Click here to access our full set of Cisco 350-601 exam dumps and practice tests.
Question 161:
A network engineer wants to verify which OSPF neighbors are fully adjacent. Which command should they use?
A) show ip ospf database
B) show ip ospf neighbor
C) show ip protocols
D) ping 127.0.0.1
Answer: B) show ip ospf neighbor
Explanation:
Show ip ospf neighbor displays neighbor states, including Full, 2-way, Init, etc. It helps troubleshoot adjacency formation issues, mismatched timers, or authentication problems. When troubleshooting OSPF (Open Shortest Path First) issues, understanding the purpose and output of key commands is essential. The command show ip ospf database is used to view the OSPF Link-State Database (LSDB), which contains all the Link-State Advertisements (LSAs) that the router has received from its OSPF neighbors. This database reflects the network topology as seen by the router and is crucial for verifying whether all LSAs are being correctly exchanged. Mismatches in the LSDB between routers may indicate problems such as OSPF area mismatches, incorrect network statements, or filtering issues.
The show ip ospf neighbor command is specifically designed to display the OSPF neighbor relationships and their current states, such as Full, 2-way, Init, or Down. This is one of the most direct ways to troubleshoot adjacency formation problems. For example, if neighbors remain in the Init state, it could indicate issues with Hello and Dead timers, mismatched authentication, or interface problems. Full adjacency is necessary for proper LSA exchange and routing convergence.
The show ip protocols command provides a broader overview of the router’s routing protocols, including OSPF configuration details such as router ID, networks participating in OSPF, timers, and redistribution settings. This command is useful to verify whether the router is correctly configured for OSPF and whether any parameters might prevent proper operation, such as passive interfaces or incorrect network statements.
Finally, the ping 127.0.0.1 command is used to verify the router’s IP stack and ensure that the TCP/IP stack is operational. While it does not test OSPF directly, it helps confirm that the router itself is functioning properly and can participate in OSPF communications.
Together, these commands provide a layered approach to OSPF troubleshooting: checking protocol configuration, neighbor relationships, network topology, and basic router functionality. Proper interpretation of their outputs allows network engineers to isolate and resolve OSPF issues efficiently.
Question 162:
In EIGRP, which metric components are used by default for route selection?
A) Bandwidth and delay
B) Load and reliability
C) MTU only
D) Bandwidth, delay, load, and reliability
Answer: A) Bandwidth and delay
Explanation:
EIGRP default metric calculation uses bandwidth and delay. Load, reliability, and MTU can be used if K-values are modified, but they are not included by default. Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary distance vector routing protocol that uses a composite metric to determine the best path to a destination. The metric calculation in EIGRP can take multiple factors into account, including bandwidth, delay, load, reliability, and Maximum Transmission Unit (MTU). However, by default, EIGRP uses only bandwidth and delay when calculating its routing metric. Bandwidth refers to the lowest bandwidth along the path, measured in kilobits per second, and slower links increase the total path metric. Delay represents the cumulative delay of all outgoing interfaces along the path to the destination, expressed in tens of microseconds. These two values are combined into a formula to compute the default EIGRP metric.
The second point, load and reliability, is are factor that EIGRP can include in metric calculations, but only if the K-values in the router configuration are modified. Load measures the current traffic on a link, while reliability measures the historical stability of a link. By default, both load and reliability are ignored because including them can cause frequent metric recalculations, potentially leading to instability in the routing table.
The third point, MTU only, is sometimes misunderstood. While MTU is part of the EIGRP path attributes, it is not used in metric calculation, even when K-values are modified. Instead, it is primarily used for path selection in tie-breaker scenarios if multiple routes have the same metric.
The fourth point, bandwidth, delay, load, and reliability, represents the extended metric calculation. EIGRP supports this full set through K-value tuning, allowing network administrators to adjust how paths are evaluated. In most networks, the default metric based on bandwidth and delay provides a stable and predictable route selection. Understanding which factors are used by default is critical for troubleshooting routing decisions and optimizing network performance.
In summary, EIGRP’s default metric calculation focuses on bandwidth and delay, while load, reliability, and MTU are either optional or used only in specific circumstances. Proper knowledge of these factors ensures predictable and efficient routing behavior.
Question 163:
Which SD-WAN feature ensures traffic is sent over the best path based on jitter, latency, and packet loss?
