CCNA FAQ: Point-to-Point WANs (Wide Area Network Connections)
Question: Which of the following PPP authentication protocols authenticates a device on the other end of a link without sending any password information in clear text? a. MD5 b. PAP c. CHAP d. DES
Answer: C. Of the possible answers, only PAP and CHAP are PPP authentication protocols. PAP sends the password as clear text between the two devices.
Question: Which of the following PPP protocols controls the operation of CHAP? a. CDPCP b. IPCP c. LCP d. IPXCP
Answer: C. The PPP Link Control Protocol (LCP) controls functions that apply to the link regardless of the Layer 3 protocol, including looped link detection, link quality monitoring, and authentication.
Question: Two routers have no initial configuration whatsoever. They are connected in a lab using a DTE cable connected to R1 and a DCE cable connected to R2, with the DTE and DCE cables then connected to each other. The engineer wants to create a working PPP link. Which of the following commands are required on R1 for the link to reach a state in which R1 can ping R2’s serial IP address, assuming that the physical back-to-back link physically works? (Choose two answers.) a. encapsulation ppp b. no encapsulation hdlc c. clock rate d. ip address
Answer: A and D. Both routers need an encapsulation ppp command, and both also will need IP addresses, before the ping will work. R1 does not need a clock rate command, because R2 is connected to the DCE cable.
Question: Imagine that two routers, R1 and R2, have a leased line between them. Each router had its configuration erased and was then reloaded. R1 was then configured with the following commands: hostname R1 interface s0/0 encapsulation ppp ppp authentication chap Which of the following configuration commands can complete the configuration on R1 so that CHAP can work correctly? Assume that R2 has been configured correctly and that the password is fred. a. No other configuration is needed. b. ppp chap (global command) c. username R1 password fred d. username R2 password fred e. ppp chap password fred
Answer: D. The username command on one router should refer to the case-sensitive hostnameof the other router.
Question: Consider the following excerpt from the output of a show command: Serial0/0/1 is up, line protocol is up Hardware is GT96K Serial Internet address is 192.168.2.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: CDPCP, IPCP, loopback not set Which of the following are true about this router’s S0/0/1 interface? (Choose two answers.) a. The interface is using HDLC. b. The interface is using PPP. c. The interface currently cannot pass IPv4 traffic. d. The link should be able to pass PPP frames at the present time.
Answer: B and D. The output lists encapsulation PPP, meaning that it is configured to use PPP. The line and protocol status are both up, LCP is open, and both CDPCP and IPCP are open, meaning that IP and CDP packets can be sent over the link.
Question: Consider the following excerpt from the output of a show interfaces command on an interface configured to use PPP: Serial0/0/1 is up, line protocol is down Hardware is GT96K Serial Internet address is 192.168.2.1/24 A ping of the IP address on the other end of the link fails. Which of the following are reasons for the failure, assuming that the problem listed in that answer is the only problem with the link? (Choose two answers.) a. The CSU/DSU connected to the other router is not powered on. b. The IP address on the router at the other end of the link is not in subnet 192.168.2.0/24. c. CHAP authentication failed. d. The router on the other end of the link has been configured to use HDLC. e. None of the other answers is correct.
Answer: C and D. Physical layer problems typically result in a line status (first status code) value of “down.” A remote router IP address in a different subnet would not prevent a PPP-configured interface from reaching a protocol status (second line status) of “up.” If the other end of the link was misconfigured to use HDLC, or if it was configured for PPP but CHAP authentication failed, the interface could be in an “up and down” state, as shown.
Question: Two routers have a serial link between them, with the link configured to use PPP, and with EIGRP configured correctly for all interfaces. The engineer can ping the IP address on the other end of the link, but not the IP address of the other router’s LAN interface. Which of the following answers is a likely cause of the problem? a. The CSU/DSU connected to the other router is not powered on. b. The serial IP address on the router at the other end of the link is not in the same subnet as the local router. c. CHAP authentication failed. d. The router on the other end of the link has been configured to use HDLC.
Answer: B. With PPP, two routers can use IP addresses in different subnets on opposite ends of the links, and a ping to the other router’s serial IP address works. However, this subnet mismatch causes routing protocols to fail when forming neighbor relationships to exchange routes, so neither router learns EIGRP routes from the other.
