ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-401 All Questions

View all questions & answers for the 350-401 exam
Go to Exam

Exam 350-401 topic 1 question 878 discussion

Actual exam question from Cisco's 350-401
Question #: 878
Topic #: 1
[All 350-401 Questions]

SIMULATION
-




Guidelines
-

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab closes and cannot be reopened.


Topology
-




Tasks
-

The operations team started configuring network devices for a new site. R10 and R20 are preconfigured with the CORP VRF. R10 has network connectivity to R20. Complete the configurations to achieve these goals:

1. Extend the CORP VRF between R10 and R20 using Tunnel0.
2. Protect Tunnel0 using the preconfigured profile
3. Configure static routing on R10 and R20 so that users in VLANs100 and 101 that belong to the CORP VRF are able to communicate with each other. Tunnel0 should be the only interface used to route traffic for the CORP VRF

Show Suggested Answer Hide Answer
Suggested Answer:
by Exam12559 at Nov. 20, 2023, 3:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AzraelOmbrixa
Highly Voted 1 year, 1 month ago
do a 'show ip int brief' to find IP of e0/1 of R1 and e0/2 of R20 (10.10.1.10 and 10.10.2.20 in this case) R1#conf t interface Tunnel0 vrf forwarding CORP ip address 10.100.100.1 255.255.255.0 Tunnel source e0/1 Tunnel destination 10.10.2.20 Tunnel protection ipsec profile MyProfile exit ip route vrf CORP 10.101.2.0 255.255.255.0 tunnel0 do wr R20#conf t interface tunnel0 vrf forwarding CORP ip address 10.100.100.2 255.255.255.0 Tunnel source e0/2 Tunell destination 10.10.1.10 Tunnel protection ipsec profile MyProfile exit ip route vrf CORP 10.100.1.0 255.255.255.0 tunnel0 do wr
upvoted 14 times
...
Klimy
Highly Voted 1 year, 4 months ago
This sim came up for me today without the ipsec. You just put it into vrf (ip vrf forwarding CORP) and set the 2 static routes in the CORP vrf. R10 ip route vrf CORP 10.101.2.0 255.255.255.0 tunnel0 R20 ip route vrf CORP 10.100.1.0 255.255.255.0 tunnel0 And of course save config. Just note that when you put it into vrf it loses the IP, so you need to set it again. (But you get a message, so you’ll see…)
upvoted 14 times
Adalberto
11 months, 4 weeks ago
And how about the Protection config ?
upvoted 3 times
a197cbf
9 months, 2 weeks ago
I had both the VRF with protection, and without protection, both questions on the same exam. For the tunnel protection, I think if you do a "show run | sec crypto" you should see that a crypto profile was made (I think it was called "MYPROFILE") on both routers. This already has all the proper keys, encryption, hashes, etc, already done for you, so you only have to apply the profile to the tunnel. Using MYPROFILE as an example, you would then do the following: (config)# interface Tunnel 0 (config-if)# tunnel protection ipsec profile MYPROFILE
upvoted 9 times
...
...
...
dvirchand
Most Recent 1 month, 1 week ago
Got this sim in the exam today. Only require to extend Finance VRF on the Tunnel and setup route. Tunnel was missing int he config and only one R1 config required
upvoted 2 times
...
WENG_POGI
1 month, 1 week ago
i have the same lab on this day,but wou can access R20 and Sw10 only. task 1.configure VRF on R20 only (VRF name is Finance) no access on R10 how can i know the ip address of destination tunnel on R10. task2.create static route from R20 without given ip address of VLAN. can someone tell me the answer?
upvoted 1 times
...
57abc51
2 months ago
Why is it ip route vrf CORP 10.101.2.0 255.255.255.0 tunnel0 Why not ip route vrf CORP 10.101.2.0 255.255.255.0 10.100.100.2 (The other side of the tunnel) Can someone explain, iv seen this with both. Is it becasue this one is using VRF?
upvoted 1 times
Calinserban
2 months ago
Cuz this is the require, to extend VRF over the tunnel
upvoted 1 times
57abc51
1 month, 3 weeks ago
Right, doing ip route vrf CORP 10.101.2.0 255.255.255.0 10.100.100.2 (10.100.100.2) is the other end of the tunnel. Or would this still go up and over the middle router?
