300-415 · Question #419
300-415 Question #419: Real Exam Question with Answer & Explanation
The correct answer is A: policy control-policy Dynamic-Tunnel-Control-Policy sequence 10 match route site-list Branches prefix-list AnyIpv4PrefixList action accept set tloc-action strict default-action reject lists site-list Branches site-id 101 site-id 102 prefix-list AnyIpv4PrefixList ip-prefix 0.0.0.0/0 le 32 apply-policy site-list Branches control-policy Dynamic-Tunnel-Control-Policy out. Dynamic on-demand tunnels (also called on-demand tunnels) in Cisco SD-WAN require a centralized control policy on vSmart that uses 'tloc-action strict'. The 'strict' action tells vSmart to advertise a route to a branch only when the TLOC (tunnel endpoint) is directly reachable, e
Question
Options
- Apolicy control-policy Dynamic-Tunnel-Control-Policy sequence 10 match route site-list Branches prefix-list AnyIpv4PrefixList action accept set tloc-action strict default-action reject lists site-list Branches site-id 101 site-id 102 prefix-list AnyIpv4PrefixList ip-prefix 0.0.0.0/0 le 32 apply-policy site-list Branches control-policy Dynamic-Tunnel-Control-Policy out
- Bpolicy control-policy Dynamic-Tunnel-Control-Policy sequence 100 match route site-list Branches action accept set tloc-action backup tloc-list Hub-TLOCs ! sequence 200 match tloc ! action accept ! default-action accept ! lists site-list Branches site-id 200 site-id 200 tloc-list Hub-TLOCs tloc 10.1.1.1 color mpls encap ipsec tloc 10.1.1.1 color biz-internet encap ipsec ! apply-policy site-list Branches control-policy Dynamic-Tunnel-Control-Policy out
- Cpolicy control-policy Dynamic-Tunnel-Control-Policy sequence 1 match route site-list Branches prefix-list AnyIpv4PrefixList action accept set tloc-action strict default-action reject lists site-list Branches site-id 100 site-id 200 prefix-list AnyIpv4PrefixList ip-prefix 0.0.0.0/0 le 32 apply-policy site-list Branches control-policy Dynamic-Tunnel-Control-Policy in
- Dpolicy control-policy Dynamic-Tunnel-Control-Policy sequence 100 match route site-list Branches action accept set tloc-action primary tloc-list Hub-TLOCs ! sequence 200 match tloc ! action accept ! default-action accept ! lists site-list Branches site-id 200 site-id 200 tloc-list Hub-TLOCs tloc 10.1.1.1 color mpls encap ipsec tloc 10.1.1.1 color biz-internet encap ipsec ! apply-policy site-list Branches control-policy Dynamic-Tunnel-Control-Policy out
Explanation
Dynamic on-demand tunnels (also called on-demand tunnels) in Cisco SD-WAN require a centralized control policy on vSmart that uses 'tloc-action strict'. The 'strict' action tells vSmart to advertise a route to a branch only when the TLOC (tunnel endpoint) is directly reachable, enabling direct data-plane tunnels to be established on demand between branches rather than always routing through a hub. Three additional requirements make option A correct and distinguish it from the others: (1) 'tloc-action strict' is used - options B and D incorrectly use 'tloc-action backup' and 'tloc-action primary' respectively, which are hub-and-spoke constructs; (2) the policy is applied in the 'out' direction from vSmart toward the branch sites - option C is identical in structure but incorrectly applies the policy 'in', which would affect routes received by vSmart rather than routes sent to branches; (3) 'default-action reject' ensures that routes not explicitly matched are suppressed, which is essential for the on-demand behavior. Option A correctly identifies branch site IDs 101 and 102, uses strict tloc-action, applies the policy out, and sets default-action reject.
Topics
Community Discussion
No community discussion yet for this question.