A. It is the path between two telephones.

B. It is the RTP sessions between the endpoints.

C. It is a connection between an endpoint and the call agent.

D. It is two or more endpoints sharing the same Call ID and the same media stream.

Answer: D

QUESTION NO: 37 Which of the following are CS-ACELP coding schemes? (Choose two)

A. G.711

B. G.728

C. G.729

D. Q.931

E. G-729A

Answer: C, E

QUESTION NO: 38 To which layer of the OSI model does Q.921 signaling equates to in ISDN?

A. Session

B. Network

C. Transport

D. Data-Link

E. Application

Answer: D

QUESTION NO: 39 You are the network engineer at TestKing. The TestKing ISDN network has two PBX systems from different manufactures.

Which protocol allows functionality between these two PBX systems?

A. QSIG

B. Q.921

C. Q.931

D. T-CCS

Answer: A

QUESTION NO: 40 You are the network technician at TestKing. Your newly appointed TestKing trainee wants to know which application conveys fax using T.37 fax relay.What will your reply be?

A. IVR

B. TCL

C. TIFF

D. SNMP

E. SMTP

Answer: E

QUESTION NO: 41 What type of multiplexing is packet switching an example of?

A. Statistical

B. Time division

C. Phase division

D. Frequency division

Answer: A

QUESTION NO: 42 You are the network technician at TestKing. Your newly appointed TestKing trainee wants to know which signal types are used by E&M.

What will your reply be?

A. wink start, delay start, and loop start

B. wink start, loop start, and immediate start

C. wink start, delay start, and immediate start

D. delay start, and loop start, and immediate start

Answer: C

QUESTION NO: 43 Which application allows you to communicate to multiple remote offices simultaneously?

A. IP Phone

B. IP Centrex

C. Toll Bypass

D. Multi-tenant

E. Hoot and Holler

Answer: E

QUESTION NO: 44 You are the network technician at TestKing. Your newly appointed TestKing trainee wants to know what the attributes of a scalable dialing plan are.

What will your reply be? (Choose four)

A. Logic distribution

B. Hierarchical design

C. Simplicity in provisioning

D. Reduction in pre-dial delay

E. reduction in post-dial delay

Answer: A, B, C, E

QUESTION NO: 45 What happens if no incoming dial peer matches a router or gateway?

A. The incoming call leg takes an alternate path.

B. The incoming call leg matches the default dial peer.

C. The incoming call leg sends a busy to the originator.

D. The incoming call leg is denied and the call is dropped.

Answer: B

QUESTION NO: 46 What is the recommended configuration for the transmit interface in switchwide queuing?

A. CoS

B. PFC

C. FIFO

D. TIFF

E. 2Q1T

Answer: E

QUESTION NO: 47 Which of the following QoS measures affect the outbound queue when implemented?

(Choose three.)

A. LLQ

B. RSQ

C. WFQ

D. FIFO

E. FRF.12

F. CBWFQ

Answer: A, C, F

QUESTION NO: 48 On what is traffic engineering for voice based?

A. Peak of service.

B. Class of service.

C. Grade of service.

D. Speed of service.

E. Quality of service.

Answer: C

QUESTION NO: 49 You are the Voice technician at TestKing. The TestKing network uses VoIP. Your newly appointed TestKing trainee wants to know what the modes of the playout delay buffer are.

What will your reply be?

A. Percent and Unit.

B. Nominal and Full.

C. Dynamic and Static.

D. Smooth and Serrated.

E. Minimum and Maximum.

Answer: C QUESTION NO: 50 You are the network engineer at TestKing. TestKing has its headquarters in New York and a branch office in Delaware. In the branch office, one VoIP dial-peer has been configured to point to headquarters over a low speed serial link. You want to limit the maximum number of concurrent calls to 3.

Which command would you use?

A. interface serial 3/3 ip rsvp bandwidth 3

B. interface serial 3/3 max-con 3

C. dial-peer voice 1000 voipmax-conn 3

D. dial-peer voice 1000 voip max-concurrent 3

E. dial-peer voice 1000 voipip rsvp neighbor 3

Answer: C

QUESTION NO: 51 In a campus network, which of the following are categories for QoS?

A. Separation of queues, queue scheduling, and pruning of queues

B. Pruning of queues, and marking control and management traffic

C. Queue scheduling, pruning of queues and marking control and management traffic

D. Separation of queues, queue scheduling, and marking control and management traffic

Answer: D

QUESTION NO: 52 You are the network technician at TestKing. Your newly appointed TestKing trainee wants to know when glare occurs.

What will your reply be?

A. When echo cancellers fail to synchronize.

B. When two phones go off-hook at the same time.

C. When two optical wavelengths collide in the same fiber.

D. When both ends of a telephone line or trunk experience echo.

E. When both ends of a telephone line or trunk are seized by different users.

Answer: E

QUESTION NO: 53 What will happen when a network link is oversubscribed?

A. The link goes down.

B. All voice calls suffer.

C. Voice packets are fragmented.

D. Excess voice calls are dropped.

E. Data packets are given priority.

Answer: B

QUESTION NO: 54 Your newly appointed TestKing trainee wants to know what CAC applies to.

What will your reply be?

A. Latency

B. Data traffic

C. Voice traffic

D. TCP networks

E. Voice and data traffic

Answer: C

QUESTION NO: 55 You are the network engineer at TestKing. Your newly appointed TestKing trainee wants to know under which standard the fragmentation for VoIP over Frame Relay is defined. What will your reply be?

A. FRF.5

B. FRF.6

C. FRF.9

D. FRF.11

E. FRF.12

Answer: E

QUESTION NO: 56 You are the network engineer at TestKing. TestKing is using LLQ on the serial interface 3/3 on the TestKing router. You want to verify the status if LLQ on the interface.

Which command would you use?

A. show class 11q

B. show interface serial 3/3

C. show queue interface serial 3/3

D. show interface serial 3/3 class 11q

E. show policy-map interface serial 3/3

Answer: E

QUESTION NO: 57 You are the network engineer at TestKing. You are implementing Frame Relay traffic shaping on the TestKing network. Your newly appointed TestKing trainee wants to know why Frame Relay traffic shaping is important.

What will your reply be?

A. It ensures that excess traffic above the CIR on the link is dropped.

B. It ensures that voice packets are not trapped behind large data packets.

C. It ensures that the priority of the voice packet is higher than the data packets.

D. It ensures that the RTP headed is reduced in size to reduce the overall size of the voice packet.

E. It ensures that excess traffic above the CIR on the link is not dropped, but is buffered and sent when there is capacity on the link.

Answer: E

QUESTION NO: 58 You are the network engineer at TestKing. TestKing has its headquarters in New York and a branch office in Delaware. The branch office is using a 128 kbps Frame Relay link to connect to headquarters. You want to ensure good voice quality on this link.

Which two QoS mechanisms should you implement on the Frame Relay interface? (Choose two.)

A. CIR

B. LLQ

C. WFQ

D. WRED

E. Fragmentation

Answer: B, E

QUESTION NO: 59 What component can be used to compensate for jitter?

A. FIFO queuing

B. Ethernet hubs

C. DSP algorithms

D. Playout delay buffer

E. Transmission medium

Answer: D

QUESTION NO: 60 In accordance with the G.114 standard, which of the following delay ranges is acceptable?

A. 0 – 150 ms

B. 0 – 250 ms

C. 0 – 300 ms

D. 0 – 400 ms

E. 0 – 500 ms

Answer: A

QUESTION NO: 61 You are the network technician at TestKing. Your newly appointed TestKing trainee wants to know what factors affects audio quality.

What will your reply be?

A. Echo and delay variation

B. Infidelity and delay variation

C. Echo and playout delay buffer

D. Infidelity and transmission medium

Answer: A

QUESTION NO: 62 What could happen if the playout delay buffer size is configured too large?

A. The overall echo on the connection may rise to unacceptable levels.

B. The overall delay on the connection may rise to unacceptable levels.

C. The overall stress on the connection may rise to unacceptable levels.

D. The overall volume on the connection may rise to unacceptable levels.

Answer: B

QUESTION NO: 63 You are the network technician at TestKing. Your newly appointed TestKing trainee wants to know what TCP
’
s reliable deliver service provides.

What will your reply be?

A. Connectionless service, flow control, sequenced delivery, and automatic error recovery

B. Flow control, sequenced delivery, automatic error recovery, and transmission window management

C. Unregulated send rate, automatic error recovery, and transmission window management

D. Connectionless service, unregulated send rate, automatic error recovery, and transmission window management

Answer: B

QUESTION NO: 64 You are the Voice technician at TestKing, Inc. You want to deploy an IP telephony solution for the company. The TestKing network is currently a traditional LAN/WAN based on Frame Relay.

Your CEO has read about the issues of converging both data and voice traffic onto a single network. She is concerned about the quality of their calls that need to cross the WAN in particularly.

What would you need to implement to ensure QoS for VoIP over Frame Relay?

A. Traffic shaping, priority queuing, Call Admission Control, and Class Based Weighted Fair Queuing

B. Traffic shaping, priority queuing, Call Admission Control, and Weighted Random Early Detection

C. Fragmentation, traffic shaping, priority queuing, Low Latency Queuing, and link efficiency with cRTP.

D. Fragmentation, traffic shaping, priority queuing, Call Admission Control, and Weighted Random Early Detection

Answer: C

QUESTION NO: 65 You are the network engineer at TestKing. TestKing has its headquarters in New York and branch offices in Delaware, Detroit and Denver. You have deployed VoIP over the TestKing WAN. TestKing user at headquarters complain that early in the day, the quality of calls between headquarters and the branch offices is very good, but as the day progresses and more calls are placed to the branch offices, the quality degrades.

The TestKing network is using RSVP. The WAN bandwidth to the branch offices allows 4 calls to the Delaware office, 6 calls to the Detroit office, and 8 calls to the Denver office. You want to verify the configuration of Call Admission Control on the headquarters router.

What command should you use?

A. show call cac conf

B. show call rsvp-sync logs

C. show call rsvp-sync conf

D. show call rsvp-sync stats

E. show call rsvp-sync events

Answer: C

QUESTION NO: 66 Which of the following is the worst-case compression delay for CD-ACELP?

A. 2.5 ms

B. 5 ms

C. 7.5ms

D. 10 ms

E. 20 ms

Answer: E

QUESTION NO: 67 What type of connection is considered a call leg?

A. A digital connection

B. A virtual connection

C. A logical connection

D. A physical connection

E. A hardwired connection

Answer: C

QUESTION NO: 68 You are the network engineer at TestKing. TestKing has its headquarters in New York and a branch office in Delaware. Users at headquarters must be able to call users at the branch office and users at the branch office must be able to call headquarters.

How many dial peers must you configure to meet these requirements?

A. 1

B. 2

C. 3

D. 4

E. none

Answer: D

QUESTION NO: 69 You are the network engineer at TestKing. TestKing has an IP network. Your newly appointed TestKing trainee wants to know which issues would adversely affect voice quality on the TestKing network.

What will your reply be?

A. Jitter, delay, and packet loss

B. Jitter, prioritization, and acknowledgment

C. Prioritization, delay, and delivery guarantee

D. Packet loss, acknowledgment, and delivery guarantee

Answer: A QUESTION NO: 70 What is the biggest issue affecting voice transport when you implement IPSec VPNs in a converged network?

