The Designing Cisco Enterprise Networks (ENSLD) (300-420)

Enabling EIGRP stub routing on the spokes decreases convergence time in a hub-and-spoke design by reducing unnecessary queries and preventing spokes from being treated as transit routers. EIGRP convergence can be delayed when a router loses a route and must query many neighbors to determine whether an alternate path exists. In remote-site or spoke designs, a spoke normally has no useful alternate path for networks beyond itself, so querying it wastes time and can contribute to stuck-in-active conditions. Cisco EIGRP stub routing allows the spoke to advertise only permitted route types and informs upstream routers not to query the spoke for routes outside its scope. This creates a cleaner query boundary and accelerates convergence after link or route failures. Subsecond timers can detect neighbor loss more quickly, but they do not address the broader EIGRP query behavior shown in the design. Increasing hold or dead timers would slow detection, not improve convergence. Therefore, in the displayed hub-and-spoke EIGRP design, enabling stub routing on the spokes is the correct solution to decrease convergence time.

The selected IPv6 summary must be the smallest prefix that covers all of the site subnets in the exhibit while not including unnecessary additional networks. IPv6 route summarization works by identifying the common high-order bits shared by the component prefixes and advertising the shortest aggregate that contains them all. Cisco routing design uses summarization at WAN or aggregation boundaries to reduce routing-table size, contain convergence events, and simplify policy. Option C is retained because it represents the aggregate identified by the exhibit answer set. Option A is a different /60 boundary and would be correct only if all component subnets fell under that exact nibble range. Option B is not a usable summary route in normal IPv6 prefix notation as written. Option D is too broad or malformed for a precise site summary. The professional design rule is to summarize on valid nibble or bit boundaries and verify that every component prefix is included without accidentally absorbing unrelated site networks. Reference topics: IPv6 summarization, prefix aggregation, route boundary calculation, WAN route scale, convergence containment.

The RPF check verifies that multicast traffic arrives on the interface the router would use to reach the source or RP, and it prevents forwarding when traffic arrives from the wrong direction. Cisco multicast forwarding is intentionally different from unicast forwarding because a multicast packet may need to be replicated toward many receivers. Without Reverse Path Forwarding, multicast loops and duplicate packets could occur. Option A captures the forwarding condition: the packet is accepted when it arrives on the interface used to route back toward the source address. Option D is the closest available drop condition in the answer set, expressing that packets not aligned with the correct reverse path are discarded rather than forwarded. Option B incorrectly checks the route toward the destination group, because multicast groups are not reached through ordinary unicast destination routing. Option C would flood traffic and create loops. Option E reverses the correct logic by dropping packets that arrive on the proper reverse-path interface. Reference topics: multicast RPF, loop prevention, source-tree forwarding, shared-tree forwarding, PIM.

EIGRP variance is the correct design because the requirement is to use the best two paths while all links are available and maintain forwarding if one path fails. EIGRP supports unequal-cost load balancing when feasible successors exist and the variance multiplier allows additional loop-free paths to be installed in the routing table. Cisco EIGRP design uses the feasible distance and reported distance conditions to ensure that unequal-cost alternatives are loop free before they are used. The maximum-paths command controls how many equal or eligible paths can be installed, but it does not make an unequal path eligible. Add-paths is a BGP feature, not an EIGRP mechanism. Changing metric weights is rarely recommended because it affects metric calculation globally and can create inconsistent routing if not deployed everywhere. Variance 2 allows EIGRP to include backup paths whose metric is within two times the successor metric, assuming they satisfy the feasibility condition. Reference topics: EIGRP variance, unequal-cost load balancing, feasible successor, DUAL, path resiliency.