A) Control policy
B) Data policy
C) Application-aware routing (AAR)
D) QoS trust policy
Answer: C) Application-aware routing (AAR)
Explanation:
AAR dynamically evaluates WAN paths using SLA metrics to optimize application performance. Data policies enforce traffic rules, control policies manage device behavior, and QoS trust policies mark traffic. In modern WAN networks, ensuring optimal application performance requires intelligent path selection and traffic management. Application-Aware Routing (AAR) is a feature that dynamically evaluates multiple WAN paths based on Service Level Agreement (SLA) metrics, such as latency, jitter, and packet loss, to choose the most suitable path for each application. By continuously monitoring these metrics, AAR can reroute traffic in real-time if a path degrades, ensuring that critical applications maintain performance even in complex, multi-path environments. This makes AAR particularly valuable for businesses relying on cloud applications, VoIP, or video conferencing.
A data policy, on the other hand, defines how specific traffic flows are handled in the network. Data policies are used to classify traffic, apply actions such as rate limiting, prioritize certain applications, or redirect traffic through specific paths. While AAR dynamically selects paths, data policies provide a framework to enforce consistent rules for traffic management across the network.
Control policies focus on device behavior rather than traffic itself. These policies define how routers, switches, or controllers operate, including aspects like system security, resource allocation, or automated responses to network events. Control policies complement data and AAR mechanisms by ensuring the network devices behave in predictable ways while implementing routing and traffic rules.
Lastly, a QoS trust policy involves marking traffic to indicate its priority for Quality of Service (QoS) mechanisms. By trusting or setting Differentiated Services Code Point (DSCP) or Class of Service (CoS) values, the network can prioritize latency-sensitive traffic, such as voice or video, over less critical traffic. QoS trust policies ensure that traffic retains its priority through different segments of the network, but do not make dynamic path decisions like AAR.
In summary, AAR dynamically optimizes application performance by selecting the best WAN path based on SLA metrics, while data policies enforce traffic handling rules, control policies govern device behavior, and QoS trust policies mark traffic for proper prioritization. Understanding the distinctions between these four concepts is critical for designing and operating high-performance, reliable networks.
Question 164:
Which QoS mechanism prioritizes delay-sensitive traffic, such as voice, over other traffic classes?
A) Policing
B) Shaping
C) LLQ
D) CBWFQ
Answer: C) LLQ
Explanation:
Low Latency Queuing (LLQ) provides strict priority for delay-sensitive traffic like voice while allowing other classes guaranteed bandwidth. CBWFQ allocates bandwidth but does not guarantee low latency. Quality of Service (QoS) mechanisms in networking are designed to manage traffic efficiently, ensuring that critical applications such as voice, video, and real-time data receive the appropriate bandwidth and low latency they require. Policing is a QoS technique that enforces a specified traffic rate by dropping or remarking packets that exceed the configured limit. It is a simple method to control traffic, but it can lead to packet loss if traffic bursts occur, making it less suitable for delay-sensitive applications like voice.
Traffic shaping, in contrast, smooths traffic by buffering excess packets and sending them at a controlled rate to conform to the desired bandwidth. This allows the network to handle bursts without dropping packets, reducing the chances of congestion. While shaping improves overall traffic flow and efficiency, it does not provide strict priority for latency-sensitive traffic, so voice and video may still experience delays if not combined with other QoS mechanisms.
Low Latency Queuing (LLQ) is an extension of Class-Based Weighted Fair Queuing (CBWFQ) that addresses the limitations of traditional queuing by providing a strict priority queue for delay-sensitive traffic, such as voice and video. LLQ ensures that these high-priority packets are transmitted first, minimizing jitter and latency. At the same time, LLQ allows other classes of traffic to receive guaranteed bandwidth according to their configured weights, balancing fairness and performance.
Class-Based Weighted Fair Queuing (CBWFQ) allocates bandwidth to different traffic classes based on configured weights, ensuring that each class receives a fair share of network resources. However, CBWFQ alone does not provide a strict priority queue, meaning that delay-sensitive traffic may still experience latency if network congestion occurs. CBWFQ is suitable for guaranteeing bandwidth to applications like data transfer, but for applications requiring minimal delay, LLQ is preferred.
In summary, policing enforces rate limits, shaping smooths traffic, CBWFQ ensures fair bandwidth allocation, and LLQ combines CBWFQ with strict priority for delay-sensitive traffic. Understanding the distinctions among these mechanisms is crucial for designing a QoS strategy that meets both performance and fairness objectives in modern networks.
