300-415 Question #36: Real Exam Question with Answer & Explanation

Question

Explanation

This question tests a candidate's understanding of the Cisco vManage policy configuration workflow, differentiating between policy types and their respective components and application methods.

Approach. To correctly answer this drag-and-drop question, one must understand the distinct stages and components involved in configuring policies within Cisco vManage. Policies are broadly categorized as centralized (overlay-wide control or data plane influence) or localized (device-specific configuration). Each policy type involves defining conditions (match) and corresponding actions. The overall workflow typically involves creating lists, defining policy logic, assembling the policy, and then applying and activating it on device templates.

Here are example drag-and-drop items and their correct target definitions, illustrating the expected knowledge:

• Item: Centralized Policy Target: A policy applied across the SD-WAN overlay, influencing routing paths or data plane traffic flow between sites. Explanation: Centralized policies, configured from vManage, affect multiple devices simultaneously across the entire network fabric. They dictate how traffic is routed or handled end-to-end, such as control policies manipulating routing updates or data policies affecting traffic forwarding across VPNs.

• Item: Localized Policy Target: A device-specific policy configured on an individual vEdge or cEdge router to control local services or traffic behavior. Explanation: Localized policies are specific to a single device and are applied directly to a device template. They manage local functionalities like QoS queuing, access control lists (ACLs) for interfaces, or route-maps influencing local routing processes.

• Item: Control Policy Target: A centralized policy that modifies routing information (e.g., OSPF, BGP attributes) or influences routing paths across the overlay network. Explanation: Control policies are a type of centralized policy primarily used to manipulate the routing table of vEdge/cEdge devices, affecting how prefixes are advertised or preferred across the SD-WAN fabric.

• Item: Data Policy Target: A centralized policy that dictates how data plane traffic is handled, including services like QoS, forwarding decisions, or traffic engineering. Explanation: Data policies are also centralized and focus on the actual user data traffic. They can enforce actions like traffic steering, service chaining, QoS marking, or firewall filtering based on application or source/destination criteria.

• Item: Policy Definition Target: The logical structure containing match conditions (lists) and corresponding actions (e.g., accept, drop, re-write). Explanation: This refers to the core configuration steps where administrators define the rules - what traffic or routing information to look for (match criteria, often using lists like VPN lists, prefix lists, application lists) and what action to take if a match occurs.

• Item: Apply Policy to Devices Target: The final step to activate a policy by associating it with one or more device templates, pushing the configuration to the vEdge/cEdge routers. Explanation: After a policy is defined and built, it must be attached to the appropriate device templates. This action pushes the policy configuration to the actual devices, making it active and operational within the network.

Concept tested. Cisco SD-WAN vManage Policy Configuration Workflow and Components, including centralized vs. localized policies, control vs. data policies, and the overall policy lifecycle.

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/sdwan-policy-config.html

No community discussion yet for this question.