Last Updated on September 19, 2021 by Admin 2

300-420 : Designing Cisco Enterprise Networks (ENSLD) : Part 01

  1. What command provides the output shown in the exhibit? (Click on the Exhibit(s) button.)

    300-420 Part 01 Q01 001
    300-420 Part 01 Q01 001
    •  switch# show glbp
    • switch# show standby
    • switch# show glbp status
    • switch# show standby brief

    Explanation:

    The command show glbp displays the output in the exhibit. This command displays detailed information about GLBP groups on the switch. In this scenario, the switch is a member of GLBP group 100, and it is the active switch. The output indicates that the virtual IP address is 192.168.8.10 and that preemption is enabled.

    The command show glbp status does not exist on Cisco routers.

    The command show standby brief is used to display a summary of the HSRP groups to which the switch belongs. The summary information it provides includes the group number, priority, state, active device address, standby address, and group address. This command is for HSRP only.

    The command show standby can be used to display detailed information about HSRP groups to which a switch belongs. This command is for HSRP only.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  2. What command would display a single line of information for each virtual gateway or virtual forwarder on a switch?

    • switch# show glbp
    • switch# show glbp brief
    • switch# show standby
    • switch# show standby brief

    Explanation:

    A brief single line view of virtual forwarder and virtual gateway information is provided with the command show glbp brief. Virtual forwarders and virtual gateways are terms used for GLBP groups. A brief output of GLBP information is provided with the brief key word. This output includes the interface, priority, state, and address of GLBP interfaces on the switch.

    The command show glbp displays detailed information about GLBP groups on the switch. This information includes the GLBP groups the switch is a member of, whether this is the active switch, the virtual IP address, and whether preemption is enabled.

    The command show standby brief is used to display a summary of the HSRP groups to which the switch belongs. The summary information it provides includes the group number, priority, state, active device address, standby address, and group address. This command is for HSRP only.

    The command show standby can be used to display detailed information about HSRP groups to which a switch belongs. This command is for HSRP only.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  3. Which command enables GLBP on an interface?

    • glbp
    • glbp 10 ip 192.168.1.1
    • standby mode glbp
    • switchport mode glbp

    Explanation:

    The glbp ip interface configuration command enables Group Load Balancing Protocol (GLBP). The syntax for this command is as follows:

    switch(config-if)# glbp group-number ip ip-address

    The following example activates GLBP for group 5 on Fast Ethernet interface 1/0. The virtual IP address to be used by the GLBP group is set to 10.5.5.5. The default gateway of each host should be set to the virtual IP address.

    switch(config)# interface FastEthernet 1/0
    switch(config-if)# ip address 10.5.5.1 255.255.255.0
    switch(config-if)# glbp 5 ip 10.5.5.5

    GLBP is a Cisco-designed protocol that provides for the dynamic use of redundant routers in a broadcast network. It differs from HSRP and VRRP in that it is not necessary to configure multiple groups to fully use redundant paths or routers. GLBP has a configurable load-balancing mechanism that will distribute the use of redundant gateways servicing a broadcast network such as an Ethernet LAN. When a host issues an ARP to resolve its gateway’s MAC address, the active virtual gateway (AVG) will respond with the virtual MAC address of a selected active virtual forwarder (AVF). The AVG will perform load balancing by varying which virtual MAC it selects to use in the response. The AVF will own that assigned virtual MAC as long as the gateway is active. If an AVF becomes unable to provide service as gateway, then another AVF can assume ownership of the virtual MAC.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  4. What command disables 802.1x authentication on a port and permits traffic without authentication?

    • dot1x port-control disable
    • dot1x port-control force-unauthorized
    • dot1x port-control auto
    • dot1x port-control force-authorized

    Explanation:

    The command dot1x port-control force-authorized is used to disable 802.1x on a port and permit traffic without authentication. Dot1x ports are in one of two states, authorized or unauthorized. Authorized ports permit user traffic to flow through the port. This state usually follows successful authentication. Unauthorized ports only permit authorization traffic to flow through the port. Usually a port begins in the unauthorized state. A user is then allowed to exchange AAA authentication traffic with the port. Once the user has been authenticated successfully, the port is changed to the authorized state and the user is permitted to use the port normally.