Question 165:
In BGP, which attribute is considered after weight, LOCAL_PREF, and AS_PATH to select the best path?
A) MED
B) Next-hop IP
C) Router ID
D) Community
Answer: A) MED
Explanation:
MED (Multi-Exit Discriminator) influences path selection between autonomous systems. Lower MED is preferred, affecting how traffic enters an AS. Weight and LOCAL_PREF are internal attributes, AS_PATH prevents loops. In Border Gateway Protocol (BGP), path selection is based on a series of attributes that help routers choose the best path for routing traffic between autonomous systems (AS). One important attribute is the Multi-Exit Discriminator (MED). MED is an optional, non-transitive attribute that suggests to external neighbors which path into an AS is preferred. When multiple entry points exist into an AS, the path with the lowest MED value is preferred by the neighboring AS. This allows network administrators to influence inbound traffic without enforcing strict routing, as the MED is only a suggestion rather than a requirement. MED is particularly useful for controlling traffic distribution when multiple links connect two ASes.
The Next-Hop IP attribute specifies the immediate IP address to which packets should be forwarded to reach the destination network. BGP routers rely on the next-hop attribute to ensure that routes are reachable and that traffic follows a valid path. Proper next-hop resolution is critical; if the next-hop is unreachable, the route will not be used, regardless of other attributes.
The Router ID is a unique identifier for a BGP router within an AS. Although it does not directly influence path selection, it is used for maintaining BGP session uniqueness and preventing conflicts. The router ID is essential for establishing BGP peering and for troubleshooting purposes, such as identifying the source of routing updates.
Community is a transitive BGP attribute that tags routes with identifiers to enable policy-based routing decisions. Communities allow administrators to apply routing policies across multiple routes, such as filtering, redistribution, or influencing local preferences. While community values do not directly affect the BGP path selection algorithm by default, they provide a flexible way to manipulate route propagation and control how traffic enters or exits an AS.
In summary, MED influences inbound path selection by suggesting preferred paths to external neighbors, next-hop IP ensures routes are reachable, router ID uniquely identifies routers within an AS, and community provides a versatile mechanism for policy-based route control. Understanding these attributes is essential for effective BGP traffic engineering and inter-AS routing optimization.
Question 166:
A trunk port is not forwarding VLAN traffic. Which command helps verify allowed VLANs on the trunk?
A) show vlan brief
B) show interfaces trunk
C) show spanning-tree
D) show running-config
Answer: B) show interfaces trunk
Explanation:
Show interfaces trunk displays trunking mode, native VLAN, and allowed VLANs, helping identify VLAN pruning or misconfigurations. Show vlan brief lists VLANs locally, but not the trunk configuration. In switched networks, VLANs and trunk links are fundamental for segmenting traffic and ensuring proper communication between switches. The command show interfaces trunk is specifically designed to provide detailed information about trunk links on a switch. It displays which interfaces are operating as trunks, their encapsulation type (such as 802.1Q), the native VLAN, and the list of VLANs allowed over the trunk. This command is particularly useful for troubleshooting trunk issues, such as VLAN pruning, mismatched native VLANs, or misconfigured allowed VLAN lists, which can lead to connectivity problems between switches.
The show vlan brief command provides a summary of VLANs configured on a switch. It lists VLAN IDs, names, and associated interfaces. While this command helps verify that VLANs exist locally and check interface assignments, it does not provide information about which VLANs are permitted on trunk links. Therefore, it is limited when troubleshooting inter-switch VLAN connectivity problems.
The show spanning-tree command displays the status of the spanning-tree protocol (STP) on a switch. It shows which ports are in blocking, listening, learning, or forwarding states, and which switch is the root bridge. While STP primarily prevents loops in a network, it can indirectly affect VLAN connectivity. For example, if a trunk port is blocked by STP, VLAN traffic may fail to traverse that link even though the VLANs are correctly configured.
Finally, show running-config displays the current configuration of the switch, including VLAN assignments, trunking configuration, port settings, and other features. This command is essential for verifying configuration settings, but does not provide real-time operational status, unlike the previous commands.
In summary, the show interface trunk is the most direct command for identifying trunk issues, show vlan brief confirms local VLAN configurations, show spanning-tree checks for port states affecting traffic flow, and show running-config allows validation of the intended configuration. Understanding how to use these commands together helps network engineers efficiently troubleshoot VLAN and trunk-related connectivity problems.