Question: List the three categories of WAN connections.
Answer: The three WAN connection categories are leased line, circuit switched, and packet switched.
Question: You are installing a new serial WAN connection into your offices in Tucson, Arizona. The service has already terminated their end of the connection at the premises and provided you with a CSU/DSU device. What physical connections should you use on your Cisco router?
Answer: When configuring the physical connectivity for a serial WAN connection, you need to purchase either a DB-60 or Smart Serial WIC card for your router. From there, you need to purchase a cable that converts from the DB-60 or Smart Serial card of your Cisco router to the industry standard adapter found on the CSU/DSU device that connects to the service provider.
Question: What four features are negotiated by PPP’s LCP?
Answer: The four features negotiated by the PPP Link Control Protocol (LCP) are compression, callback, multilink, and authentication.
Question: What is the function of PPP’s Network Control Protocol?
Answer: The Network Control Protocol (NCP) enables the router to encapsulate multiple upper-layer protocols (such as IP, IPX, and Appletalk) over a PPP WAN connection.
Question: PPP has the capability to use two different compression algorithms. What are they? What is the effect of these algorithms on your router? Why would you choose to use one algorithm over the other?
Answer: The two PPP compression algorithms are Stacker and Predictor. The Stacker algorithm requires more processor resources and fewer memory resources. The Predictor algorithm uses more memory resources and fewer processor resources. Stacker is the best algorithm to use when there are varying traffic types crossing the PPP WAN connection. Predictor works best when you have similar traffic types using the PPP WAN connection.
Question:Which of the following network types would encompass Frame Relay and X.25? A. Leased lines B. Circuit-switched networks C. Packet-switched networks D. Broadband
Answer: C. Frame Relay and X.25 fall under the packet-switched networks category. These networks establish connections through a service provider cloud using virtual circuits. Answer B is incorrect because circuit-switched networks include technologies such as modems and ISDN. Answer A is incorrect because leased lines use dedicated bandwidth between locations. Answer D is incorrect because broadband encompasses DSL and cable modem technology.
Question: What type of serial transition cable should you use to connect your Cisco router to a CSU/DSU device that has a V.35 female connector? A. V.35 male on the Cisco side to V.35 male on the CSU/DSU B. DB-60 male on the Cisco side to V.35 male on the CSU/DSU C. DB-60 male on the Cisco side to V.35 female on the CSU/DSU D. V.35 male on the Cisco side to V.35 female on the CSU/DSU
Answer: B. The Cisco side of the connection always uses either a DB-60 or Smart Serial connector (these are always male because the router has female ports). Because the CSU/DSU has a V.35 female connector, you should be using a V.35 male transition cable. All other answers are incorrect because they use either the wrong connector type or gender on the Cisco side.
Question: What type of packet is used during the initial PPP link establishment process? A. Authentication B. LCP C. NCP D. HDLC
Answer: B. The Link Control Protocol (LCP) is used to negotiate all options related to PPP during the link establishment phase. The Network Control Protocol (NCP) negotiates the upper-layer protocols only after the initial PPP link has been established. The HDLC layer of PPP is what allows for multivendor interoperability with the protocol.
Answer A is incorrect because an authentication packet falls under the LCP negotiations. Answer C is incorrect because NCP negotiates the upper-layer protocols. Answer D is incorrect because HDLC is used to give PPP an industry standard foundation when connecting to non-Cisco equipment.
Question: Which of the following describes the Password Authentication Protocol (PAP) used by PPP during the LCP process? (Choose 2.) A. PAP exchanges passwords in clear text. B. PAP uses a MD5 hashing function to send password information. C. PAP enables the server to be in control of the authentication attempt. D. PAP enables the client to be in control of the authentication attempt.
Answer: A, D. PAP is the older of the two PPP authentication protocols. It has major security flaws, including the sending of passwords in clear text and allowing the client to choose when it sends the password.
Answers B and C are incorrect because the MD5 hashing and server control is a function of the CHAP.
