We provide real 300 101 route pdf exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco examcollection 300 101 Exam quickly & easily. The 300 101 vce PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco ccnp 300 101 pdf dumps pdf and vce product and material, you can easily pass the 9tut ccnp 300 101 exam.

Q41. Which common issue causes intermittent DMVPN tunnel flaps? 

A. a routing neighbor reachability issue 

B. a suboptimal routing table 

C. interface bandwidth congestion 

D. that the GRE tunnel to hub router is not encrypted 



DMVPN Tunnel Flaps Intermittently Problem DMVPN tunnel flaps intermittently. Solution

When DMVPN tunnels flap, check the neighborship between the routers as issues with neighborship

formation between routers may cause the DMVPN tunnel to flap. In order to resolve this problem, make

sure the neighborship between the routers is always up. Reference: http://www.cisco.com/c/en/us/support/

docs/security-vpn/ipsec-negotiation-ike- protocols/29240-dcmvpn.html#Prblm1

Q42. Under which condition does UDP dominance occur? 

A. when TCP traffic is in the same class as UDP 

B. when UDP flows are assigned a lower priority queue 

C. when WRED is enabled 

D. when ACLs are in place to block TCP traffic 



Explanation: Mixing TCP with UDP It is a general best practice to not mix TCP-based traffic with UDPbased

traffic (especially Streaming-Video) within a single service-provider class because of the behaviors

of these protocols during periods of congestion. Specifically, TCP transmitters throttle back flows when

drops are detected. Although some UDP applications have application-level windowing, flow control, and

retransmission capabilities, most UDP transmitters are completely oblivious to drops and, thus, never lower

transmission rates because of dropping. When TCP flows are combined with UDP flows within a single

service-provider class and the class experiences congestion, TCP flows continually lower their

transmission rates, potentially giving up their bandwidth to UDP flows that are oblivious to drops. This

effect is called TCP starvation/UDP dominance. TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data is assigned to the same service-provider class as (UDP-based) Streaming-

Video and the class experiences sustained congestion. Even if WRED is enabled on the service-provider

class, the same behavior would be observed because WRED (for the most part) manages congestion only

on TCP-based flows. Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/


Topic 2, Layer 2 Technologies 

13. Prior to enabling PPPoE in a virtual private dialup network group, which task must be completed? 

A. Disable CDP on the interface. 

B. Execute the vpdn enable command. 

C. Execute the no switchport command. 

D. Enable QoS FIFO for PPPoE support. 



Enabling PPPoE in a VPDN Group

Perform this task to enable PPPoE in a virtual private dial-up network (VPDN) group.


This task applies only to releases prior to Cisco IOS Release 12.2(13)T.



2.configure terminal

3.vpdn enable

4.vpdn-group name


6.protocol pppoe DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC

mode. Example: · Enter your password if Router> enable prompted. Step 2 configure terminal Enters

global configuration mode. Example: Router# configure terminal Step 3 vpdn enable Enables virtual private

dialup Example: networking. Router(config)# vpdn enable Step 4 vpdn-group name Associates a VPDN

group with a Example: customer or VPDN profile. Router(config)# vpdn-group group1 Step 5 request-dialin

Creates a request-dialin VPDN Example: subgroup. Router(config-vpdn)# request-dialin Step 6 protocol

pppoe Enables the VPDN subgroup to Example: establish PPPoE Router(config-vpdn-req-in)# pro tocol





Q43. A network administrator is troubleshooting a DMVPN setup between the hub and the spoke. Which action should the administrator take before troubleshooting the IPsec configuration? 

A. Verify the GRE tunnels. 

B. Verify ISAKMP. 

C. Verify NHRP. 

D. Verify crypto maps. 



Q44. A network engineer is notified that several employees are experiencing network performance related issues, and bandwidth-intensive applications are identified as the root cause. In order to identify which specific type of traffic is causing this slowness, information such as the source/destination IP and Layer 4 port numbers is required. Which feature should the engineer use to gather the required information? 


B. Cisco IOS EEM 

C. NetFlow 

D. Syslog 




NetFlow Flows Key Fields

A network flow is identified as a unidirectional stream of packets between a given source and destination--

both are defined by a network-layer IP address and

transport-layer source and destination port numbers. Specifically, a flow is identified as the combination of

the following key fields:

Source IP address

Destination IP address

Source Layer 4 port number

Destination Layer 4 port number

Layer 3 protocol type

Type of service (ToS)

Input logical interface Reference: http://www.cisco.com/en/US/docs/ios-xml/ios/netflow/configuration/12-4t/

cfg-nflow- data-expt.html

Q45. A user is having issues accessing file shares on a network. The network engineer advises the user to open a web browser, input a prescribed IP address, and follow the instructions. After doing this, the user is able to access company shares. Which type of remote access did the engineer enable? 


B. IPsec VPN client access 

C. VPDN client access 

D. SSL VPN client access 



The Cisco AnyConnect VPN Client provides secure SSL connections to the security

appliance for remote users. Without a previously installed client, remote users enter the IP address in their

browser of an interface configured to accept SSL VPN connections. Unless the security appliance is

configured to redirect http:// requests to https://, users must enter the URL in the form https://<address>.

