nerdexam
Exams300-415Questions#450
Cisco

300-415 · Question #450

300-415 Question #450: Real Exam Question with Answer & Explanation

The correct answer is C: Install the correct root certificate on WAN Edge.. If a WAN Edge can ping the SD-WAN Validator but cannot establish a control connection, the most common issue is a problem with certificate-based authentication.

WAN Edge Router Deployment

Question

Refer to the exhibit. A WAN Edge device cannot connect to SD-WAN Validator; however, can ping it. Which action resolves the issue?

Options

  • AVerify that the SD-WAN Validator IP address is correct.
  • BModify the system IP on WAN Edge.
  • CInstall the correct root certificate on WAN Edge.
  • DSwitch the peer protocol from DTLS to TLS.

Explanation

If a WAN Edge can ping the SD-WAN Validator but cannot establish a control connection, the most common issue is a problem with certificate-based authentication.

Common mistakes.

  • A. The ability to ping the SD-WAN Validator confirms that its IP address is correct and reachable from the WAN Edge, ruling out an incorrect IP as the root cause.
  • B. Modifying the system IP on the WAN Edge device is a logical identifier change and would not directly resolve a failure to establish a secure control connection when basic network reachability (ping) is confirmed.
  • D. Switching the peer protocol between DTLS and TLS does not address the underlying issue of certificate validation, as both protocols rely on properly installed and trusted certificates for secure communication.

Concept tested. Cisco SD-WAN WAN Edge onboarding and certificate requirements

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-cr-book/sdwan-deploy-devices.html

Topics

#SD-WAN Troubleshooting#WAN Edge Enrollment#Certificates#Control Plane

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-415 Practice