Home > Ticket 6 – VLAN filter

Ticket 6 – VLAN filter

May 1st, 2018 in TSHOOT v2 Go to comments

Client 1 is not able to ping the server. Unable to ping DSW1 or the FTP Server(Use L2 Diagram).

Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3

Configuration on DSW1
vlan access-map test1 10
action drop
match ip address 10
vlan access-map test1 20
action drop
match ip address 20
vlan access-map test1 30
action forward
match ip address 30
vlan access-map test1 40
action forward
!
vlan filter test1 vlan-list 10
!
access-list 10 permit 10.2.1.3
access-list 20 permit 10.2.1.4
access-list 30 permit 10.2.1.0 0.0.0.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0

Ans1) DSW1
Ans2) VLAN ACL/Port ACL
Ans3) Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

Note: After choosing DSW1 for Ans1, next page (for Ans2) you have to scroll down to find the VLAN ACL/Port ACL option. The scroll bar only appears in this ticket and is very difficult to be seen. Also make sure you choose DSW1 (not ASW1) for the first question as there is also “VLAN ACL/Port ACL” option for answer 2 if you choose ASW1 but it is wrong.

Nirmala
Comments (30) Comments
Comment pages
1 11 12 13 14 15 24 24
  1. Cindy
    November 29th, 2014

    @nghialq:
    use no vlan filter test1 vlan-list 10 command

  2. nghialq
    December 1st, 2014

    @Cindy: tks alots

  3. mushido
    December 5th, 2014

    i think there is still a bug in this ticket because it is not possible to ping the webserver from dsw1 with source ip 10.2.1.1 which is not blocked by the vlan acl

  4. George
    December 5th, 2014

    mushido:
    DSW1#ping
    Protocol [ip]:
    Target IP address: 209.65.200.241
    Repeat count [5]:
    Datagram size [100]:
    Timeout in seconds [2]:
    Extended commands [n]: y
    Source address or interface: 10.2.1.1
    Type of service [0]:
    Set DF bit in IP header? [no]:
    Validate reply data? [no]:
    Data pattern [0xABCD]:
    Loose, Strict, Record, Timestamp, Verbose[none]:
    Sweep range of sizes [n]:
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 209.65.200.241, timeout is 2 seconds:
    Packet sent with a source address of 10.2.1.1
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 17/41/59 ms

  5. Alif
    December 7th, 2014

    can anybody please explain me whats going with TT 6 and 7? i can’t practice it in PT.what will help me to get ride of those TT?

  6. Buddy
    December 7th, 2014

    Alif:
    Pls carefully read provided PT TSHOOT “Read me first File” (included within the PT TSHOOT .zip file) – it answers your questions and problems.
    However FYI – just in short:
    TT 7 Works just perfect and with absolutely NO problems within the current PT 6.1 release (as opposed to the GNS3 emulator, that do not manage this ticket at all) – while the provided TT 6 is “faked” within the current PT 6.1 release, just as mentioned within the readme file!
    Therefore, ALWAYS read your Users Guide, BEFORE operating a given Product…
    Thank you.

  7. Alif
    December 7th, 2014

    @Buddy..thnx a lot.can you tell me something about IP Addressing in real exam?is it like how i got here? or it vary all the time?
    thnx in advance

  8. Buddy
    December 7th, 2014

    Yes Alif, IP Addressing @ real exam is like how we gets them here – No problem with this, but pls be aware, that the IP Helper address on DSW1 is 10.1.21.129/27 pointing towards an up/up Loopback I/F IP add. on EIGRP Neighbor: R4 – and Thus NOT: 10.1.4.5 (the upper R4 LAN I/F add) as some (odd) Strategies claims!
    Therefore pls forget about all theese unprecise strategies arround, and instead rely on your OWN Troubleshooting Skills and know how, obtained by hard Work, practicing and Study!!!
    It Count MOST in the long run, I’ll promise you!!!
    Good luck on exam!

  9. Passed
    December 10th, 2014

    I believe everyone is correct on this post. Depending on which exam you happen to receive. I passed with a 1000/1000, however this would not have been possible had I not read about the DSW1 VLAN Access-Map bug. I too encountered this and actually had to choose ASW1 to get the following 2 remaining answers..

    Ans2) VLAN ACL/Port ACL
    Ans3) Under the global configuration mode enter no vlan filter test1 vlan-list 10 command

    On my test the vlan filter test1 vlan-list 10 was indeed on DSW1, the test allowed you to choose DSW1 but on the corresponding second question, the only thing that came close to an answer was VLAN Access…So being that this was the last ticket I worked on, and knowing that I had gotten the other 12 correct I took a shot and it paid off with a perfect score.

  10. Jack
    December 10th, 2014

    @Passed
    Congrat’s on your exam, and thank’s for the update!
    Hmm – it’s simply INCREDIBLE (and a little sad too) that this can be be true, I think…
    So, let’s hope that the upcoming new CCNP 3XX exams has got a little more quality in terms of theese kind of issues within the Tickets @ exam – Right!?

  11. Richard
    December 10th, 2014

    Hello,
    I was a bit confused on troubleticket 6 because on DSW1 portchannel 23 is suspended. So I was looking the wrong way :(
    Also what I find confusing is that the gateway of the clients is not the HSRP address 10.2.1.254 but instead 10.2.1.1 the interface IP address of DSW1 vlan 10

  12. Buddy
    December 10th, 2014

    Richard:

    Which TSHOOT Simulator / Tool are you referring to regarding your TSHOOT issues described above?