    Normal use of 802.1x has the port configured with the dot1x port-control auto statement. This places the port in the unauthorized state until successful authentication. After successful authentication, the port is changed to the authorized state.

    When 802.1x is initially configured, the default port control of the ports is force-authorized. This forces the port to be in the authorized state without successful authentication. This setting disables the need for authentication and permits all traffic.

    The force-unauthorized keyword configures the port as an unauthorized port regardless of authentication traffic. A port configured with this key word would not permit user traffic, not even authentication traffic.

    The command dot1x port-control disable is not a valid command due to incorrect syntax.

    Objective:
    Infrastructure Security
    Sub-Objective:
    Describe device security using Cisco IOS AAA with TACACS+ and RADIUS

  5. What command would be used to display detailed information regarding VRRP groups on the switch?

    • switch# show vrrp
    • switch# show standby
    • switch# show vrrp detail
    • switch# show standby detail

    Explanation:

    The command that would display detailed information regarding VRRP groups on the switch is show vrrp. The information provided for each VRRP group by this command includes the status, virtual IP and MAC addresses, whether preemption is enabled, priority of the switch, and the address of the group master.

    The command show vrrp detail does not exist on a Cisco device. The detail view is provided by the command show vrrp.

    The command show standby can be used to display detailed information about HSRP groups to which a switch belongs. This command is for HSRP only.

    The command show standby detail provides the same output as show standby. It can be used to display detailed information about HSRP groups a switch is a member of. This command is for HSRP only.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  6. You have configured switches A and B in a network. The gigabitethernet0/1 interface of switch A has HSRP enabled on it for VLAN 30. Switch A has a priority of 240 and switch B has a priority of 200 for the HSRP group. You want to ensure that if the gigabitethernet0/1 interface of switch A goes down, then switch B becomes the active HSRP switch for the VLANs. You have executed the standby preempt command on switch B.

    Which of the following commands should be used on switch A to achieve the desired results?

    • standby 30 track gigabitethernet0/1
    • standby 30 track gigabitethernet0/1 10
    • standby 30 track gigabitethernet0/1 30
    • standby 30 track gigabitethernet0/1 45

    Explanation:

    The standby 30 track gigabitethernet0/1 45 command should be used on switch A so that switch B becomes the active switch in case the gigabitethernet0/1 interface of switch A fails. The standby track command allows you to track an HSRP-enabled interface on a switch. When the tracked interface fails or goes down, the priority of the active switch in the given HSRP group is decremented. The default decrement value for the tracked interface is 10, which means that the priority value of the HSRP switch is decremented by 10. Additionally, if the standby preempt command is used on another switch, then that switch becomes the active switch for the group if it has a higher priority.

    In this case, the standby 30 track gigabitethernet0/1 45 command decrements the HSRP priority of switch A for group 30 (VLAN 30) by 45 when gigabitethernet0/1 goes down. As a result, the priority of switch A is reduced to 195, which is less than the priority of switch B. Therefore, switch B now has the highest priority and hence becomes the active switch for the group.

    The other options are incorrect, as they do not reduce the priority of switch A to an extent that the priority of switch B is higher.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  7. What attack technique can be used to force user traffic through an attacking device, causing a man-in-the-middle attack?

    • VLAN hopping
    • DHCP spoofing
    • Rogue device
    • MAC flooding

    Explanation:

    DHCP spoofing is an attack that can be used to force user traffic through an attacking device. This is accomplished by an attacker responding to DHCP queries form users. Eliminating the response from the correct DHCP server would make this more effective, but if the attacker’s response gets to the client first, the client will accept it. The DHCP response from the attacker will include a different gateway or DNS server address. If they define a different gateway, the user traffic will be forced to travel through a device controlled by the attacker. This will allow the attacker to capture traffic and gain company information. If the attacker changes the DNS server in the response, they can use their own DNS server to force traffic to selected hosts to go to a device they control. Again, this would allow the attacker to capture traffic and gain information.