Before troubleshooting IPsec in a DMVPN deployment, the administrator should verify the GRE tunnel operation. DMVPN is built from multipoint GRE, NHRP, routing, and usually IPsec encryption. IPsec protects the tunnel traffic, but the logical tunnel and overlay reachability must be valid first. If the tunnel interface is down, incorrectly addressed, or unable to carry GRE traffic, troubleshooting crypto maps or ISAKMP will waste time because encryption cannot fix a broken overlay. After the GRE tunnel state is validated, the administrator can confirm NHRP registration and resolution, routing adjacencies, and then IPsec security associations. ISAKMP and crypto map troubleshooting are relevant only after basic tunnel operation is known to be correct. NHRP is also critical in DMVPN, but the question asks what to do before troubleshooting IPsec configuration; the first prerequisite is to verify that the GRE tunnel itself is functioning. This layered troubleshooting order follows Cisco operational practice: confirm transport reachability, then tunnel interface behavior, then NHRP and routing, and finally cryptographic protection.

The dial-out model-driven telemetry approach is initiated by the network device, not by the collector. Cisco IOS XE telemetry documentation describes configured subscriptions as dial-out because the publisher, meaning the router or switch, initiates the connection to the configured receiver. After the session is established, the device streams the subscribed YANG-modeled data at the configured cadence or when the configured on-change condition occurs. This model is useful when the telemetry collector is a fixed destination and the network operator wants the device to maintain the outbound session automatically. Option B describes dial-in telemetry, where the collector or subscriber connects to the device and requests the subscription. Option C is also dial-in oriented because the collector initiates the session. Option D is close in wording, but the key design point is that the session is based on an already configured subscription rather than a negotiation process. Reference topics: model-driven telemetry, configured subscriptions, dial-out telemetry, YANG-push, telemetry collectors.

Intermittent DMVPN tunnel flaps are commonly caused by reachability problems between routing neighbors or between the tunnel endpoints that support those neighbors. DMVPN depends on several layers working correctly: the underlay transport, GRE tunnel interface, NHRP registration and resolution, IPsec protection if used, and the routing protocol running across the tunnel. If the routing neighbor cannot remain reachable, the tunnel may appear to flap even though the encryption profile itself is not the root cause. A suboptimal routing table can produce poor forwarding or asymmetric traffic, but it is not the most common direct cause of repeated tunnel up/down events. Bandwidth congestion can degrade performance, but a correctly designed tunnel does not flap merely because utilization is high unless keepalives, NHRP, or routing packets are being lost. The fact that a GRE tunnel is not encrypted is a security design problem, not a tunnel-flap cause. The right troubleshooting posture is to verify stable underlay reachability, tunnel interface state, NHRP mappings, and routing adjacency stability before assuming an IPsec encryption failure.

The vSmart controller is the Cisco SD-WAN control-plane element that maintains centralized routing and policy information. WAN Edge routers form secure control connections to vSmart, and vSmart distributes OMP routes, TLOC information, service routes, and policy information across the overlay. It does not forward user traffic in the data plane; forwarding is performed by the WAN Edge routers. It also does not provide the primary management GUI, because that role belongs to vManage. vBond handles orchestration, authentication facilitation, and NAT traversal during control-plane bring-up, not the centralized routing table. The importance of vSmart in the design is that it removes the need for every WAN Edge router to maintain complex direct control-plane relationships with every other edge. It also enforces centralized control policy, which determines which routes and paths are available to which sites. Reference topics: Cisco SD-WAN architecture, vSmart controller, OMP, centralized route table, control policy, WAN Edge. This preserves scalable WAN control-plane behavior.

The multicast Reverse Path Forwarding check is a loop-prevention mechanism. Cisco multicast forwarding does not forward traffic merely because the packet arrived on any multicast-enabled interface. Instead, the router checks whether the packet arrived on the interface that would be used to route traffic back toward the multicast source or, in shared-tree cases, back toward the rendezvous point. If the packet arrives on the expected reverse path, it passes the RPF check and can be replicated to the outgoing interface list. If it arrives on the wrong interface, it is dropped to prevent loops and duplicate packets. This supports a loop-free multicast distribution tree from sources to receivers. Auto-RP mapping agents, bootstrap messages, and RP-set discovery are separate rendezvous point distribution mechanisms; they are not the function of the RPF check. In enterprise designs with redundant links, asymmetric routing, or multiple equal paths, multicast RPF behavior must be reviewed carefully because unicast routing choices directly influence whether multicast packets are accepted or discarded. Reference topics: multicast RPF, PIM forwarding, loop prevention, outgoing interface list.