A network engineer is working for an ISP and a current eBGP customer requests to enable
the BGP TTL security feature. The engineer sees from the current established BGP session
that the eBGP peer is directly connected and the ebgp-multihop feature is already in use with
a value of one. Which two actions are needed on the Cisco IOS XR router to accomplish the
task? (Choose two.)
A.
Configure the neighbor with the command ttl-security.
B.
Disable the eBGP-multihop feature.
C.
Clear the BGP session for the configuration change to take effect.
D.
Enable the BGP TTL security and the BGP peer resets automatically for the change to
take effect.
E.
Configure the neighbor with the command ttl-security 254.
I would think its A and B no? I know you cant have ebgp multihop and ttl-security enabled at same time.
“When configuring the BGP Support for TTL Security Check feature to support an existing multihop peering session, you must first disable the neighbor ebgp-multihop router configuration command by entering the no neighbor ebgp-multihop command before configuring this feature with the neighbor ttl-security router configuration command. These commands are mutually exclusive, and only one command is required to establish a multihop peering session. If you attempt to configure both commands for the same peering session, an error message will be displayed in the console.”
source http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fs_btsh.html#wp1043332
The ttl-security command should not be configured for a peer that is already configured with the neighbor ebgp-multihop command. The simultaneous configuration of these commands is permitted; however, the ttl-security command overrides the ebgp-multihop command.
http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/routing/command/reference/rrasr9kbgp.html#wp2447776
So A and C are the correct answers.