A. Hop count.

B. Using G.729 as the codec.

C. Throughput considerations.

D. Ensuring only software encryption is running.

Answer: C

QUESTION NO: 71 What factors must be considered in the overall design when implementing an IPSec VPN for transport of voice?

A. Port numbers and added delay.

B. Added delay and added overhead.

C. Port numbers and longer dial plan.

D. Port numbers and added overhead.

E. Added overhead and longer dial plan.

Answer: D

QUESTION NO: 72 You are the network technician at TestKing. VoIP is implemented on the TestKing network. Your newly appointed TestKing trainee wants to know what this implementation uses to carry the payload across the network.

What will your reply be?

A. Only RTP

B. Only UDP

C. UDP inside RTP

D. RTP inside UDP

Answer: D

QUESTION NO: 73 What does the PBX use to determine the destination of a call?

A. An ISDN ANI packet

B. A blocked/permitted call list

C. An analysis of the dialled digits

D. Historic requests from the specific phone extension

Answer: C

QUESTION NO: 74 You are the network technician at TestKing. VoIP is implemented on the TestKing network. Your newly appointed TestKing trainee wants to know what is used to carry VoIP voice packets on this network.

What will your reply be?

A. ICMP/IP

B. RTP/TCP

C. RTP/UDP

D. STP/UDP

E. RTP/RCMP

Answer: C

QUESTION NO: 75 Which lower layer protocol does the Real-Time Protocol (RTP) use?

A. TCP

B. UDP

C. WDP

D. HTTP

E. RTCP

Answer: B

QUESTION NO: 1 You are the voice technician at TestKing. TestKing has its offices in Great Britain. You need to install a Cisco router to support IP Telephony services with direct-connected analog phones. You need to emulate the local PSTN provider.

What FXS port parameter do you need to change?

A. Pulse

B. Signal

C. Cptone

D. Busyout

E. Description

Answer: C

QUESTION NO: 2 TestKing distributes computer components and has warehouses in New York and Chicago. Headquarters is located in Washington, DC. To keep costs low, all inside sales associates are located at headquarters.

Your want to provide a direct analog telephone connection to the inside sales teams from the pick-up counters at the warehouses. This connection should not require the inside sales teams to dial any digits.

One of the warehouses is having a problem with their sales phone.

You receive the following output:

altwhse#show voice port 1/0:1

Foreign Exchange Office

Type of VoicePort is E&M

Operation State is DORMANT

Administrative State is UP

The Last Interface Down Failure Cause is Administrative Shutdown

Description is not set

Noise Regeneration is enabled

Non Linear Processing is enabled

Music On Hold Threshold is Set to –38 dBm In Gain is Set to 0 dB Out Attenuation is Set to 0 dB Echo Cancellation is enabled Echo Cancel Coverage is set to 8 ms Connection Mode is plar Connection Number is 2000 Initial Time Out is set to 10 s Interdigit Time Out is set to 10 s Call-Disconnect Time Out is set to 60 s Ringing Time Out is set to 180 s Region Tone is set for US

What is the cause of the problem?

A. VoicePort type is incorrect.

B. Echo cancellation is enabled.

C. Connection Number is not required.

D. Interdigit Time Out is set to 10 seconds.

Answer: A

QUESTION NO: 3 You are the Voice technician at TestKing. Your newly appointed TestKing trainee wants to know what types of trunks Cisco support with the connection trunk command.

What will your reply be? (Choose three)

A. FXS to FXS trunks, FXS to FXO trunks, and FXS to E&M trunks

B. FXS to FXS trunks, FXS to FXO trunks, and E&M to E&M trunks

C. FXS to FXS trunks, FXO to FXO trunks, and E&M to E&M trunks

D. FXO to FXS trunks, FXO to FXO trunks, and E&M to E&M trunks

E. FXS to FXS trunks, FXS to E&M trunks, and E&M to E&M trunks

Answer: B

QUESTION NO: 4 What happens if no incoming dial peer matches a router or gateway?

A. The incoming call leg takes an alternate path.

B. The incoming call leg matches the default dial peer.

C. The incoming call leg sends a busy to the originator.

D. The incoming call leg is denied and the call is dropped.

Answer: B

QUESTION NO: 5 You are the network engineer at TestKing. TestKing has its headquarters in New York and a branch office in New Hamshire. You want to configure a permanent connection between the PBX at headquarters and the PBX at the branch office.

The following configuration is used at the New York site:

dial-peer voice 20 pots  destination-pattern 20  port 1.0:1

dial-peer voice 41 voip  destination-pattern 41 session target ipv4:10.2.0.20

The following configuration is used at the New Hamshire site:

dial-peer voice 40 pots  destination-pattern 41  port 1.0:1

dial-peer voice 20 voip  destination-pattern 20 session target ipv4:10.4.1.41

What must be added to the voice port configuration at the New York site?

A. connection trunk 20

B. connection trunk 41

C. connection tie-line 20

D. connection tie-line 41

Answer: B Explanation: You must specify the same number in the connection trunk voice port command as in the appropriate dial peer destination-pattern command in order to create a permanent trunk.

QUESTION NO: 6 TestKing sells managed IP Phone service to businesses in multi-tenant units. TestKing has POPs in many cities, so all of their dial peer patterns are based on 10 digit numbers. Users dial 9 for local calls, followed by the 7 digital local number.

The following dial peer has been configured in a New York POP:

dial-peer voice 595 pots  destination-pattern 595  port 1/0:24

A user dials a local number, 9-638-4422. What command must be configured in the gateway to allow the call to complete?

A. prefix 595

B. forward-digits 7

C. rule 1 9…….595…….

D. forward 9…….595…….

E. num-exp 9…….595…….

Answer: E

QUESTION NO: 7 You are the Voice technician at TestKing. Your newly appointed TestKing trainee wants to know what configuration would define a destination pattern for all of the 1000 and 2000 range of extensions starting with the numbers 555.

What will your reply be?

A. 5551…

B. 5552…

C. 555[1-2]…

D. 555[100-200]…

E. 555[1000-2000]…

Answer: C

QUESTION NO: 8 You are the Voice technician at TestKing. The TestKing network uses RTCP. Your newly appointed TestKing trainee wants to know what RTCP does.

What will your reply be?

A. It provides independent services irrespective of RTP.

B. It provides compression techniques to save bandwidth.

C. It provides in-band control information for an RTP flow.

D. It provides out-of-band control information for an RTP flow.

Answer: D Explanation: RTCP provides out-of-band control information for an RTP flow.

QUESTION NO: 9 You are the Voice technician at TestKing. The TestKing network uses VoIP. Your newly appointed TestKing trainee wants to know what the disadvantage of using VoIP rather than VoFR or VoATM are.

What will your reply be?

A. Data can arrive out of sequence.

B. Networks are complicated to design.

C. Data units can arrive out of sequence.

D. Network failures are not automatically found.

Answer: C

QUESTION NO: 10 You are the network engineer at TestKing. You have configured real-time call control processing on the TestKing VoIP network. You want to verify this configuration.

What command should you use?

A. debug voip rtcp

B. debug call control

C. debug voip ccapi inout

D. debug voip call control

E. debug voice call control

Answer: C

QUESTION NO: 11 You are the network engineer at TestKing. Your newly appointed TestKing trainee wants to know what a voice gateway is.

What will your reply be?

A. It is a device that connects two dissimilar networks.

B. It is a device that transports voice and restricts data.

C. It is a device that can support only a distributed call processing model.

D. It is a device that cannot be connected to the traditional PSTN network.

Answer: B

QUESTION NO: 12

TestKing has its headquarters in New York and branch offices in Delaware, Detroit and Denver. Each office has an analog phone at each location. These phones are connected to an FXS port on the on-site router. The Finance department at the Denver office is unable to make any phone class from these analog phones.

You receive the following output:

2611#s voice port 1/0/0

Foreign Exchange Station 1/0/0 Slot is 1, Sub-unit is 0,

Port is 0

Type of VoicePort is FXS

Operation State is DORMANT

Administrative State is UP

No Interface Down Failure

Description is not set

Noise Regeneration is enabled

Non Linear Processing is enabled

Non Linear Mute is disabled

Non Linear Threshold is –21 dB

Music On Hold Threshold is Set to 38 dBm

In Gain is Set to 0 dB

Out Attention is Set to 3 dB

Echo Cancellation is enabled

Echo Cancellation NLP mute is disabled

Echo Cancellation NLP threshold is –21 dB

Echo Cancel Coverage is set to default

Playout-delay Mode is set to default

Playout-delay Nominal is set to 60 ms

Playout-delay Maximal is set to 200 ms

Playout-delay Minimum mode is set to default, value 40 ms

Playout-delay Fax is set to 300 ms

Connection Mode is normal

Connection Number is not set

Initial Time Out is set to 10 s

Interdigit Time Out is set to 10 s

Call Disconnect Time Out is set to 60 s

Ringing Time Out is set to 180

Wait Release Time Out is set to 30 s

Companding Type is u-law

Region Tone is set for US

Analog Info Follows:

Currently processing none

Maintenance Mode Set to None (not in mtc mode)

Number of signaling protocol errors are 0

Impedance is set to 600r Ohm Station name None, Station number None

Voice card specific Info Follows: Signal Type is groundStart Ring Frequency is 25 Hz Hook Status is On Hook Ring Active Status is inactiveRing Ground Status is inactiveTip Ground Status is inactive Digit Duration Status is inactive Digit Duration Timing is set to 100 ms InterDigit Duration Timing is set to 100 ms No disconnect acknowledge Ring Cadence is defined by CPTone Selection Ring Cadance are [20 40] * 100 msec

2611#

What is the cause of this problem?

A. The cptone is incorrect

B. The dial-type is incorrect

C. The signal type is incorrect

D. The playout-delay is incorrect

E. The disconnect-ack is incorrect

Answer: C

QUESTION NO: 13 You are the network engineer at TestKing. TestKing has been using the following dial peer codec command:

Codec g729r8

You reconfigure the dial peers with the following command:

Codec g729ar8 bytes 10

How will this reconfiguration affect the voice network bandwidth and delay characteristics? (Choose two.)

A. There will be no change.

B. Delay will increase on a per call basis.

C. Delay will decrease on a per call basis.

D. Bandwidth consumption will decrease on a per call basis.

E. Bandwidth consumption will increase on a per call basis.

Answer: C, E

QUESTION NO: 14 You are the network engineer at TestKing. Your newly appointed TestKing trainee wants to know which features render VAD ineffective.

What will your reply be? (Choose two.)

A. Fax

B. CNG

C. Call waiting

D. Music on hold

E. Call forwarding

Answer: A, D

QUESTION NO: 15 You are the VoIP engineer at TestKing. A TestKing user complains that she gets a busy tone instead of a dial tone when she tries to call another user. You want to troubleshoot this problem.

What command should you use?

A. show voice dsp

B. show voice path

C. show voice connection

D. show voice port summary

E. show dial-peer voice summary

Answer: A

QUESTION NO: 16 You are the Voice engineer at TestKing. Your newly appointed TestKing trainee wants to know what compressed RTP does.

What will your reply be?

