Home > Ticket 6 – VLAN filter

Ticket 6 – VLAN filter

March 25th, 2015 in TSHOOT v2 Go to comments

Client 1 is not able to ping the server. Unable to ping DSW1 or the FTP Server(Use L2 Diagram).

Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3

Configuration on DSW1
vlan access-map test1 10
action drop
match ip address 10
vlan access-map test1 20
action drop
match ip address 20
vlan access-map test1 30
action forward
match ip address 30
vlan access-map test1 40
action forward
!
vlan filter test1 vlan-list 10
!
access-list 10 permit 10.2.1.3
access-list 20 permit 10.2.1.4
access-list 30 permit 10.2.1.0 0.0.0.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0

Ans1) DSW1
Ans2) VLAN ACL/Port ACL
Ans3) Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

Note: After choosing DSW1 for Ans1, next page (for Ans2) you have to scroll down to find the VLAN ACL/Port ACL option. The scroll bar only appears in this ticket and is very difficult to be seen. Also make sure you choose DSW1 (not ASW1) for the first question as there is also “VLAN ACL/Port ACL” option for answer 2 if you choose ASW1 but it is wrong.

Nirmala
Comments (38) Comments
Comment pages
1 11 12 13 24
  1. Just missed
    September 17th, 2017

    Failed by 6 marks. (840/1000) today…
    All tickets are valid… But, this question does have correct answer. When we selecy DSW1, VLAN ACL is not avalilable under second option. I answered all others Q s correctly , but failed… Don’t know how Cisco evaluate the answers…
    @networktut any idea ???

  2. Anonymous
    September 18th, 2017

    @just missed :( sorry to hear that bro
    PORT ACL option is available instead of VLAN ACL ?

  3. Brozzo
    September 18th, 2017

    Can someone explain the problem with “vlan filter test1 vlan-list 10” statement

  4. 786DE
    September 19th, 2017

    its actually ” NO VLAN FILTER TEST1 VLAN-LIST 10″ where you are removing the whole ACL “TEST1” on VLAn 10, which blocking the both clints (10.2.1.3 & 10.2.1.4).
    The ACL which is here mentioned is not complete, in runing-config you will find:

    ip access-list standard Test1
    deny host 10.2.1.3
    deny host 10.2.1.4
    permit 10.2.1.0 0.0.0.255

    where you can clearly notice that both IP address are denied.

  5. InABadMoodToday
    September 19th, 2017

    I have taken this exam twice in two weeks and failed both times. When was the last time this was updated? I have searched all over and keep finding the same information which seems to have been updated at least a month ago.

  6. Just missed
    September 23rd, 2017

    @badmood Did you got tge same Qs both the time you failed or do they change questions if you failed once?

  7. Just missed
    September 23rd, 2017

    @ano No VLAN ACL or PORT ACL was not available with the answers !

  8. Dave
    September 28th, 2017

    They say you have to scroll down to find the VLAN ACL/PORT ACL option. Did you do that?

  9. Adam
    October 9th, 2017

    When you fail the first exam, the questions change….
    Prepare for the exam by using a test LAB.
    If you gain the CCNP certificate, you should be smart enough to troubleshoot any routing or switching issue.
    Don’t base only on Networktut…
    Good luck everyone.

  10. Nigel
    October 17th, 2017

    instead of deleting” vlan filter test1 vlan-list 10 ” would it no be the same effect if we just delete “vlan access-map test1 10”? This question was also on last weeks test which I failed.

  11. Jay
    October 17th, 2017

    I agree with Nigel’s comment. Both statements are there in “sh run” and looks like both can be used but not sure which one to choose from exam perspective. Networktut Please suggest the best solution on this ASAP.

  12. gangwar
    October 19th, 2017

    if u see scroll bar, u will select vlan acl / port acl , u get easy 1 question lol

  13. PJ
    October 20th, 2017

    @Networktut, is the ACL for this ticket correct in the run configuration. I check the run configuration and both client IP’s are being allowed

  14. Anonymous
    October 21st, 2017

    hi, how to verify there is a vlan filter without looking on the running configuration?
    show vlan filter is not working

  15. Luigi
    October 23rd, 2017

    You can use

    show run | section vlan access-map
    show run | include vlan filter

  16. Mohan
    November 12th, 2017

    Please suggest, is the answer “no vlan access-map test1 10” or “no vlan filter test1 vlan-list 10” ?. Please suggest.

  17. Sho
    November 13th, 2017

    Is the answer really “no vlan filter test1 vlan-list 10”?
    From the result it is highly probable that “no vlan access-map test1 10” is the correct answer

  18. Anonymous
    November 14th, 2017

    Hi people,

    Agree with @786DE, i dont see that vlan access-map test1 10 in the PKT file downloaded.

    I just see the two host denied and no more.

    ip access-list standard Test1
    deny host 10.2.1.3
    deny host 10.2.1.4

  19. ebiebi
    November 15th, 2017

    Even if ASW 1 is selected, port / ACL and VLAN ACL / Port ACL can not be selected. Of course, you can not select no vlan filter test 1 vlan-list 10 command. What shall we do?

  20. Anonymous
    November 15th, 2017

    Just passed today *phew* and the VLAN ACL option is there, you do however have to scroll down for it. I got that as my second question and was stuck on it for 10 minutes trying to find it and then i realized it was just further below the screen and was able to scroll down to it.