upvoted 1 times
57abc51
1 month, 3 weeks ago
When creating a static route to send traffic over a Cisco GRE tunnel, the "destination" in the route should be set to the IP address of the other end of the tunnel, not the "tunnel0" interface itself; essentially, the IP address you want to reach through the tunnel.
upvoted 1 times
...
...
...
...
chmacnp
2 months, 2 weeks ago
exact SIM in first attempt approx 1 year ago - had never seen this question until the exam and I lost a lot of time with very poor configurations to every single interface and router (amateur)! Following a lot of labs including replication of this lab in to my own, the below (in exact order) works OK: R1#conf t interface Tunnel0 ip vrf forwarding CORP <----- 'ip' is required for tunnel to accept configuration ip address 10.100.100.1 255.255.255.0 Tunnel source e0/1 Tunnel destination 10.10.2.20 Tunnel protection ipsec profile MyProfile <-------- nice and easy way to add a crypto map to a VTI exit ip route vrf CORP 10.101.2.0 255.255.255.0 tunnel0 wr mem R20#conf t interface tunnel0 ip vrf forwarding CORP ip address 10.100.100.2 255.255.255.0 Tunnel source e0/2 Tunell destination 10.10.1.10 Tunnel protection ipsec profile MyProfile exit ip route vrf CORP 10.100.1.0 255.255.255.0 tunnel0 wr mem
upvoted 1 times
...
estpc5
2 months, 3 weeks ago
I took the examen today, I got this same lab but without the task 3. The exam had 58 question, with 6 labs, this was one of them but without the task 3. Most of the question i saw at the exam were new and different from the ones i saw here. Most of the question wasnt about network as we expected to be evaluated. What a shame for cisco
upvoted 4 times
chmacnp
1 month, 2 weeks ago
what do you mean the questions were new? Different to the 1068 questions in exam topics? How many possible questions can there be on a single set of data in v1.1
upvoted 2 times
...
MS_BEE
2 months, 3 weeks ago
please do you remember other labs you had?
upvoted 2 times
...
...
sharonmiller
9 months, 1 week ago
I think the correct answer is "next" lol
upvoted 3 times
...
Swiz005
9 months, 2 weeks ago
I took and passed the CCNP ENCOR exam today. I had 89 questions and 4 laps. This was one of the labs. however, I had issues though, my keyboard would not do uppercase when entering the profile name. I complained anyway and they wanted to restart the lap but I was already running out of time so I skipped it. This was my second take. I made sure I scored over 80 percent (over 100 questions) from this site before going for my second take. Good luck to everyone and thanks to Examtopics
upvoted 7 times
hugoplur
8 months ago
thanks for your feedback, and congratulations!
upvoted 1 times
...
...
a197cbf
9 months, 2 weeks ago
For some reason, using the provided configuration would not bring my tunnel up when using the "tunnel vrf CORP" command. Removing just that one command on both routers brought the tunnel up, so on my end it looks like you only need "ip vrf forwarding CORP" and not "tunnel vrf CORP". Anyone have any ideas as to why adding "tunnel vrf CORP" makes the tunnel go down? All other configs are the same on each side.
upvoted 1 times
Steve122
8 months, 4 weeks ago
tunnel vrf xxx -> underlay (front-door VRF) vrf forwarding CORP -> overlay
upvoted 2 times
...
...
IgorLVG
1 year ago
i would like to share: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/interface/configuration/xe-16-12/ir-xe-16-12-book/ir-vrf-tunnels.html#GUID-4B490C97-7812-4825-999B-AAC2FFA35113 here explains why use 2 VRF and the meaining of "tunnel vrf"
upvoted 3 times
zbeugene7
5 months, 3 weeks ago
Thank you ! I was looking for this , but couldn't find it...
upvoted 1 times
...
...
slacker_at_work
1 year, 1 month ago
Wrt protecting the tunnel; See article "Configuring a Virtual Tunnel Interface with IP Security" https://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd8029d629.html
