address like 10.x.x.x or 192.168.x.x, Site A cannot route return traffic over the public Internet—private addresses are non-routable globally. On the Cisco CCNP ENARSI 300-410 exam, this scenario tests your understanding of 6to4 tunnel addressing and loop prevention, often appearing as a trick where one-way traffic works but return traffic fails. A common trap is assuming any IPv4 connectivity suffices, but the key is that both endpoints must have globally routable addresses for bidirectional communication. Memory tip: think “2002 requires two public IPs”—if one side is private, the tunnel is one-way only.

300-410 IPv6 Tunneling Techniques Practice Question

This 300-410 practice question tests your understanding of ipv6 tunneling techniques. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A network engineer configures a 6to4 tunnel between two sites. The tunnel works for traffic from Site A to Site B, but return traffic from Site B to Site A fails. Both sites have IPv4 connectivity. What is the most likely explanation?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

Question 1hardmultiple choice
Read the full NAT/PAT explanation →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Site B's IPv4 address is private and not reachable from Site A; 6to4 requires public IPv4 addresses on both ends.

6to4 tunnels require both endpoints to have globally routable public IPv4 addresses because the tunnel encapsulation uses the IPv4 address to derive the IPv6 prefix (2002::/16). If Site B has a private IPv4 address (e.g., 10.x.x.x or 192.168.x.x), Site A cannot route return traffic to it, as private addresses are not reachable over the public Internet. This explains why traffic from Site A to Site B works (Site A's public address is reachable), but return traffic fails.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Site B's IPv4 address is private and not reachable from Site A; 6to4 requires public IPv4 addresses on both ends.

    Why this is correct

    6to4 requires globally routable IPv4 addresses on both tunnel endpoints. If Site B uses a private address behind NAT, the return traffic cannot be encapsulated correctly.

    Clue confirmation

    The clue word "most likely" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • The tunnel mode on Site B is configured as GRE IPv6 instead of 6to4.

    Why it's wrong here

    6to4 tunnels use tunnel mode ipv6ip 6to4; GRE mode would not interpret the 2002:: prefix correctly.

  • The IPv6 MTU on the tunnel is set too high, causing fragmentation of return packets.

    Why it's wrong here

    MTU issues would cause packet drops but not a complete failure of return traffic; also, fragmentation is handled by IPv4.

  • Site A has a firewall blocking incoming IPv4 protocol 41 packets.

    Why it's wrong here

    This would affect both directions; the question states Site A to Site B works, so incoming packets to Site A are not blocked.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Cisco often tests the misconception that 6to4 tunnels can work with private IPv4 addresses if NAT is involved, but 6to4 does not support NAT traversal because the IPv4 address is embedded in the IPv6 prefix, making it incompatible with address translation.

Detailed technical explanation

How to think about this question

6to4 tunnels use the IPv4 address of each endpoint to automatically construct a 2002:IPv4-address::/48 prefix, as defined in RFC 3056. For example, if Site A's public IPv4 address is 192.0.2.1, its 6to4 prefix becomes 2002:c000:0201::/48. If Site B uses a private IPv4 address like 10.0.0.1, its derived prefix would be 2002:0a00:0001::/48, but that prefix is not globally routable because the underlying IPv4 address is not reachable from the public Internet. In real-world deployments, 6to4 is often used with a relay router to handle communication with native IPv6 networks, but direct site-to-site 6to4 tunnels still require public IPv4 addresses on both ends.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A small business has 20 workstations on the 192.168.1.0/24 network and one public IP from its ISP. The router uses PAT (NAT overload) so all 20 devices share one public address using different source ports. NAT questions test whether you understand the four address terms and which direction each translation applies.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related 300-410 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 300-410 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 300-410 question test?

IPv6 Tunneling Techniques — This question tests IPv6 Tunneling Techniques — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Site B's IPv4 address is private and not reachable from Site A; 6to4 requires public IPv4 addresses on both ends. — 6to4 tunnels require both endpoints to have globally routable public IPv4 addresses because the tunnel encapsulation uses the IPv4 address to derive the IPv6 prefix (2002::/16). If Site B has a private IPv4 address (e.g., 10.x.x.x or 192.168.x.x), Site A cannot route return traffic to it, as private addresses are not reachable over the public Internet. This explains why traffic from Site A to Site B works (Site A's public address is reachable), but return traffic fails.

What should I do if I get this 300-410 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

4 more ways this is tested on 300-410

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. In a 6to4 tunnel, how is the tunnel destination address determined?

medium
  • A.It is manually configured.
  • B.It is derived from the IPv6 destination address using the 2002::/16 prefix.
  • C.It is obtained via DNS.
  • D.It is the same as the tunnel source.

Why B: In a 6to4 tunnel, the tunnel destination address is automatically derived from the IPv6 destination address by extracting the IPv4 address embedded in the 2002::/16 prefix. Specifically, the first 16 bits of the IPv6 destination are 2002, and the next 32 bits represent the IPv4 address of the remote 6to4 router. This allows the tunnel to be dynamically established without manual configuration of each destination.

Variation 2. In a 6to4 tunnel, what is the default IPv6 prefix assigned to the tunnel interface?

medium
  • A.2002::/16
  • B.2002:IPv4-address::/48
  • C.2001::/32
  • D.3ffe::/16

Why B: In a 6to4 tunnel, the default IPv6 prefix assigned to the tunnel interface is 2002:IPv4-address::/48, where the IPv4 address of the tunnel source is embedded in the prefix. This is defined in RFC 3056, which specifies that the 6to4 prefix is 2002::/16, and the next 32 bits are the tunnel source's IPv4 address, resulting in a /48 prefix for the 6to4 site.

Variation 3. Which TWO statements correctly describe the behavior of automatic 6to4 tunneling? (Choose TWO.)

hard
  • A.The 6to4 prefix is 2002::/16, where the next 32 bits are the IPv4 address of the tunnel source in hexadecimal.
  • B.A 6to4 relay router must have an IPv6 route to 2002::/16 pointing to the tunnel interface.
  • C.6to4 tunnels can use private IPv4 addresses as the tunnel source.
  • D.The 6to4 prefix is 2001::/16, and the IPv4 address is embedded in the interface ID.
  • E.The tunnel interface must be configured with tunnel mode ipv6ip.

Why A: Option A is correct because RFC 3056 defines the 6to4 prefix as 2002::/16, and the next 32 bits are the IPv4 address of the tunnel source converted to hexadecimal. This embeds the IPv4 address directly into the IPv6 prefix, allowing automatic tunnel creation without explicit peer configuration.

Variation 4. Which loop prevention mechanism is inherent to 6to4 tunneling?

medium
  • A.Split horizon
  • B.Reverse path forwarding (RPF) check
  • C.Embedded IPv4 address validation
  • D.TTL decrement

Why C: 6to4 tunneling uses an embedded IPv4 address in the IPv6 prefix (2002::/16) to automatically derive the tunnel destination. This inherent validation prevents routing loops by ensuring that a 6to4 router only accepts packets whose source IPv4 address matches the embedded address in the IPv6 source prefix, rejecting mismatched or spoofed traffic that could cause loops.

Last reviewed: Jun 24, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 300-410 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 300-410 exam.