300-420 Exam Dumps - Designing Cisco Enterprise Networks (ENSLD) v1.1

A routed access topology is the underlay design that removes the normal need for first-hop redundancy protocols. In a traditional Layer 2 access design, end hosts usually rely on HSRP, VRRP, or GLBP at the distribution layer because the default gateway is shared across redundant distribution switches. In a routed access design, the Layer 3 boundary is pushed down to the access layer. The access switch routes toward the distribution layer using point-to-point routed links, so uplink failures are handled by the routing protocol instead of spanning tree and first-hop redundancy. Cisco campus design guidance highlights routed access as a way to improve convergence, avoid Layer 2 loop exposure across uplinks, and simplify resiliency by using equal-cost routed paths. Virtualized topology is too broad and does not inherently remove FHRP. A Layer 2 topology normally increases dependence on STP and gateway redundancy. A logical fabric topology is not the generic underlay topology described by the question. The correct choice is therefore routed access. Reference topics: routed access campus, Layer 3 access, FHRP elimination, routed underlay resiliency.

BFD is not required for the specific failure described: a physical fiber break on point-to-point routed links. In a Layer 3 campus or routed-access design, a direct physical link failure is detected by the interface state change, so the routing protocol can react immediately without waiting for hello/dead timers. Cisco campus design guidance favors point-to-point routed links partly because they give rapid convergence and avoid STP delays. BFD is valuable when a forwarding-path failure is not reliably detected by Layer 1 or Layer 2, or when a protocol adjacency must detect loss faster than its native timers. It does not automatically create convergence by itself; it detects failure and notifies the routing protocol. For a clean fiber cut on a routed point-to-point link, link-down detection is already fast enough for sub-second failover in the design. OSPF timer tuning is also not the preferred design answer for this physical-failure case. Reference topics: routed access design, point-to-point links, link-failure detection, BFD, OSPF convergence.

Hierarchical QoS with a parent shaping policy is the correct solution for a 1 Gbps physical handoff where the contracted provider rate is only 50 Mbps. The customer router can transmit at the physical interface speed, but the provider policer or service edge expects traffic to remain within the committed information rate. Without shaping, bursts leave the customer router at 1 Gbps and can be dropped by the provider, which is especially damaging to voice traffic because drops and jitter create choppy audio. Cisco QoS design commonly uses a parent shaper set to the provider CIR and then applies child queuing policies under that shaped rate. This allows voice and other critical classes to be prioritized before packets are transmitted into the constrained service. A parent policing policy would drop or mark excess traffic locally rather than smoothing bursts. Reducing physical bandwidth is not normally possible on a provider Ethernet handoff, and the interface bandwidth statement changes routing/QoS reference values but does not enforce the CIR. Therefore, parent shaping is required. Reference topics: hierarchical QoS, traffic shaping, CIR, LLQ, WAN edge QoS.

Virtual networks in Cisco SD-Access provide macro segmentation. Macro segmentation separates major user, device, or service groups into distinct virtual networks, each with its own routing and forwarding context. This is comparable to VRF-based separation in traditional enterprise designs. For example, corporate users, guests, building systems, and IoT devices can be placed into separate virtual networks so their routing domains remain isolated unless controlled inter-VN communication is explicitly provided. Microsegmentation is different; it is normally enforced inside or across virtual networks using Security Group Tags and Security Group ACLs, allowing policy decisions based on group identity rather than only IP subnets or VLANs. Inter-VN describes communication between virtual networks, not the segmentation type itself. Stretched segmentation is not the standard SD-Access term. Therefore, the separation created by virtual networks is macro segmentation, while SGT-based policy provides finer-grained microsegmentation. Reference topics: Cisco SD-Access virtual networks, macro segmentation, VRF, SGT, microsegmentation, policy enforcement.

Enabling EIGRP stub routing on the spokes decreases convergence time in a hub-and-spoke design by reducing unnecessary queries and preventing spokes from being treated as transit routers. EIGRP convergence can be delayed when a router loses a route and must query many neighbors to determine whether an alternate path exists. In remote-site or spoke designs, a spoke normally has no useful alternate path for networks beyond itself, so querying it wastes time and can contribute to stuck-in-active conditions. Cisco EIGRP stub routing allows the spoke to advertise only permitted route types and informs upstream routers not to query the spoke for routes outside its scope. This creates a cleaner query boundary and accelerates convergence after link or route failures. Subsecond timers can detect neighbor loss more quickly, but they do not address the broader EIGRP query behavior shown in the design. Increasing hold or dead timers would slow detection, not improve convergence. Therefore, in the displayed hub-and-spoke EIGRP design, enabling stub routing on the spokes is the correct solution to decrease convergence time.