A. It significantly reduce packet delay

B. It significantly reduce total bandwidth

C. It significantly reduce Frame Relay overhead

D. It significantly reduce the total number of packets

Answer: B

QUESTION NO: 17 You are the network engineer at TestKing. TestKing has its offices in London. You are installing a voice gateway.

What do you need to verify? (Choose two.)

A. The PSTN standards in England.

B. Encryption capabilities legalities.

C. The service provider installing the gateway.

D. Supplementary service including fax and modem.

Answer: A, B

QUESTION NO: 18 What identifies an MGCP endpoint?

A. A two part identifier that consists of the telephone number and local name of the user.

B. A two part identifier that consists of the telephone number and remote name of the user.

C. A two part identifier that consists of the domain name of the user and the IP address of the gateway.

D. A two part identifier that consists of the local name of the user and the domain name of the gateway.

Answer: D

QUESTION NO: 19 You are the network engineer at TestKing. You to connect a Cisco voice gateway to a PBX or the PSTN via ISDN (PRI, QSIG, BRI).

What are two attributes of the PBX/PSTN switch that must be known to understand which features to configure on the voice gateway to connect successfully to it? (Choose two)

A. Whether Q.921 or Q.931 is supported by the PBX/PSTN switch.

B. Whether Symmetric mode is supported by the PBX/PSTN switch.

C. Which PRI/BRI switch-type is supported by the PBX/PSTN switch.

D. Whether network or user side is supported by the PBX/PSTN switch.

E. Whether wink, delay dial, or immediate dial is supported by the PBX/PSTN switch.

Answer: C, D

QUESTION NO: 20 Your newly appointed TestKing trainee wants to know what protocol negotiates the codec type for H.323 sessions.

What will your reply be?

A. H.225

B. H.245

C. Q.931

D. Q.932

E. H.320

Answer: B

QUESTION NO: 21 You are the Voice technician at TestKing. Your newly appointed TestKing trainee wants to know what request method initiates a SIP call setup.

What will your reply be?

A. ACK

B. INVITE

C. OPTIONS

D. REGISTER

E. DISCOVER

Answer: B

QUESTION NO: 22 You are the network engineer at TestKing. You want to verify the registration of the gateway with the call agent.

Which show command should you use?

A. show mgcp

B. show call agent

C. show gateway mgcp

D. show endpoint mgcp

E. show call active voice

Answer: A

QUESTION NO: 23 You are the Voice technician at TestKing. Your newly appointed TestKing trainee wants to know what makes it possible for gatekeepers to communicate with each other.

What will your reply be?

A. RTP

B. RAS channel

C. call signaling channel

D. H.245 control channel

E. Q.931 control channel

Answer: B

QUESTION NO: 24 What does gateway require to function as a translating gateway?

A. The capacity to translate the audio.

B. The ability to recognize the call control procedures of both connecting endpoints.

C. The ability to establish separate RTP sessions with the originating and terminating endpoints.

D. The ability to recognize the call control procedures for at least one of the connecting endpoints.

Answer: B

QUESTION NO: 25 You are the Voice engineer at TestKing. Numerous TestKing users complain that they are unable to complete calls through the MGCP network. You want to verify the extent of the problem by reviewing a count of the successful and unsuccessful control commands.

Which command should you use?

A. show mgcp

B. show mgcp count

C. show mgcp statistics

D. show call active voice

E. show call history voice

Answer: C

QUESTION NO: 26 Which of the following call control models are based on decentralized call control? (Choose two.)

A. SIP

B. CAS

C. H.323

D. Q.931

E. MGCP

Answer: A, C

QUESTION NO: 27 You are the Voice engineer at TestKing. TestKing has an H.323 gatekeeper. Your newly appointed TestKing trainee wants to know what functions are supported by this gatekeeper.

What will your reply be? (Choose four.)

A. It provides services to registered endpoints.

B. It converts an alias address to an IP address.

C. It responds to bandwidth requests and modifications.

D. It provides translation between audio, video, and data formats.

E. It provides conversion between call setup signals and procedures.

F. It limits access to network resources based on call bandwidth restrictions.

G. It provides conversion between communication control signals and procedures.

Answer: A, B, C, F

QUESTION NO: 28 You are the network engineer at TestKing. You are configuring a connection to a SIP proxy server.

Which command would you use to specify the IP address of the server?

A. sip-ua  sip-server ipv4:1.2.3.4

B.      sip-ua  sip-server target:1.2.3.4

C.      dial-peer voice 1 voip session target sip:1.2.3.4

D.      dial-peer voice 1 voip session target sip-server:1.2.3.4

Answer: A

QUESTION NO: 29 With regard to SIP and SDP, which of the following statements is true?

A. SIP is similar to RAS and SDP is similar to RTP

B. SIP is similar to RTP and SDP is similar to RAS

C. SIP is similar to H.225 and SDP is similar to H.245

D. SIP is similar to H.245 and SDP is similar to H.323

E. SIP is similar to H.323 and SDP is similar to H.225

Answer: C

QUESTION NO: 30 You are the Voice technician at TestKing 60. Your newly appointed TestKing trainee wants to know on what type of port you would set impedance.

What will your reply be?

A. T1

B. E1

C. FXS

D. FXO

E. E&M

Answer: D

QUESTION NO: 31 You are the network engineer at TestKing. You are deploying an IP telephony solution using MGCP. The call agent expects the gateway to use UDP port 2427 but an application on the TestKing network is already using that port. You want to use port 4662 instead.

Which command would allow you to change the UDP port that the call agents and gateway communicate on?

A. Router(config)# mgcp UDP 4662

B. Router(config)# mgcp gateway 4662

C. Router(config)# mgcp call-agent 4662

D. Router(config-dial-peer)#application MGCPAPP 4662

E. Router(config)# mgcp default-package gm-package 4662

Answer: C

QUESTION NO: 32 Upon which protocol model is the SIP protocol based?

A. HTML

B. H.323

C. Q.931

D. MGCP

E. HTPP/WWW

Answer: E

QUESTION NO: 33 You are the network engineer at TestKing. Your newly appointed TestKing trainee wants to know how an endpoint determines the address of the gatekeeper.

What will your reply be? (Choose two.)

A. The endpoint issues a GCP.

B. The endpoint issues a GRQ.

C. The endpoint queries the registrar server.

D. The endpoint is preconfigured to recognize the domain name or IP address of its gatekeeper.

Answer: B, D

QUESTION NO: 34 You are the network engineer at TestKing. The TestKing network is shown in the following exhibit:

If the show gatekeeper calls command shows a total of five active calls on the gatekeeper, how many call legs would the show call active voicecommand display on Gateway A?

A. 2

B. 5

C. 6

D. 10

E. 15

Answer: D

QUESTION NO: 35 You are the network engineer at TestKing. Your newly appointed TestKing trainee wants to know which functions use UDP as their transport mechanism.

What will your reply be? (Choose two)

A. RTP

B. RAS control function

C. call signaling function

D. H.245 control function

Answer: A, B

I promised a few blog posts related to security over the next few weeks, and this one is regarding Certificate-based ACLs.

This blog may also serve as a review on how to configure the CA clients so that their certificates contain various fields and values, such as subject-name.

Let’s use this diagram for the backdrop of our discussion:

R2 will be the NTP and CA server with R1 and R3 as IPSec VPN peers.  (Remember, with certificates we really do need time to be on “our side”). 

R1’s configuration for the trustpoint is as follows:

crypto pki trustpoint R2
enrollment url http://2.2.2.2:80
serial-number
ip-address 10.0.0.1
subject-name cn=R1,ou=ccsp,o=ine,st=NV,c=US
revocation-check none

R3’s configuration for the trustpoint is here:

crypto pki trustpoint R2
enrollment url http://2.2.2.2:80
serial-number
ip-address 23.0.0.3
subject-name cn=R3,ou=ccie,o=ine,st=NV,c=US
revocation-check none

The problem, is that any device that has a valid certificate from R2, would be able to authenticate with R1 and R3 (from a CA perspective regarding certificates).   If R3 wanted to limit the peers it would authenticate with, we can use a certificate map, which acts as Certificate based Access Control.  A certificate map looks for specific fields from the peers certificate, and values for those fields (specified by the certificate map).   The router will only accept a certificate from a peer if the certificate map specified fields/values from the would-be peer’s certificate match, and if they don’t match, then the IKE phase 1 won’t complete.     We could match several fields from the peers certificate.  The field-name is one of the following case-insensitive name strings or a date:

–subject-name

–issuer-name

–unstructured-subject-name

–alt-subject-name

–name

–valid-start

–expires-on

The match-criteria is one of the following :

–eq—equal (valid for name and date fields)

–ne—not equal (valid for name and date fields)

–co—contains (valid only for name fields)

–nc—does not contain (valid only for name fields)

–lt—less than (valid only for date fields)

–ge—greater than or equal (valid only for date fields)

To begin, lets look at what is in R1’s certificate.

R1#show crypto pki certificates
Certificate
 Status: Available
 Certificate Serial Number: 0x2
 Certificate Usage: General Purpose
 Issuer:
 cn=R2
 ou=CA-OF-THE-WORLD
 o=INE
 st=NV
 c=US
 Subject:
 Name: R1.ine.com
 IP Address: 10.0.0.1
 Serial Number: XXXXXXXXXXX
 serialNumber=XXXXXXXXXXX+ipaddress=10.0.0.1+hostname=R1.ine.com
 cn=R1
 ou=ccsp
 o=ine
 st=NV
 c=US
 Validity Date:
 start date: 14:05:12 PDT Jun 15 2010
 end   date: 14:05:12 PDT Jun 15 2011
 Associated Trustpoints: R2

We have several choices, but let’s select the cn field in our example.    On R3, we will create a certificate map, that is looking for the subject-name to contain the value of “R1″.  The certificate map is inserted into the PKI trustpoint configuration.

R3:

crypto pki certificate map CERT-MAP 1
 subject-name co R1
 exit 

crypto pki trustpoint R2
 match certificate CERT-MAP
 exit

With this in place, the IKE phase 1 works, and encrypted traffic flows between the peers.

