Home > Ticket 6 – VLAN filter

Ticket 6 – VLAN filter

May 1st, 2018 in TSHOOT v2 Go to comments

Client 1 is not able to ping the server. Unable to ping DSW1 or the FTP Server(Use L2 Diagram).

Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3

Configuration on DSW1
vlan access-map test1 10
action drop
match ip address 10
vlan access-map test1 20
action drop
match ip address 20
vlan access-map test1 30
action forward
match ip address 30
vlan access-map test1 40
action forward
!
vlan filter test1 vlan-list 10
!
access-list 10 permit 10.2.1.3
access-list 20 permit 10.2.1.4
access-list 30 permit 10.2.1.0 0.0.0.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0

Ans1) DSW1
Ans2) VLAN ACL/Port ACL
Ans3) Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

Note: After choosing DSW1 for Ans1, next page (for Ans2) you have to scroll down to find the VLAN ACL/Port ACL option. The scroll bar only appears in this ticket and is very difficult to be seen. Also make sure you choose DSW1 (not ASW1) for the first question as there is also “VLAN ACL/Port ACL” option for answer 2 if you choose ASW1 but it is wrong.

Nirmala
Comments (30) Comments
Comment pages
1 12 13 14 15 16 24 24
  1. Raghava
    January 3rd, 2015

    Hey guys, I cleared tshoot exam today with 1000.For this lab I selected DSW1 device and VLAN ACL/Port ACL
    Network tut labs all are valid and not getting eigrp wrong as number and Ip helper address.

  2. OldRick
    January 3rd, 2015

    Have to pass exam on jan 6, 2015. Get Ambiguity for ticket 6 Vlan filter It’s like Ok for me DSW1, Vlan ACL/Port ACL but for the solution another simulator give me to enter ‘no vlan access-map test1 10’ instead of Ticket 6 solution ‘no vlan filter test 1 vlan-list 10’.
    Raghava you pass the exam today what do you think?

  3. John
    January 4th, 2015

    Although just asking user: Raghava – I would personally suggest to select:

    ‘no vlan filter test 1 vlan-list 10′

    in conn with this TT6 A3

  4. OldRick
    January 6th, 2015

    Just get TSHOOT 1000/1000 you right John Thank’s .TT6 A3 ‘no vlan filter test 1 vlan-list 10′

  5. John
    January 6th, 2015

    Congrats on exam OldRick! :)

  6. Nuno
    January 6th, 2015

    hi guys!
    networktut is really great!
    just one detail, is this the only configs we see on the exam for each lab or there we see the full configs of all the devices?

    really appreciate your answers :)

    thanks!

  7. noname
    January 10th, 2015

    you will be able to see full configs

  8. Gharui
    January 10th, 2015

    Hi
    I need some help with Ticket 6 – VLAN filter please.

    According to pass4sure the answer should be
    a) DSW1
    b) VLAN ACL / Port ACL
    c) Under the global configuration mode enter ‘no vlan access-map test1 10’ command.

    However, I have noticed the following difference on this website.
    c) Under the global configuration mode enter ‘no vlan filter test1 vlan-list 10’ command.

    I understand it does the job anyway. Although for exam purposes any advice please.

  9. Tshoot Man
    January 13th, 2015

    @Gharui:
    The access-map test1 is an object that gets called in the VACL syntax.
    Therefore, I believe we would not be able to remove the access-map unless we delete the access-map from the VACL syntax list.
    Hence the below option is correct.

    c) Under the global configuration mode enter ‘no vlan filter test1 vlan-list 10′ command.

    @All exam takers:
    Any comments

  10. DJG
    January 15th, 2015

    The L2 topology shows the client 1 with IP 10.2.1.4 which is referenced by access-list 20:

    access-list 20 permit 10.2.1.4

    And access-list 20 is referenced by:

    vlan access-map test1 20
    action drop
    match ip address 20

    So the correct answers should be:

    1. no vlan access-map test1 20 (remove sequence 20 from the VACL)

    or

    2. no vlan filter test1 vlan-list 10 (remove the VACL completely from VLAN 10

    I will take this exam this coming Sunday, Jan 18th.

    Cheers!

  11. Tshoot Man
    January 16th, 2015

    @DJG:
    Please Note: We need to remove the vlan filter since the removal of vlan access map would not rectify the gateway issue faced for the Client 1.

  12. @DJG
    January 16th, 2015

    you cannot remove or modify only the sequence, the entire access-map has to go away.

  13. Tshoot Man
    January 16th, 2015

    @DJG: Bro I would suggest go with the vlan filter.
    All the best.
    I am taking the exam tomorrow.
    Would update you all.

  14. Anonymous
    January 16th, 2015

    Hi Guys, is there any changes to the DSW1 TT? I was informed that the TT question was changed. any update please.

