Cisco 300-410 Practice Test - Questions Answers, Page 29

From the output, we learn that the current best path is from 10.57.255.11 (which includes "Övalid, confed-external, best") and this path is 2 ASes away (64955 65003). Although there are some paths with only 1 AS away (path from

172.16.254.234 for example) but they were not chosen the best path so AS_PATH was not used to determine the best path -> Answers A and answer C are not correct.

All the paths in the output have metric of 0 and this is the lowest (best) value for this attribute. If we configure higher MED then it is less preferred over other paths -> Answer B is not correct.

Only answer D is left but LOCAL_PREF attribute should be configured with higher value to be preferred so we hope "lower LOCAL_PREF" here means higher value. But this is the best answer.

In this question we are advertising the tunnel IP address 192.168.12.2 to the other side. When other end receives the EIGRP advertisement, it realizes it can reach the other side of the tunnel via EIGRP.

In other words, it reaches the tunnel destination through the tunnel itself -> This causes "recursive routing" error.

Note: In order to avoid this error, do not advertise the tunnel destination IP address on the tunnel interface to other side.

Good recursive routing reference: https://networklessons.com/cisco/ccie-routingswitching/gretunnelrecursive-routing-error

To avoid having to rebuild the LDP session altogether, you can protect it. When the LDP session between two directly connected LSRs is protected, a targeted LDP session is built between the two LSRs. When the directly connected link does go down between the two LSRs, the targeted LDP session is kept up as long as an alternative path exists between the two LSRs.

For the protection to work, you need to enable it on both the LSRs. If this is not possible, you can enable it on one LSR, and the other LSR can accept the targeted LDP Hellos by configuring the command mpls ldp discovery targeted-hello accept.

Reference: https://www.ccexpert.us/mpls-network/mpls-ldp-session-protection.htmlOr from the referenceat https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/5eU6DfQV/TECMPL-3201.pdfTroubleshooting LDP IssuesProblem:

I. When a link flaps (for a short time),

ÖS olution:

+ When LDP session supported by link hello is setup, create a targeted hello to protect the session.

In the "crypto isakmp key Ö address " command, the address must be of the IP address of the other end (which is 200.1.1.3 in this case) so Option A and Option B are correct. The difference between these two options are in the hash SHA or MD5 method but both of them can be used although SHA is better than MD5 so we choose Option A the best answer.

Note: Cisco no longer recommends using 3DES, MD5 and DH groups 1, 2 and 5.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_imgmt/configuration/xe-16-5/sec-ipsec-management-xe-16-5-book/sec-ipsec-usability-enhance.html

The DHCPv6 Guard feature blocks reply and advertisement messages that come from unauthorized DHCP servers and relay agents.

Packets are classified into one of the three DHCP type messages. All client messages are always switched regardless of device role. DHCP server messages are only processed further if the device role is set to server. Further processing of server messages includes DHCP server advertisements (for source validation and server preference) and DHCP server replies (for permitted prefixes).

If the device is configured as a DHCP server, all the messages need to be switched, regardless of the device role configuration.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-3s/ip6f-xe-3sbook/ip6-src-guard.html

distance (AD Number u want to change to) (neighbor IP) (Wildcard Mask) (access-list number)