Refer to the exhibit. The engineer configured and connected Router2 to Router1. The link came up but could not establish a Telnet connection to Router1 IPv6 address of 2001:DB8::1.
Which configuration allows Router2 to establish a Telnet connection to Router1?
The configuration problem preventing Router2 from establishing a Telnet connection to Router1 is the absence of an IPv6 address on the GigabitEthernet0/0 interface of Router1. Although Router1 has an IPv6 address configured, the interface is primarily configured with an IPv4 address. Adding an IPv6 address directly to the interface or correcting the existing configuration will allow Router2 to communicate over IPv6 and establish a Telnet connection.
Correct answer is B because when R1 will send nd ra to R2 for its autoconfig, its access-list INGRESS will drop it. LAB for test : R2#show ipv6 access-list IPv6 access list INGRESS permit ipv6 2001:DB8::/64 any (1 match) sequence 10 deny ipv6 2001:DB8::/32 any sequence 20 permit icmp any any (5 matches) sequence 30 R2#telnet 2001:db8::1 Trying 2001:DB8::1 ... Open R1>
RA are suppressed by the comand ipv6 nd ra suppress on the interface
You're right.. It stops that router from advertising but it doesnt stop it from responding to RA messages.. Add the icmp to the acl and it will be able to generate an ipv6 address since autoconfig is enabled. I also labbed to verify...
What message exactly contains address 2001:DB8::/32 in the source and what does it matter if what is forbidden is allowed by the line above? All of these messages should use link-local addresses (FE80::/64) as their source. I believe the results of your test, but how to explain it?
B is correct, permitting icmp on R2 enables it to receive RA with the prefix info and thus generate an IPv6 address. D works but the key here is to use the ipv6 address autoconfig feature rather the manual IPv6 address
tested in lab - A doesn't work, unless B is done. B by itself doesn't help without A D helps instantly. So it depends how many answers cisco wants on real exam - if one, then it is D, if two, then it is AB
Answer A + B or Answer D. A) We need to configure #ipv6 unicast-routing on R1, so it can start to send RA messages on the local segment. + B) permit ICMPv6 on access list INGRESS on R2 -> My assumption was that ipv6 acl implicit rules contain permition for ICMPv6 neighbor discovery protocol. I also read it on cisco learning network that these implicit entries exist at the end of each IPv6 ACL to allow neighbour discovery. Then I labbed this scenario in CML, and it turned out that in this case I need to explicitly add these lines to the ACL for NDP to work well. (At least on that IOS in CML.) permit icmp any any nd-na permit icmp any any nd-ns permit icmp any any router-advertisement permit icmp any any router-solicitation D) IPv6 address on GigabitEthernet0/0 -> The workaround if only one answer can be chosen.
Correct answer is D. A. it says the link came up, so is enable by default B. on IPv6 ACLs is enabled by default C. it has nothing to do with it D. is the only choice, but consider that there is a autonconfig command so withouht this it will work as well.
D would solve this question in instant
sorry my answer before, I thinking about this question for a while, and the correct answer is "D" and not "B". The key command is "ipv6 nd ra suppress" we are blocking RA ads on IPV6 and an ACL that allows ICMPv6 is not needed we are already blocking it. It's option "D"
MP_iBGP is correct. I also used a LAB and verified results. Debug *Dec 5 23:42:07.442: [IPv6 Input]IPv6RT[default]: ND, Added path FE80::C804:CFF:FEFE:1C/GigabitEthernet1/0 (A:0x1/F:0x0) *Dec 5 23:42:07.446: [IPv6 Input]IPv6RT[default]: ND, Route add 2001:DB8::/64 [new 2/0] *Dec 5 23:42:07.450: [IPv6 Input]IPv6RT[default]: ND, Added path ::/GigabitEthernet1/0 (A:0x1/F:0x0) *Dec 5 23:42:07.458: [IPv6 RIB Event Handler]IPv6RT[default]: Event: ::/0, Add, owner ND, previous None *Dec 5 23:42:07.466: [IPv6 RIB Event Handler]IPv6RT[default]: Event: 2001:DB8::/64, Add, owner ND, previous None
Answer B I wasn't sure, so I lab it myself as so many conflicting replies. I permitted icmp to the INGRESS acl and was R2 got an IPv6 address, and I was able to Telnet to R1.
it´s D the only thing we should configure is ipv6 on the interface instead of ipv4 only.
permit ipv6 nd na is on by default on IPv6 access-lists, unless you explicitly define a deny ipv6 any any. hence B is wrong, as there is no ipv6 ping deny in action here. D solves this problem. From OCG chapter 21: Recall that IPv6 relies on the Neighbor Discovery Protocol (NDP) NA (neighbor advertisement) and NS (neighbor solicitation) messages to determine the MAC address associated with an IPv6 address. Therefore, the implicit permit icmp nd entries for NA and NS messages have been added before the implicit deny any, so they are not denied: permit icmp any any nd-na permit icmp any any nd-ns They trying to trick you with B. Anwer is D.
B is correct, its configured for autoconfig, the ACL blocks R2 from getting the RA from R1.
B is correct
option B is correct: https://docs.ruckuswireless.com/fastiron/08.0.60/fastiron-08060-securityguide/GUID-4F7DBEAC-7D2F-4FE2-86A8-94C376D63B2E.html
correct answer is B. its not C because thats only blocking ipv4, and its not D because its using auto-discovery to assign v6 address
I would chose "B". Nothin works without "A", but we don't know whether it was inserted or not in both routers. C is definily not right. EGRESS2 is a IPv4 ACL and it's does not works for IPv6 packets. D Would not work because R2 would need use NDP to discover R1's MAC address, and NDP works with ICMP that is blocked by INGRESS ACL.
I forgot to mention one thing. The address of NDP and RS/RA packets are link-local address. Because of that the INGRESS ACL does not allow them in sequence 10.
A) #ipv6 unicast-routing -> Yes, I agree, normally it should be enabled first. Stil, setting ipv6 addresses manually is enough for a basic communication between directly connected neighbors. Just test it. B) permit ICMPv6 -> It is not needed if the ipv6 address is already configured manually. Setting an ipv6 address is enough for telnet to work.
"D" actually works. Test it. Setting an ipv6 address manually is enough for telnet to work. permit ICMPv6 is not necessary in this case, as NDP is not used for ipv6 address configuration here.
I have labed this, telnet works from R2 to R1 with exactly the same configuration when I enable ipv6 unicast-routing. So A is correct
To obtain an IPv6 address a client must be enable to receive icmpv6 particularly RA and to avoid duplicate address NA. B is the correct answer. ICMPv6 to avoid local troubles default enable values must be permitted.