Question: When is CHAP authentication performed? A. On a certain time interval B. When the user decides to send the username/password C. When the link connection is established D. When the link connection is established and on a periodic interval
Answer: D. CHAP requires authentication both when the link is initially established and on a periodic basis thereafter. This is awesome because it combats playback attacks and packet sniffing (passwords are not sent). PAP requires authentication only when the link is initially established and when the client chooses to send the credentials, which is why answers B and C are incorrect. Answer A is incorrect because CHAP also sends authentication credentials when the link is initially established.
Question: What Cisco IOS configuration mode should you be in to enable PPP authentication? A. Global configuration mode B. Router configuration mode C. Interface configuration mode D. PPP LCP configuration mode
Answer: C. You enable PPP authentication from the interface configuration mode by typing the command ppp authentication <chap/pap>. All other answers are either irrelevant or non-existent (there is no PPP LCP configuration mode in the Cisco IOS).
Question: What type of WAN connection enables the company to purchase a simple Internet connection and tunnel their information through the network between their sites? A. Leased lines B. Circuit-switched C. Packet-switched D. Virtual private network
Answer: D. VPNs enable companies to purchase simple Internet connections and tunnel their information through the networks between their sites. This information is heavily encrypted to ensure it is not compromised crossing the public network. This is far cheaper than any other type of WAN connection, but can suffer from the heavy encryption slowdown. Answers A, B, and C are incorrect because leased lines and circuit-switched and packet-switched networks require no tunneling or encryption capabilities.
Question: What verification command can show you the current state of the PPP Link Control Protocol? A. show interface B. show ip interface C. show ppp interface D. show wan interface
Answer: A. The show interface command is used to verify the current state of the PPP LCP negotiations. This shows Open, Listen, ACKSent, or TERMSent, depending on the state of LCP at the time (you want LCP to show Open). The other show commands are either irrelevant or would produce invalid syntax.
Question: Which of the following PPP sub-layers is responsible for Network layer protocol negotiation? A. HDLC B. CDP C. LCP D. NCP
Answer: D. NCP is used to negotiate the Network layer protocols. These negotiations are typically shown as in the syntax <negotiated protocol>CP in show interface output, such as IPCP (for the IP protocol), CDPCP (for the CDP protocol), or IPXCP (for the IPX protocol). Answer A is incorrect because HDLC is used at a lower layer of PPP to provide multi-vendor interoperability, and answer C is incorrect because LCP is used to negotiate PPP features. Answer B is incorrect because CDP has nothing to do with WAN links.
Question: Which of the following WAN connection categories would include dial-up modems? A. Leased lines B. Circuit-switched C. Packet-switched D. Metro ethernet
Answer: B. Circuit-switched connections encompass anything that has to dial a number to make a connection. These connections typically use the telephone company as a backbone. Answer C is incorrect as packet-switched networks include technologies such as X.25 and Frame Relay. Answer A is incorrect because leased lines do not dial because they are permanently established connections. Answer D is incorrect because metro ethernet is extremely high-speed connections running through a metropolitan area.
Question: Which command will display the CHAP authentication process as it occurs between two routers in the network? A. show chap authentication B. show interface serial 0 C. debug ppp authentication D. debug chap authentication
Answer: C. The command debug ppp authentication will show you the authentication process that PPP uses across point-to-point connections.
Question: Which command is required for connectivity in a Frame Relay network if Inverse ARP is not operational? A. frame-relay arp B. frame-relay map C. frame-relay interface-dci D. frame-relay lmi-type
Answer: B. If you have a router in your Frame Relay network that does not support IARP, you must create Frame Relay maps on your router, which provide known DLCI-toIP-address mappings.
Question: Suppose you have a customer who has a central HQ and six branch offices. The customer anticipates adding six more branches in the near future. It wishes to implement a WAN technology that will allow the branches to economically connect to HQ and you have no free ports on the HQ router. Which of the following would you recommend? A. PPP B. HDLC C. Frame Relay D. ISDN
Answer: C. The key is “there are no free ports” on your router. Only Frame Relay can provide a connection to multiple locations with one interface, and in an economical manner no less.
Question: Which of the following command options are displayed when you use the Router#show frame-relay ? command? (Choose three.) A. dlci B. neighbors C. lmi D. pvc E. map
Answer: C, D, E. The show frame-relay ? command provides many options, but the options available in this question are lmi , pvc, and map.