If we change the Certificate Map to look for for the string R9 (which won’t match inside of R1’s certificate) and then test the VPN connection, we can see the debug messages and the certificate error:

R3(config)#crypto pki certificate map CERT-MAP 1
R3(ca-certificate-map)#no subject-name co r1
R3(ca-certificate-map)# subject-name co r9

R3#debug crypto isakmp
Crypto ISAKMP debugging is on

R3#clear crypto sa
R3#clear crypto isakmp

R3#ping 1.1.1.1 so lo 0 re 1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3

IPSEC(sa_request): ,
 (key eng. msg.) OUTBOUND local= 23.0.0.3, remote= 10.0.0.1,
 local_proxy= 3.3.3.3/255.255.255.255/0/0 (type=1),
 remote_proxy= 1.1.1.1/255.255.255.255/0/0 (type=1),
 protocol= ESP, transform= esp-aes esp-sha-hmac  (Tunnel),
 lifedur= 3600s and 4608000kb,
 spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
ISAKMP:(0): SA request profile is (NULL)
ISAKMP: Created a peer struct for 10.0.0.1, peer port 500
ISAKMP: New peer created peer = 0x66031B38 peer_handle = 0x80000009
ISAKMP: Locking peer struct 0x66031B38, refcount 1 for isakmp_initiator
ISAKMP: local port 500, remote port 500
ISAKMP: set new node 0 to QM_IDLE
ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 66033338
ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
ISAKMP:(0):No pre-shared key with 10.0.0.1!
ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
ISAKMP:(0): constructed NAT-T vendor-07 ID
ISAKMP:(0): constructed NAT-T vendor-03 ID
ISAKMP:(0): constructed NAT-T vendor-02 ID
ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
ISAKMP:(0):Old State = IKE_READY  New State = IKE_I_MM1

ISAKMP:(0): beginning Main Mode exchange
ISAKMP:(0): sending packet to 10.0.0.1 my_port 500 peer_port 500 (I) MM_NO_STATE
ISAKMP:(0):Sending an IKE IPv4 Packet.
ISAKMP (0:0): received packet from 10.0.0.1 dport 500 sport 500 Global (I) MM_NO_STATE
ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_I_MM2

ISAKMP:(0): processing SA payload. message ID = 0
ISAKMP:(0): processing vendor id payload
ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismat.
Success rate is 0 percent (0/1)
R3#ch
ISAKMP (0:0): vendor ID is NAT-T RFC 3947
ISAKMP : Scanning profiles for xauth ...
ISAKMP:(0):Checking ISAKMP transform 1 against priority 65535 policy
ISAKMP:      encryption DES-CBC
ISAKMP:      hash SHA
ISAKMP:      default group 1
ISAKMP:      auth RSA sig
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
ISAKMP:(0):atts are acceptable. Next payload is 0
ISAKMP:(0):Acceptable atts:actual life: 0
ISAKMP:(0):Acceptable atts:life: 0
%CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE default policy was matched and is being used.
ISAKMP:(0):Fill atts in sa vpi_length:4
ISAKMP:(0):Fill atts in sa life_in_seconds:86400
ISAKMP:(0):Returning Actual lifetime: 86400
ISAKMP:(0)::Started lifetime timer: 86400.

ISAKMP:(0): processing vendor id payload
ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
ISAKMP (0:0): vendor ID is NAT-T RFC 3947
ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
ISAKMP:(0):Old State = IKE
R3#_I_MM2  New State = IKE_I_MM2

ISAKMP (0:0): constructing CERT_REQ for issuer cn=R2,ou=CA-OF-THE-WORLD,o=INE,st=NV,c=US
ISAKMP:(0): sending packet to 10.0.0.1 my_port 500 peer_port 500 (I) MM_SA_SETUP
ISAKMP:(0):Sending an IKE IPv4 Packet.
ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM3

ISAKMP (0:0): received packet from 10.0.0.1 dport 500 sport 500 Global (I) MM_SA_SETUP
ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
ISAKMP:(0):Old State = IKE_I_MM3  New State = IKE_I_MM4

ISAKMP:(0): processing KE payload. message ID = 0
ISAKMP:(0): processing NONCE payload. message ID = 0
ISAKMP:(1008): processing CERT_REQ payload. message ID = 0
ISAKMP:(1008): peer wants a CT_X509_SIGNATURE cert
ISAKMP:(1008): peer wants cert issued by cn=R2,ou=CA-OF-THE-WORLD,o=INE,st=NV,c=US
 Choosing trustpoint R2 as issuer
ISAKMP:(1008): processing vendor id payload
ISAKMP:(1008): vendor ID is Unity
ISAKMP:(1008): pr
R3#ocessing vendor id payload
ISAKMP:(1008): vendor ID is DPD
ISAKMP:(1008): processing vendor id payload
ISAKMP:(1008): speaking to another IOS box!
ISAKMP:received payload type 20
ISAKMP:received payload type 20
ISAKMP:(1008):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
ISAKMP:(1008):Old State = IKE_I_MM4  New State = IKE_I_MM4

ISAKMP:(1008):Send initial contact
ISAKMP:(1008):SA is doing RSA signature authentication using id type ID_IPV4_ADDR
ISAKMP (0:1008): ID payload
 next-payload : 6
 type         : 1
 address      : 23.0.0.3
 protocol     : 17
 port         : 500
 length       : 12
ISAKMP:(1008):Total payload length: 12
ISAKMP (0:1008): constructing CERT payload for serialNumber=XXXXXXXXXXX+ipaddress=23.0.0.3+hostname=R3.ine.com,cn=R3,ou=ccie,o=ine,st=NV,c=US
ISAKMP:(1008): using the R2 trustpoint's keypair to sign
ISAKMP:(1008): sending packet to 10.0.0.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
ISAKMP:(1008):Sending an IKE IPv4 Packet.
ISAKMP:(
R3#1008):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
ISAKMP:(1008):Old State = IKE_I_MM4  New State = IKE_I_MM5

ISAKMP (0:1008): received packet from 10.0.0.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
ISAKMP:(1008): processing ID payload. message ID = 0
ISAKMP (0:1008): ID payload
 next-payload : 6
 type         : 1
 address      : 10.0.0.1
 protocol     : 17
 port         : 500
 length       : 12
ISAKMP:(0):: peer matches *none* of the profiles
ISAKMP:(1008): processing CERT payload. message ID = 0
ISAKMP:(1008): processing a CT_X509_SIGNATURE cert
ISAKMP:(1008): peer's pubkey isn't cached
%PKI-3-CERTIFICATE_INVALID_UNAUTHORIZED: Certificate chain validation has failed. Unauthorized
%CRYPTO-5-IKMP_INVAL_CERT: Certificate received from 10.0.0.1 is bad: certificate invalid
ISAKMP:(1008):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
ISAKMP:(1008):Old State = IKE_I_MM5  New State = IKE_I_MM6

%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer a
R3#t 10.0.0.1
ISAKMP:(1008): sending packet to 10.0.0.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
ISAKMP:(1008):Sending an IKE IPv4 Packet.
ISAKMP:(1008):peer does not do paranoid keepalives.

ISAKMP:(1008):deleting SA reason "Phase1 SA policy proposal not accepted" state (I) MM_KEY_EXCH (peer 10.0.0.1)
ISAKMP (0:1008): received packet from 10.0.0.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
ISAKMP:(1008):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
ISAKMP:(1008):Old State = IKE_I_MM6  New State = IKE_I_MM6

ISAKMP:(1008):Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERROR
ISAKMP:(1008):Old State = IKE_I_MM6  New State = IKE_I_MM5

ISAKMP:(1008):deleting SA reason "Phase1 SA policy proposal not accepted" state (I) MM_KEY_EXCH (peer 10.0.0.1)
ISAKMP: Unlocking peer struct 0x66031B38 for isadb_mark_sa_deleted(), count 0
ISAKMP: Deleting peer node by peer_reap for 10.0.0.1: 66031B38
ISAKMP:(1008):deleting node -1424120631 error FALSE reason "IKE deleted"
ISAKMP:(1008):Input
R3# = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
ISAKMP:(1008):Old State = IKE_I_MM5  New State = IKE_DEST_SA

IPSEC(key_engine): got a queue event with 1 KMI message(s)
ISAKMP (0:1008): received packet from 10.0.0.1 dport 500 sport 500 Global (I) MM_NO_STATE
R3#un all
All possible debugging has been turned off
R3#

This is another important technique to put in our ever expanding tool belt.   On an upcoming post, we will take a closer look at the  ID type, including:

ID type ID_KEY_ID
ID type ID_IPV4_ADDR
ID type ID_FQDN
ID type ID_USER_FQDN

MPLS Components

When PE1 receives a packet from CE1, it will engage in what we call a Push operation. PE1 is considered the ingress PE router and engages in label imposition. (Notice that we like to speak in fancy terminology here; when we add a label to a packet, it is termed a push or an imposition).

The P routers in the scenario will move the packets by simply swapping labels. How are the labels used in the Label Switch Path (LSP) learned by all of the routers? This is the job of the Label Distribution Protocol, or other existing protocols, but that is for later blog posts.

At the egress PE2 device, we have label disposition, or what we call a Pop of the label. (Fancy language for the removal of the label). If the second to last device in the path removes the label for us, this is termed Penultimate Hop Popping (PHP) and is the default Cisco implementation.

So we have pointed out that our example relies upon the Label Distribution Protocol (LDP) for the assignment of labels through the Label Switch Path (LSP). But how does LDP assign these labels? On what does it base its information?

It turns out that LDP relies upon the underlying IGP to build the best path for the LSP through the network. In fact, it also relies upon the IGP for loop free pathing.

This relationship between LDP and the IGP has many interesting aspects. For example, if the IGP reconverges on a new best path, so will the LSP through LDP. If there is a loop created or a blackhole situation created by the IGP reconvergence, this will also impact the LSP. Also, consider convergence times. LDP is certainly bound by the convergence time of the underlying IGP. Finally, consider the fact that this reliance brings up the need for inter-AS MPLS mechanisms for LDP.

The last point I want to discuss in this part is the fact that we often have label stacking with MPLS. In the case of our Layer 3 MPLS VPNs in the R&S track, the outer label (or transport label), is used to move the packet through the LSP, while the inner label is used to identify the VPN site. This is often called the VPN label.

A. All Kazaa version 2 traffic is policed

B. All Napster traffic is policed

C. All web traffic is policed

D. All Kazaa version 2, Napster, and web traffic is policed

E. No traffic is policed

A. A Cisco Catalyst 3550 switch supports the mls qos trust device cisco-phone command, but the Cisco Catalyst 2950 does not support this command.

B. The mls qos trust cos command is missing.

C. The mls qos trust extend command is missing.

D. The mls qos cos 5 command is missing.

A. The configuration results in three queues, one for the C_VOICE class, one for the C_VIDEO class, and one queue for the class-default class.

B. The configuration results in two queues, one priority queue and one queue for the class-default class.

C. The class-default class uses FIFO as its queuing mechanism for traffic flows within its queue.

D. The two priority queues use WFQ for queuing traffic within those queues.

A. The random-detect command cannot be issued for the class-default class.

B. The random-detect command cannot be issued for the priority class(es).

C. The random-detect command must be issued in conjunction with the bandwidth command (with the exception of the class-default class).

D. The random-detect command should be issued in conjunction with the priority command.

A. Single rate, single bucket

B. Single rate, dual bucket

C. Dual rate, single bucket

D. Dual rate, dual bucket

A. 4000 bps

B. 8000 bps

C. 16000 bps

D. 32000 bps

A. The configuration of Multilink PPP requires at least two physical links (e.g. two serial interfaces).

B. The IP address is removed from any serial interface that makes up the MLP bundle.

C. Any policy-map that was previously assigned to a physical interface should be reassigned to the multilink interface, that the physical interface is associated with, in order for the policy to take effect.

D. The virtual multilink interface does not use an IP address. Rather, it uses the IP unnumbered feature which allows the multilink interface to share an IP address with the multilink bundle member that has the highest IP address.

1. Based on the following configuration, what traffic will be policed?

class-map C_MUSIC
  match protocol kazaa2
  match protocol napster
!
class-map match-any C_WEB
  match protocol http
  match class-map C_MUSIC
!
policy-map P_WEB
  class C_WEB
    police 64000
!
interface serial 0/0
  service-policy output P_WEB

A. All Kazaa version 2 traffic is policed

B. All Napster traffic is policed

C. All web traffic is policed

D. All Kazaa version 2, Napster, and web traffic is policed

E. No traffic is policed

2. You are configuring a Cisco Catalyst 3560 switch port to trust CoS markings if, and only if, the marking originated from a Cisco IP Phone. In an attempt to perform this configuration, you enter the mls qos trust device cisco-phone command. However, your configuration does not seem to be working properly. Why is the switch not trusting CoS markings coming from an attached Cisco IP Phone?

