AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 226

A company has VPCs in the us-east-1 Region that are connected to each other through a transit gateway. A network engineer needs to establish an AWS Direct Connect connection between the company's on-premises data center and the transit gateway for the migration of a workload.

The Direct Connect connection is UP according to the ConnectionState metric in Amazon CloudWatch. However, the VIF is DOWN. The network engineer has verified the transit VIF and BGP configurations on the on-premises router and has found no issues. However, the network engineer is unable to ping the Amazon peer IP address.

Which combination of steps should the network engineer take to troubleshoot this issue? (Choose three.)

Answer options

• A. Verify that the correct IP address and subnet mask are in use for the subinterface on the router.
• B. Ensure that VLAN trunking is disabled on the router.
• C. Verify that the router has a MAC address entry from the AWS endpoint in the Address Resolution Protocol (ARP) table.
• D. Verify that the optical signal that is received over the cross connect is optimal.
• E. Ensure that the correct VLAN tag is applied on the subinterface configuration on the router.
• F. Ensure that TCP port 179 is not being blocked at the on-premises router.

Correct answer: A, C, E

Explanation

The correct steps include verifying the IP address and subnet mask for the subinterface (A), checking for a MAC address entry in the ARP table (C), and ensuring the correct VLAN tag is used (E). The other options may not directly address the immediate issue of the VIF being DOWN and the inability to ping the Amazon peer IP.