Question 167:
Which MPLS router type is responsible for pushing labels onto packets based on FEC at the network edge?
A) CE
B) PE
C) P
D) LER
Answer: D) LER
Explanation:
Label Edge Routers (LERs) assign labels for forwarding within the MPLS network. P routers forward labeled packets without inspecting headers, while CE routers are connected to customer networks. In a Multiprotocol Label Switching (MPLS) network, different types of routers perform specialized roles to ensure efficient packet forwarding. A Label Edge Router (LER) sits at the edge of the MPLS network and is responsible for assigning labels to incoming packets. These labels determine how packets are forwarded across the MPLS domain. LERs also remove labels from outgoing packets when they exit the MPLS network toward a non-MPLS destination, ensuring seamless integration with traditional IP networks.
A Provider Edge (PE) router is another edge router that connects customer networks to the MPLS provider. PE routers participate in routing protocols with Customer Edge (CE) routers and handle the exchange of routing information, while also interfacing with the MPLS core. In many contexts, PE and LER functions are integrated into the same device.
Provider (P) routers operate within the MPLS core. They are responsible solely for forwarding packets based on labels and do not maintain customer routing information. P routers do not assign or remove labels; they simply read the label in the packet header and forward it according to the label forwarding table, allowing high-speed transit across the MPLS backbone.
Finally, a Customer Edge (CE) router resides on the customer side of the network and connects to the provider’s PE router. CE routers do not participate in MPLS label distribution; they forward packets based on traditional IP routing to the PE.
Understanding these roles—LER, PE, P, and CE—is critical for designing, configuring, and troubleshooting MPLS networks effectively.
Question 168:
Which wireless protocol reduces handoff time for roaming clients?
A) WPA2
B) 802.11r
C) FlexConnect
D) 802.1X
Answer: B) 802.11r
Explanation:
802.11r (Fast Roaming) pre-authenticates clients with neighboring APs to reduce handoff time, improving voice and video performance. WPA2 encrypts traffic, FlexConnect is for branch AP deployment, and 802.1X authenticates clients. Wireless networks rely on several standards and features to ensure security, performance, and seamless connectivity, particularly for mobile devices and voice or video traffic. 802.11r, also known as Fast Roaming, is designed to improve handoff times between access points (APs) within the same network. In traditional roaming, a client device must complete full authentication and association processes each time it connects to a new AP, which can introduce delays of hundreds of milliseconds—too long for latency-sensitive applications like VoIP or video conferencing. 802.11r reduces this delay by pre-authenticating clients with neighboring APs, allowing them to roam quickly without dropping sessions or affecting application performance.
WPA2 (Wi-Fi Protected Access 2) is a security standard that provides strong encryption and authentication for wireless networks. WPA2 uses the AES (Advanced Encryption Standard) protocol to protect data transmitted over the air, ensuring that communications are secure from eavesdropping or tampering. While WPA2 secures traffic, it does not address roaming performance or network deployment models.
FlexConnect is a deployment mode for branch APs, often used when APs are connected to a remote site with limited connectivity to a central controller. In FlexConnect mode, APs can locally switch traffic between VLANs without sending all traffic back to the controller, reducing latency and optimizing bandwidth. FlexConnect also supports local authentication and can maintain basic services even if the connection to the controller is lost.
802.1X is a network access control standard that provides port-based authentication. In wireless networks, it ensures that clients must authenticate with a RADIUS server before being granted network access. 802.1X can integrate with WPA2 for secure wireless authentication, providing an additional layer of security for enterprise networks.
In summary, 802.11r improves roaming performance, WPA2 secures traffic, FlexConnect enables efficient branch deployments, and 802.1X controls access through authentication. Together, these features address mobility, security, and deployment challenges in modern wireless networks.
Question 169:
Which TrustSec component allows policy enforcement without relying on IP addresses?
A) VLANs
B) Security Group Tags (SGTs)
C) ACLs
D) Port-based authentication
Answer: B) Security Group Tags (SGTs)
Explanation:
SGTs allow dynamic segmentation based on user or device roles, independent of IP addresses. VLANs and ACLs are static, and port-based authentication controls access per interface. In enterprise networks, controlling traffic and segmenting users or devices is essential for security and performance. Security Group Tags (SGTs), part of Cisco TrustSec, provide dynamic, role-based segmentation. Unlike traditional methods that rely on static VLANs or IP addresses, SGTs assign a tag to each user or device based on its role, policy, or group membership. These tags are used by network devices to enforce access control and security policies dynamically. For example, a finance department user may receive an SGT that allows access to financial servers but blocks access to other areas, and this policy follows the user regardless of their physical location or VLAN assignment.
