A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?
A.
The output format option for the packet logs is unavailable.
B.
Only the UDP packet type is supported.
C.
The destination MAC address is optional if a VLAN ID value is entered.
D.
The VLAN ID and destination MAC address are optional.
If the Firepower Threat Defense device is running in transparent firewall mode, and the ingress interface is VTEP, Destination MAC Address is required if you enter a value in VLAN ID. Whereas if the interface is a bridge group member, Destination MAC Address is optional if you enter a VLAN ID value, but required if you do not enter a VLAN ID value.
If the Firepower Threat Defense is running in routed firewall mode, VLAN ID and Destination MAC Address are optional if the input interface is a bridge group member
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/troubleshooting_the_system.html
When specifying a destination MAC address for a packet trace on a Cisco FTD device running in transparent firewall mode with a VTEP bridge group member ingress interface, the engineer must consider that:
C. The destination MAC address is optional if a VLAN ID value is entered1.
This allows for flexibility in specifying the necessary details for the packet trace.
Selected Answer: D
The following tables provide full information pertaining to the interface-dependent behavior of VLAN identity and Destination MAC address in transparent and routed firewall modes respectively.
Transparent firewall mode :
Interface: Management
VLAN: Enabled (Optional)
Destination MAC address: Disabled
Interface: VTEP
VLAN: Enabled (Optional)
Destination MAC address: Disabled. When the user enters a value in VLAN, the Destination MAC address is enabled but is optional.
Interface: Bridge Virtual Interface (BVI)
VLAN: Enabled (Optional)
Destination MAC address: Enabled (Mandatory). When the user enters a value in VLAN, the Destination MAC address is optional.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/I-R/asa-command-ref-I-R/pa-pn-commands.html
When an interface is in a bridge group, specifying a destination MAC address is optional as long as a VLAN ID value is provided. So the correct answer is indeed A: "The destination MAC address is optional if a VLAN ID value is entered."
Given answer is correct - as long as an interface is in a bridge group, Destination MAC is optional if you provide a VLAN ID value.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Cokamaniako
Highly Voted 10 months ago14a1949
Most Recent 1 month, 3 weeks agoz6st2a1jv
4 months, 3 weeks agotanri04
11 months, 4 weeks agotanri04
11 months, 4 weeks agoMevijil
1 year, 2 months ago