    VLAN hopping is an attack that allows an attacker to access network resources on a different VLAN without passing through a router. The attacker can create a packet with two VLAN headers on it and send it to a switch. The switch port will strip off the first header and leave the second. The second header will be seen as the originating VLAN allowing the attacker access to a VLAN they are not connected to. This becomes a security concern because this hopping can be accomplished without passing through a router and its security access lists. For this reason, private VLANs and VACLs should be used to secure access between VLANs.

    MAC flooding is an attach technique which attempts to fill a switch table so the attacker can capture flooded traffic sent from the switch. The concept of this attack is to use the CAM table limit to the attacker’s advantage. The attacker would send packets addressed from a large number of MAC addresses to the switch. The switch adds the source MAC address to the MAC address table. Eventually no more MAC addresses can be added because the table is full. When this occurs, any packets destined for a MAC address not in the table will be flooded to all other ports. This would allow the attacker to see the flooded traffic and capture information. The switch would be essentially functioning as a hub in this case.

    A rogue device is a device attached to the network that is not under the control of the organization. This term is normally used to mean a wireless device, perhaps an access point that is not operating as a part of the company’s infrastructure. Employees may bring their own access points and connect them to the network so they can use their computer wirelessly. This creates a security gap since the device is probably not secured to protect the traffic. An attacker could connect a rogue access point to a company’s network and capture traffic from outside the company’s premises.

    Objective:
    Infrastructure Security
    Sub-Objective:
    Configure and verify switch security features

  8. Assuming that preempt is not configured, when does a router in an HSRP group assume the role of the active router for the group?

    • A router in standby status will become the active router if it has a higher priority than the active router.
    • A router in standby status will become the active router when it does not detect three consecutive hello messages from the active router.
    • A router in standby status will become the active router when it does not detect any hello messages from the active router within the configured holdtime.
    • A router in listening status will become the active router when it does not detect any hello messages from the active router within the configured holdtime.

    Explanation:

    A router in standby status will become the active router when it does not detect any hello messages from the active router within the configured holdtime.

    There are two ways for a router to become the HSRP active router. On startup, the router with the highest priority or IP address will become the active router. If the active router fails, the HSRP standby router is a candidate to become the next active HSRP router. Failure of the active router is detected by the loss of hello messages for a configurable amount of time referred to as holdtime. By default, hellos are sent every three seconds (hello time) and the holdtime is 10 seconds.

    A router with the highest priority will be selected as the active router during the startup election process. If the active router fails and the standby router is promoted to be the active router, the first router will not immediately resume being the active router even if it has higher priority. This characteristic can be overridden with the configuration option of preempt. The router with the highest priority can initiate a coup to become the active router in the group if it has preempt enabled in the configuration. By default, all routers have an HSRP priority of 100. The range of values that can be assigned is 1 – 255.Other default values are:

    • Standby holdtime is 10 seconds
    • Standby track interface priority is 10

    To illustrate these concepts, consider the following example. Router A is configured with a priority of 150 and Router B is configured with a priority of 100. Neither router is configured to preempt. If both routers were shut down and Router 5 was rebooted first, then Router B would become the active router. If Router A was then rebooted, it would not become the active router even though it has a higher priority than Router B, because it was NOT configured with the preempt command to allow it to assume the active role with a higher priority.

    The six HSRP states are defined as follows:

    • Initial state: All routers start in this state.
    • Learn state: The router is in the learn state when it has not communicated with the active router. It does not know which router is the active router and does not know the IP address of the virtual router (if no HSRP IP address configured in the router).
    • Listen state: Once the router hears from the active router and knows the virtual IP address, it enters the listen state. It is not the active or standby router.
    • Speak state: After a router learns the IP address of the virtual router, it enters the speak state. It participates in the active and standby router election. It sends hello messages to the active router.
    • Standby state: When the active router has been elected, the second router enters the standby state. This is the standby router and it will become the active router if the active router fails.
    • Active state: The router is in active state when it is forwarding packets. It receives packets via the virtual IP address.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  9. You have configured three routers in HSRP group 10 to provide gateway redundancy for VLAN 56. Your intention was for Router 1 to be the active router in the group and for Router 3 to be the standby router. Furthermore, in the event that Router 1 became unavailable, resulting in Router 3 becoming active, you intended for Router 1 to resume its role as active when it came back online. However, you discover that in practice, Router 1 does NOT resume the active role when it comes back online.