VLANs (Virtual Local Area Networks) are a traditional method for segmenting network traffic. VLANs logically divide a physical network into separate broadcast domains. While VLANs are effective for grouping devices and limiting broadcast traffic, they are static and require manual configuration. Changing user roles or network layouts often requires reconfiguring VLANs, which can be cumbersome in dynamic environments.
Access Control Lists (ACLs) provide packet-level filtering based on IP addresses, protocols, or ports. ACLs can enforce security policies by allowing or denying specific traffic flows. While ACLs are flexible and widely used, they are static in nature. Any changes to policies require manual updates to the ACLs, which can be error-prone and less responsive to dynamic user behavior.
Port-based authentication, such as IEEE 802.1X, controls access to the network at the interface level. Devices must authenticate before gaining access to a port. While this method effectively controls initial network access, it does not provide granular segmentation or continuous policy enforcement after authentication.
In summary, SGTs provide dynamic, role-based segmentation, VLANs and ACLs offer static traffic separation and filtering, and port-based authentication ensures controlled network access at the interface level. Combining these methods allows organizations to build secure, flexible, and easily manageable networks.
Question 170:
Which MPLS router forwards labeled packets based solely on the top label without inspecting IP headers?
A) CE
B) PE
C) P
D) LER
Answer: C) P
Explanation:
P routers forward packets using the top MPLS label. LER/PE routers push or pop labels at network edges, and CE routers connect to customer networks. In a Multiprotocol Label Switching (MPLS) network, routers are assigned specific roles that determine how they handle labeled packets to ensure efficient and scalable data forwarding. Understanding these roles—Customer Edge (CE), Provider Edge (PE), Provider (P), and Label Edge Router (LER)—is critical for designing and troubleshooting MPLS networks.
Provider (P) routers operate within the core of the MPLS network. Their primary responsibility is to forward labeled packets based on the top MPLS label. P routers do not assign or remove labels; instead, they maintain Label Forwarding Information Bases (LFIBs) to quickly determine the next-hop label-switched path (LSP). This label-based forwarding allows high-speed packet transit across the MPLS backbone without needing to inspect the IP header of each packet.
Label Edge Routers (LERs) sit at the edge of the MPLS network and perform label operations. When a packet enters the MPLS domain, the LER pushes a label onto the packet, enabling it to traverse the MPLS core. Conversely, when a packet exits the MPLS network, the LER pops the label, delivering the packet to its final destination in a traditional IP format. Often, LERs also act as Provider Edge (PE) routers, interfacing directly with customer networks and participating in routing protocols with CE routers.
Provider Edge (PE) routers connect customer networks to the MPLS backbone. They exchange routing information with Customer Edge (CE) routers and handle the assignment and removal of labels. The PE ensures that traffic from CE routers is correctly mapped into the MPLS label-switched paths for efficient core traversal.
Finally, Customer Edge (CE) routers reside on the customer side of the network and connect to the provider’s PE router. CE routers do not participate in MPLS label distribution and forward packets based on standard IP routing. Their role is limited to interfacing with the MPLS provider network and ensuring proper connectivity for the customer.
In summary, P routers forward labeled packets within the MPLS core, LER/PE routers push and pop labels at network edges, and CE routers connect customer networks, forming a seamless and efficient MPLS architecture.
Question 171:
Which command shows all BGP routes received from a specific neighbor?
A) show ip bgp
B) show ip bgp summary
C) show ip bgp neighbors <neighbor> routes
D) show ip route bgp
Answer: C) show ip bgp neighbors <neighbor> routes
Explanation:
This command lists routes received from a neighbor, along with attributes such as AS_PATH, next-hop, and MED. The summary shows session info, and the show ip route bgp shows only installed routes. In Border Gateway Protocol (BGP), several commands are used to monitor routing information and troubleshoot BGP sessions. The show ip bgp neighbors <neighbor> routes command is particularly useful because it lists all routes received from a specific neighbor, along with key BGP attributes such as AS_PATH, next-hop, and MED. This information helps network engineers understand how BGP peers are advertising routes and how path selection decisions are made.
The show ip bgp command provides a complete view of all BGP routes in the router’s table, showing their status, attributes, and whether they are eligible for installation into the routing table. This command is essential for analyzing BGP route propagation and path selection.
