Home > Ticket 6 – VLAN filter

Ticket 6 – VLAN filter

March 25th, 2015 in TSHOOT v2 Go to comments

Client 1 is not able to ping the server. Unable to ping DSW1 or the FTP Server(Use L2 Diagram).

Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3

Configuration on DSW1
vlan access-map test1 10
action drop
match ip address 10
vlan access-map test1 20
action drop
match ip address 20
vlan access-map test1 30
action forward
match ip address 30
vlan access-map test1 40
action forward
!
vlan filter test1 vlan-list 10
!
access-list 10 permit 10.2.1.3
access-list 20 permit 10.2.1.4
access-list 30 permit 10.2.1.0 0.0.0.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0

Ans1) DSW1
Ans2) VLAN ACL/Port ACL
Ans3) Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

Note: After choosing DSW1 for Ans1, next page (for Ans2) you have to scroll down to find the VLAN ACL/Port ACL option. The scroll bar only appears in this ticket and is very difficult to be seen.

Nirmala
Comments (45) Comments
Comment pages
1 10 11 12 24
  1. hamza butt
    October 25th, 2016

    is it still valid premium for exam ..i m going to take exam tomorrow ..plz cnfrm it?

  2. Curry
    November 1st, 2016

    For this ticket is the question really about vlan filter or vlan access-map. I saw other answered no vlan access-map test 1 10. Please help. Thanks.

  3. Patrick T
    November 8th, 2016

    Am taking the Exam in a weeks time. Is traceroute command allowed in the exam. please help

  4. MeepMop
    November 9th, 2016

    @Patrick T

    No, Traceroute is not allowed on the exam.

  5. Patrick T
    November 9th, 2016

    @MeepMop
    Thanks for the feedback…Traceroute command would be the easiest to locate the misconfigured device on the network..How else can one know without doing the ‘show run’ or other commands on every device which is time wasting. I have already sat Route and Switch so this is a ‘Do’ or ‘Die’ for me.

  6. Chriscross
    November 11th, 2016

    I recently passed my 300-135 exam with the use of Grades4sure dumps. I got same questions in my exam that I prepared from Grades4sure test engine software. I recommend http://www.grades4sure.com/300-135-exam-questions.html to you if you want to clear your exam in first attempt.

  7. MeepMop
    November 13th, 2016

    @ Patrick T
    Your best bet is to ping through the appliances and see which last hop is reachable. Begin your investigation there.

  8. Emma
    November 16th, 2016

    I recommended http://www.testmayor.com/ ! I passed my exam yesterday with the score 98%. You can try the demo before you pay for the order. 100% money back guarantee. You will lose nothing.

  9. pamssecca
    November 21st, 2016

    @Curry , Removing the entire filter may be the preferred solution because deleting the one sequence with “no vlan access-map test1 10” will not remove sequence 20, which is still blocking client 2. Although the question is asking us to just fix client 1. Both of these solutions fix the problem for client 1. So I don’t know what the correct answer would be. Anyone have an opinion on this?

  10. pamssecca
    November 21st, 2016

    I just want to point out another problem with this ticket. Through “show vlan” you will see that there are no ports assigned to vlan 10. That would also keep the clients from accessing the switch.

  11. pamssecca
    November 21st, 2016

    oops, I was looking at dsw1,, not asw1. My bad. ignore last post.

  12. Dark_Knight
    December 15th, 2016

    Thanks Networktut, all tickets and questions still valid. Passed 1000/1000.

  13. network_guy
    December 15th, 2016

    Didn’t get the logic of the Vlan access-map and ACL in the configuration.

    here it is saying drop

    vlan access-map test1 10
    action drop ————————- (i think if we just change the drop action to ‘forward’ – that should work as well.? please comment
    match ip address 10

    In the following its permitting.

    vlan filter test1 vlan-list 10
    !
    access-list 10 permit 10.2.1.3
    access-list 20 permit 10.2.1.4
    access-list 30 permit 10.2.1.0 0.0.0.255

    @networktut and others ..