Question: How should a router that is being used in a Frame Relay network be configured to keep split horizon issues from preventing routing updates? A. Configure a separate subinterface for each PVC with a unique DLCI and subnet assigned to the subinterface. B. Combine multiple Frame Relay circuits as a point-to-point line to support multicast and broadcast traffic. C. Configure many subinterfaces in the same subnet. D. Configure a single subinterface to establish multiple PVC connections to multiple remote router interfaces.
Answer: A. If you have a serial port confiured with multiple DLCIs connected to multiple remote sites, split horizon rules (discussed in Chapter 5) stop route updates received on an interface from being sent out the same interface. By creating subinterfaces for each PVC, you can avoid the split horizon issues when using Frame Relay.
Question: Which encapsulations can be configured on a serial interface? (Choose three.) A. Ethernet B. Token Ring C. HDLC D. Frame Relay E. PPP
Answer: C, D, E. Ethernet and Token Ring are LAN technologies and cannot be confiured on a serial interface. PPP, HDLC, and Frame Relay are layer 2 WAN technologies that are typically confiured on a serial interface.
Question: When setting up Frame Relay for point-to-point subinterfaces, which of the following must not be configured? A. The Frame Relay encapsulation on the physical interface B. The local DLCI on each subinterface C. An IP address on the physical interface D. The subinterface type as point-to-point
Answer: C. It is very important to remember when studying the CCNA R/S exam objectives, and when confiuring Frame Relay with point-to-point subinterfaces, that you do not put an IP address on the physical interface.
Question: When a router is connected to a Frame Relay WAN link using a serial DTE interface, how is the clock rate determined? A. By the CSU/DSU B. By the far end router C. By the clock rate command D. By the Physical layer bit stream timing
Answer: A. Clocking on a serial interface is always provided by the CSU/DSU (DCE device). However, if you do not have a CSU/DSU in your nonproduction test environment, then you need to supply clocking with the clock rate command on the serial interface of the router with the DCE cable attached.
Question: A default Frame Relay WAN is classified as what type of physical network? A. Point-to-point B. Broadcast multi-access C. Nonbroadcast multi-access D. Nonbroadcast multipoint
Answer: C. Frame Relay, by default, is a nonbroadcast multi-access (NBMA) network, which means that broadcasts, such as RIP updates, will not be forwarded across the link by default.
Question: Which of the following encapsulates PPP frames in Ethernet frames and uses common PPP features like authentication, encryption, and compression? A. PPP B. PPPoA C. PPPoE D. Token Ring
Answer: C. PPPoE encapsulates PPP frames in Ethernet frames and uses common PPP features like authentication, encryption, and compression. PPPoA is used for ATM.
Question: You need to configure a router for a Frame Relay connection to a non-Cisco router. Which of the following commands will prepare the WAN interface of the router for this connection? A. Router(config-if)#encapsulation frame-relay q933a B. Router(config-if)#encapsulation frame-relay ansi C. Router(config-if)#encapsulation frame-relay ietf D. Router(config-if)#encapsulation frame-relay cisco
Answer: C. If you have a Cisco router on one side of a Frame Relay network and a non-Cisco router on the other side, you would need to use the Frame Relay encapsulation type of IETF. The default is Cisco encapsulation, which means that a Cisco router must be on both sides of the Frame Relay PVC.
Question: You have configured a serial interface with GRE IP commands on a corporate router with a point-to-point link to a remote office. What command will show you the IP addresses and tunnel source and destination addresses of the interfaces? A. show int serial 0/0 B. show ip int brief C. show interface tunnel 0 D. show tunnel ip status E. debug ip interface tunnel
Answer: C. The show interfaces command shows the confiuration settings and the interface status as well as the IP address and tunnel source and destination address.
Question: Which of the following is true regarding WAN technologies? (Choose three.) A. You must use PPP on a link connecting two routers using a point-to-point lease line. B. You can use a T1 to connect a customer site to the ISP. C. You can use a T1 to connect a Frame Relay connection to the ISP. D. You can use Ethernet as a WAN service by using EoMPLS. E. When using an Ethernet WAN, you must configure the DLCI.