  15. Amber
    January 18th, 2015

    Hey guys

    in the exam for each TT do you get the line for example – “1.Client is unable to ping R1’s serial interface from the client.” as a brief description saying what general problem is?

    also are answers Ans1, 2 and 3 on each TT page on this site exact wording as choices given in exam?

  16. Arshad
    January 18th, 2015

    TSHOOT Tickets: When IP addresses [10.2.x.x] on Clients are assigned: Follow below flowchart

    IF From Client1:
    PING to 209.65.200..226,OK? —Yes>>> BGP Neighbor on R1
    |
    No
    |
    IF Ping to 10.1.1.1,OK?—Yes>>> Ping from R1 to server, OK?–Yes>>>NAT ACL on R1
    | |
    No No>>>ACL permit on R1
    |
    IF ping to 10.1.1.2,OK?—Yes>>>OSPF Auth on R1
    |
    No
    |
    IF ping to gateway,OK?—Yes>>>PING to f0/0 on R4, OK?—Yes>>>IF ping to s0/0 on R4, OK?
    | | |
    No No No
    | | |
    VACL on DSW1 Passive Interface on R1 then, EIGRP AS, correct?
    | |
    No Yes
    | |
    Correct AS Correct Redis-
    on R4 tribute on R4

  17. Tshooter
    January 19th, 2015

    passed today with 1000/1000.
    3rd answer I selected was: no vlan filter test1 vlan-list 10

  18. Shana
    January 19th, 2015

    Which device?

  19. Ken
    January 20th, 2015

    I got 1000/1000 ytd, thanks networktut!

    Lucky I can find the scoll bar to select vlan filter in DSW!

  20. Sunny
    January 21st, 2015

    hello all which ANS is correct for this question ?
    in dumps :- no vlan filter test1 vlan-list 10 or in networktut no vlan filter test1 vlan-list 10
    plz check and share the correct ans with reason plz

  21. Sunny
    January 21st, 2015

    sorry for
    hello all which ANS is correct for this question ?
    in dumps :- no vlan filter test1 vlan-list 10 or in networktut no vlan filter test1 vlan-list 10
    plz check and share the correct ans with reason plz

  22. sachin
    January 22nd, 2015

    guys, which ANS is correct for this question ?
    in dumps :- no vlan access-map test1 10 ***

    or

    in networktut no vlan filter test1 vlan-list 10
    plz share the correct ans with reason plz…………..

  23. JRK
    January 22nd, 2015

    Hi Guys,
    Although i have asked the same question under FAQs and share your thoughts, but now i think –
    Removing vlan filter test1 vlan-list 10, will work perfectly.

    Case1 – remove vlan access-map test1 10.
    Vlan filter will look for 10 which you have removed so it will drop everything (Implicit deny).

    Case2 – remove vlan filter test1 vlan-list 10

    vlan access-map test1 10.
    vlan access-map test1 20. — these both will drop packets from both clients BUT
    vlan access-map test1 30 Will pass packets for both clients.

    So removing vlan filter test1 vlan-list 10 will work as per requirement.

    Anyone want to correct anything?

  24. Anonymous
    January 22nd, 2015

    NOTE:########:NOTE:
    On DWS1 there is no bug on access list filter, if you select DWS1 on the technology you must scroll down to select VLAN ACL/Port ACL .. I almost made the same mistake by going ad selecting ASW1!

  25. Sunny
    January 22nd, 2015

    hi JRK,

    thanks but i need to clear bit more in regarding concern ….

    1:- in a Vlan access-map test1 10, 20, 30 are sequence no. only…. not mean it for vlan 10, 20, 30.

    but vlan filter test1 vlan-list1 10 mean it will work for vlan 10 traffic correct.

    2:- question is ” Client 1″ is not able to ping the server………

  26. Anonymous
    January 22nd, 2015

    Yep i passed the test today 1000/1000 and ive selected
    Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

  27. Alexander
    January 22nd, 2015

    Estou na duvida agora…..

    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/commmand/reference/3750cr/cli3.html#wpxref89966

    Switch(config)# vlan access-map vac1

    Switch(config-access-map)# match ip address acl1

    Switch(config-access-map)# action forward

    This example shows how to delete VLAN map vac1:

    Switch(config)# no vlan access-map vac1

  28. JRK
    January 23rd, 2015

    @ Sunny, yes Vlan access-map test1 10, 20, 30 are sequence no. only…. not mean it for vlan 10, 20, 30.

    If u refer Igor’s dump, in the screenshots attached in that, for sequence no 10,20 – the action is drop for matching IP address mentioned under access-lists. For 30 it is forward.

    Yes, Client 1, is not able to ping the server

  29. Alexander
    January 24th, 2015

    passed today with 1000/1000.

    no vlan filter test1 vlan-list 10

  30. Sunny
    January 24th, 2015

    thanks u all @JRK, Alex, and networktut.

    passed today with 1000/1000.

    yup I was selected: no vlan filter test1 vlan-list 10

Comment pages
1 12 13 14 15 16 24 24