    Thank you.

  14. Anonymous
    December 29th, 2016

    can some one give me the link to download the GNS3 lab files ? i used to practice those tickets back in 2014 !! Now i need those files for someone else.

  15. Gim
    December 30th, 2016

    Hi Everyone,

    I believe I answered all the questions correct per dump as I had memorized the answers per questions (I also built my own lab and practiced) but I failed. My question is do I need to issue troubleshoot commands such as “show running-config, tracert, ping” etc, find the problem and only then answer?

    Appreciate your response to this question.

  16. James
    January 10th, 2017

    Guys check out this video and pdf for VACL
    http://www.asmed.com/cisco-ccna-ccnp-vacl-configuration/

  17. emmit
    January 10th, 2017

    what is the trick to the ospf to eigrp ticket. has anyone got the same ticket twice?

  18. Hay
    January 27th, 2017

    yes I had same ticket thrice

  19. R1
    January 31st, 2017

    I also got same ticket thrice..

  20. 2/3 CCNP
    February 2nd, 2017

    Folks,

    Just passed tshoot exam. Score 870/1000
    It was not so easy. A lot of new questions MCQ and a very hard iBGP & eBGP Sim. On this one there were two AS. Your duty is to console R1 and fix the issue. The iBGP & eBGP are in idle state.
    Also I had a problem in a ticket. I’ve left a comment.
    Apart from that everything worked just fine.

    be careful.

    cheers.

  21. Raghav
    February 2nd, 2017

    Passed today. MCQs changed, New exhibits, not so difficult iBGP & eBGP Simulation. Trouble tickets remained unchanged though.

    Read the Scenario for iBGP & eBGP Simulation your answers will be there if you pay attention when looking at the configuration.

  22. achoo
    February 5th, 2017

    https://drive.google.com/drive/folders/0B21TuNHP-x2dc2U5MUlNOXFkd2c?usp=sharing

    All the latest questions are available on this link. credit to Ahmed who shared his experience with us.
    Anyone appearing in exam must study for new questions.

  23. Smileyfox
    March 7th, 2017

    Could someone explain, is it possible to simulate this TT in GNS3 or PT7?
    For me, at GNS3 with c3745-adventerprisek9-mz.124-25.image as the L3SW there is no such command as vlan access-map, and there is no such command at PT7 c3650-24. Am I doing something wrong?

  24. VLAN FILTER or VLAN ACCESS-MAP
    March 18th, 2017

    All, can somebody clear this out? what’s the correct answer for TT No. 6????
    C. Under the global configuration mode enter no vlan access-map test1 10 command.
    D. Under the global configuration mode enter no vlan filter test1 vlan-list 10 command

  25. jane woken52
    March 21st, 2017

    helppppppppppppp pleaseeee :(

    hi all,

    I’m waiting for help, but still have not got any help. So asking again for help. I’m failed to download the file “TSHOOT_Feb_2017.pdf” from http://portlandbrick.org/?TOM=questions-and-answers. So Please pleaseeeeeeeeeeeeeeee help me, and send me this file, ahmed’s ping plan and valid dumps to my email. My email address is ” jane_woken52 @ yahoo.com ” . Please remove the spaces before and after the @ sign. I’m about to cry now :( :( :( , waiting for help.

  26. CCNP Guru
    March 25th, 2017

    Cry Bitch

  27. Anonymous
    March 25th, 2017

    what do u have to do if u dont config anything is it as easy as picking from the chooses of answers cant be that easy this site says u just pick problem and technology please enlighten

  28. prince
    April 12th, 2017

    All, can somebody clear this out? what’s the correct answer for TT No. 6????
    C. Under the global configuration mode enter no vlan access-map test1 10 command.
    D. Under the global configuration mode enter no vlan filter test1 vlan-list 10 command

  29. aflax
    April 19th, 2017

    D is correct

  30. Anonymous
    May 5th, 2017

    Guys i am not getting the given configuration of DSW1 using packet tracer when using show run.
    also no vlan filter test1 vlan-list 10 command is not working. Please help