A. A Cisco Catalyst 2950 switch supports the mls qos trust device cisco-phone command, but the Cisco Catalyst 3560 does not support this command

B. The mls qos trust cos command is missing

C. The mls qos trust extend command is missing

D. The mls qos cos 5 command is missing

E. The PC attached to the phone is overriding the CoS markings

3. You administer a network that transports both voice and interactive video traffic. Since these traffic types are both latency-sensitive, you decide to implement the following configuration. Which statement is true regarding the configuration?

class-map C_VOICE
  match protocol rtp audio
!
class-map C_VIDEO
  match protocol rtp video
!
policy-map P_HIGH_PRIORITY
  class C_VOICE
    priority percent 15
  class C_VIDEO
    priority percent 35
  class class-default
    fair-queue
!
interface serial 0/0
  service-policy output P_HIGH_PRIORITY

A. The configuration results in three queues, one for the C_VOICE class, one for the C_VIDEO class, and one queue for the class-default class

B. The configuration results in two queues, one priority queue and one queue for the class-default class

C. The class-default class uses FIFO as its queuing mechanism for traffic flows within its queue

D. The two priority queues use WFQ for queuing traffic within those queues

4. CB-WRED is configured using the random-detect command. Which two of the following statements are true concerning the random-detect command? (Choose 2)

A. The random-detect command cannot be issued for the class-default class.

B. The random-detect command cannot be issued for the priority class(es).

C. The random-detect command must be issued in conjunction with the bandwidth command (with the exception of the class-default class).

D. The random-detect command should be issued in conjunction with the priority command.

5. Consider the following configuration:

class-map TRANSACTIONAL
  match protocol http
!
policy-map CBPOLICING
  class TRANSACTIONAL
    police 128000 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit af13 violate-action drop
!
interface serial 0/1
  service-policy input CBPOLICING

What type of class-based policing configuration is represented by this configuration?

A. Single rate, single bucket

B. Single rate, dual bucket

C. Dual rate, single bucket

D. Dual rate, dual bucket

6. You configure CB-Shaping by issuing the command shape peak 8000 2000 2000. This configuration shapes to what peak rate?

A. 4000 bps

B. 8000 bps

C. 16000 bps

D. 32000 bps

7. You are configuring Multilink PPP (MLP) as your Link Fragmentation and Interleaving (LFI) mechanism for a WAN link. Identify the correct statements regarding the configuration of MLP. (Choose 2)

A. The configuration of Multilink PPP requires at least two physical links (e.g. two serial interfaces)

B. The IP address is removed from any serial interface that makes up the MLP bundle

C. Any policy-map that was previously assigned to a physical interface should be reassigned to the multilink interface, that the physical interface is associated with, in order for the policy to take effect

D. The virtual multilink interface does not use an IP address. Rather, it uses the IP unnumbered feature which allows the multilink interface to share an IP address with the multilink bundle member that has the highest IP address

1. Based on the following configuration, what traffic will be policed?class-map C_MUSICmatch protocol kazaa2match protocol napster!class-map match-any C_WEBmatch protocol httpmatch class-map C_MUSIC!policy-map P_WEBclass C_WEBpolice 64000!interface serial 0/0service-policy output P_WEBA. All Kazaa version 2 traffic is policedB. All Napster traffic is policedC. All web traffic is policedD. All Kazaa version 2, Napster, and web traffic is policedE. No traffic is policed2. You are configuring a Cisco Catalyst 3550 switch port to trust CoS markings if, and only if, the marking originated from a Cisco IP Phone. In an attempt to perform this configuration, you enter the mls qos trust device cisco-phone command. However, your configuration does not seem to be working properly. Why is the switch not trusting CoS markings coming from an attached Cisco IP Phone?A. A Cisco Catalyst 3550 switch supports the mls qos trust device cisco-phone command, but the Cisco Catalyst 2950 does not support this command.B. The mls qos trust cos command is missing.C. The mls qos trust extend command is missing.D. The mls qos cos 5 command is missing.3. You administer a network that transports both voice and interactive video traffic. Since these traffic types are both latency-sensitive, you decide to implement the following configuration. Which statement is true regarding the configuration?class-map C_VOICEmatch protocol rtp audioclass-map C_VIDEOmatch protocol rtp video!policy-map P_HIGH_PRIORITYclass C_VOICEpriority percent 15class C_VIDEOpriority percent 35class class-defaultfair-queue!interface serial 0/0service-policy output P_HIGH_PRIORITYA. The configuration results in three queues, one for the C_VOICE class, one for the C_VIDEO class, and one queue for the class-default class.B. The configuration results in two queues, one priority queue and one queue for the class-default class.C. The class-default class uses FIFO as its queuing mechanism for traffic flows within its queue.D. The two priority queues use WFQ for queuing traffic within those queues.4. CB-WRED is configured using the random-detect command. Which two of the following statements are true concerning the random-detect command? (Choose 2)A. The random-detect command cannot be issued for the class-default class.B. The random-detect command cannot be issued for the priority class(es).C. The random-detect command must be issued in conjunction with the bandwidth command (with the exception of the class-default class).D. The random-detect command should be issued in conjunction with the priority command.5. Consider the following configuration:class-map TRANSACTIONALmatch protocol http!policy-map CBPOLICINGclass TRANSACTIONALpolice 128000 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit af13 violate-action drop!interface serial 0/1service-policy input CBPOLICINGWhat type of class-based policing configuration is represented by this configuration?A. Single rate, single bucketB. Single rate, dual bucketC. Dual rate, single bucketD. Dual rate, dual bucket6. You configure CB-Shaping by issuing the command shape peak 8000 2000 2000. This configuration shapes to what peak rate?A. 4000 bpsB. 8000 bpsC. 16000 bpsD. 32000 bps7. You are configuring Multilink PPP (MLP) as your Link Fragmentation and Interleaving (LFI) mechanism for a WAN link. Identify the correct statements regarding the configuration of MLP. (Choose 2)A. The configuration of Multilink PPP requires at least two physical links (e.g. two serial interfaces).B. The IP address is removed from any serial interface that makes up the MLP bundle.C. Any policy-map that was previously assigned to a physical interface should be reassigned to the multilink interface, that the physical interface is associated with, in order for the policy to take effect.D. The virtual multilink interface does not use an IP address. Rather, it uses the IP unnumbered feature which allows the multilink interface to share an IP address with the multilink bundle member that has the highest IP address.

There are 5 CCIE tracks that candidates can choose from, making it possible to hold multiple CCIE certifications at the same time. These are:

(a) CCIE Routing and Switching  the most popular track that covers a variety of networking protocols and concepts such as Multicast Routing and Border Gateway Protocol;

(b) CCIE Security   focuses on network security, covering topics such as IOS Security and IDS;

(c) CCIE Service Provider  concentrates on networking in the service provider industry such as DSL, Cable and Voice over IP;

(d) CCIE Voice   covers subjects such as Cisco Unity and Call Manager as voice solutions for the enterprise; and

(e) CCIE Storage Networking  the latest addition on CCIE tracks that concentrates on storage networking topics that include FCIP, FICON and iSCSI.

As of November of 2007, there are 1,344 individuals who hold multiple CCIE certifications and 210 of them hold three or more CCIE certifications.

To register for a CCIE written exam, you can check out the Pearson VUE web site for more information. Prometric has discon­tinued administering CCIE exams since August 1, 2007. It is a computer-based exam that should be completed in a span of 2 hours.

Candidates can also use exam vouchers to pay for the written exam. These test vouchers can be purchased on testing centers and other academic institutions. Exam vouchers are non-refundable and non-returnable, aside from the fact that these will expire after 12 months of being purchased.

Other candidates also take on beta written exams when available at a discounted price of US $50. Getting a passing grade on the beta exam earns you a slot on the lab exam. However, beta exams can only be taken during the beta period.

The CCIE Voice written exam is made up of 100 multiple choice questions that should be completed in two hours. The exam covers applications and technologies that comprise a Cisco Enter­prise VoIP solution. It usually costs around US $300 and may vary depending on your location. Exam results are available immediately after you have completed the exam. Once you have successfully passed the written exam, bear in mind that you should be taking the lab exam within 18 months. Or else, you have to start from scratch as written exam scores expire after 18 months.

On the other hand, the CCIE Voice lab exam is an 8-hour test that will measure your ability to get a VoIP solution up and running within specified time constraints. You are the one in charge in configuring pre-installed applications to satisfy certain require­ments to pass the lab exam. The lab exam may cost you about US $1,400 and is offered on certain Cisco locations in Brussels, Tokyo and Sydney.

CCIE has five tracks in place and it is the candidate s pre­rogative which among these -

(a) Routing and Switching,

(b) Security,

(c) Service Provider,

(d) Storage Networking or ( e) Voice suits his capabilities as a networking expert.

Training plays a major role in defining certain key strengths that will help candidates decide on which track to take. To enhance their skills, they have the option to take training courses or read books to ease their way out of the CCIE exams. There are a lot of training institutions that offer such services, facilitated in by ex­perts themselves. Though it may cost CCIE aspirants valuable amount of money by attending training classes alone (roughly $1,500 – $3,000 per class), still the rewards are truly unimaginable once they have stepped up, conquered the exam and achieved CCIE certification.

Aside from attending training classes, a candidate has also the option to train at home on Cisco systems. He or she can also check out web sites that offer sample CCIE test questions and assess oneself on how prepared he or she is in taking the exam. Taking advantage of all the resources around will boost candidates confidence and give them more chances on getting CCIE certified.

There are barely two steps that candidates need to take be­fore getting CCIE Security certified. The first step is to pass the written exam. It is a two-hour test with 100 multiple choice ques­tions that needs to be answered within specific time constraints. No open books or other reference materials allowed when taking the exam. It usually costs around US $300, which also depends on exchange rates and local taxes. Results of the CCIE exam are avail­able immediately after the exam. Passing it means that the candi­date is ready to move on to the next step and that is to take the lab exam within a period of 18 months only. Failure to do so may mean expiration of the written exam score.

The CCIE Security lab exam is an 8-hour hands-on test that requires candidates to configure, troubleshoot and solve problems presented to them. It usually costs around US $1,400 per attempt and exam scores are available online within 48 hours. Scores are evaluated by proctors to ensure that certain requirements or crite­ria are met. If a candidate is doubtful and would like proctors to reevaluate his or her score, he or she has to pay an additional US $250 to request for reread. However, this is possible only if 14 days have passed following the exam date.

But then again, Cisco certifications such as the one for Cisco Certified Internetworking Expert (CCIE) are not permanent. This means that CCIEs are required to recertify every two years to show their commitment to maintaining expert level knowledge in any industry that is critical to the success of almost every organization. Since there are a lot of new technologies presented in the world of IT, there is a need to continually expand technical knowledge and redevelop new skills to regain expert status making recertification just the right solution to this slight dilemma.