After entering the URL, the browser connects to that interface and displays the login screen. If the user

satisfies the login and authentication, and the security appliance identifies the user as requiring the client, it

downloads the client that matches the operating system of the remote computer. After downloading, the

client installs and configures itself, establishes a secure SSL connection and either remains or uninstalls

itself (depending on the security appliance configuration) when the connection terminates. Reference:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next- generation-firewalls/100936-


Q46. Refer to the exhibit. 

Which command only announces the network out of FastEthernet 0/0? 

A. distribute list 1 out 

B. distribute list 1 out FastEthernet0/0 

C. distribute list 2 out 

D. distribute list 2 out FastEthernet0/0 



Access list 2 is more specific, allowing only, whereas access list 1 permits all

networks. This question also asks us to apply this distribute list only to the outbound direction of the fast Ethernet 0/0 interface, so the correct command is "distribute list 2

out FastEthernet0/0."

Q47. What is a function of NPTv6? 

A. It interferes with encryption of the full IP payload. 

B. It maintains a per-node state. 

C. It is checksum-neutral. 

D. It rewrites transport layer headers. 



RFC 6296 describes a stateless IPv6-to-IPv6 Network Prefix Translation (NPTv6) function,

designed to provide address independence to the edge network. It is transport-agnostic with respect to

transports that do not checksum the IP header, such as SCTP, and to transports that use the TCP/UDP/

DCCP (Datagram Congestion Control Protocol) pseudo-header and checksum NPTv6 provides a simple

and compelling solution to meet the address-independence requirement in IPv6. The addressindependence

benefit stems directly from the translation function of the network prefix translator. To avoid

as many of the issues associated with NAPT44 as possible, NPTv6 is defined to include a two-way,

checksum-neutral, algorithmic translation function, and nothing else. Reference: http://tools.ietf.org/html/


Q48. Scenario: 

You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command. 

How many times was SPF algorithm executed on R4 for Area 1? 

A. 1 

B. 5 

C. 9 

D. 20 

E. 54 

F. 224 



Q49. A network engineer executes the show crypto ipsec sa command. Which three pieces of information are displayed in the output? (Choose three.) 

A. inbound crypto map 

B. remaining key lifetime 

C. path MTU 

D. tagged packets 

E. untagged packets 

F. invalid identity packets 

Answer: A,B,C 


show crypto ipsec sa This command shows IPsec SAs built between peers. The encrypted

tunnel is built between and for traffic that goes between networks and

You can see the two Encapsulating Security Payload (ESP) SAs built inbound and outbound.

Authentication Header (AH) is not used since there are

no AH SAs.

This output shows an example of the show crypto ipsec sa command (bolded ones found in answers for

this question).

interface: FastEthernet0

Crypto map tag: test, local addr.

local ident (addr/mask/prot/port): ( remote ident (addr/mask/prot/port):

( current_peer:

PERMIT, flags={origin_is_acl,}

#pkts encaps: 7767918, #pkts encrypt: 7767918, #pkts digest 7767918 #pkts decaps: 7760382, #pkts

decrypt: 7760382, #pkts verify 7760382 #pkts compressed:

0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0,

#pkts decompress failed: 0, #send errors 1, #recv errors 0 local crypto endpt.:, remote crypto

endpt.: path mtu 1500, media mtu 1500

current outbound spi: 3D3

inbound esp sas:

spi: 0x136A010F(325714191)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 3442, flow_id: 1443, crypto map: test sa timing: remaining key lifetime (k/sec):

(4608000/52) IV size: 8 bytes

replay detection support: Y

inbound ah sas:

inbound pcp sas:

inbound pcp sas:

outbound esp sas:

spi: 0x3D3(979)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 3443, flow_id: 1444, crypto map: test sa timing: remaining key lifetime (k/sec):

(4608000/52) IV size: 8 bytes

replay detection support: Y

outbound ah sas:

outbound pcp sas:

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike- protocols/5409-


Q50. After you review the output of the command show ipv6 interface brief, you see that several IPv6 addresses have the 16-bit hexadecimal value of "FFFE" inserted into the address. Based on this information, what do you conclude about these IPv6 addresses? 

A. IEEE EUI-64 was implemented when assigning IPv6 addresses on the device. 

B. The addresses were misconfigured and will not function as intended. 

C. IPv6 addresses containing "FFFE" indicate that the address is reserved for multicast. 

D. The IPv6 universal/local flag (bit 7) was flipped. 

E. IPv6 unicast forwarding was enabled, but IPv6 Cisco Express Forwarding was disabled. 



Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-

Bit IP Version 6 interface identifier (EUI-64). This feature is a key benefit over IPv4 as it eliminates the

need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained

through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI

(Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted

between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which

can only appear in EUI-64 generated from the an EUI-48 MAC address. Here is an example showing how

a the Mac Address is used to generate EUI.

Next, the seventh bit from the left, or the universal/local (U/L) bit, needs to be inverted. This bit identifies whether this interface identifier is universally or locally administered. If 0, the address is locally

administered and if 1, the address is globally unique. It is worth noticing that in the OUI portion, the globally

unique addresses assigned by the IEEE has always been set to 0 whereas the locally created addresses

has 1 configured. Therefore, when the bit is inverted, it maintains its original scope (global unique address

is still global unique and vice versa). The reason for inverting can be found in RFC4291 section 2.5.1.

Once the above is done, we have a fully functional EUI-64 format address. 

Reference: https://

supportforums.cisco.com/document/100566/understanding-ipv6-eui-64-bit- address