Examice

Exam 350-401 All QuestionsBrowse all questions from this exam

Question 207

A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is logged to the console of router R1:

`May 5 39:85:55.469: %TCP-6-BADAUTH` Invalid MD5 digest from 10.10.10.1 (29832) to 10.120.10.1 (179) tebleid -0

Which two configurations allow a peering session to form between R1 and R2? (Choose two.)

R1(config-router)#neighbor 10.10.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

R2(config-router)#neighbor 10.120.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor PEER password Cisco

R1(config-router)#neighbor 10.120.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco

R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

Correct Answer: A, D

To establish a BGP peering session with MD5 authentication, both routers must be configured with the same password for the peer group, and each router must specify the peer's IP address and associate it with the peer group. In this case, Router R1 is 10.120.10.1 and Router R2 is 10.10.10.1. Therefore, R1 should be configured with R2's IP address and the password, and R2 should be configured with R1's IP address and the password. This setup will ensure that the MD5 password match and the peering session can be established successfully.

Discussion

hex2Options: AB

Answer is correct, AB. The question states the console output is from R1, which means that R1 is 10.120.10.1, and R2 is 10.10.10.1. If you missed that you may have assumed the reverse and picked DE.

bk989

because R1 is 10.120.10.1, according to the error message which states TCP port 179, which is DESTINATION port for BGP, hence A, B are the only possible answers in this case. The destination port 179 is referring to the incoming router 10.120.1.x

LanreDipeolu

I think ED choice is more appropriate; all because the syslog message was obtained from R1 that indicated R1 is 10.10.0.1

andy_doesnt_like_uucp

vice versa: R2 is 10.10.10.1 . but AB is correct

SandyIndiaOptions: AB

if the two routers have different passwords configured, a message such as this is displayed: %TCP-6-BADAUTH: Invalid MD5 digest from [peer's IP address]:11004 to [local router's IP address]:179 https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/112188-configure-md5-bgp-00.html

outnumber_gargle024

solid^ TY

rpidcockOptions: AB

Given answer is correct. Verified in GNS3 lab.

Jakubu1Options: AB

Answer is AB. Verified in my lab. R1 indicates it is receiving an Invalid MD5 digest from R2's IP/ R2 is sending that to port 179 of R1's IP.

LeoveilOptions: AB

(29832) random port number represent source. (179) BGP default port number represent destination.

bora4motionOptions: AB

A,B is correct. The log is on R1.

Qiaopuyun

I confused, the TCP destination port is 179 and source port is dynamic. so the ip address for R1 is 10.10.10.1

SeMo0o0oOptions: AB

A & B are correct 10.120.10.1 (179) is the local router IP (R1) 10.10.10.1 (29832) is the peer router IP (R2) On R1, configure R2 (IP 10.10.10.1) as a neighbor with the password. On R2, configure R1 (IP 10.120.10.1) as a neighbor with the password. This is from cisco: if the two routers have different passwords configured, a message such as this is displayed: %TCP-6-BADAUTH: Invalid MD5 digest from [peer's IP address]:11004 to [local router's IP address]:179 https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/112188-configure-md5-bgp-00.html#:~:text=if%20the%20two,IP%20address%5D%3A179

LanreDipeoluOptions: DE

I think ED choice is more appropriate; all because the syslog message was obtained from R1 that indicated R1 is 10.10.0.1

mgiuseppe86

R1 is configured with the IP 10.10.10.1 while R2 is configured with 10.120.10.1. This is noticeable because BGP speaks over port 179. So the destination port is attached to the destination IP as noted in the error log. This way we can determine the destination IP is accurate (B).

nushaduOptions: AB

cisco_R2#show running-config | section bgp router bgp 2 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor GR_AS3 peer-group neighbor GR_AS3 remote-as 3 neighbor GR_AS3 password cisco neighbor 192.168.255.3 peer-group GR_AS3 ! address-family ipv4 redistribute connected neighbor 192.168.255.3 activate neighbor 192.168.255.3 soft-reconfiguration inbound exit-address-family cisco_R2#

nushadu

cisco_R3#show running-config | section bgp router bgp 3 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor GR_AS2 peer-group neighbor GR_AS2 remote-as 2 neighbor GR_AS2 password 7 1511021F0725 neighbor 192.168.255.22 peer-group GR_AS2 neighbor 192.168.255.55 remote-as 5 ! address-family ipv4 redistribute connected neighbor GR_AS2 soft-reconfiguration inbound neighbor 192.168.255.22 activate neighbor 192.168.255.55 activate neighbor 192.168.255.55 soft-reconfiguration inbound neighbor 192.168.255.55 route-map to_R5 in exit-address-family cisco_R3#

nushadu

cisco_R3#show ip bgp summary | b Nei Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.255.22 4 2 9 14 44 0 0 00:04:14 3 192.168.255.55 4 5 42 59 44 0 0 00:32:39 3 cisco_R3#

Japsurd

Answer is correct. The port number used (179) also gives it away. But Cisco asking so many questions that are not in the OCG is breaking my spirit.

kismet99Options: AB

AB is correct. tested in EVENG

ds0321Options: DE

R1 is 10.10.0.1

dueOptions: AB

i think alarm TCP-6-BADAUTH` Invalid MD5 digest. the local router in inspector and found that Invalid. Local router should be destination (port 179). So, local router R1 is 10.120