Examice

Exam 300-410 All QuestionsBrowse all questions from this exam

Go to Exam

Question 80

R1 and R2 are configured as eBGP neighbors. R1 is in AS100 and R2 is in AS200. R2 is advertising these networks to R1:

172.16.16.0/20

172.16.3.0/24

172.16.4.0/24

192.168.1.0/24

192.168.2.0/24

172.16.0.0/16

The network administrator on R1 must improve convergence by blocking all subnets of 172.16.0.0/16 major network with a mask lower than 23 from coming in.

Which set of configurations accomplishes the task on R1?

ip prefix-list PL-1 deny 172.16.0.0/16 ge 23 ip prefix-list PL-1 permit 0.0.0.0/0 le 32 ! router bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in

ip prefix-list PL-1 deny 172.16.0.0/16 le 23 ip prefix-list PL-1 permit 0.0.0.0/0 le 32 ! router bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in

ip prefix-list PL-1 deny 172.16.0.0/16 ip prefix-list PL-1 permit 0.0.0.0/0 ! router bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in

access-list 1 deny 172.16.0.0 0.0.254.255 access-list 1 permit any ! router bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 distribute-list 1 in

Correct Answer: A

To block all subnets of 172.16.0.0/16 with a mask lower than 23, you must list the subnets that are larger, i.e., with masks 23 and below. The correct prefix-list uses the 'ge' (greater than or equal to) keyword to accomplish this. Therefore, 'ip prefix-list PL-1 deny 172.16.0.0/16 ge 23' will deny all routes in the 172.16.0.0/16 block with subnets that have a mask 23 and smaller (which includes masks higher than /16 and up to /22). This effectively blocks the desired range of subnets as specified. The configuration listed in option A achieves this.

Discussion

Cyril_the_SquirlOption: B

It looks like nobody has read the question :-) The answer is B

Pietjeplukgeluk

If actually agree here, blocking the "less specific" routes also reduces advertised routes. And the " mask lower than 23" is clearly stating 23 and lower. As the question is stupid, i agree, and anyone picking A has a point, it makes more sense, but anyway, it is not the question.

kaupz

a mask lower than 23 - this means mask 22, 21, 20 ... 16 - I would go for B. But ofcourse IRL you would do the other way around.

HarwinderSekhon

CCNP is more of English exam vs networking :P

chris110Option: B

To block all subnets of 172.16.0.0/16 with a mask lower than 23 from coming in on R1, you can use either a prefix-list or an access list. Let's evaluate the provided options: A. This option uses a prefix-list and denies subnets of 172.16.0.0/16 with a mask greater than or equal to 23. This is incorrect because you want to block subnets with a mask lower than 23. B. This option uses a prefix-list and denies subnets of 172.16.0.0/16 with a mask less than or equal to 23. This is the correct option because it matches the requirement. C. This option uses a prefix-list but doesn't specify the mask length in the deny statement, so it would not block any specific subnets within 172.16.0.0/16. D. This option uses an access list but denies subnets of 172.16.0.0/16 with a mask of 0.0.254.255, which is not the correct mask to block subnets with a mask lower than 23. So, the correct configuration is option B

chris110

ip prefix-list PL-1 deny 172.16.0.0/16 le 23 ip prefix-list PL-1 permit 0.0.0.0/0 le 32 router bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in This configuration will block all subnets of 172.16.0.0/16 with a mask lower than /23 from being advertised from R2 to R1.

[Removed]Option: A

As said in other comments. This seems to be an english trick question. But like Dacusai explained: When talking about a network that is lower (smaller) than /23, then you have to think of prefix /24 through /32, these broadcast domains are smaller than the broadcast domain of a /23 prefix. If we block network 172.16.0.0/16 prefix less than or equal to /23, then we are blocking /22, /21, /20, etc, up to /16 and permitting everything else. These network are very large network and we are left with what would be a large RIB of /24 networks. This does not improve convergence. I also got tricked into it and initially answered B.

dapardoOption: B

1. **172.16.0.0/16 major network**: This indicates a network with an IP range from 172.16.0.0 to 172.16.255.255. The "/16" signifies that the first 16 bits of the IP address are used for the network portion, leaving the remaining bits for host addresses. 2. **Mask lower than 23**: The term "mask" refers to the subnet mask, which determines how many bits are used for the network portion of an IP address. A mask lower than 23 means subnets that have more than 9 bits (32 - 23 = 9) for host addresses. In other words, subnets with a subnet mask such as /17, /18, /19, /20, /21, or /22. These subnets would be larger than those with a /23 subnet mask. 3. **Blocking from coming in**: This indicates setting up a rule to prevent these subnets from accessing the network or resource.

dapardo

BTW, hate the wording on this question, have to investigaste a Lot to be sure about B

DefiletOption: B

We have to block all subnets of 172.16.0.0/16 with mask less that 23 and from the list we have just two subnets to correspond to the subnet. 172.16.16.0/20 and 172.16.0.0/16 Why to choose to block from ge 23 and beyond which means to allow what we actually have to block as per task?

Commando1664Option: B

How can it be A when it says pemit 172.16.0.0/16 with a subnet mask greater than or equal to 23...It's B.

ZamanROption: A

A is the correct answer “Blocking all subnets of 172.16.0.0/16 major network with a mask lower than 23 from coming in” would block 172.16.16.0/20. The first prefix-list “ip prefix-list PL-1 deny 172.16.0.0/16 le 23” means “all networks that fall within the 172.16.0.0/16 range AND that have a subnet mask of /23 or less” are denied. The second prefix-list “ip prefix-list PL-1 permit 0.0.0.0/0 le 32” means allows all other prefixes.

night_wolf_inOption: B

Block subnets smaller than 23, meaning 24,25, etc. https://www.ciscozine.com/cisco-prefix-lists/

inteldarvidOption: B

the answer correct is B, because is lower than /23 is similar (le 23). Option B

sajjad_gayyemOption: B

I guess lower than 23 mean 22 and 21.

Almylle

Im not sure, lower subnets mean 23, 24, 25 ,26 and so on, so in this case means ge in the prefix list

SeMo0o0o0Option: B

B is correct

louisvuitton12Option: A

In summary, any subnet mask with a number higher than 23 (like /24, /25, /26, etc.)

BTK0311Option: B

The best configuration to block all subnets of the 172.16.0.0/16 major network with a mask lower than /23 from being advertised by R2 to R1 is option B: B. ip prefix-list PL-1 deny 172.16.0.0/16 le 23 ip prefix-list PL-1 permit 0.0.0.0/0 le 32 ! router bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in This configuration uses a prefix-list (PL-1) to deny routes with a prefix length less than or equal to /23 from the 172.16.0.0/16 major network. It then permits all other routes. The prefix-list PL-1 is applied to the BGP neighbor 192.168.100.2 in the inbound direction using the prefix-list PL-1 in command. Option A, C, and D either don't specify the correct prefix-list filtering criteria or use access-lists, which are not the most appropriate for this task. Option B aligns with the requirement to block subnets with a mask lower than /23 from the major network.

JieWOption: A

Ge 23 Le 32 means 23-32. when it states lower than a subnet, it means lower number. i encourage all to research what that means. https://learningnetwork.cisco.com/s/question/0D53i00000Kt3t5CAB/ge-le

siyamakOption: B

The answer is B

inteldarvidOption: A

Sorry, i understand the option correct is A