CCENT Answer 104 and 105: Troubleshooting

 In CCENT-OLD, Q&A

Today’ post gives the letter answer(s) to the last two #CCENT questions, and combines the discussion of the answers to both questions. It combines both in part because much of the background information applies to both. Don’t read here until you try question 104 and question 105!  Today’s post then looks at the toughest distractors (wrong answers) with both questions: The answers that mentioned port security.

Literal Answer(s):

Question 104: C

Question 105: D

Figure Reference

The figure is just a repeat of the figure from the questions, for handy reference.

Figure 104: Network Used for Question 104 (and 105)

The rest of today’s post discusses the nuances of why both answers about port security happen to be wrong in this case. And to understand port security, you have to understand both the MAC addresses used in each frame, and what port security examines in a frame.

General Discussion 1: The MAC Addresses Stay in the Local Subnet

One of the first facts needed to help answer this question is to have a firm knowledge of encapsulation. Packets in this example leave one subnet and go to a second subnet when the router routes the packet. As a result, the router discards the old data link header/trailer that had encapsulated the frame, and builds a new one. For instance, when PC2 pings PC4:

  1. The frame leaves PC2 with source MAC PC2-MAC, destination MAC R1-G0/0-MAC
  2. R2 discards the data link header/trailer
  3. R2 builds a new Ethernet frame w/ source MAC R1-G0/1-MAC and destination MAC PC4-MAC

General Discussion 2: Port Security Acts on Incoming Frames, Based on Source MAC Address

Cisco happens to include a little port security in ICND1, and a little in ICND2, with the current breakdown in these exams. However, even the ICND1 coverage defines the basics about what port security considers when watching traffic on a switch port. Specifically, port security:

  • Watches incoming frames only
  • Bases its choice of whether the frame breaks a rule based on the source MAC address

Question 104’s Answer with Port Security

Now look at question 104’s answer that mentions port security. It asks about SW4, port F0/5. Assuming port security was enabled on that interface, what would the frames look like for the ping issued from PC1? And for PC2? And how are they different?

First, note that port security only considers the incoming frames, and those would be the frames sent by each ping command towards PC4.

Next, note that in the figure, the IP packets would have arrived at R1, and been routed into subnet 10.1.2.0/24. So, the source MAC at that point would be R1-G0/1-MAC, both for packets sent for PC1’s ping and packets sent for PC2’s ping.

In short, the only concepts port security can examine on SW4’s G0/2 interface – the source MAC of frames entering that interface – are identical for frames holding PC1’s packets and frames holding PC2’s packets. So port security can either cause both pings to fail, or allows both to fail, but it cannot be configured to make PC1’s ping work and PC2’s ping fail.

Question 105’s Port Security Answer

Question 105’s answer has similar, but not identical logic. The big difference is that it asks about an event in subnet 10.1.1.0/24, on the left side of the figure. So, PC1’s and PC2’s MAC addresses might be in play.

Question 105 has an answer that asks about SW2’s F0/5 interface. That interface connects to router R1, namely R1’s G0/0 interface. Looking at the figure, and thinking about the ICMP messages generated by the ping commands, the ICMP Echo Reply messages will enter the SW2 F05 interface. That is, when PC4 sends back the reply, R1 will forward them back to the left.

Next, note that in the figure, the IP packets would have arrived from PC4 to R1, and been routed into subnet 10.1.1.0/24 on the left. So, the source MAC at that point would be R1-G0/0-MAC, both for packets sent from PC4 to PC1 (for PC1’s ping), and for packets sent from PC4 to PC2 (for PC2’s ping.)

In short, port security cannot distinguish between these two frames, because they have the same source MAC address.  Again, port security can either cause both pings to fail, or allows both to fail, but it cannot be configured to make PC1’s ping work and PC2’s ping fail.

Next post, I’ll wrap up the discussion of the other answers.

CCENT Question 105: Troubleshooting Ping Failure
CCENT Answer 104 and 105: Answers Part 2
Subscribe
Notify of
guest

13 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Robbie

Keep the questions coming, Wendell!

There don’t seem to be many comments, so I hope this doesn’t put you off posting more. I for one am finding your explanations helpful and reassuring to know I’m thinking in the right way.

lyjo

Thank you Robbie! Nice to get some encouragement over here in the blog. It does seem to be a little quiet sometimes. But I do see the hit counters, so I know people at least have the page up in their browser!
I’ll get the rest of the explanation posted for these two questions by tomorrow. Sorry for the delay.
W

Ruben

Indeed!
I am also here checking everything from all chapters and I know more people check this blog as well from talking to people also taking ICND1 along with me!

In a personal note, I’m glad that every single chapter in the book is backed up with more exercises and comments that make me “think correctly” when coming up with an answer!
Tks!

lyjo

Sure thing, Ruben! Thanks for the encouragement.
Wendell

[…] Wrapping up this set of five #CCENT questions today with the completion of the answers. Sorry it took a while for this last post – work went sideways unexpectedly last week. For those of you who don’t recall the flow: five related questions in the recent past, with the last two (104 and 105) focused on troubleshooting. Today’s post gives the why/wherefore on the rest of the answers I didn’t get to in answer part 1. […]

[…] Wrapping up this set of five #CCENT questions today with the completion of the answers. Sorry it took a while for this last post – work went sideways unexpectedly last week. For those of you who don’t recall the flow: five related questions in the recent past, with the last two (104 and 105) focused on troubleshooting. Today’s post gives the why/wherefore on the rest of the answers I didn’t get to in answer part 1. […]

Rickosic

Great Questions and explanations! thanks

Em3xus

This was a tricky one, thanks again for these posts.

Always good reminders to read the question thoroughly and remember the basics. I actually mistook answer B on question 105 as possible as I was thinking of ACL and not port security!

adrikayak

Hello Wendell

There seems to be a typo under section “General Discussion 1: The MAC Addresses Stay in the Local Subnet”: points 2 and 3 refer to a nonexistent R2 in the schema. Should not it be R1?

lyjo

Hello,
Indeed, those references to R2 should have been R1. Fixed. Thanks for the heads up!

Bav

Another great question.

Tobias

I think the answer of 104 is a tad in the gray zone, and requires you to assume a little too much.

I believe there is no mentioning of duplex in the question, meaning that IEEE autosense for speed/duplex is still active for duplex.

Remember even if either duplex or speed is manually configured and the other one is left at auto, the autosense should be active.

This means that the duplex should match.

However if one assumes that one end is using a 10Mbps speed configuration and the other 100Mbps, one side would concider the link half and the other full, meaning that there would be a problem with traffic forwarding.

The question works but hinges a little too much on assumptions.

Tobias

Following myself with another question.

A: Misconfiguration of R1’s G0/0 IP address/mask to 10.1.1.254/25 this seems to be the obvious answer.

Seeing that PC2 is at the lower end of the 10.1.1.0/24 subnet the router cannot return traffic to that host since the host would be outside of the 10.1.1.128/25 subnet which would be the subnet the router interface is in if configured with what the answer states.

This seems the more obvious correct answer over C. However since PC1 is in the same subnet as PC2 (assumed) is then answer A does not work.

This once again however shows that to answer correctly, one have to selectively assume correct on various parts with no way of actually being able to tell which facts are correct. Referring to “Also, note that the information in the figure may be incorrect” which is in the question.

The question works, but again I think it is quite gray regarding if it should be used.

Maybe I’m misunderstanding the question somehow though.

13
0
Would love your thoughts, please comment.x
()
x