The show ip bgp summary command gives an overview of BGP neighbor sessions, including the state of the connection (e.g., Established), the number of prefixes received, and the uptime of the session. This is helpful for quickly verifying the health of BGP peering relationships without inspecting individual routes.
Finally, the show ip route bgp command displays only the BGP routes that have been installed into the router’s IP routing table. Unlike the full BGP table, it filters out routes that are not currently used for forwarding, providing a concise view of the active BGP paths.
Together, these commands allow administrators to monitor BGP neighbor sessions, inspect received routes, and verify which routes are actively being used for routing decisions.
Question 172:
Which OSPF LSA type advertises external routes redistributed into OSPF?
A) Type 1
B) Type 2
C) Type 3
D) Type 5
Answer: D) Type 5
Explanation:
Type 5 LSAs are generated by ASBRs to advertise external routes. Type 3 LSAs summarize intra-area routes, and Type 1/2 describe routers and networks within an area. In OSPF (Open Shortest Path First), Link-State Advertisements (LSAs) are used to share routing information and build a complete network topology. There are several LSA types, each serving a distinct purpose.
Type 1 LSAs, also called Router LSAs, are generated by every router within an OSPF area. They describe the router’s interfaces, its state, and the links to other routers or networks within the same area. These LSAs allow routers to understand the local topology and calculate shortest paths using Dijkstra’s algorithm.
Type 2 LSAs, or Network LSAs, are generated by the Designated Router (DR) on multi-access networks such as Ethernet. They describe all routers connected to the network segment, helping routers within the area build a complete picture of multi-access links.
Type 3 LSAs are Summary LSAs, created by Area Border Routers (ABRs). They summarize routes from one area and advertise them to other areas, reducing the size of the LSDB and improving scalability. Type 3 LSAs help inter-area routing without exposing every intra-area link.
Type 5 LSAs are External LSAs generated by Autonomous System Boundary Routers (ASBRs) to advertise routes external to the OSPF domain, such as routes learned from BGP or static routes. These LSAs allow OSPF routers to reach destinations outside the OSPF autonomous system.
In summary, Type 1 and 2 LSAs describe intra-area routers and networks, Type 3 LSAs summarize inter-area routes, and Type 5 LSAs advertise external routes into the OSPF domain, supporting scalable and hierarchical routing.
Question 173:
Which SD-WAN component manages control-plane routing and distributes policies to vEdge routers?
A) vManage
B) vSmart
C) vBond
D) vEdge
Answer: B) vSmart
Explanation:
vSmart controllers handle the control plane, distributing routing information, policies, and encryption keys to vEdge routers. vManage provides GUI-based management, vBond handles onboarding, and vEdge handles data-plane traffic. In a Cisco SD-WAN architecture, vSmart controllers manage the control plane, distributing routing information, security policies, and encryption keys to vEdge routers. The vEdge routers handle the data plane, forwarding application traffic across the WAN according to policies set by vSmart. vManage provides a centralized GUI-based interface for monitoring, configuration, and network management, simplifying operational tasks. vBond orchestrators handle secure onboarding of new devices, establishing trust and connectivity between vEdge routers and the control plane. Together, these components enable secure, policy-driven, and efficient WAN connectivity across multiple sites.
Question 174:
Which QoS mechanism buffers traffic to smooth bursts and match a configured output rate?
A) Policing
B) Shaping
C) LLQ
D) CBWFQ
Answer: B) Shaping
Explanation:
Shaping buffers excess traffic to smooth bursts and match the configured output rate. Policing drops excess traffic, LLQ prioritizes delay-sensitive traffic, and CBWFQ allocates bandwidth per class. In networking, traffic shaping buffers excess packets to smooth traffic bursts and match a configured output rate, improving flow consistency. Policing, by contrast, enforces traffic limits by dropping or remarking packets that exceed the set threshold, which can cause loss during bursts. Class-Based Weighted Fair Queuing (CBWFQ) allocates bandwidth fairly among different traffic classes, ensuring each class receives its guaranteed share. Low Latency Queuing (LLQ) extends CBWFQ by providing a strict priority queue for delay-sensitive traffic, such as voice or video, ensuring minimal latency while still allocating bandwidth to other classes.
Question 175:
Which command shows all OSPF routes installed in the routing table?
