What is the most common cause for a WAN Edge to lose all control connections after a certificate renewal?

Study for the CCNP Software-Defined Wide Area Network (SD-WAN) Exam. Master key concepts with flashcards and multiple choice questions, each complete with hints and explanations. Gear up to ace your exam!

Multiple Choice

What is the most common cause for a WAN Edge to lose all control connections after a certificate renewal?

Explanation:
Control-plane connections in SD-WAN rely on mutual TLS authentication between the WAN Edge and the controllers. The device’s identity is tied to its certificate, and the controllers keep an enrollment record keyed by the certificate's serial number. When you renew the certificate, the serial number typically changes. If the controllers still reference the old serial or the edge hasn’t updated its enrollment to the new certificate, the TLS handshake fails and the edge loses its control connections to the controllers. This is the most common reason a WAN Edge ends up with no control connectivity after a certificate renewal. To fix it, re-enroll the edge or update the controllers’ records so the new certificate serial is recognized and trusted. Ensure the certificate chain is valid and the edge is properly registered with vManage/vSmart so the new identity is accepted. The other issues listed (STP instability, CAPWAP fragmentation, EtherChannel mismatches) affect different parts of the network and don’t directly cause control-plane loss from certificate renewal.

Control-plane connections in SD-WAN rely on mutual TLS authentication between the WAN Edge and the controllers. The device’s identity is tied to its certificate, and the controllers keep an enrollment record keyed by the certificate's serial number. When you renew the certificate, the serial number typically changes. If the controllers still reference the old serial or the edge hasn’t updated its enrollment to the new certificate, the TLS handshake fails and the edge loses its control connections to the controllers. This is the most common reason a WAN Edge ends up with no control connectivity after a certificate renewal.

To fix it, re-enroll the edge or update the controllers’ records so the new certificate serial is recognized and trusted. Ensure the certificate chain is valid and the edge is properly registered with vManage/vSmart so the new identity is accepted. The other issues listed (STP instability, CAPWAP fragmentation, EtherChannel mismatches) affect different parts of the network and don’t directly cause control-plane loss from certificate renewal.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy