2013 Latest Cisco 350-001 Exam Section 3: MLS (4 Questions)
QUESTION NO: 1 Your Catalyst switch is configured to support Multi Layer Switching (MLS). The switch contains an access list designed to prevent certain users from using ports 20 and 21 to reach the Internet. Because of this, which flow mask will be needed to create each MLS shortcut?
A. Destination flow mask
B. Full flow mask
C. Source flow mask
D. Partial flow mask
E. Destination-source mask
F. Session flow mask
The three types of IP MLS modes are destination-ip, destination-source-ip, and full-flow-ip. Full flow-ip is in effect when an extended access list is applied.. To Block FTP traffic we require an extended access-list, which acts on layer 3 as well as layer 4 information in a packet. Because of this, the full flow mask is needed, which uses layer 3 and layer 4 information to create the shortcuts.
A. Destination-ip mode is the default mode. It is used when no access list is applied to the
router’s MLS-enabled interface.
C, D, F. These types of flow masks do not exist.
E. Source-destination-ip mode is in use when a standard access list is applied.
QUESTION NO: 2 While looking through the log files of your Catalyst switch, you notice that the following two messages are displayed somewhat infrequently:
%MLS-4-MOVEOVERFLOW:Too many moves, stop MLS for 5 sec(20000000)
%MLS-4-RESUMESC:Resume MLS after detecting too many moves
What is the most likely cause of this problem?
A. A transitory Spanning Tree loop
B. A permanent Spanning Tree loop
C. A faulty cable
D. Faulty switch port
E. A Pinnacle sync failure
If you see these messages infrequently, it is most likely a transitory L2 (spanning-tree) loop, resulting in packet flooding in one or more VLANs. However, if you are seeing an excessive number of these messages (for example, if your syslog server log file or your switch console are being flooded with these messages), the problem might be due to the following reasons:
a permanent L2 (spanning-tree) loop
* one or more faulty switch ports
a bad cable (for example, a unidirectional fiber link)
* other bad hardware (not necessarily on the switch generating the messages)
misconfigured device (for example, a traffic generator sending traffic to two switch
ports using the same MAC address)
B, C, D. These are all possible causes, but not the most probably cause. The fact that only a few of these error messages are appearing tells us that A is the best choice.
E. This choice is the least likely to be the cause of the errors messages. A pinnacle Sync failure is a hardware error and Cisco does not cite this as a reason for the MLS errors at all.
Common CatOS Error Messages on Cisco Catalyst Switches http://www.cisco.com/warp/public/473/34.shtml
QUESTION NO: 3
You have just recently implemented the Multilayer switching feature on your Catalyst Switch. How will this change affect your network?
A. The MLS Switching Engine will forward the first packet in every flow.
B. The MLS Route Processor will forward the first packet in every flow.
C. The MLS Switching Engine will forward all traffic.
D. The MLS Route Processor will forward all traffic.
Multi-Layer Switching (MLS) has become a highly desired method of accelerating routing performance through the use of dedicated Application Specific Integrated Circuits (ASICs). Traditional routing is done through a central CPU and software. MLS offloads a significant portion of routing (packet rewrite) to hardware, and thus has also been termed switching. MLS and Layer 3 switching are equivalent terms. It works by utilizing the MLS Route Processor, which forwards only the first packet in every source-destination flow. The remaining packets in the flow are then switched by the Switching Engine.
A, C. The Switching Engine is utilized after the first packet is processed by the Route processor. The packets in each flow are then routed once, and then switched.
D. MLS works by only running the first packet in any flow through the relatively resource intensive routing process.
QUESTION NO: 4
The TestKing network is displayed in the following exhibit:
You connect a PC to Switch TestKingC and captured some packets in VLAN 100. You have noticed that unicast packets from the Server in VLAN 20 to User PC in VLAN 100 are constantly being flooded affecting the performance of other devices in VLAN 100. What is the most appropriate way to fix this issue?
A. Configure the MAC address of Server in vlan 100 as static on Switch TestKingC
B. Configure MAC address of PC in vlan 100 as static on switch TestKingD
C. Configure static ARP entry for PC address in vlan 100 on switch TestKingC
D. Configure MAC address table aging and ARP aging timers to match on switches TestKingC and TestKingD
E. Disable HSRP on switch TestKingC
The default ARP cache aging time on a router is 4 hours. The default aging time of the switch content-addressable memory (CAM) entry is 5 minutes. The ARP aging time of the host workstations is not significant for this discussion. However, the example sets the ARP aging time to 4 hours. This diagram illustrates this issue. This topology example includes Catalyst 6500s with Multilayer Switch Feature Cards (MSFCs) in each switch. Although this example uses MSFCs, you can use any router instead of the MSFC. Example routers that you can use include the Route Switch Module (RSM), Gigabit Switch Router (GSR), and Cisco 7500. The hosts are directly connected to ports on the switch. The switches are interconnected via a trunk which carries traffic for VLAN 1 and VLAN 2.
Consequences of Asymmetric Routing
Consider the case of the continuous ping of host B by host A. Remember that host A sends the echo packet to MSFC1, and host B sends the echo reply to MSFC2, which is in an asymmetric routing state. The only time that Switch 1 learns the source MAC of host B is when host B replies to an ARP request from MSFC1. This is because host B uses MSFC2 as its default gateway and does not send packets to MSFC1 and, consequently, Switch 1. Since the ARP timeout is 4 hours by default, Switch 1 ages the MAC address of host B after 5 minutes by default. Switch 2 ages host A after 5 minutes. As a result, Switch 1 must treat any packet with a destination MAC of host B as an unknown unicast. The switch floods the packet that comes from host A and is destined for host B out all ports. In addition, because there is no MAC address entry host B in Switch 1, there is no MLS entry as well. The echo reply packets that come from host B experience the same issue after the MAC address entry for host A ages on Switch 2. Host B forwards the echo reply to MSFC2, which in turn routes the packet and sends it out on VLAN 1. The switch does not have an entry host A in the MAC address table and must flood the packet out all ports in VLAN 1. Asymmetric routing issues do not break connectivity. However, asymmetric routing can cause excessive unicast flooding and MLS entries that are missing. There are three configuration changes that can remedy this situation:
Adjust the MAC aging time on the respective switches to 14,400 seconds (4 hours) or longer.
Change the ARP timeout on the routers to 5 minutes (300 seconds).
Change the MAC aging time and ARP timeout to the same timeout value.
Ensurepass offers Latest 2013 CCIE 350-001 Real Exam Questions , help you to pass exam 100%.