upvoted 1 times
...
Claudiu1
1 year, 1 month ago
I labbed this exercise and this is what I have to say. Without the exact configurations, I simply left R10 e0/1, R20 e0/2 and the ISP router with their global VRFs. No modifications there. Now I see there are multiple versions of the correct answer, so: - "tunnel vrf TECH" implies that there is a TECH VRF already configured on the R10 e0/1, R20 e0/2 and the ISP router. If there isn't, "ip vrf forwarding CORP" is enough to solve this exercise. - on the same note, "tunnel vrf CORP" command needs that the VRF CORP is also configured, on R10 e0/1, R20 e0/2 and the ISP router. Otherwise, this will break your config because CORP VRF has no routes to 10.10.1.0 and 10.10.2.0. If you get this lab in your exam, examine very careful the preconfiguration.
upvoted 4 times
...
CCAL
1 year, 2 months ago
This configuration is correct R1# interface Tunnel0 vrf forwarding CORP ip address 10.100.100.1 255.255.255.255 Tunnel source e0/1 Tunnel destination 10.10.2.20 Tunnel protection ipsec profile MyProfile R2# interface tunnel0 vrf forwarding CORP ip address 10.100.100.2 255.255.255.255 Tunnel source e0/2 Tunell destination 10.10.1.10 Tunnel protection ipsec profile MyProfile R1# ip route vrf CORF 10.101.2.0 255.255.255.255 tunnel0 R2#ip route vrf CORF 10 .100.1.0 255.255.255.255 tunnel0
upvoted 2 times
WENG_POGI
3 months, 2 weeks ago
this most correct answer
upvoted 2 times
...
CCAL
1 year, 2 months ago
255.255.255.0 not 255.255.255.255 sorry
upvoted 2 times
...
...
sergiosolotrabajo
1 year, 3 months ago
I've configured this on EVE-NG: hostname R10 ! ! ! ! ip vrf CORP description VRF-CORP rd 12956:1 ! ! ! interface Loopback1 ip vrf forwarding CORP ip address 10.10.10.10 255.255.255.255 no sh ! interface Tunnel0 ip vrf forwarding CORP ip address 10.100.100.2 255.255.255.0 tunnel source GigabitEthernet0/1 tunnel destination 10.10.2.2 tunnel vrf CORP ! interface GigabitEthernet0/0 ip vrf forwarding CORP ip address 10.100.1.1 255.255.255.0 no sh ! ! interface GigabitEthernet0/1 ip vrf forwarding CORP ip address 10.10.1.2 255.255.255.0 no sh ! ! router ospf 1 vrf CORP router-id 10.10.10.10 passive-interface default no passive-interface GigabitEthernet0/1 network 10.10.10.10 0.0.0.0 area 0 network 10.10.1.2 0.0.0.0 area 0 network 10.100.1.0 0.0.0.255 area 0 exit ! ip route vrf CORP 10.101.2.0 255.255.255.0 Tunnel 0 ! ! !
upvoted 2 times
sergiosolotrabajo
1 year, 3 months ago
hostname R20 ! ! ! ! ip vrf CORP description VRF-CORP rd 12956:1 ! ! ! interface Loopback1 ip vrf forwarding CORP ip address 12.12.12.12 255.255.255.255 no sh ! interface Tunnel0 ip vrf forwarding CORP ip address 10.100.100.3 255.255.255.0 tunnel source GigabitEthernet0/2 tunnel destination 10.10.1.2 tunnel vrf CORP ! interface GigabitEthernet0/0 ip vrf forwarding CORP ip address 10.101.2.1 255.255.255.0 no sh ! ! interface GigabitEthernet0/2 ip vrf forwarding CORP ip address 10.10.2.2 255.255.255.0 no sh ! ! router ospf 1 vrf CORP router-id 12.12.12.12 passive-interface default no passive-interface GigabitEthernet0/2 network 12.12.12.12 0.0.0.0 area 0 network 10.10.2.2 0.0.0.0 area 0 network 10.101.2.0 0.0.0.255 area 0 ! ip route vrf CORP 10.100.1.0 255.255.255.0 Tunnel0 ! ! !
upvoted 1 times
WENG_POGI
3 months, 2 weeks ago
its said static route,not dynamic routing (OSPF)
upvoted 1 times
...
...
...
eearmani
1 year, 3 months ago
This one of the new labs
upvoted 1 times
...
post20
1 year, 3 months ago
Simulations need to be updated!... Took the test yesterday. Had 4 simulations. The only one I saw from all presents on "examtopic" was GRE tunnel, without the 3rd task. The other different simulations were OSPF (had to elect DR and BDR without using the command ip ospf network point-to-point), BGP, and the other one with issues on a trunk link between two switches + issues on an ether-channel on two other switches present in the same topology... failed the exam :(
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago