Home > Ticket 6 – VLAN filter

Ticket 6 – VLAN filter

May 1st, 2018 in TSHOOT v2 Go to comments

Client 1 is not able to ping the server. Unable to ping DSW1 or the FTP Server(Use L2 Diagram).

Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3

Configuration on DSW1
vlan access-map test1 10
action drop
match ip address 10
vlan access-map test1 20
action drop
match ip address 20
vlan access-map test1 30
action forward
match ip address 30
vlan access-map test1 40
action forward
!
vlan filter test1 vlan-list 10
!
access-list 10 permit 10.2.1.3
access-list 20 permit 10.2.1.4
access-list 30 permit 10.2.1.0 0.0.0.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0

Ans1) DSW1
Ans2) VLAN ACL/Port ACL
Ans3) Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

Note: After choosing DSW1 for Ans1, next page (for Ans2) you have to scroll down to find the VLAN ACL/Port ACL option. The scroll bar only appears in this ticket and is very difficult to be seen. Also make sure you choose DSW1 (not ASW1) for the first question as there is also “VLAN ACL/Port ACL” option for answer 2 if you choose ASW1 but it is wrong.

Nirmala
Comments (17) Comments
Comment pages
1 22 23 24 24
  1. Test again!
    December 21st, 2019

    I also got this as the first ticket in my exam and I couldn’t find the VLAN ACL option when I chose DSW1. I wasted almost 30 mins of my time looking for other issues and finally ended up not finishing the exam and failed. :( Can someone help please on this question before I reattempt again?

  2. KnownIssue
    December 25th, 2019

    VACLs work only within the same vlan so only if the server is in the same vlan as client 1 will the VACL have meaningful application and in that case ASW1 would be more the option than DSW1, I guess.

  3. grizo
    December 31st, 2019

    Apparently there’s a new version of this ticket on this same site (shared .zip file)

    DSW1:
    interface Vlan10
    description Client VLAN from ASW1
    mac-address 00e0.a3e3.3901
    ip address 10.2.1.1 255.255.255.0
    ip helper-address 10.1.21.129
    ip access-group Test1 in *****************************
    standby version 2
    standby 10 ip 10.2.1.254
    standby 10 priority 150
    standby 10 preempt
    standby 10 track FastEthernet0/1

    ip access-list standard Test1
    deny host 10.2.1.3 *********** This is the cause, PC1 is denied
    deny host 10.2.1.4
    permit 10.2.1.0 0.0.0.255

    Solution:

    DSW1#conf t
    DSW1(config)#ip access-list standard Test1
    DSW1(config-std-nacl)#no deny host 10.2.1.3
    DSW1(config-std-nacl)#end
    DSW1#wr

  4. Anonymous
    January 2nd, 2020

    @ known issue read the note above

    Note: After choosing DSW1 for Ans1, next page (for Ans2) you have to scroll down to find the VLAN ACL/Port ACL option. The scroll bar only appears in this ticket and is very difficult to be seen. Also make sure you choose DSW1 (not ASW1) for the first question as there is also “VLAN ACL/Port ACL” option for answer 2 if you choose ASW1 but it is wrong.

  5. Rick
    January 15th, 2020

    @Test again! have you take the test again? did you had same question when you retake the test?

  6. shashi
    January 23rd, 2020

    hi , How do we know which ticket we got in the exam

  7. ASIN
    January 25th, 2020

    How do we know the real questions and also the specific commands? Is this not premium?

  8. Test again
    January 31st, 2020

    @Rick. I took the exam today and had the same question with same bug. Had to choose ASW1 as only it had VACL option. I lost marks just because of that 1 question. Its weird Cisco isnt aware of the bug.

  9. gazaaa
    February 1st, 2020

    Passed today with a score of 9xx.
    All MCQ frio November are still valid.
    One issue is that I got ticket number 6 but the answer was not showing as expected.I couldn’t find the option to remove the VLAN filter. That where I lost the points but everything else was 100% correct.
    Got the BGP and HSRP sims and 2 IPV6 tickets.

  10. kalger
    February 4th, 2020

    @gazaaa
    I had the same problem. When you are stressed, you don’t think about this shit hidden answer.
    Anyway I passed also with 84x, everything from this site. BGP sim has different IP-s, but same solution.

  11. ASR1
    February 8th, 2020

    Hello,

    Can anyone say about this question bug? Is it still there or there is no bug now?

  12. Bayolo
    February 9th, 2020

    Hello,
    There is no error, but you have to scroll down to find the correct answer

  13. ASR1
    February 9th, 2020

    @Bayolo thanks, you were right, you need to scroll down to find that correct answer.

    thanks for everyone i passed the exam

  14. viribus
    February 10th, 2020

    Hello,

    The solution in this ticket is the right one, just be careful when checking the possible answers and scroll down to find the solution.

  15. Auto
    February 11th, 2020

    21. Ticket 2 IP NAT

    TROUBLE TICKET STATEMENT:
    The implementation group has been using the test bed to do a ‘proof-of-concept’ that required both client 1 and client 2 to access the Web Server at 209.65.200.241. After several changed to interface status, network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been opened indicating that client 1 cannot ping the 209.65.200.241 (internet Server).
    The following information needs yourself show run:
    Client 1 and Client 2 are not able to reach the WebServer at 209.65.200.241.
    Initial troubleshooting shows
    that DSW1, DSW2 and all the routers are able to reach the WebServer.
    Configuration on R1
    ip nat inside source list nat_pool interface s0/0/1 overload
    ip access-list standard nat_pool
    permit 10.1.0.0
    permit 10.2.0.0
    !
    interface Serial0/0/1
    ip address 209.65.200.225 255.255.255.252
    ip nat inside
    !
    interface Serial0/0/0.12
    ip address 10.1.1.1 255.255.255.252
    ip nat inside
    ip ospf message-digest-key 1 md5 TSHOOT
    ip ospf authentication message-digest

    On Which device is the fault condition located?

    R1
    R2
    R3
    R4
    DSW1
    DSW2
    ASW1
    Question was not answered

    Explanation:

    Clients 1 and 2 belong in the 10.2.0.0 subnet, as if you observe the NAT configuration you will notice that only 10.1.0.0 are specified in the NAT pool. Clients 1 and 2 are not being translated when they should be. The problem is with the NAT configuration on R1.

    22. The Fault Condition is related to which technology?

    BGP
    NAT
    IP NAT
    IPv4 OSPF Routing
    IPv4 OSPF Redistribution
    IPv6 OSPF Routing
    IPv4 layer 3 security

  16. Anonymous
    February 16th, 2020

    @Auto

    21’s answer is R1. Because of the ip nat inside command.
    22’s answer is IP NAT.

  17. VTPv3
    February 21st, 2020

    Labs and dumps are still valid. Thanks networktut!

Comment pages
1 22 23 24 24