vEdge Questions
Question 1
Explanation
To limit the remote TLOCs that the local TLOC can establish BFD sessions with, mark the TLOC with the restrict option. When a TLOC is marked as restricted, a TLOC on the local router establishes tunnel connections with a remote TLOC only if the remote TLOC has the same color. With “no restrict” configured, we are allowed to connect to any TLOC on the other site. Therefore we can form four data tunnels on each Edge router.
Question 2
Explanation
Only on the vEdge at the hub we need to configure the “service FW address”. For example, we need to configure on the vEdge at the hub to provision the firewall service:
vpn 10
service FW address 1.1.1.1
Question 3
Explanation
The “show policy from-vsmart” command displays a centralized data policy, an application-aware policy, or a cflowd policy that a vSmart controller has pushed to the vEdge router (on vEdge routers only). The vSmart controller pushes the policy via OMP after it has been configured and activated on the controller.
Question 4
Explanation
The “connect” in the “STATE” column means the control connection is trying to establish. If the attempt is successful then it will come to “up” state. If it is stuck in “connect” state then there are routing issues in the network.
Question 5
Explanation
TLOC routes are the logical tunnel termination points on the vEdge routers that connect into a transport network. A TLOC route is uniquely identified and represented by a three-tuple, consisting of system IP address, link color, and encapsulation (Generic Routing Encapsulation [GRE] or IPSec).
Reference: https://explore.cisco.com/sd-wan-adopt/cvd-sd-wan-design-colors#page=7
Question 6
Explanation
The “Show control local-properties “ command displays the Certificate validity, Certificate Status ( Installed or Installed ), Chassis ID, Serial Number.
The output of the “show control summary” is shown below:
“show certficate installed” command:
There is no “show certificate status” command:
Question 7
Explanation
Answer A and answer B are not correct as their commands are not accepted. The only suitable answer is answer C because the range command may change the subnet mask of a prefix, thus make a WAN Edge router a less preferred exit.
Question 8
Explanation
VRRP default hello timer is 1 second.
Question 9
Explanation
DTLS Connection Failure (DCONFAIL) is one of the common issues of control connectivity that does not come up. Probable causes include Firewall or some other connectivity issues. It could be that some or all packets are dropped/filtered somewhere.
Question 10
Question 11
Question 12
wo sites have one WAN Edge each. Each WAN Edge has two public TLOCs with no restrict configured. There is full reachability between the TLOCs. How many data tunnels are formed on each Edge router?
Answer : 4
Q7.
I think A option is correct ?? any idea friends.
defallt time is 1 sec for vrrp
Question 1 Is incorrect:
The Correct answer is 4.
Explanation:
vEdgeA: Has two TLOCs
green and red
vEdgeB: Has two TLOCs
silver and gold
Possible dataplane tunnels are:
green – silver
green – gold
red – silver
red – gold
Which means we have 4 tunnels
NOTE: There is no way you can form tunnels from green – red, or silver – gold, since the TLOCs belong to the same device.
@SDWAN GUY, @sam: Thanks for your detection, we have just updated Q.1.
Hi,
Q7, Does anyone did a test to know if that is correct ? range…
I did it and I don`t see any on the lan …. it still prefer both links to each vEdge.
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/sdwan-cr-book/config-cmd.html#wp5190633710
*****
vpn vpn-id
router
ospf
max-metric
router-lsa (administrative | on-startup seconds)
*****
router-lsa administrative
Advertise Administratively:
Force the maximum metric to take effect immediately, through operator intervention.
router-lsa on-startup seconds
Advertise the Maximum metric When the Router Starts Up:
Advertise the maximum metric for the specified number of seconds after the router starts up.
Range: 0, 5 through 86400 seconds
Default: 0 seconds (the maximum metric is advertised immediately when the router starts up)
I test it and I don`t see any change with range address/prefix length
Does anyone can confirm Q7 ?
for Q7, as per my understanding we are asked to put a less preferred exit.
on C we are changing mask so we can advertise from other protocol a more specific mask so a better route.
Question 7. Answer A is correct in my opinion.
max-metric
Configure OSPF to advertise a maximum metric so that other routers do not prefer this vEdge router as an intermediate hop in their Shortest Path First (SPF) calculation (on vEdge routers only).
vManage Feature Template
For vEdge routers only:
Configuration ► Templates ► OSPF
Command Hierarchy
vpn vpn-id
router
ospf
max-metric
router-lsa (administrative | on-startup seconds)
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/sdwan-cr-book/config-cmd.html#wp5190633710
@magdccsar I agree with you that the explaination in the command guide does lead you to believe that this is the correct response however the question does not include the line of router-lsa which is not possible because the max-metric command by itself is rejected. It is like one of the other questions that has NAT for VPN 0 but the actual command is ‘nat use-vpn 0’. Now perhaps the actual question does include router-lsa which may mean that it is correct but without that a wan edge does not accept the command. Probably poor question but seems there is no way you can achieve the CLI thats in the question.
please share the question
Question on SNMPV3 algorithm to auntenticate users>>
Answer should be SHA-1 & MD5
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/snmp/snmp-book.html
@certprepare: Is there any new questions after September 10th, 2020 ?
question8 An enginner is troubleshooting a vdege router and identifies a confails dtls connectios failure messgem what will.?
# connectivity issue.
@ sleezy
Did you read the entire document?
Check this -> The username can be a string from 1 to 32 characters.
The authentication commands enable authentication privileges for the user. authentication can be either message digest 5 (md5) or SHA-2 message digest (sha). You can enter the password as a cleartext string or as an AES-encrypted key.
Can someone please confirm Q7 ?
is Q 7
max-metric ?
not
range prefix/lengh
???
Question 7
Which OSPF command makes the WAN Edge router a less preferred exit from a site with a dual WAN Edge design? Correct Answer A MAX-METRIC not C Prefix
please can this be checked and updated
Are these questions still valid?