Exam 350-501 All QuestionsBrowse all questions from this exam
Go to Exam
Question 344

SIMULATION -

Guidelines -

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Topology -

Tasks -

Configure the IS-IS routing protocol for R1, R2, and R3 according to the topology to achieve these goals:

1. Configure HMAC-MD5 authentication for R1, R2, and R3 links that form the IS-IS adjacency using the ISIS commands on the interfaces using these parameters:

• key-chain name: AUTH_ISIS

• key ID: 2

• password: C1sc0!

2. Configure ISIS metric on R1, R2, and R3 to:

• 15 for each level on all interfaces that form adjacency on router R1

• 20 for each level on all interfaces that form adjacency on router R2

• 25 for each level on all interface that form adjacency on R3

3. Configure IS-IS route redistribution for all static routes and connected interfaces on R1, R2, and R3.

    Correct Answer:

Discussion
EAS22

The routers have IPv6 on their interfaces. We may want to add metric wide for IPv6 af. It will be something like this: router isis 1 net 49.0000.0000.0000.0001.00 metric-style wide log-adjacency-changes all ! address-family ipv6 multi-topology exit-address-family interface range E0/0 ip router isis 1 ipv6 router isis 1 Regarding the Authentication, it really depend on what type of authentication they are asking in the exam, it could be Hello Authentication or Domain authentication or Area/LSP authentication. https://www.cisco.com/c/en/us/support/docs/ip/integrated-intermediate-system-to-intermediate-system-is-is/13792-isis-authent.html

picho707

key chain AUTH_ISIS key 2 key-string C1sc0! ! interface Loopback0 ip address 10.1.1.1 255.255.255.255 ipv6 address 2000:CC13:CC13:2011::1/128 ! interface Ethernet0/0 ip address 172.20.1.1 255.255.255.0 ip router isis ipv6 address 2000:CC13:CC13:2020::1/64 ipv6 router isis isis metric 15 level-2 ! interface Ethernet0/1 ip address 172.20.2.1 255.255.255.0 ip router isis ipv6 address 2000:CC13:CC13:2030::1/64 ipv6 router isis isis metric 15 level-2 ! router isis net 49.0000.0000.0001.00 authentication mode md5 level-1 authentication mode md5 level-2 authentication key-chain AUTH_ISIS level-1 authentication key-chain AUTH_ISIS level-2 metric-style wide redistribute connected redistribute static ip !

picho707

key chain AUTH_ISIS key 2 key-string C1sc0! ! interface Loopback0 ip address 10.2.2.2 255.255.255.255 ipv6 address 2000:CC13:CC13:2021::1/128 ! interface Ethernet0/0 ip address 172.20.1.2 255.255.255.0 ip router isis ipv6 address 2000:CC13:CC13:2020::2/64 ipv6 router isis isis metric 20 level-2 ! interface Ethernet0/2 ip address 172.20.3.2 255.255.255.0 ip router isis ipv6 address 2000:CC13:CC13:2040::2/64 ipv6 router isis isis metric 20 level-1 ! router isis net 49.0000.0000.0002.00 authentication mode md5 level-1 authentication mode md5 level-2 authentication key-chain AUTH_ISIS level-1 authentication key-chain AUTH_ISIS level-2 metric-style wide redistribute connected redistribute static ip

picho707

key chain AUTH_ISIS key 2 key-string C1sc0! ! interface Loopback0 ip address 10.3.3.3 255.255.255.255 ipv6 address 2000:CC13:CC13:2031::1/128 ! interface Ethernet0/1 ip address 172.20.2.3 255.255.255.0 ip router isis ipv6 address 2000:CC13:CC13:2030::3/64 ipv6 router isis isis metric 25 level-2 ! interface Ethernet0/2 ip address 172.20.3.3 255.255.255.0 ip router isis ipv6 address 2000:CC13:CC13:2040::3/64 ipv6 router isis isis metric 25 level-1 ! router isis net 49.0000.0000.0003.00 authentication mode md5 level-1 authentication mode md5 level-2 authentication key-chain AUTH_ISIS level-1 authentication key-chain AUTH_ISIS level-2 metric-style wide redistribute connected redistribute static ip

e98fa04

Question asks to configure authentication on interfaces not at the protocol level. Configuring a mismatch at the protocol level will just cause LSPs not to be accepted but the ISIS adjacency will still form so they are not the same thing. "Configure HMAC-MD5 authentication for R1, R2, and R3 links that form the IS-IS adjacency"

akm88

ipv6 unicast-routing key chain AUTH_ISIS key 2 key-string C1sco! interface Ethernet0/0 ip address 172.20.3.3 255.255.255.0 ip router isis ipv6 address 2000:CC13:CC13:2040::3/64 ipv6 router isis isis circuit-type level-1 isis metric 25 level-1 isis ipv6 metric 25 level-1 ! interface Ethernet0/1 ip address 172.20.2.3 255.255.255.0 ip router isis ipv6 address 2000:CC13:CC13:2030::3/64 ipv6 router isis isis circuit-type level-2-only isis metric 25 level-2 isis ipv6 metric 25 level-2 ! interface Ethernet0/2 ip address 30.30.30.30 255.255.255.0 ! interface Ethernet0/3 no ip address shutdown ! router isis net 49.0000.0000.0003.00 authentication mode md5 authentication key-chain AUTH_ISIS metric-style wide log-adjacency-changes all redistribute connected

akm88

key chain AUTH_ISIS key 2 key-string C1sco! ! ! ! ! ! cts logging verbose ! ! ! redundancy ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 172.20.3.3 255.255.255.0 ip router isis ipv6 address 2000:CC13:CC13:2040::3/64 ipv6 router isis isis circuit-type level-1 isis metric 25 level-1 isis ipv6 metric 25 level-1 ! interface Ethernet0/1 ip address 172.20.2.3 255.255.255.0 ip router isis ipv6 address 2000:CC13:CC13:2030::3/64 ipv6 router isis isis circuit-type level-2-only isis metric 25 level-2 isis ipv6 metric 25 level-2 ! interface Ethernet0/2 ip address 30.30.30.30 255.255.255.0 ! interface Ethernet0/3 no ip address shutdown ! router isis net 49.0000.0000.0003.00 authentication mode md5 authentication key-chain AUTH_ISIS metric-style wide log-adjacency-changes all redistribute connected

cerifyme85

Config below is wrong and misleading Only enable for interface or isis instance not both. if u did it for both, u would have issues.. isis gets confused.. Interface one below key chain AUTH_ISIS key 2 key-string cisco interface GigabitEthernet0/0 ip address 172.20.2.2 255.255.255.0 ip router isis 1 duplex auto speed auto media-type rj45 isis circuit-type level-1 isis authentication mode md5 isis authentication key-chain AUTH_ISIS router isis 1 net 49.0000.0000.0000.0002.00 log-adjacency-changes

cerifyme85

ALso metric is applied per router for all levels.. Eg R1: isis metric cost 15 level-2 isis metric cost 15 level-1