A) show ip ospf database
B) show ip route ospf
C) show ip protocols
D) show running-config
Answer: B) show ip route ospf
Explanation:
Show ip route ospf filters the routing table to display only OSPF-learned routes, including intra-area, inter-area, and external routes. The OSPF database shows LSAs, not installed routes.
Question 176:
Which BGP attribute prevents routing loops across autonomous systems?
A) Weight
B) LOCAL_PREF
C) AS_PATH
D) MED
Answer: C) AS_PATH
Explanation:
AS_PATH lists all autonomous systems traversed by a route. If the local AS appears, the route is rejected to prevent loops. Weight and LOCAL_PREF are internal; MED is used between ASes.In OSPF (Open Shortest Path First) networks, various commands are used to monitor and troubleshoot routing behavior. The show ip route ospf command is particularly useful for examining only the routes that OSPF has learned and installed in the routing table. This filtered view includes intra-area routes, which are internal to the area, inter-area routes, which are summarized from other areas by Area Border Routers (ABRs), and external routes, which are imported into OSPF from other protocols or autonomous systems. By displaying only OSPF-learned routes, this command allows administrators to quickly verify proper route propagation and OSPF path selection without being distracted by routes from other protocols.
The show ip ospf database command provides a detailed view of the OSPF Link-State Database (LSDB). It lists all the Link-State Advertisements (LSAs) known to the router, including Type 1 through Type 5 LSAs. Unlike show ip route ospf, the LSDB reflects the complete network topology as seen by the router, not the subset of routes actually installed in the routing table. This command is valuable for troubleshooting OSPF topology issues, LSA propagation, and adjacency problems.
The show ip protocols command gives a broader view of the OSPF process and its configuration. It displays parameters such as the router ID, networks participating in OSPF, timers, and any redistribution configured. This command helps verify that OSPF is correctly configured and running on the expected interfaces.
Finally, show running-config provides the complete current configuration of the router, including OSPF settings, interface assignments, and routing policies. While it does not show real-time route states, it is essential for confirming intended OSPF configurations.
In summary, show ip route ospf focuses on installed OSPF routes, show ip ospf database reveals the complete topology through LSAs, show ip protocols displays OSPF process settings, and show running-config confirms configuration correctness. Using these commands together enables comprehensive OSPF troubleshooting and monitoring.
Question 177:
Which SD-WAN policy dynamically selects paths based on SLA metrics?
A) Control policy
B) Data policy
C) Application-aware routing (AAR)
D) QoS trust policy
Answer: C) Application-aware routing (AAR)
Explanation:
AAR evaluates SLA metrics such as latency, jitter, and packet loss in real-time to select the optimal path for critical applications. Data policies enforce rules, control policies manage devices, and QoS trust policies mark traffic. In BGP, the AS_PATH attribute lists all autonomous systems a route has traversed. If a router sees its own AS in the AS_PATH, it rejects the route to prevent routing loops. Weight is a Cisco-specific, internal attribute that determines local route preference, while LOCAL_PREF indicates preferred paths within the same AS. Both influence internal path selection but are not shared with external neighbors. MED (Multi-Exit Discriminator) is used between autonomous systems to suggest preferred entry points into an AS, with lower values being preferred, influencing inbound traffic from external networks.
Question 178:
Which command verifies the spanning-tree root bridge and port roles?
A) show spanning-tree
B) show vlan brief
C) show interfaces trunk
D) show running-config
Answer: A) show spanning-tree
Explanation:
Show spanning-tree displays root bridge ID, port roles, and VLAN mapping, helping troubleshoot loops or STP topology issues. In modern WAN networks, ensuring optimal application performance requires intelligent path selection and traffic control. Application-Aware Routing (AAR) is a feature that dynamically evaluates Service Level Agreement (SLA) metrics, such as latency, jitter, and packet loss, to determine the best path for critical applications like voice, video, or cloud services. By continuously monitoring these metrics in real-time, AAR can reroute traffic if a path degrades, ensuring consistent performance for delay-sensitive applications.
Data policies define how traffic flows are handled across the network. They classify traffic and enforce rules, such as prioritizing specific applications, limiting bandwidth for less critical traffic, or directing flows along preferred paths. Data policies work in conjunction with AAR to ensure traffic is both optimized and compliant with organizational rules.
Control policies focus on managing the behavior of network devices rather than the traffic itself. They can enforce security settings, resource allocation, and automated responses to network events, ensuring that the WAN operates predictably while applying the necessary policies.
