How would you verify that a vEdge is enrolled correctly with vManage and that its tunnels are up?

Study for the CCNP Software-Defined Wide Area Network (SD-WAN) Exam. Master key concepts with flashcards and multiple choice questions, each complete with hints and explanations. Gear up to ace your exam!

Multiple Choice

How would you verify that a vEdge is enrolled correctly with vManage and that its tunnels are up?

Explanation:
Verifying enrollment and tunnel health starts with confirming that the vEdge is properly registered, trusted, and able to participate in the SD-WAN overlay. Check that the device is enrolled in vManage, which shows it as a managed node in the inventory. Then verify TLS certificate validity because the device uses certificates to authenticate to the controllers; expired or invalid certificates will block enrollment and control-plane reachability. Next, ensure control-plane connections are up—the vEdge must have active connections to the controllers (vBond/vSmart) so policies and routing can be exchanged. Review OMP adjacency to confirm the overlay is forming correctly with its neighbors; a healthy OMP session means the overlay routing information is being exchanged. Finally, confirm data-plane tunnels are established and up, meaning the actual IPsec/overlay tunnels are carrying traffic between endpoints. Together, these checks validate both that the device is enrolled and that its tunnels are functioning. Rebooting, updating firmware, or disabling TLS would not reliably verify the current enrollment state or tunnel health and could disrupt service, so they aren’t appropriate verification steps.

Verifying enrollment and tunnel health starts with confirming that the vEdge is properly registered, trusted, and able to participate in the SD-WAN overlay. Check that the device is enrolled in vManage, which shows it as a managed node in the inventory. Then verify TLS certificate validity because the device uses certificates to authenticate to the controllers; expired or invalid certificates will block enrollment and control-plane reachability. Next, ensure control-plane connections are up—the vEdge must have active connections to the controllers (vBond/vSmart) so policies and routing can be exchanged. Review OMP adjacency to confirm the overlay is forming correctly with its neighbors; a healthy OMP session means the overlay routing information is being exchanged. Finally, confirm data-plane tunnels are established and up, meaning the actual IPsec/overlay tunnels are carrying traffic between endpoints. Together, these checks validate both that the device is enrolled and that its tunnels are functioning.

Rebooting, updating firmware, or disabling TLS would not reliably verify the current enrollment state or tunnel health and could disrupt service, so they aren’t appropriate verification steps.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy