nerdexam
Exams300-415Questions#286
Cisco

300-415 · Question #286

300-415 Question #286: Real Exam Question with Answer & Explanation

The correct answer is B: policy lists vpn-list VPN2 vpn2 ! site-list hub_sites site-id 1-2 ! control-policy vpn_multi-topology sequence 10 match route site-list hub_sites vpn-list VPN2 ! action accept ! sequence 20 match route vpn-list VPN2 ! action reject ! default-action accept. The provided control policy establishes a strict hub-and-spoke topology for VPN2 by accepting routes from designated hub sites while rejecting all other routes within VPN2 when applied in the 'out' direction on branch devices.

Policies

Question

Which control policy assigned to branches in the out direction establishes a strict hub-and-spoke topology for VPN2?

Options

  • Apolicy lists vpn-list VPN2 vpn2 ! site-list hub_sites site-id 1-2 ! control-policy vpn_multi-topology sequence 10 match route site-list hub_sites vpn-list VPN2 ! action accept ! sequence 20 match route vpn-list VPN2 ! action reject ! default-action accept
  • Bpolicy lists vpn-list VPN2 vpn2 ! site-list hub_sites site-id 1-2 ! control-policy vpn_multi-topology sequence 10 match route site-list hub_sites vpn-list VPN2 ! action accept ! sequence 20 match route vpn-list VPN2 ! action reject ! default-action accept
  • Cpolicy lists vpn-list VPN2 vpn2 ! site-list branch_sites site-id 1-100 ! control-policy vpn_multi-topology sequence 10 match route site-list branch_sites vpn-list VPN2 ! action accept set tloc 100.1.1.1 color mpls ! ! default-action accept
  • Dpolicy lists vpn-list VPN2 vpn2 ! site-list branch_sites site-id 100-200 ! control-policy vpn_multi-topology sequence 10 match route site-list branch_sites vpn-list VPN2 ! action accept set tloc 1.1.1.1 color red ! ! default-action accept

Explanation

The provided control policy establishes a strict hub-and-spoke topology for VPN2 by accepting routes from designated hub sites while rejecting all other routes within VPN2 when applied in the 'out' direction on branch devices.

Common mistakes.

  • A. This option is identical to option B and correctly implements the hub-and-spoke topology. Assuming distinct options are intended, B is the designated correct choice.
  • C. This policy accepts routes from branch_sites and attempts to set a TLOC, which would allow branches to learn routes directly from other branches, thus breaking a strict hub-and-spoke topology.
  • D. This policy also accepts routes from branch_sites and sets a TLOC, which would allow branches to learn routes from other branches and prevent the establishment of a strict hub-and-spoke topology.

Concept tested. Cisco SD-WAN control policy for hub-and-spoke

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policy-book/sdwan-policy-book_chapter_011.html

Topics

#Centralized Control Policy#Hub-and-Spoke Topology#VPN Routing#Policy Direction

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-415 Practice