13. Which IGP is used in the automated underlay model of the Cisco SD-Access architecture?
- IS-IS
- OSPF
- EIGRP
- BGP
Explanation: In an automated underlay model, the Cisco DNA Center LAN automation feature creates a Layer 3 routed access campus design through the use of IS-IS.
14. Which SD-Access functionality replaces manual device configuration with network device management by using Cisco DNA Center for faster, lower-risk deployment?
- network automation
- network assurance
- network virtualization
- policy enforcement
Explanation: Manual network configuration changes are slow and lead to misconfigurations. The SD-Access network automation functionality uses the Cisco DNA Center as a single point of automation, orchestration, and management of network device and service deployment.
15. What is a feature of the SD-Access control plane?
- It is based on LISP.
- It uses VXLAN encapsulation to perform MACin-IP encapsulation.
- It assigns Cisco TrustSec SGT tags to groups of users and end devices.
- It uses IS-IS for Layer 3 routed access.
Explanation: LISP is used to separate the identify (endpoint IP address) from its current location (network edge/border router IP address).
16. Which Cisco SD-WAN solution authenticates SD-WAN routers as they come online?
- vSmart controller
- vManage NMS
- vBond orchestrator
- Cloud OnRamp
Explanation: The vSmart controller is considered the brain of the Cisco SD-WAN solution and has pre-installed credentials to enable authentication of SD-WA routers as they come online.
17. Which Cisco DNA Center workflow provides tools, such as Dashboard and Client 360, to manage the SD-Access fabric?
- assurance
- design
- policy
- provision
Explanation: There are four workflows defined by Cisco DNA Center: design, policy, provision, and assurance. Cisco DNA assurance workflow provides the tools needed to manage the SD-Access fabric. These tools include Dashboard, Client 360, Devices 360, and Issues.
18. What are the three basic planes of operation in the SD-Access fabric? (Choose three.)
- control
- data
- policy
- management
- user
- access
Explanation: There are three planes of operation in the SD-Access fabric:
- Control plane, based on Locator/ID Separation Protocol (LISP)
- Data plane, based on Virtual Extensible LAN (VXLAN)
- Policy plane, based on Cisco TrustSec
19. In the SD-fabric overlay, which device role provides connectivity between external Layer 3 networks and the SDA fabric?
- fabric border node
- control plane node
- fabric edge node
- intermediate node
Explanation: There are five basic device roles in the SDA fabric overlay. The role of the fabric border node is to connect external Layer 3 networks to the SDA fabric.
20. Which term is used for the overlay network in the Cisco SD-Access Architecture?
- SD-Access fabric
- controller layer
- VXLAN segment
- NFV infrastructure
Explanation: The overlay network provides policy-based network segmentation, host mobility, and enhanced security.
21. Which SD-WAN Solution Architecture component is a single pane of glass (GUI) for managing the Cisco SD-WAN solution?
- vManage Network Management System
- vSmart controller
- vBond orchestrator
- vAnalytics
Explanation: The Cisco SD-WAN solution has four main components:
- The vManage Network Management System (NMS) is the single pane of glass (GUI) for managing the SD-WAN solution.
- The vSmart controller acts as the brains of the solution.
- The SD-WAN routers involve vEdge and cEdge routers.
- The vBond orchestrator authenticates and orchestrates connectivity between SD-WAN routers and vSmart controllers.
22. Which term describes the traditional physical networking infrastructure that transports packets in the Cisco SD-Access Architecture?
- underlay network
- overlay network
- SD-Access fabric
- NFV infrastructure
Explanation: The underlay network for SD-Access consists of the hardware components making up the physical networking infrastructure that transports packets for the SD-Access fabric overlay.
23. Which layer of the Cisco SD-Access Architecture consists of the NCP, NDP, and ISE subsystems?
- controller layer
- management layer
- network layer
- physical layer
Explanation: The controller layer provides all of the management subsystems for the management layer using Cisco DNA Center and Cisco ISE. The subsystems at the controller layer are Cisco Network Control Platform (NCP), Cisco Network Data Platform (NDP), and Identity Services Engine (ISE).
24. What is the role of the Cisco Network Control Platform in the controller layer of the Cisco SD-Access architecture?
- to provide all the underlay and fabric automation and orchestration services for the physical and network layers
- to analyze and correlate network events and identify historical trends
- to provide network operational status and other information to the management layer
- to provide all the identity and policy services for the physical layer and network layers
Explanation: There are three control layer subsystems in the Cisco SD-Access architecture.
- Cisco Network Control Platform (NCP) – provides underlay and fabric automation and orchestration
- Cisco Network Data Platform (NDP) – analyzes and correlates network events
- Cisco Identity Services Engine (ISE) – provides identity and policy services
“Do I Know This Already?” Quiz Answers:
1. What is the main reason SD-Access uses VXLAN data encapsulation instead of LISP data encapsulation?
- VXLAN supports IPv6.