    What command should be executed on Router 1?

    • router1(config)# interface VLAN 56router1(config-if)# standby 10 preempt
    • router1(config)# interface VLAN 10router1(config-if)# standby 56 preempt
    • router1(config)# standby 10 preempt
    • router1(config)# standby 56 preempt

    Explanation:

    For Router 1 to resume its role as active when it comes back online, it must be configured to preempt the router with a lower priority. In this scenario, Router 3 must have been configured with a lower priority than Router 1, or else it would have been the active router to begin with. To allow Router 1 to take back over as active, it must be configured with the following commands that will allow it to preempt the router with the lower priority:

    router1(config)# interface VLAN 56
    router1(config-if)# standby 1 preempt

    This condition can be illustrated by executing the debug standby command on Router 1 as shown in the partial output below. The IP address of Router 1 is 192.168.11.112. The IP address of Router 3 is 192.168.11.150. The virtual IP address of the HSRP group is 192.168.11.156.

    300-420 Part 01 Q09 002
    300-420 Part 01 Q09 002

    Router 1 sends a hello in line 1 of the output and receives its hello in line 2. Line 1 shows that Router 1 has a priority of 100. Line 2 shows that Router 3 (192.168.11.150) has a priority of 50. Although Router 1 has a higher priority, it is not configured to preempt, so it will not be able to take the active role back from Router 3. If Router 1 were configured to preempt, there would be a series of output as shown below:

    SB:56:Vl56 Hello in 192.168.11.112 Active pri 100 ip 192.168.11.156
    SB:56:Vl56 Active router is 192.168.11.112, was local

    If the HSRP router is the only HSRP router on the segment, then the output will show the router sending out hello packets with no hellos coming back.

    The commands below are incorrect because the VLAN is 56, not 10, and the group number is 10, not 56:

    router1(config)# interface VLAN 10
    router1(config-if)# standby 56 preempt

    The command below is incorrect because it is not executed under the VLAN 56 interface:

    router1(config)# standby 10 preempt

    The command below is incorrect because it is not executed under the VLAN 56 interface and the HSRP number is incorrect:

    router1(config)# standby 56 preempt

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  10. The partial output displayed in the exhibit is a result of what IOS command? (Click on the Exhibit(s) button.)

    300-420 Part 01 Q10 003
    300-420 Part 01 Q10 003
    • switch# show running-config
    • switch# show standby vlan1 active brief
    • switch# show hsrp 1
    • switch# show standby

    Explanation:

    The command show standby produces the output displayed in the exhibit. This command displays information about HSRP on all configured interfaces and for all HSRP groups. Important information in the exhibit includes that this router is the active router, the virtual IP address for the HSRP group is 172.16.1.20, the address of the standby router is 172.16.1.6, and the router is configured to preempt.

    The command show running-config will display the complete configuration of the device, including the configuration of HSRP, but will not display the current status of HSRP on the switch.

    The command show standby vlan 1 active brief provides a summary display of all HSRP groups on the switch that are in the active state. This output would provide basic information, not nearly the detail indicated in the exhibit. The following is an example of output for show standby vlan 1 active brief:

    Interface Grp Prio P State Active addr Standby addr Group addr
    Vlan1 0 120 Active 172.16.1.5 Unknown 172.16.1.20

    The command show hsrp 1 is not valid due to incorrect syntax.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  11. You have been assigned to create a plan to implement HSRP on the router connecting your company’s network to the Internet. The router should be the active router in the HSRP group. On the active router, the following conditions should be met:
    – Enable preemption with no delay
    – Set Hello timer to 10 seconds and hold time to 25 seconds
    – Set the priority to 150

    Which of the following commands should be included in the plan to meet the given requirements? (Choose all that apply.)