    FWIW I re-upped today using only this website. I was very nervous as the last time i got my CCNP i had taken the route and switch exams so it was all very familiar to me when i took this exam. However this time around I decided to do t-shoot again and most of it wasn’t nearly as familiar to me. I did get one wrong – whatever “infrastructure” is and everything looked familiar to me so I am not quite sure what I got wrong. But a pass is a pass and for anyone wanting to know, all you need is to be a premium member of this site.

  21. Nemo
    November 21st, 2017

    Hi Anonymous,

    Did you have the 5 drag n drops questions? Please share. Thanks.

  22. ebiebi
    November 22nd, 2017

    To networktut
    I confirmed show run of DSW 1 and found that there was an error in the setting of vlan-filter. However, even if DSW 1 is selected, port ACL / VLAN ACL can not be selected. There was a choice between port ACL / VLAN ACL on ASW 1 and ASW 2 without vlan-filter setting. Is cisco mistake a mistake? I received it three times, but it was the same. Is networktut’s answer incorrect?

  23. networktut
    November 22nd, 2017

    @ebiebi: As we mentioned: “Note: After choosing DSW1 for Ans1, next page (for Ans2) you have to scroll down to find the VLAN ACL/Port ACL option. The scroll bar only appears in this ticket and is very difficult to be seen.”

  24. ebiebi
    November 24th, 2017

    It is not an answer. Only ASW 1 and ASW 2 have VLAN ACL / Port ACL option. DSW 1 has no option of VLAN ACL / Port ACL option. This is clearly a mistake made by CISCO company. What kind of opinion does networktut have?

  25. Stuck again
    December 1st, 2017

    ebiebi I see the same issue on my last 2 attempts. under DSW1 you can not answer it correctly with port acl/VLAN ACL but I see it on ASW1.

  26. Sal97
    December 5th, 2017

    This answer is correct. The access lists are written so that the VLAN access map has something to match, then it can drop or forward that matched traffic based on which action was configured. The access map above is blocking 10.2.1.3 and 10.2.1.4, then forwarding everything else in 10.2.1.0/24. The reason this happens is the sequence numbers in the VLAN access map.

  27. dds
    December 5th, 2017

    This kind of question and forced answer bothers me, because two answers will accomplish the goal of permitting Client1 to reach the Server (209.65.200.241)…

    ‘no vlan access-map test1 20’ will allow Client1 to reach the server, but still deny Client2.
    ‘no vlan filter test1 vlan-list 10’ will completely remove the vlan filter from vlan 10, therefore permitting all clients to reach the server.

    But when I read the problem/question “…a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address…”, it makes me want to only address the issue for Client1… what if Client2 is supposed to be blocked? Vagueness sucks.

  28. dds
    December 5th, 2017

    Ok, disregard my last comment, I didn’t read carefully enough; @iamawarrior provided clarification here: https://www.networktut.com/ticket-6 (9/16/2017).

  29. Greg
    December 6th, 2017

    Hello I had the same problem, yesterday, fortunately I passed anyway. I had no option port acl /VLAN ACL
    In my result the only problem was layer 2, and I knew it because I had to select ANS1 instead of DSW…. that is for sure a cisco Problem, same issue 2 month ago when I failed…

  30. Anonymus
    December 9th, 2017

    PROBLEM SOLVED FOR ANSWER MISSING: https://imgur.com/a/xGA6P

    networktut November 22nd, 2017
    @ebiebi: As we mentioned: “Note: After choosing DSW1 for Ans1, next page (for Ans2) you have to scroll down to find the VLAN ACL/Port ACL option. The scroll bar only appears in this ticket and is very difficult to be seen.”

  31. Fattah RazzaqghanimughnI
    January 4th, 2018

    The lab sim is wrong again, the correct answer should be:
    Ans1) DSW1
    Ans2) ip access-group . ip access-list
    Ans3) enter to “interface vlan 10”, execute command “no ip access-group Test1 in”

  32. Anonymous
    January 6th, 2018

    To Networktut
    can u please confirm comment by Fattah RazzaqghanimughnI on January 4th, 2018? is TT6 still up to date? I will be taking exam next week. Appreciate if you can confirm asap. Thanks!

  33. mjse
    January 6th, 2018

    To Networktut
    can u please confirm comment by Fattah RazzaqghanimughnI on January 4th, 2018? is TT6 still up to date? I will be taking exam next week. Appreciate if you can confirm asap. Thanks!

  34. networktut
    January 7th, 2018

    @mjse: This ticket is still valid!

  35. iissd
    January 11th, 2018

    Someone has an updated dump(300-135) and can send me({email not allowed}).
    Please. Thanks.

  36. Carter
    January 11th, 2018

    Hy,
    some people tell me, that the exam in new year 2018 are changed…
    it is correct? or the ticket that are in this page are still current…

    thank you v m

  37. Musm
    January 15th, 2018

    failed for the second time today , this ticket still valid I did as below but not sure if it was the right answer . removing the vlan access-map test1 20 would also solve the Problem
    Ans1) DSW1
    Ans2) VLAN ACL/Port ACL
    Ans3) Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

  38. Anika
    January 17th, 2018

    About 90% questions are from dumpsgator. One thing you need to pay attention is the questions are rephrased in the real exam. And btw selections are jumbled so you must remember the answer itself not the letter of choice.
    You can read and download the 300-135 question answers dumps here: https://dumpsgator.com/download-300-135-braindumps-questions.html

Comment pages
1 11 12 13 24