- VXLAN supports Layer 2 networks.
- VXLAN has a much smaller header.
- VXLAN has a better ring to it.
Explanation: Although LISP is the control plane for the SD-Access fabric, it does not use LISP data encapsulation for the data plane; instead, it uses VXLAN encapsulation because it is capable of encapsulating the original Ethernet header, and this allows SD-Access to support Layer 2 and Layer 3 overlays.
2. True or false: The VXLAN header used for SD-Access is exactly the same as the original VXLAN header.
- True
- False
Explanation: The original VXLAN specification was enhanced for SD-Access to support Cisco TrustSec Scalable Group Tags (SGTs). This was accomplished by adding new fields to the first 4 bytes of the VXLAN header in order to transport up to 64,000 SGTs. The new VXLAN format is called VXLAN Group Policy Option (GPO), and it is defined in the IETF draft draft-smith-vxlan-group-policy-05.
3. Which is the control plane used by SD-Access?
- LISP control plane
- EVPN MP-BGP
- Multicast
- VXLAN control plane
Explanation: The SD-Access fabric control plane is based on Locator/ID Separation Protocol (LISP).
4. Which field was added to the VXLAN header to allow it to carry SGT tags?
- Group Policy ID
- Scalable Group ID
- Group Based Tag
- Group Based Policy
Explanation: The VXLAN-GPO specification includes a 16-bit identifier that is used to carry the SGT tag called the Group Policy ID.
5. Which types of network environments was SD-Access designed for?
- Data center
- Internet
- Enterprise campus and branch
- Service provider
- WAN
- Private cloud
Explanation: Cisco SD-Access was designed for enterprise campus and branch network environments and not for other types of network environments, such as data center, service provider, and WAN environments.
6. Which of the following components are part of the SD-Access fabric architecture? (Choose all that apply.)
- WLCs
- Cisco routers
- Cisco firewalls
- Cisco switches
- Access points
- Cisco ISE
- Cisco DNA Center
- Intrusion prevention systems
Explanation: The SD-Access architecture includes the following components:
- Cisco switches: Provide wired (LAN) access to the fabric. Multiple types of Cisco Catalyst switches are supported, including NX-OS.
- Cisco routers: Provide WAN and branch access to the fabric. Multiple types of Cisco ASR 1000, ISR, and CSR routers, including the CSRv and ISRv cloud routers, are supported.
- Cisco wireless: Cisco WLCs and APs provide wireless (WLAN) access to the fabric.
- Cisco controller appliances: There are only two types of appliances to consider: Cisco DNA Center and Cisco ISE. Cisco ISE supports both VM and physical appliance deployment models.
7. What are the main components of the Cisco SD-WAN solution? (Choose four.)
- vManage network management system (NMS)
- vSmart controller
- SD-WAN routers
- vBond orchestrator
- vAnalytics
- Cisco ISE
- Cisco DNA Center
Explanation: The Cisco SD-WAN solution is composed of four main components and an optional analytics service:
- vManage network management system (NMS)
- vSmart controller
- SD-WAN routers
- vBond orchestrator
- vAnalytics (optional)
8. True or false: The vSmart controller establishes permanent and IPsec connections to all SD-WAN routers in the SD-WAN fabric.
- True
- False
Explanation: The vSmart controller establishes permanent and secure Datagram Transport Layer Security (DTLS) connections to all SD-WAN routers in the SD-WAN fabric and runs a proprietary routing protocol called Overlay Management Protocol (OMP) over each of the DTLS tunnels.
9. True or false: SD-WAN only works over the Internet or MPLS networks.
- True
- False
Explanation: SD-WAN is transport agnostic and can use any type of IP-based underlay transport networks, such as the Internet, satellite, dedicated circuits, 3G/4G LTE, and MPLS.
10. Which of the following is the single pane of glass for the SD-WAN solution?
- DNA Center
- vBond
- vManage
- vSmart
Explanation: vManage is the single pane of glass for the SD-WAN solution.
11. What is the main function of the vBond orchestrator?
- To authenticate the vManage NMS and the SD-WAN routers and orchestrate connectivity between them
- To authenticate the vSmart controllers and the SD-WAN routers and orchestrate connectivity between them
- To authenticate the vSmart controllers and the vManage NMS and orchestrate connectivity between them
Explanation: The main function of the vBond orchestrator is to authenticate the vSmart controllers and the SD-WAN routers and orchestrate connectivity between them.
q16 is wrong, folks. It is the vBond, not vSmart what authenticates the routers into the SD-WAN.