    • standby 1 preempt delay minimum 10
    • standby 1 preempt
    • standby 1 priority 150
    • standby 1 timers 10 25
    • standby 1 timers 25 10
    • standby track interface S0/1

    Explanation:

    The following commands should be included in the implementation plan to meet the given requirements:

    standby 1 preempt
    standby 1 priority 150
    standby 1 timers 10 25

    The standby 1 preempt command configures the preempt settings on the router. This command allows preemption without any delay. The standby 1 priority 150 command sets the priority of the router to 150. The default priority of HSRP routers is 100. This implies that this router becomes the active router if there are no other routers in the group with a higher priority. The standby 1 timers 10 25 command sets the Hello timer and the hold time on the local router. The first value, 10, specifies the Hello timer, and the second value, 25, indicates the hold time.

    The most essential steps to configure HSRP on routers are as follows:
    – Assign IP addresses to the interfaces using the ip address command
    – Enable HSRP on the interfaces and assign the virtual IP address using the standby ip command
    – Set the HSRP priority of the interfaces using the standby priority command
    – Configure HSRP preempt settings on the interfaces using the standby preempt command
    – Set the Hello timers using the standby timers command
    – Enable interface tracking for other HSRP-enabled interfaces using the standby track command

    The standby 1 preempt delay minimum 10 command should not be included in the implementation plan. This command causes the router to preempt the active router after a minimum of 10 seconds. However, the requirement states that there should be no delay in preemption (a delay of 0 seconds), which is the default behavior.

    The standby 1 timers 25 10 command should not be included in the implementation plan. This command sets the Hello timer to 25 seconds and the hold time to 10 seconds. However, the requirement is to set the Hello timer to 10 seconds and the hold time to 25 seconds.

    The standby track interface S0/1 command should not be included in the implementation plan. This command enables tracking of the S0/1 interface on the local router. However, there is no requirement in the scenario to track an interface. Tracking can be used to decrement the priority of an HSRP router when the interface goes down. Using the default decrement value, if S0/1 were to go down, the priority of the router would be reduced by 10.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  12. Which protocol allows the network to fully use standby routers in a redundancy group without additional administrative burden?

    • HSRP
    • VRRP
    • GLBP
    • IRDP

    Explanation:

    Gateway Load Balancing Protocol (GLBP) allows the network to fully utilize standby routers in a redundancy group. Unlike HSRP and VRRP, GLBP allows automatic selection and simultaneous use of multiple gateways. It also allows for router load balancing from a segment without using different host configuration as in HSRP.

    Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) provide gateway redundancy, but only one router in a group can forward traffic for a redundancy group. The bandwidth and resources associated with the non-actively forwarding routers are wasted. GLBP allows this wasted bandwidth and resources to be utilized by providing automatic selection and use of multiple available gateways to destinations.

    ICMP Router Discovery Protocol (IRDP) is an extension of the Internet Control Message Protocol (ICMP) that allows routers to advertise useful routes. IRDP does not require hosts to recognize routing protocols, nor does it require manual configuration.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  13. Which command enables HSRP on an interface?

    • hsrp
    • standby ip
    • standby mode hsrp
    • switchport mode hsrp

    Explanation:

    The standby ip interface configuration command enables Hot Standby Router Protocol (HSRP). The syntax for this command is as follows:

    switch(config-if)# standby group-number ip ip-address

    The group-number argument specifies the HSRP group number on the interface. You do not need to enter a group number if there is only one HSRP group.

    At least one interface on one of the routers in the group must be configured with the virtual IP address of the group. It is optional on all other interfaces on the other routers, which can learn the address through the hellos sent among the group.

    A complete HSRP configuration is shown below with an explanation of each command.