  31. Shan
    May 5th, 2017

    Guys i am not getting the given configuration of DSW1 using packet tracer when using show run.
    also no vlan filter test1 vlan-list 10 command is not working. Please help

  32. MIck
    May 17th, 2017

    @Shan:
    Simply study the PT Ticket 6 Help, provided within the PT “Ticket Answers:” PT Drop Down Menu! – (found at the Mid/Bottom part of the PT Screen)!
    Then just Click at the small “v” symbol there (right next to the “Ticket Answers:” text there), in order to select your Ticket 6 Help there!
    After reading the PT Ticket 6 Help, You’ll understand the PT Ticket 6 Issue much better!

  33. Anonymous
    June 6th, 2017

    How does the command “vlan filter test1 vlan-list 10” interact with the other code?

    Configuration on DSW1
    vlan access-map test1 10
    action drop
    match ip address 10
    vlan access-map test1 20
    action drop
    match ip address 20
    vlan access-map test1 30
    action forward
    match ip address 30
    vlan access-map test1 40
    action forward
    !
    vlan filter test1 vlan-list 10
    !
    access-list 10 permit 10.2.1.3
    access-list 20 permit 10.2.1.4
    access-list 30 permit 10.2.1.0 0.0.0.255
    !
    interface VLAN10
    ip address 10.2.1.1 255.255.255.0

  34. Anonymous
    June 6th, 2017

    Concerning the question about how the command “vlan filter test1 vlan-list 10” interacts with the other codeThere’s three components:

    First, you can see that the access-map “test1” is matching on ACLs 10, 20, and 30 (match ip address x). Look at what each of these ACLs is doing. In this case, the ACL itself is permitting traffic. You can see ACL 10 is permitting Client 1 only (10.2.1.3), ACL 20 is permitting Client 2 only (10.2.1.4) and ACL 3 is permitting anything in the 10.2.10 /24 subnet.

    HOWEVER, even thought the ACLs are PERMIT statements, the access-map is saying “when traffic associated with these three ACLs is seen, drop that traffic” (as noted by the “action drop”commands”). The very last statement of the access-map is to allow (action forward) all other traffic.

    Finally, this access-map is applied to VLAN 10 with the command vlan filter test 1 vlan-list 10

  35. Anonymous
    June 6th, 2017

    CORRECTION. That should have said ACL 30 is permitting anything in the 10.2.1.0 /24 network (missed a period and just had 10.2.10 /24 above).

  36. Anonymous
    June 6th, 2017

    So, it’s basically dropping all traffic from 10.2.1.3 and 10.2.1.4 but allowing EVERYTHING else in the 10.2.1.x /24 network.

  37. Truk
    June 23rd, 2017

    Passed 9xx.
    All tickets/quesitions were in the 68q dumps.
    You can find them here https://twitter.com/premiumdumps1/status/878261503110987776

  38. sunny khan
    June 29th, 2017

    i got my exam after two hours .plz let me know any suggestions

  39. Truk
    July 14th, 2017

    Passed today,
    All the 6 new MCQ with the ticket from here.
    I had the dumps from it-libraries which has the same information just bundled in.

  40. Anonymous
    July 20th, 2017

    Need a copy of feb.2017 pdf file. please send to {email not allowed}

  41. Anonymous
    July 20th, 2017

    Need a copy of feb.2017 pdf file. please send to ” {email not allowed} “

  42. Anonymous
    July 20th, 2017

    Need a copy of feb.2017 pdf file. please send to “{email not allowed}”

  43. Anonymous
    July 20th, 2017

    Need a copy of feb.2017 pdf file. please send to ” cryingbby_fifer @ yahoo. com “

  44. Anonymous
    July 21st, 2017

    Can some one please send me a copy of February 2017 pdf to ggphwabhod@ yahoo dot com

Comment pages
1 10 11 12 24