If one is unaware of when to recertify, an online resource can be accessed at the Cisco web site. CCIEs can log in anytime to view one s certification deadline. Succeeding recertification deadlines are always based on the original certification date, not on the last recertification exam. CCIEs have at lease a year to reinstate CCIE status before it becomes inactive, after which they must begin the certification process all over again. Recertification exams can be taken at Pearson VUE testing centers worldwide. Exam scores are then automatically downloaded to the CCIE database.

(a) Routing and Switching,

(b) Security,

(c) Service Provider,

(d) Storage Networking and

(e) Voice, has its own written and lab exams that candidates should successfully pass before getting a Cisco Certified Internet-working Expert (CCIE) certification.

A written exam is just like any other exam that consists of multiple choice questions taken from various subjects, depending on the candidates chosen track. It is because of this very nature of the written exam that makes it easier for exam takers to pass mostly on first attempt. But then again, the challenge lies on the lab exam, requiring candidates to think of possible practical lab scenarios that will most likely appear on the actual exam.

The exam for the lab is what makes CCIE different from other certification programs. It costs around US $1,400 per at­tempt. It is usually a full day (8 hour) hands-on tests that measure a candidate s ability to configure and troubleshoot equipment. Be­cause of this, there are only quite a few who pass this exam while others may need multiple attempts to complete it. This is not administered by Pearson VUE as there are only 10 specific Cisco lab exam locations worldwide – Bangalore, India; Beijing, China; Brussels, Belgium; Dubai, UAE; Hong Kong, China; Research Triangle Park, NC, USA; San Jose, CA, USA; Sao Paolo, Brazil; Sydney, Australia; and Tokyo, Japan. However, lab exams for a particular CCIE track are not available at all testing locations so it is better to inquire about it first. Say for example, the lab exam for Storage Networking is only available at Research Triangle Park, NC and Brussels testing centers.

The goal, was to modify BGP,  so that all traffic going towards the 1.1.1.0 network (which is sourced from AS1), traveling either from or through AS23, would only use the 13.0.0.0/24 segment (between R3 and R1), and not use the 10.0.0.0/24 segment (between R2 and R1) as a transit path.
Bob reviewed some of the BGP topics he had recently learned.   Here is the list he made of possibilities:
R1 could pre-pend to the AS path for advertisements of the 1.1.1.0/24 prefix when it is sent to R2 from R1.   This way, AS23 would see a better path through R3 rather than R2.  He tried this using the following on R1:

ip prefix-list JUST-1.1.1.0 seq 5 permit 1.1.1.0/24

route-map PRE-PEND permit 10
 match ip address prefix-list JUST-1.1.1.0
 set as-path prepend 1
route-map PRE-PEND permit 20

router bgp 1
 neighbor 10.0.0.2 route-map PRE-PEND out

Bob cleared the BGP session, just to be sure.    Unfortunately, some traffic destined to 1.1.1.0 was still flowing over the 10.0.0.0 network between R2 and R1.

Bob decided to try another approach, and instead of R1 trying to make AS23 think the path on 10.0.0.0 was worse, perhaps he would tell R3 to make the path on 13.0.0.0 look better.    He considered weight, but then realized that would only work for R3, and not every other device in AS23.    So Bob decided to use local-preference.  On R3, he tried using local-preference, to specify that when a BGP update came in from R1 for 1.1.1.0, R3 would set the local-preference to 250 for that prefix, in hopes that this would allow traffic destined for 1.1.1.0 go exclusively through the 13.0.0.0 segment between R3 and R1.   Unfortunately, even with this change, Bob noticed that traffic destined to 1.1.1.0 from our through AS23 still crossed on the link between R2 and R1.

Below are the configurations for R1, R2 and R3 along with the relevant show commands.

Can you assist Bob?   What can he do?  What did he do wrong, if anything?

Post your ideas and comments below!

R1:

version 12.4
hostname R1
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
 ip ospf network point-to-point

interface FastEthernet0/0
 ip address 10.0.0.1 255.255.255.0
 ip ospf 1 area 1

interface FastEthernet1/0
 ip address 13.0.0.1 255.255.255.0
 ip ospf 1 area 1

router bgp 1
 no synchronization
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 neighbor 10.0.0.2 remote-as 23
 neighbor 10.0.0.2 route-map PRE-PEND out
 neighbor 13.0.0.3 remote-as 23
 no auto-summary

ip prefix-list JUST-1.1.1.0 seq 5 permit 1.1.1.0/24

route-map PRE-PEND permit 10
 match ip address prefix-list JUST-1.1.1.0
 set as-path prepend 1

route-map PRE-PEND permit 20

R2:

version 12.4
hostname R2
interface FastEthernet0/0
 ip address 10.0.0.2 255.255.255.0
 ip ospf 1 area 1

interface FastEthernet0/1
 ip address 23.0.0.2 255.255.255.0
 ip ospf 1 area 1

router bgp 23
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.0.0.1 remote-as 1
 neighbor 23.0.0.3 remote-as 23
 no auto-summary
!

R3:

version 12.4
hostname R3
interface FastEthernet0/0
 ip address 13.0.0.3 255.255.255.0
 ip ospf 1 area 1

interface FastEthernet0/1
 ip address 23.0.0.3 255.255.255.0
 ip ospf 1 area 1

router bgp 23
 no synchronization
 bgp log-neighbor-changes
 neighbor 13.0.0.1 remote-as 1
 neighbor 13.0.0.1 route-map SET-LOCAL-PREF in
 neighbor 23.0.0.2 remote-as 23
 no auto-summary

ip prefix-list LOCAL-PREF-250 seq 5 permit 1.1.1.0/24

route-map SET-LOCAL-PREF permit 10
 match ip address prefix-list LOCAL-PREF-250
 set local-preference 250

route-map SET-LOCAL-PREF permit 20

Show commands R1:

R1#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 1
BGP table version is 2, main routing table version 2
1 network entries using 120 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 452 total bytes of memory
BGP activity 2/1 prefixes, 2/1 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.2        4    23      77      73        2    0    0 00:29:01        0
13.0.0.3        4    23      74      74        2    0    0 00:29:01        0

R1#show ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  0         32768 i

R1#show ip route | begin resort
Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
O       23.0.0.0 [110/2] via 13.0.0.3, 00:48:43, FastEthernet1/0
                 [110/2] via 10.0.0.2, 00:48:09, FastEthernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/0
13.0.0.0/24 is subnetted, 1 subnets
C       13.0.0.0 is directly connected, FastEthernet1/0

Show commands R2:

R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 23
BGP table version is 14, main routing table version 14
1 network entries using 120 bytes of memory
2 path entries using 104 bytes of memory
3/1 BGP path/bestpath attribute entries using 372 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 676 total bytes of memory
BGP activity 1/0 prefixes, 4/2 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.1        4     1      73      77       14    0    0 00:29:07        1
23.0.0.3        4    23      71      73       14    0    0 01:04:54        1

R2#show ip bgp
BGP table version is 14, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight Path
*>i1.1.1.0/24       13.0.0.1                 0    250      0 1 i
*                   10.0.0.1                 0             0 1 1 i

R2#show ip route | begin resort
Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets
B       1.1.1.0 [200/0] via 13.0.0.1, 00:28:37
2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
C       23.0.0.0 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/0
13.0.0.0/24 is subnetted, 1 subnets
O       13.0.0.0 [110/2] via 23.0.0.3, 00:48:16, FastEthernet0/1
                 [110/2] via 10.0.0.1, 00:49:19, FastEthernet0/0

Show commands R3:

R3#show ip bgp summary
BGP router identifier 3.3.3.3, local AS number 23
BGP table version is 6, main routing table version 6
1 network entries using 120 bytes of memory
1 path entries using 52 bytes of memory
3/1 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 600 total bytes of memory
BGP activity 1/0 prefixes, 5/4 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
13.0.0.1        4     1      74      74        6    0    0 00:29:09        1
23.0.0.2        4    23      73      71        6    0    0 01:04:56        0

R3#show ip bgp
BGP table version is 6, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       13.0.0.1                 0    250      0 1 i

R3#show ip route | begin resort
Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets
B       1.1.1.0 [20/0] via 13.0.0.1, 00:28:39
3.0.0.0/24 is subnetted, 1 subnets
C       3.3.3.0 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
C       23.0.0.0 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
O       10.0.0.0 [110/2] via 23.0.0.2, 00:48:18, FastEthernet0/1
                 [110/2] via 13.0.0.1, 00:48:48, FastEthernet0/0
13.0.0.0/24 is subnetted, 1 subnets
C       13.0.0.0 is directly connected, FastEthernet0/0

Best wishes,

Keith

And the answer is:

Thanks to you, and your 50+ posts, bob got his answer.   By reading your responses, Bob learned the following:

For R2, the BGP next hop for the best route, is still 13.0.0.1, even though it is learned from R3.     R3 doesn’t bother to change the next-hop attribute when learning routes via a eBGP neighbor (R1).    With R2 having 2 equal cost paths (OSPF) for the next hop of 13.0.0.1, R2 would load balance the traffic over the 10.0.0.0 and 23.0.0.0 networks for traffic going to 1.1.1.0/24

One solution would be to have R3 use next-hop-self for updates sent to R2.  Then R2 would see the next hop as 23.0.0.3, and all the traffic would be forwarded to R3 as desired.

The update on R3 would look like this:

router bgp 23
 neighbor 23.0.0.2 next-hop-self

This would cause R2, to have the BGP table of this:

R2#show ip bgp
BGP table version is 4, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight Path
*>i1.1.1.0/24       23.0.0.3                 0    250      0 1 i
*                   10.0.0.1                 0             0 1 1 i

Another option would be increasing the OSPF cost on R2’s 10.0.0.0/24 interface, so that it wouldn’t be considered an equal cost to get to 13.0.0.1 (the previous next hop before the change we just made).

A. All Kazaa version 2 traffic is policed

B. All Napster traffic is policed

C. All web traffic is policed

D. All Kazaa version 2, Napster, and web traffic is policed

E. No traffic is policed

A. A Cisco Catalyst 3550 switch supports the mls qos trust device cisco-phone command, but the Cisco Catalyst 2950 does not support this command.

B. The mls qos trust cos command is missing.

C. The mls qos trust extend command is missing.

D. The mls qos cos 5 command is missing.

A. The configuration results in three queues, one for the C_VOICE class, one for the C_VIDEO class, and one queue for the class-default class.

B. The configuration results in two queues, one priority queue and one queue for the class-default class.

C. The class-default class uses FIFO as its queuing mechanism for traffic flows within its queue.

D. The two priority queues use WFQ for queuing traffic within those queues.

A. The random-detect command cannot be issued for the class-default class.

B. The random-detect command cannot be issued for the priority class(es).

C. The random-detect command must be issued in conjunction with the bandwidth command (with the exception of the class-default class).

D. The random-detect command should be issued in conjunction with the priority command.

A. Single rate, single bucket

B. Single rate, dual bucket

C. Dual rate, single bucket

D. Dual rate, dual bucket

A. 4000 bps

B. 8000 bps

C. 16000 bps

D. 32000 bps

A. The configuration of Multilink PPP requires at least two physical links (e.g. two serial interfaces).

B. The IP address is removed from any serial interface that makes up the MLP bundle.

C. Any policy-map that was previously assigned to a physical interface should be reassigned to the multilink interface, that the physical interface is associated with, in order for the policy to take effect.