    RouterA (config) #interface Fa0/1
    RouterA (config-if) # ip address 192.168.5.6 255.255.255.0
    RouterA (config-if) # standby 2 ip 192.168.5.10
    RourerA(config-if) # standby 2 priority 150
    RouterA (config-if) #standby 2 Preempt
    RouterA(config-if) #standby 2 track interface fa0/2
    • Line 1 specifies the interface
    • Line 2 addresses the interface
    • Line 3 specifies the HSRP group number and the virtual IP address
    • Line 4 sets the HSRP priority
    • Line 5 allows the router to take the active role if its priority becomes higher than that of the active router

    In the above, the router is tracking its own Fa0/1 interface. If that interface goes down it will reduce its priority by 10 (this is the default decrement when not specified). The new value would be 140 if that happened. To specify a decrement value, add it to the track command, as in this example: track interface Fa0/2 20.

    When you configure routers to be part of an HSRP group, they listen for the HSRP MAC address for that group as well as their own burned-in MAC addresses.

    HSRP uses the following MAC address:
    0000.0c07.ac** (where ** is the HSRP group number)

    The switchport mode interface configuration command will configure the VLAN membership mode of a port. It is not used to enable HSRP.

    The options standby mode hsrp and hsrp are not valid commands.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  14. The output displayed below is a result of what command?Interface Grp Fwd Pri State Address Active router Standby router

    Vl10 10 – 254 Active 192.168.8.10 local unknown

    Vl10 10 1 7 Active 0007.b400.0101 local –

    • switch# show standby
    • switch# show glbp
    • switch# show standby brief
    • switch# show glbp brief

    Explanation:

    The output of the exhibit is provided with the command show glbp brief. This output includes the interface, priority, state, and address of GLBP interfaces on the switch. In this case, VLAN 10 is the active virtual gateway using IP address 192.168.8.10.

    The command show glbp displays detailed information about GLBP groups on the switch. This information includes the GLBP groups the switch is a member of, whether this is the active switch, the virtual IP address, and whether preemption is enabled.

    The command show standby brief is used to display a summary of the HSRP groups the switch is a member of. The summary information it provides includes the group number, priority, state, active device address, standby address, and group address. This command is for HSRP only.

    The command show standby can be used to display detailed information about HSRP groups a switch is a member of. This command is for HSRP only.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  15. Which statement best describes the function of Hot Standby Router Protocol (HSRP)?

    • HSRP specifies a single IP address that all routers in the group must use.
    • HSRP defines a set of routers that represent one virtual, fault-tolerant router.
    • HSRP provides a round-robin gateway selection process to increase fault tolerance.
    • HSRP defines a frame-tagging scheme that allows end stations to use any router as a gateway.

    Explanation:

    Hot Standby Router Protocol (HSRP) is specified by RFC 2281. The primary function of HSRP is to define a set of routers that work together to represent one virtual, fault-tolerant router. Thus, redundancy is provided in the event that any one of the routers fails. HSRP can be configured on the following interface types:

    • Routed ports
    • Switched virtual interfaces (SVI)
    • Etherchannel port channels

    HSRP does use a single IP address to represent a group of routers, but this does not fully describe the function of HSRP.

    HSRP does not provide round-robin gateway selection. HSRP uses router priority to select a primary and standby router.

    HSRP does not define a frame-tagging scheme that allows end stations to use any router as a gateway. End stations use the virtual IP address of a group of HSRP routers as the default gateway.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  16. Which of the following statements best describes the result of issuing the command standby 44 timers 3 1 on an HSRP router?

    • The holdtime will be set to a value of 3, and the hellotime will be set to a value of 1.
    • The status of the standby router will be displayed as unknown expired.
    • The role of active router will be passed repeatedly from one router to another.
    • The router will be configured to reassume the role of active router in the event that the router fails and is subsequently restarted.

    Explanation:

    When the command standby 44 timers 3 1 is issued on a Hot Standby Routing Protocol (HSRP) router, the role of active router will be passed repeatedly from one router to another. This behavior occurs when the timers are set incorrectly. The syntax for the standby timers command is standby [group-number] timers [hellotime holdtime].

    The hellotime variable is the number of seconds between hello messages and is set to a value of 3 by default.

