JN0-351 Exam Dumps : Enterprise Routing and Switching Specialist (JNCIS-ENT)

The feature that enables an interface on an EX Series switch to receive both untagged traffic (from the computer) and tagged traffic (from the IP phone) is the  voice VLAN 1 2 .

The voice VLAN feature in EX-series switches enables access ports to accept both data (untagged) and voice (tagged) traffic and separate that traffic into different VLANs 1 2 .  This allows the switch to differentiate between voice and data traffic, ensuring that voice traffic can be treated with a higher priority 1 2 . Therefore, option D is correct.

A firewall filter is a configuration that defines the rules that determine whether to forward or discard packets at specific processing points in the packet flow. A firewall filter can also modify the attributes of the packets, such as priority, marking, or logging.  A firewall filter can be applied to various interfaces, protocols, or routing instances on a Juniper device 1 .

A firewall filter has a family attribute, which specifies the type of traffic that the filter can evaluate.  The family attribute can be one of the following: inet, inet6, mpls, vpls, iso, or ethernet-switching 2 . The family inet firewall filter is used to evaluate IPv4 traffic, which is the most common type of Layer 3 traffic on a network.

To create a family inet firewall filter, you need to specify the appropriate match criteria and actions for each term in the filter. The match criteria can include various fields in the IPv4 header, such as source address, destination address, protocol, port number, or DSCP value.  The actions can include accept, discard, reject, count, log, policer, or next term 3 .

To apply a firewall filter to Layer 3 traffic that is being sent between VLANs, you need to apply the filter to the appropriate IRB interface. An IRB interface is an integrated routing and bridging interface that provides Layer 3 functionality for a VLAN on a Juniper device. An IRB interface has an IP address that acts as the default gateway for the hosts in the VLAN.  An IRB interface can also participate in routing protocols and forward packets to other VLANs or networks 4 .

Therefore, option C is correct, because you should create a family inet firewall filter with the appropriate match criteria and actions. Option D is correct, because you should apply the firewall filter to the appropriate IRB interface.

Option A is incorrect, because you should not create a family ethernet-switching firewall filter with the appropriate match criteria and actions. A family ethernet-switching firewall filter is used to evaluate Layer 2 traffic on a Juniper device.  A family ethernet-switching firewall filter can only match on MAC addresses or VLAN IDs, not on IP addresses or protocols 5 .

Option B is incorrect, because you should not apply the firewall filter to the appropriate VLAN. A VLAN is a logical grouping of hosts that share the same broadcast domain on a Layer 2 network. A VLAN does not have an IP address or routing capability.  A firewall filter cannot be applied directly to a VLAN; it must be applied to an interface that belongs to or connects to the VLAN 6 .

BGP is a routing protocol that operates between autonomous systems (AS). An AS is a group of routers under a single administrative control. BGP can be classified into two types: internal BGP (IBGP) and external BGP (EBGP). IBGP is the BGP communication between routers within the same AS, while EBGP is the BGP communication between routers in different AS. BGP uses the AS_PATH attribute to record the AS numbers that the route has passed through, and uses it to prevent routing loops and select the best path.

In this scenario, you want to add a second ISP connection and remove the default route to the existing ISP. This means that you want to have more control over the routing decisions and use BGP to exchange routes with both ISPs. To do this, you need to deploy the BGP protocol in your network and configure both IBGP and EBGP sessions. The correct statements about BGP in this scenario are:

IBGP peers advertise routes received from EBGP peers to other IBGP peers. This is the default behavior of IBGP, as it allows the routers within the same AS to learn the routes from different EBGP peers and select the best exit point. However, IBGP has a rule that it does not advertise routes received from IBGP peers to other IBGP peers, to avoid creating routing loops. Therefore, option B is correct and option C is incorrect. To overcome this rule, IBGP requires a full mesh topology, where every IBGP router is directly connected to every other IBGP router, or a route reflector or confederation design, where some IBGP routers act as intermediaries to reflect or aggregate the routes to other IBGP routers.

EBGP peers advertise routes received from IBGP peers to other EBGP peers. This is the default behavior of EBGP, as it allows the routers in different AS to exchange routes and reachability information. However, EBGP has a rule that it does not advertise routes received from EBGP peers to other EBGP peers, to avoid creating routing loops. Therefore, option D is correct and option A is incorrect. To overcome this rule, EBGP uses the AS_PATH attribute to filter out the routes that contain its own AS number, or uses route maps or policies to control the route advertisement. IBGP does not update the next-hop attribute to ensure reachability within an AS, as the next-hop attribute is preserved by IBGP. Instead, IBGP relies on an underlying IGP (Interior Gateway Protocol) to provide reachability to the next-hop.