D. The virtual multilink interface does not use an IP address. Rather, it uses the IP unnumbered feature which allows the multilink interface to share an IP address with the multilink bundle member that has the highest IP address.

1. Based on the following configuration, what traffic will be policed?

class-map C_MUSIC
  match protocol kazaa2
  match protocol napster
!
class-map match-any C_WEB
  match protocol http
  match class-map C_MUSIC
!
policy-map P_WEB
  class C_WEB
    police 64000
!
interface serial 0/0
  service-policy output P_WEB

A. All Kazaa version 2 traffic is policed

B. All Napster traffic is policed

C. All web traffic is policed

D. All Kazaa version 2, Napster, and web traffic is policed

E. No traffic is policed

Answer:

C

Explanation:

The C_MUSIC class-map does not specify the match-any or match-all option. The default is match-all. Therefore, for traffic to be classified in the C_MUSIC class-map, a packet would simultaneously have to be a Kazaa version 2 packet and a Napster packet, which isn’t possible.

The C_WEB class-map uses the match-any option, meaning that traffic will be classified in this class-map if it is HTTP traffic or if it is traffic that was classified in the C_MUSIC class-map. Since, no traffic will be classified in the C_MUSIC class-map, as described above, the only traffic that will be classified by the C_WEB class-map is HTTP traffic.

The policy-map P_WEB is configured to police (i.e. rate limit) traffic classified by the C_WEB class-map to a bandwidth of 64 kbps. (NOTE: The default conform-action is transmit, and the default exceed-action is drop.) Since only HTTP (i.e. web) traffic is matched by the C_WEB class-map, web traffic is the only traffic that is policed.

2. You are configuring a Cisco Catalyst 3560 switch port to trust CoS markings if, and only if, the marking originated from a Cisco IP Phone. In an attempt to perform this configuration, you enter the mls qos trust device cisco-phone command. However, your configuration does not seem to be working properly. Why is the switch not trusting CoS markings coming from an attached Cisco IP Phone?

A. A Cisco Catalyst 2950 switch supports the mls qos trust device cisco-phone command, but the Cisco Catalyst 3560 does not support this command

B. The mls qos trust cos command is missing

C. The mls qos trust extend command is missing

D. The mls qos cos 5 command is missing

E. The PC attached to the phone is overriding the CoS markings

Answer:

B

Explanation:

A Cisco Catalyst 2950 switch port can be configured to trust Class of Service (CoS) markings, Differentiated Services Code Point (DSCP), or CoS markings originating from a Cisco IP Phone. The switch port can detect that a CoS marking is coming from a Cisco IP Phone via the Cisco Discovery Protocol (CDP). The mls qos trust device cisco-phone command does indeed tell the switch to trust a marking if, and only if, the marking comes from a Cisco IP Phone. However, the mls qos trust device cisco-phone command by itself does not tell the switch port which marking (i.e. CoS or DSCP) coming from the Cisco IP Phone to trust. Therefore, the mls qos trust cos command is also required.

3. You administer a network that transports both voice and interactive video traffic. Since these traffic types are both latency-sensitive, you decide to implement the following configuration. Which statement is true regarding the configuration?

class-map C_VOICE
  match protocol rtp audio
!
class-map C_VIDEO
  match protocol rtp video
!
policy-map P_HIGH_PRIORITY
  class C_VOICE
    priority percent 15
  class C_VIDEO
    priority percent 35
  class class-default
    fair-queue
!
interface serial 0/0
  service-policy output P_HIGH_PRIORITY

A. The configuration results in three queues, one for the C_VOICE class, one for the C_VIDEO class, and one queue for the class-default class

B. The configuration results in two queues, one priority queue and one queue for the class-default class

C. The class-default class uses FIFO as its queuing mechanism for traffic flows within its queue

D. The two priority queues use WFQ for queuing traffic within those queues

Answer:

B

Explanation:

While priority treatment (i.e. LLQ treatment) can be assigned to more than one class-map, an interface only has one priority queue. Therefore, in the above configuration, traffic classified in the C_VOICE and C_VIDEO class-maps shares the same priority queue. A second queue contains traffic classified in the class-default class-map. Therefore, the configuration only results in two queues, one shared priority queue and one queue for the class-default class. On most models of routers, only the class-default queue can be configured to use WFQ queuing for flows within the queue, while other queues use FIFO queuing for traffic within those queues.

4. CB-WRED is configured using the random-detect command. Which two of the following statements are true concerning the random-detectcommand? (Choose 2)

A. The random-detect command cannot be issued for the class-default class.

B. The random-detect command cannot be issued for the priority class(es).

C. The random-detect command must be issued in conjunction with the bandwidth command (with the exception of the class-default class).

D. The random-detect command should be issued in conjunction with the priority command.

Answer:

B, C

Explanation:

Weighted Random Early Detection (WRED) is effective for TCP flows, because WRED can cause some TCP flows to enter TCP slow start. When configuring class-based WRED (i.e. CB-WRED), the random-detect command is issued in policy-map-class configuration mode. While the random-detect command can be used with the class-default class,random-detect cannot be issued in policy-map-class configuration mode for a class configured with the priority keyword. Also, with the exception of the class-default class, the random-detect command must be issued along with thebandwidth command.

5. Consider the following configuration:

class-map TRANSACTIONAL
  match protocol http
!
policy-map CBPOLICING
  class TRANSACTIONAL
    police 128000 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit af13 violate-action drop
!
interface serial 0/1
  service-policy input CBPOLICING

What type of class-based policing configuration is represented by this configuration?

A. Single rate, single bucket

B. Single rate, dual bucket

C. Dual rate, single bucket

D. Dual rate, dual bucket

Answer:

B

Explanation:

Cisco IOS supports single rate, single bucket; single rate, dual bucket; and dual rate, dual bucket policers. With a single rate policer, only a committed information rate (CIR) is specified, as in this question. With a dual rate policer, both a CIR and a peak information rate (PIR) are specified. Also, a single rate policer is a single bucket policer, unless the violateaction is specified. If the violate action is specified, as it is in this question, the single rate policer uses two buckets, a Bc bucket and a Be bucket. However, a dual rate policer always uses two buckets, one bucket to transmit traffic at the CIR and one bucket to transmit traffic at the PIR.

6. You configure CB-Shaping by issuing the command shape peak 8000 2000 2000. This configuration shapes to what peak rate?

A. 4000 bps

B. 8000 bps

C. 16000 bps

D. 32000 bps

Answer:

C

Explanation:

In the syntax, the 8000 represents the Committed Information Rate (CIR). The first 2000 is the Committed Burst (Bc), and the second 2000 is the Excess Burst (Be). When configuring CB-Shaping, you can either shape to “average” or shape to “peak.” When shaping to average, traffic rates don’t exceed the CIR. However, when shaping to peak, traffic rates can burst above the CIR, while some of that excess traffic could be dropped by the service provider. When shaping to peak, the peak shaping rate is calculated by the formula:

peak_rate = CIR * (1 + Be/Bc)

In this example: peak_rate = 8000 * (1 + 2000/2000) = 16,000 bps. Note that if the Bc and Be values are calculated by IOS rather than being statically configured, Bc will always equal Be, which means that the peak rate will be twice the CIR.

7. You are configuring Multilink PPP (MLP) as your Link Fragmentation and Interleaving (LFI) mechanism for a WAN link. Identify the correct statements regarding the configuration of MLP. (Choose 2)

A. The configuration of Multilink PPP requires at least two physical links (e.g. two serial interfaces)

B. The IP address is removed from any serial interface that makes up the MLP bundle

C. Any policy-map that was previously assigned to a physical interface should be reassigned to the multilink interface, that the physical interface is associated with, in order for the policy to take effect

D. The virtual multilink interface does not use an IP address. Rather, it uses the IP unnumbered feature which allows the multilink interface to share an IP address with the multilink bundle member that has the highest IP address

Answer:

B, C

Explanation:

Multilink PPP (MLP) is a Link Fragmentation and Interleaving (LFI) mechanism for PPP links. Interestingly, even though the term “multilink” is in the title of this mechanism, MLP can be configured on a single link. Specifically, a virtual multilink interface is created. Then, one or more physical interfaces are added as members of a multilink bundle, all of which act as the single multilink interface. As a result, the virtual multilink interface is assigned an IP address, while the one or more physical interface member(s) do not have an IP address. Additionally, since the packets are logically transmitted over the virtual multilink interface, in order to apply a policy-map to the traffic using the virtual interface, the service-policycommand should be applied to the virtual multilink interface, as opposed to the member interfaces

1. Based on the following configuration, what traffic will be policed?class-map C_MUSICmatch protocol kazaa2match protocol napster!class-map match-any C_WEBmatch protocol httpmatch class-map C_MUSIC!policy-map P_WEBclass C_WEBpolice 64000!interface serial 0/0service-policy output P_WEBA. All Kazaa version 2 traffic is policedB. All Napster traffic is policedC. All web traffic is policedD. All Kazaa version 2, Napster, and web traffic is policedE. No traffic is policed2. You are configuring a Cisco Catalyst 3550 switch port to trust CoS markings if, and only if, the marking originated from a Cisco IP Phone. In an attempt to perform this configuration, you enter the mls qos trust device cisco-phone command. However, your configuration does not seem to be working properly. Why is the switch not trusting CoS markings coming from an attached Cisco IP Phone?A. A Cisco Catalyst 3550 switch supports the mls qos trust device cisco-phone command, but the Cisco Catalyst 2950 does not support this command.B. The mls qos trust cos command is missing.C. The mls qos trust extend command is missing.D. The mls qos cos 5 command is missing.3. You administer a network that transports both voice and interactive video traffic. Since these traffic types are both latency-sensitive, you decide to implement the following configuration. Which statement is true regarding the configuration?class-map C_VOICEmatch protocol rtp audioclass-map C_VIDEOmatch protocol rtp video!policy-map P_HIGH_PRIORITYclass C_VOICEpriority percent 15class C_VIDEOpriority percent 35class class-defaultfair-queue!interface serial 0/0service-policy output P_HIGH_PRIORITYA. The configuration results in three queues, one for the C_VOICE class, one for the C_VIDEO class, and one queue for the class-default class.B. The configuration results in two queues, one priority queue and one queue for the class-default class.C. The class-default class uses FIFO as its queuing mechanism for traffic flows within its queue.D. The two priority queues use WFQ for queuing traffic within those queues.4. CB-WRED is configured using the random-detect command. Which two of the following statements are true concerning the random-detect command? (Choose 2)A. The random-detect command cannot be issued for the class-default class.B. The random-detect command cannot be issued for the priority class(es).C. The random-detect command must be issued in conjunction with the bandwidth command (with the exception of the class-default class).D. The random-detect command should be issued in conjunction with the priority command.5. Consider the following configuration:class-map TRANSACTIONALmatch protocol http!policy-map CBPOLICINGclass TRANSACTIONALpolice 128000 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit af13 violate-action drop!interface serial 0/1service-policy input CBPOLICINGWhat type of class-based policing configuration is represented by this configuration?A. Single rate, single bucketB. Single rate, dual bucketC. Dual rate, single bucketD. Dual rate, dual bucket6. You configure CB-Shaping by issuing the command shape peak 8000 2000 2000. This configuration shapes to what peak rate?A. 4000 bpsB. 8000 bpsC. 16000 bpsD. 32000 bps7. You are configuring Multilink PPP (MLP) as your Link Fragmentation and Interleaving (LFI) mechanism for a WAN link. Identify the correct statements regarding the configuration of MLP. (Choose 2)A. The configuration of Multilink PPP requires at least two physical links (e.g. two serial interfaces).B. The IP address is removed from any serial interface that makes up the MLP bundle.C. Any policy-map that was previously assigned to a physical interface should be reassigned to the multilink interface, that the physical interface is associated with, in order for the policy to take effect.D. The virtual multilink interface does not use an IP address. Rather, it uses the IP unnumbered feature which allows the multilink interface to share an IP address with the multilink bundle member that has the highest IP address.

