A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?
A.
The output format option for the packet logs is unavailable.
B.
Only the UDP packet type is supported.
C.
The destination MAC address is optional if a VLAN ID value is entered.
D.
The VLAN ID and destination MAC address are optional.
When specifying a destination MAC address for a packet trace on a Cisco FTD device running in transparent firewall mode with a VTEP bridge group member ingress interface, the engineer must consider that:
C. The destination MAC address is optional if a VLAN ID value is entered1.
This allows for flexibility in specifying the necessary details for the packet trace.
Selected Answer: D
The following tables provide full information pertaining to the interface-dependent behavior of VLAN identity and Destination MAC address in transparent and routed firewall modes respectively.
Transparent firewall mode :
Interface: Management
VLAN: Enabled (Optional)
Destination MAC address: Disabled
Interface: VTEP
VLAN: Enabled (Optional)
Destination MAC address: Disabled. When the user enters a value in VLAN, the Destination MAC address is enabled but is optional.
Interface: Bridge Virtual Interface (BVI)
VLAN: Enabled (Optional)
Destination MAC address: Enabled (Mandatory). When the user enters a value in VLAN, the Destination MAC address is optional.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/I-R/asa-command-ref-I-R/pa-pn-commands.html
If the Firepower Threat Defense device is running in transparent firewall mode, and the ingress interface is VTEP, Destination MAC Address is required if you enter a value in VLAN ID. Whereas if the interface is a bridge group member, Destination MAC Address is optional if you enter a VLAN ID value, but required if you do not enter a VLAN ID value.
If the Firepower Threat Defense is running in routed firewall mode, VLAN ID and Destination MAC Address are optional if the input interface is a bridge group member
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/troubleshooting_the_system.html
When an interface is in a bridge group, specifying a destination MAC address is optional as long as a VLAN ID value is provided. So the correct answer is indeed A: "The destination MAC address is optional if a VLAN ID value is entered."
Given answer is correct - as long as an interface is in a bridge group, Destination MAC is optional if you provide a VLAN ID value.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
14a1949
1 day, 4 hours agoz6st2a1jv
3 months agoCokamaniako
8 months, 1 week agotanri04
10 months, 1 week agotanri04
10 months, 1 week agoMevijil
1 year ago