    The holdtime variable is the number of seconds that the HSRP standby router will wait before assuming that the active router is down; if the standby router believes the active router to be down, it will assume the role of active router.

    The holdtime is set to a value of 10 by default. The holdtime should be set to a value at least three times the value of the hellotime. Otherwise, the active router might not be able to respond before the standby router assumes that the active router is down and becomes the new active router.

    Because the command standby 44 timers 3 1 sets the hellotime to a value of 3 and the holdtime to a value of 1, the role of active router will be passed from one standby router to the next. To set the holdtime to a value of 3 and the hellotime to a value of 1, the command standby 44 timers 1 3 should be issued. To reset the timer values to their default values, the command no standby group-number timers should be issued.

    The status of the standby router will be displayed as unknown expired if a Physical layer problem exists. The unknown expired status can also be displayed if only one HSRP router is configured for the subnet.

    To configure an HSRP router to reassume the role of active router in the event that the router fails and is subsequently restarted, the command standby group-number preempt should be issued. When the HSRP active router fails or is shut down, the standby router assumes the role of active router. By default, when the original HSRP active router is restarted, it does not take the role of active router away from the original standby router, even if the original active router has a higher priority value. The command standby group-number preempt changes this default behavior.

    The holdtime will not be set to a value of 3, and the hellotime will not be set to a value of 1. On the contrary, the hellotime will be set to a value of 3 and the holdtime will be set to a value of 1.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  17. Which load-balancing algorithm does GLBP use by default?

    • Random load-balancing
    • Weighted load-balancing
    • Round-robin load-balancing
    • Host-dependent load-balancing

    Explanation:

    Round-robin load-balancing is the default load-balancing method used by Gateway Load Balancing Protocol (GLBP).

    The active virtual gateway (AVG) can be configured to use one of three load-balancing algorithms when selecting which active virtual forwarder (AVF) MAC address to use in its ARP response.

    • Round-Robin Load-Balancing: Using round-robin load-balancing, the AVG in turn points to each AVF virtual MAC address in its ARP reply (default method).
    • Weighted Load-Balancing: Using weighted load-balancing, the AVG selects an AVF virtual MAC address to use in the ARP reply, proportionally based on the advertised weight value configured in a GLBP gateway.
    • Host Dependant Load-Balancing: Using host-dependant load-balancing, the AVG selects an AVF virtual MAC address to use in the ARP reply based on which one the host used previously. A host will use the same AVF as long as the GLBP group is unchanged.

    GLBP is a Cisco-designed protocol that provides for the dynamic use of redundant routers in a broadcast network. It differs from HSRP and VRRP in that it is not necessary to configure multiple groups to fully use redundant paths or routers. GLBP has a configurable load-balancing mechanism that will distribute the use of redundant gateways servicing a broadcast network such as an Ethernet LAN. When a host issues an ARP to resolve its gateway’s virtual IP address, the active virtual gateway (AVG) reply includes the virtual MAC address of a selected active virtual forwarder (AVF). The AVG is therefore responsible for performing load balancing, varying which virtual MAC it selects to use in the response. The AVF will own that virtual MAC as long as the gateway is active. If an AVF becomes unable to provide service as gateway, another AVF can assume ownership of the virtual MAC.

    There is no random load balancing method.

    GLBP and HSRP are Cisco-developed solutions. VRRP is defined in RFC 2338.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  18. Refer to the following exhibit:

    300-420 Part 01 Q18 004
    300-420 Part 01 Q18 004

    You have configured the routers in the diagram for HSRP, resulting in the displayed configurations.

    Which of the following routers were configured with the default HSRP values for each command?

    • rtrA
    • rtrB
    • rtrC
    • rtrD

    Explanation:

    Only rtrB has the default HSRP settings. The default values for some of the important parameters for an HSRP-enabled router are listed in the following table:

    300-420 Part 01 Q18 005
    300-420 Part 01 Q18 005

    In this case, the routers have the default group number 0. The two routers rtrB and rtrC have the default priority value of 100, srtrB also has the default timer values, which are 3 seconds for the Hello timer and 10 seconds for the hold time.