R2, prefers the BGP next hop of 4.4.4.4 for network 5.5.5.5 (R5 loopback). R4, at 4.4.4.4 is an iBGP neighbor.

R2#show ip route vrf v | inc 5.5.5.0
B       5.5.5.0 [200/409600] via 4.4.4.4, 00:06:47

Is R2 preferring an iBGP learned route, which has an AD of 200, over a EIGRP route, which would have an AD of 90?

Can you identify why the routing for 5.5.5.0 on the VRF of R2 is using BGP instead of EIGRP?

Below are the relevant portions of the configuration, which also can serve as a great review of how to configure MPLS VPNs.
R1, CE router:

R1#show run
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.1.12.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 10.1.215.1 255.255.255.0
!

router eigrp 1
 network 0.0.0.0
 no auto-summary

R2, PE Router:

R2#show run
!
ip vrf v
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip vrf forwarding v
 ip address 10.1.12.2 255.255.255.0
!
interface FastEthernet0/1
 ip address 10.1.23.2 255.255.255.0
 ip ospf 1 area 0
 mpls ip
!
router eigrp 1
 no auto-summary
 !
 address-family ipv4 vrf v
  redistribute bgp 234 metric 1 10000 1 1 1
  network 10.1.12.2 0.0.0.0
  auto-summary
  autonomous-system 1
 exit-address-family
!
router ospf 1
 log-adjacency-changes
!
router bgp 234
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 4.4.4.4 remote-as 234
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family vpnv4
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf v
  redistribute eigrp 1
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!

R3, P router:

R3#show run

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.34.3 255.255.255.0
 mpls ip
!
interface FastEthernet0/1
 ip address 10.1.23.3 255.255.255.0
 mpls ip
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!

R4: PE Router

R4#show run
!
ip vrf v
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 10.1.34.4 255.255.255.0
 ip ospf 1 area 0
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding v
 ip address 10.1.45.4 255.255.255.0
!
router eigrp 1
 no auto-summary
 !
 address-family ipv4 vrf v
  redistribute bgp 234 metric 1 1 1 1 1
  network 10.1.45.4 0.0.0.0
  auto-summary
  autonomous-system 1
 exit-address-family
!
router ospf 1
 log-adjacency-changes
!
router bgp 234
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 234
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf v
  redistribute eigrp 1
  no synchronization
 exit-address-family

R5: CE Router

R5#show run
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.0
!
interface Serial0/0
 ip address 10.1.215.5 255.255.255.0
 clock rate 64000
!
interface FastEthernet0/1
 ip address 10.1.45.5 255.255.255.0
!
router eigrp 1
 network 0.0.0.0
 no auto-summary
!

Now for a couple show commands on R1:

R1#show ip route eigrp
     5.0.0.0/24 is subnetted, 1 subnets
D       5.5.5.0 [90/435200] via 10.1.12.2, 00:19:08, FastEthernet0/0
     10.0.0.0/24 is subnetted, 3 subnets
D       10.1.45.0 [90/307200] via 10.1.12.2, 00:19:08, FastEthernet0/0
R1#

R1#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(10.1.215.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 1.1.1.0/24, 1 successors, FD is 128256
        via Connected, Loopback0
P 5.5.5.0/24, 1 successors, FD is 435200
        via 10.1.12.2 (435200/409600), FastEthernet0/0
        via 10.1.215.5 (2297856/128256), Serial0/0
P 10.1.12.0/24, 1 successors, FD is 281600
        via Connected, FastEthernet0/0
P 10.1.45.0/24, 1 successors, FD is 307200
        via 10.1.12.2 (307200/281600), FastEthernet0/0
        via 10.1.215.5 (2195456/281600), Serial0/0
P 10.1.215.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0
R1#

And some on R2, the PE router:

R2#show ip route vrf v

Routing Table: v
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
D       1.1.1.0 [90/409600] via 10.1.12.1, 00:31:48, FastEthernet0/0
     5.0.0.0/24 is subnetted, 1 subnets
B       5.5.5.0 [200/409600] via 4.4.4.4, 00:02:34
     10.0.0.0/24 is subnetted, 3 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0
B       10.1.45.0 [200/0] via 4.4.4.4, 00:31:48
D       10.1.215.0 [90/2195456] via 10.1.12.1, 00:31:21, FastEthernet0/0

R2#show ip eigrp vrf v topology
IP-EIGRP Topology Table for AS(1)/ID(10.1.12.2) Routing Table: v

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 1.1.1.0/24, 1 successors, FD is 409600
        via 10.1.12.1 (409600/128256), FastEthernet0/0
P 5.5.5.0/24, 1 successors, FD is 409600
        via VPNv4 Sourced (409600/0)
P 10.1.12.0/24, 1 successors, FD is 281600
        via Connected, FastEthernet0/0
P 10.1.45.0/24, 1 successors, FD is 281600
        via VPNv4 Sourced (281600/0)
P 10.1.215.0/24, 1 successors, FD is 2195456
        via 10.1.12.1 (2195456/2169856), FastEthernet0/0
R2#

Take a minute to post your thoughts, and as always, happy studies.

It has been a few days, and we have received lots of great ideas.   Thank you.

When R4 receives the routes in VRF v, the EIGRP metrics are copied into extended BGP attributes, and include the information for metric, AS, route-type and more.  The iBGP updates from R4 to R2 contain all those attributes.   When R2 receives the updates, if the route type is internal (from EIGRP attributes) and the source EIGRP AS matches the local EIGRP AS we are importing to, it will then be up to the  metric to determine the best path.

If we decreased the bandwidth statement on R4 Fa0/1, or used an offset list (2,000,000 more should do the trick) on R5 out Fa0/1 (towards R4), the increase in metric would cause R2 to prefer the path through R1 for 5.5.5.0/24 instead of using the MPLS backbone.

BGP updates that contain the cost community attribute will use the EIGRP AD instead of the iBGP AD of 200 to compare routes on metric alone. In that light, another option, would be to tell R2 to ignore cost-community, with the BGP router command:

bgp bestpath cost-community ignore

Let’s take a look at the results.

Here is the baseline for before any changes:

R2#show ip route vrf v | inc 5.5.5
B       5.5.5.0 [200/409600] via 4.4.4.4, 00:02:29
R2#show ip bgp vpnv4 all 5.5.5.0
BGP routing table entry for 1:1:5.5.5.0/24, version 8
Paths: (1 available, best #1, table v)
Flag: 0x820
  Not advertised to any peer
  Local
    4.4.4.4 (metric 21) from 4.4.4.4 (4.4.4.4)
      Origin incomplete, metric 409600, localpref 100, valid, internal, best
      Extended Community: RT:1:1 Cost:pre-bestpath:128:409600 0x8800:32768:0
        0x8801:1:153600 0x8802:65281:256000 0x8803:65281:1500
      mpls labels in/out nolabel/19
R2#

Now we will remove the default behavior

R2(config)#router bgp 234
R2(config-router)#bgp bestpath cost-community ignore

Cleared BGP sessions and routing tables, and waited a minute before the following show commands:

R2#show ip route vrf v | inc 5.5.5
D       5.5.5.0 [90/2323456] via 10.1.12.1, 00:00:08, FastEthernet0/0
R2#show ip bgp vpnv4 all 5.5.5.0
BGP routing table entry for 1:1:5.5.5.0/24, version 8
Paths: (2 available, best #2, table v)
Flag: 0x820
  Advertised to update-groups:
        1
  Local
    4.4.4.4 (metric 21) from 4.4.4.4 (4.4.4.4)
      Origin incomplete, metric 409600, localpref 100, valid, internal
      Extended Community: RT:1:1 Cost:pre-bestpath:128:409600 0x8800:32768:0
        0x8801:1:153600 0x8802:65281:256000 0x8803:65281:1500
      mpls labels in/out 20/19
  Local
    10.1.12.1 from 0.0.0.0 (2.2.2.2)
      Origin incomplete, metric 2323456, localpref 100, weight 32768, valid, sourced, best
      Extended Community: RT:1:1
        Cost:pre-bestpath:128:2323456 (default-2145160191) 0x8800:32768:0
        0x8801:1:665600 0x8802:65282:1657856 0x8803:65281:1500
      mpls labels in/out 20/nolabel
R2#

After setting it back to defaults, we could then try an offset list on R5 advertising to R4:

R5(config)#router eigrp 1
R5(config-router)#offset-list 0 out 2000000 fastEthernet 0/1

Cleared BGP sessions and routing tables, and waited a minute before the following show commands:

R2#show ip route vrf v | inc 5.5.5
D       5.5.5.0 [90/2323456] via 10.1.12.1, 00:06:28, FastEthernet0/0
R2#show ip bgp vpnv4 all 5.5.5.0
BGP routing table entry for 1:1:5.5.5.0/24, version 12
Paths: (1 available, best #1, table v)
Flag: 0x820
  Advertised to update-groups:
        1
  Local
    10.1.12.1 from 0.0.0.0 (2.2.2.2)
      Origin incomplete, metric 2323456, localpref 100, weight 32768, valid, sourced, best
      Extended Community: RT:1:1
        Cost:pre-bestpath:128:2323456 (default-2145160191) 0x8800:32768:0
        0x8801:1:665600 0x8802:65282:1657856 0x8803:65281:1500
      mpls labels in/out 31/nolabel
R2#

After resetting all that, implementing the following on R4, and then clearing BGP and routing, we issue the show commands again.

R4(config)#int fa 0/1
R4(config-if)#bandwidth 100

R2#show ip route vrf v | inc 5.5.5
D       5.5.5.0 [90/2323456] via 10.1.12.1, 00:00:05, FastEthernet0/0
R2#show ip bgp vpnv4 all 5.5.5.0
BGP routing table entry for 1:1:5.5.5.0/24, version 20
Paths: (1 available, best #1, table v)
Flag: 0x820
  Advertised to update-groups:
        1
  Local
    10.1.12.1 from 0.0.0.0 (2.2.2.2)
      Origin incomplete, metric 2323456, localpref 100, weight 32768, valid, sourced, best
      Extended Community: RT:1:1
        Cost:pre-bestpath:128:2323456 (default-2145160191) 0x8800:32768:0
        0x8801:1:665600 0x8802:65282:1657856 0x8803:65281:1500
      mpls labels in/out 23/nolabel
R2#

Thanks again to all who contributed. I encourage all RS candidates to lab this up, as well as practice MPLS with OSPF at the CEs.