Finally, QoS trust policies involve marking traffic with priority values, such as DSCP or CoS, allowing the network to recognize and prioritize delay-sensitive or critical traffic across WAN links. While AAR chooses the optimal path, QoS trust policies ensure that traffic receives appropriate treatment throughout its journey.
In summary, AAR optimizes path selection, data policies enforce traffic rules, control policies manage devices, and QoS trust policies prioritize traffic for consistent application performance.
Question 179:
Which MPLS router pushes labels based on FEC for packets entering the network?
A) CE
B) PE
C) P
D) LER
Answer: D) LER
Explanation:
Label Edge Routers (LERs) classify packets into Forwarding Equivalence Classes (FECs) and push labels for MPLS forwarding. P routers forward labeled packets without inspecting IP headers. In switched networks, understanding VLAN configurations and Spanning Tree Protocol (STP) is critical for maintaining loop-free topologies and ensuring proper traffic flow. The show spanning-tree command provides detailed information about the STP topology. It displays the root bridge ID, the role of each port (such as root, designated, or blocked), the STP state (forwarding, blocking, listening, or learning), and VLAN-to-port mappings. This command is invaluable for troubleshooting loops, identifying misconfigured ports, and verifying STP convergence across the network. If a port remains blocked unexpectedly or a wrong root bridge is elected, network connectivity issues can occur, and show spanning-tree helps pinpoint the source.
The show vlan brief command lists all VLANs configured on the switch along with their IDs, names, and the interfaces assigned to them. While it helps confirm which VLANs exist locally and their port assignments, it does not provide information about trunk links or STP behavior.
The show interfaces trunk command complements VLAN information by showing which interfaces are configured as trunks, their encapsulation type (e.g., 802.1Q), the native VLAN, and the VLANs allowed on the trunk. This command is crucial when troubleshooting inter-switch VLAN connectivity issues, such as VLAN pruning, mismatched native VLANs, or misconfigured allowed VLAN lists.
Finally, show running-config provides the complete current configuration of the switch, including VLAN assignments, STP settings, trunk configurations, and other operational parameters. While it does not show real-time states, it is essential for verifying that the intended configurations are applied correctly.
In summary, show spanning-tree helps troubleshoot STP and loop issues, show vlan brief verifies VLANs locally, show interfaces trunk checks trunk configuration and allowed VLANs, and show running-config validates the applied configuration. Together, these commands give a comprehensive view of managing VLANs and STP in a switched network.
Question 180:
Which Cisco wireless feature allows role-based access control without changing VLANs?
A) VLANs
B) Security Group Tags (SGTs)
C) ACLs
D) Port-based authentication
Answer: B) Security Group Tags (SGTs)
Explanation:
Enforce dynamic access policies based on user or device roles, independent of VLAN assignment. VLANs are static, ACLs filter traffic, and port-based authentication controls access per port. In enterprise networks, enforcing security and managing traffic requires effective segmentation and access control. Security Group Tags (SGTs), a feature of Cisco TrustSec, allow dynamic access policies based on user or device roles rather than static network attributes like VLANs. SGTs tag traffic with a role identifier, and network devices enforce policies accordingly. This dynamic approach ensures that policies follow the user or device regardless of physical location, enhancing security and flexibility. For example, a finance user may have access to sensitive servers regardless of which office they connect from.
VLANs (Virtual Local Area Networks) are a traditional method for network segmentation. VLANs divide a physical network into logical broadcast domains, isolating traffic between groups of devices. While VLANs provide effective separation and can help enforce basic access control, they are static, and changing user roles often requires reconfiguration. VLANs also do not provide role-based policy enforcement across multiple locations.
Access Control Lists (ACLs) filter traffic based on criteria such as IP addresses, protocols, or port numbers. ACLs allow administrators to define which traffic is permitted or denied, providing security at the network or interface level. However, ACLs are static and do not automatically adjust as users or devices change roles or locations, which limits flexibility in dynamic environments.
Port-based authentication, such as IEEE 802.1X, controls network access on a per-port basis. Devices must authenticate before gaining access to the network. While effective at controlling initial access, it does not provide granular segmentation or continuous role-based enforcement after authentication.
In summary, SGTs enable dynamic, role-based policy enforcement, VLANs and ACLs provide static segmentation and traffic filtering, and port-based authentication ensures controlled access per interface. Combining these mechanisms allows organizations to build secure, flexible, and scalable networks that adapt to user roles, device types, and security requirements.