Answer: B, C, D. This is just a basic WAN question to test your understanding of connections. PPP does not need to be used, so option A is not valid. You can use any type of connection to connect to a customer site, so option B is a valid answer. You can also use any type of connection to get to the Frame Relay switch, as long as the ISP supports it, and T1 is valid, so option C is okay. Ethernet as a WAN can be used with Ethernet over MPLS (EoMPLS); however, you don’t need to confiure a DLCI unless you’re using Frame Relay, so E is not a valid answer for this question.
Question: You want to allow remote users to send protected packets to the corporate site, but you don’t want to install software on the remote client machines. What is the best solution that you could implement? A. GRE tunnel B. Web VPN C. VPN Anywhere D. IPsec
Answer: B. All web browsers support Secure Sockets Layer (SSL), and SSL VPNs are known as Web VPNs. Remote users can use their browser to create an encrypted connection and they don’t need to install any software. GRE doesn’t encrypt the data.
Question: Why won’t the serial link between the Corp router and the Remote router come up?
A. The serial cable is faulty. B. The IP addresses are not in the same subnet. C. The subnet masks are not correct. D. The keepalive settings are not correct. E. The layer 2 frame types are not compatible.
Answer: E. This is an easy question because the Remote router is using the default HDLC serial encapsulation and the Corp router is using the PPP serial encapsulation. You should go to the Remote router and set that encapsulation to PPP or change the Corp router back to the default of HDLC by typing no encapsulation under the interface.
Question: Which of the following are benefits of using a VPN in your internetwork? (Choose three) A. Security B. Private high-bandwidth links C. Cost savings D. Incompatibility with broadband technologies E. Scalability
Answer: A, C, E. VPNs can provide very good security by using advanced encryption and authentication protocols, which will help protect your network from unauthorized access. By connecting the corporate remote offies to their closest Internet provider and then creating a VPN tunnel with encryption and authentication, you’ll gain a huge savings over opting for traditional leased point-to-point lines. VPNs scale very well to quickly bring up new offies or have mobile users connect securely while traveling or when connecting from home. VPNs are very compatible with broadband technologies.
Question: A remote site has just been connected to the central office, named Lab_A. However, remote users cannot access applications at the central office. The remote router can be pinged from the Lab_A office router. After reviewing the following command output, which do you think is the most likely reason for the problem?
A. The Frame Relay PVC is down. B. The IP addressing on the central/remote router link is incorrect. C. RIP routing information is not being forwarded. D. Frame Relay Inverse ARP is not properly configured.
Answer: C. Even though the IP addresses don’t look correct, they are in the same subnet, so option B is not correct. The question states that you can ping the other side, so the PVC must be up— option A can’t be correct. You cannot confiure IARP, so only option C can be correct. Since a Frame Relay network is a nonbroadcast multi-access network by default, broadcasts such as RIP updates cannot be sent across the PVC unless you use the broadcast statement at the end of the frame-relay map command.
Question: Which of the following is an industry-wide standard suite of protocols and algorithms that allows for secure data transmission over an IP-based network that functions at the layer 3 Network layer of the OSI model? A. HDLC B. Cable C. VPN D. IPsec E. xDSL
Answer: D. IPsec is an industry-wide standard suite of protocols and algorithms that allows for secure data transmission over an IP-based network that functions at the layer 3 Network layer of the OSI model.
Question: Which of the following describes the creation of private networks across the Internet, enabling privacy and tunneling of TCP/IP protocols? A. HDLC B. Cable C. VPN D. IPsec E. xDSL
Answer: C. A VPN allows or describes the creation of private networks across the Internet, enabling privacy and tunneling of TCP/IP protocols. A VPN can be set up across any type of link.
Question: Referring to the following diagram, what functions does the Frame Relay DLCI provide with respect to router Lab_A?
A. Identifies the signaling standard between Lab_A and the frame switch B. Identifies a portion of the virtual circuit between Lab_A and the frame switch C. Identifies the encapsulation used between Lab_A and Lab_B D. Defines the signaling standard between Lab_B and the frame switch
Answer: B. As I mentioned many times in this chapter, and you need to remember this, DLCIs are locally signifiant only and defie the circuit from the router to the switch only. They do not reference a remote router or DLCI. Lab_A would use DLCI 100 to get to the Lab_B networks. RouterB would use DLCI 200 to get to the Lab_A networks