300-415 · Question #177
300-415 Question #177: Real Exam Question with Answer & Explanation
The correct answer is A: vpn 0 dns 208.67.222.222 primary allow-service dns allow-service sshd allow-service netconf. Automating certificate signing through Cisco requires configuring DNS services in VPN 0, as VPN 0 is the transport VPN responsible for overlay control plane communication, including reaching external services like DNS for certificate validation. The configuration must include DNS
Question
Options
- Avpn 0 dns 208.67.222.222 primary allow-service dns allow-service sshd allow-service netconf
- Bvpn 0 allow-service dns allow-service sshd allow-service netconf
- Cvpn 512 dns 208.67.222.222 primary allow-service dns allow-service sshd allow-service netconf
- Dvpn 512 allow-service dns allow-service sshd allow-service netconf
Explanation
Automating certificate signing through Cisco requires configuring DNS services in VPN 0, as VPN 0 is the transport VPN responsible for overlay control plane communication, including reaching external services like DNS for certificate validation. The configuration must include DNS server details and allow the necessary DNS service.
Common mistakes.
- B. This configuration is missing the specific DNS server IP address within VPN 0, which is necessary for vManage to resolve hostnames for certificate signing services.
- C. VPN 512 is the management VPN, used for out-of-band management traffic, not for control plane communication or reaching external services like a public CA for certificate signing.
- D. This configuration incorrectly places the DNS service in VPN 512 and also omits the specific DNS server IP address, making it unsuitable for automated certificate signing that requires reaching external services via the transport VPN.
Concept tested. Cisco SD-WAN vManage automated certificate signing configuration
Topics
Community Discussion
No community discussion yet for this question.