    The rtrA router is not configured with the default settings because the priority is set to 50, which is not the default value. In addition, the Hello timer is set to 10 seconds (default is 3 seconds) and the hold time is set to 3 seconds (default is 10 seconds)

    The rtrC router is not configured with the default settings. Although the priority is 100, which is the default, the Hello timer is set to 10 seconds (default is 3 seconds) and the hold time is set to 3 seconds (default is 10 seconds).

    The rtrD router is not configured with the default settings. It has a priority of 75 and the default is 100.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  19. What command would provide the output displayed in the exhibit? (Click on the Exhibit(s) button.)

    300-420 Part 01 Q19 006
    300-420 Part 01 Q19 006
    • switch# show hsrp
    • switch# show standby
    • switch# show interface vlan
    • switch# show standby brief

    Explanation:

    The command show standby brief displays the output in the exhibit. It is used to display a summary of the HSRP groups of which the switch is a member. The summary information it provides includes the group number, priority, state, active device address, standby address, and group address. In the exhibit, the interface VLAN 64 is a member of HSRP group 2. Its priority in the group is 100 and it is currently the standby switch. Since preemption is configured (as indicated by the P following the priority), we know that the priority of this switch must be lower than the priority of the active device. The active device has an IP address of 192.168.64.10 and the group IP address is 192.168.64.1.

    The command show standby can be used to display detailed information about HSRP groups of which a switch is a member. It does not provide the quick summary display of the exhibit. This command displays information about HSRP on all configured interfaces and for all HSRP groups. It also displays hello timer information and the expiration timer for the standby switch. The command syntax is show standby [type number [group]].

    Below is an example of this command’s output:

    300-420 Part 01 Q19 007
    300-420 Part 01 Q19 007

    In the above output, Router A is load-sharing traffic for VLAN 5. It is active for group 1 and standby for group 2. The router at address 192.168.23.3 is active for group 2 and standby for group 1. This allows traffic to be sent to both routers while still allowing for redundancy. Router A was also configured with the standby 1 preempt command (results seen in line 1), which allows it to resume its role as active for group 1 if it comes back up from an outage.

    The command show interface vlan is not a complete command. A VLAN number must follow the command. When provided with a VLAN number, the output would display the status of the SVI, but no HSRP information.

    The command show hsrp is not a valid command due to incorrect syntax.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols

  20. Which of the following features does GLBP provide, but not HSRP and VRRP? (Choose all that apply.)

    • Support for single active router
    • Support for automatic load balancing
    • Support for multiple gateways
    • Support for interface tracking

    Explanation:

    Support for automatic load balancing and support for multiple gateways are two features that are provided by Gateway Load Balancing Protocol (GLBP) but not by Hot Standby Routing Protocol (HSRP) or Virtual Router Redundancy Protocol (VRRP).

    GLBP, HSRP, and VRRP provide a redundant and fault-tolerant solution in case of first-hop router failure in a network. The basic operation of these three protocols is the same. In all three protocols, a group of routers on the same LAN is formed. One of the routers is selected as the active router and another as the standby router. The router with the highest priority is automatically selected as the active router. If the active router fails, the standby router assumes the responsibilities of the active router. The role of the active router is to forward the packets from the hosts to the virtual router (default gateway).

    GLBP provides automatic load balancing between multiple routers by configuring multiple MAC addresses but a single virtual IP address. Every active virtual forwarder (AVF) in the group is configured with the virtual IP address but with different MAC addresses. All such AVFs can then participate in the packet-forwarding process. Multiple gateways then can share the load. On the contrary, HSRP and VRRP do not support automatic load balancing. Both these protocols require additional configuration on all the routers that need to load balance. The additional configuration involves using multiple groups on the routers or assignment of different default gateways for the hosts.

    Note that GLBP and VRRP are supported by both Cisco and non-Cisco routers, whereas, HSRP is supported only by Cisco routers.

    Single active router and interface tracking both are supported by GLBP, HSRP, and VRRP.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify first-hop redundancy protocols