    As for The Packet Tracer TT # 6 present here – the “Default Gateway” for the Clients is still 10.2.1.254 (the HSRP Standby addr on DSW1) regardless of the (“faked”) vlan filter on this device, and the two DSW1 trunks: po13 & 23 should also Work just normal within the Packet Tracer TT # 6 present here!? (hopefully)…

    But perharps you’ve noticed the issues mentioned above within another TSHOOT Simulator or Tool somewhere on the @?

  13. Buddy
    December 11th, 2014

    Richard:
    Sorry – DSW1 is controlling Po13 (towards ASW1) and Po14 (Towards ASW2) – but still they work just normal within this TT # 6 Lab just like Po14 and Po24 does within the PT Lab present!? – (As far as I can see!?)

  14. Richard
    December 11th, 2014

    Sorry I meant Po23 on ASW1 towards DSW2 is suspended. I did not use packettracer but the premium user lab on the website:
    https://www.networktut.com/flash_tickets_real/Ticket6/ml_ticket6.html
    You also see the default gateway on the clients pointing to 10.2.1.1

  15. Buddy
    December 11th, 2014

    OK Rich, I’m sorry that I can’t help you with indeed this problem, since I’ve not got any access to that specific Simulator (I’m currently not a “premium” member there) – So you’ll probably need to get a dialouge with the Net Tut Guys about it, I believe!?
    However if you’ll like to try out the PT version of the Ticket, you’re more than welcome for this, but you’ll need to know that the PT Ticket # 6 is just “faked” (as good as possible), since the PT 6.1 Simulator do not support VACL’s at the moment – (just like the GNS3 emulator) – unfotunatly…

  16. Alif
    December 15th, 2014

    done withe TSHOOT today…1000/1000
    i got this TT and the bug has been fixed….. you have to select DSW1.
    the vlan filter test1 is in DSW1 so thats the ans

  17. morad
    December 16th, 2014

    Please help me
    What is the correct answer
    1/ Under the global configuration mode enter no vlan filter test1 vlan-list 10 command
    or
    2/ Under the global configuration mode enter no vlan access-map test1 10 command

  18. Jimmy
    December 16th, 2014

    1/ is the correct answer

  19. hassan
    December 20th, 2014

    Hello all
    please i need help
    what is the strategy that help me to determine vlan filter ticket in exam?

  20. 6 hours to my exam
    December 22nd, 2014

    hello everyone,

    i bought pass4sure to take my 642-832 exam, In VLAN FILTER third question solution is

    Under the global configuration mode enter no vlan access-map test1 10 command
    but in networktut the answer is

    Under the global configuration mode enter no vlan filter test1 vlan-list 10 command

    which one do you want me to choose?

    please help me what is the correct answer…….?

    looking forward to your ASP reply!

  21. Minh
    December 22nd, 2014

    Dear 6 hours to my exam,

    As Jimmy replied on December 16th, 2014, the best answer is :”enter no vlan filder test1 vlan-list 10″

    Thanks

  22. Jimmy
    December 22nd, 2014

    Thx for some GOOD assistance Minh! :)

    @All:

    Yep, as Minh suggests above – Pls study usefull info + tips & tricks etc. within info pages and Post’s here FIRST – Then – if negative, pls ask all your (relevant) questions on the relevant Tut Forums!

    This is because, MOST answers to your various TSHOOT questions are already here (SEVERAL times moreover) on the relevant Netw Tut pages and Forums!!!

    Thx Guys!

  23. 6 hours to my exam
    December 22nd, 2014

    thanks Dear Minh. i really appreciate that!

  24. 6 hours to my exam
    December 22nd, 2014

    I have a exam at 10:30, please pray for me everyone!

  25. 6 hours to my exam
    December 22nd, 2014

    Hello everyone, i passed my exam today, thanks from everyone, especially from Jimmy for given me ASP reply!

  26. Jimmy
    December 23rd, 2014

    Congrats 6 hours! :)

  27. Heba
    December 30th, 2014

    passed yesterday 945
    i got a bug in this ticket and i had to choose ASw1 not Dsw1
    thanks networktut u r amazing

  28. Kamlesh Yadav
    December 31st, 2014

    Thanks networktut..you guys rock…passed today..got 13 labs..no ip helper and no eigrp wrong AS TT…1 MCQ and 2 DD…DDs are similar to networktut wordings are different but easy to guess…followed khattak strategy, naren flowchart and youtube videos of gns3 talk…no dumps required for tshoot..follow all this and have faith in yourself…once again thanks to God And networktut….
    In vlan access map..u wont get option of vlan access filter when you select DSW1…i think its bug in exam..all the best guys!!!!!

  29. Saif
    January 2nd, 2015

    In my Exam, Vlan filter ticket – I selected DSW1 device, next page you have to scroll down to find the VLAN ACL/Port ACL option. Very easy

  30. Sam
    January 2nd, 2015

    Hi All,
    Done the exam with 1000/1000
    As I always say, trust networktut 100% and all are valid.
    My advice is dont waste your time and refer networktut, TSHOOT_Strategy_by_Khattak, Tshoot Flow Chart by Naren and Igor dump.
    Really easy exam and you can do it within two days, you can do before 29th Jan without wasting time.
    I got 2 MCQ, 1 D&D and 13 TTs – No EIGRP Wrong AS and IP Helper address.
    Thanks a lot networktut, Khattak, Naren.
    Now I am CCNP….
    Cheers….!

Comment pages
1 11 12 13 14 15 24 24