Home > SDN Solution

SDN Solution

October 24th, 2018 Go to comments

Question 1


Cisco Application Policy Infrastructure Controller (APIC)
The infrastructure controller is the main architectural component of the Cisco ACI solution. It is the unified point of automation and management for the Cisco ACI fabric, policy enforcement, and health monitoring. The APIC appliance is a centralized, clustered controller that optimizes performance and unifies operation of physical and virtual environments. The controller manages and operates a scalable multitenant Cisco ACI fabric.

Reference: http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/application-policy-infrastructure-controller-apic/datasheet-c78-732414.html

Question 2


A northbound interface is an interface that allows a particular component of a network to communicate with a higher-level component. Conversely, a southbound interface allows a particular network component to communicate with a lower-level component.


The northbound APIs on an SDN controller enable applications and orchestration systems to program the network and request services from it.

Southbound interfaces are implemented with a Service Abstraction Layer (SAL) which speak to network devices using SNMP and CLI (Command Line Interface) of the elements that make up the network. The main functions of SAL are:
+ Expose device services and capabilities to apps
+ Determine how to fulfill requested service irrespective of the underlying protocol

+ An API is a method for one application (program) to exchange data with another application.
+ Interface here refers to the “software interface”, not the physical interfaces.

Question 3


The APIC-EM platform delivers many significant benefits. For example, it:

+ Creates an intelligent, open, programmable network with open APIs
+ Can help customers save time, resources, and costs through advanced automation services
+ Can transform business-intent policies into dynamic network configuration
+ Provides a single point for network-wide automation and control

Reference: http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/datasheet-c78-730594.html

Question 4


Cisco APIC-EM supports the following policy analysis features:
+ Inspection, interrogation, and analysis of network access control policies.
+ Ability to trace application specific paths between end devices to quickly identify ACLs in use and problem areas.
+ Enables ACL change management with easy identification of conflicts and shadows -> Maybe B is the most suitable answer.

Reference: http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-2-x/config-guide/b_apic-em_config_guide_v_1-2-x/b_apic-em_config_guide_v_1-2-x_chapter_01000.pdf

The ACL trace tool can only help us to identify which ACL on which router is blocking or allowing traffic. It cannot help identify redundant/shadow rules.


Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) is a Cisco Software Defined Networking (SDN) controller, which uses open APIs for policy-based management and security through a single controller, abstracting the network and making network services simpler. APIC-EM provides centralized automation of policy-based application profiles.

Reference: CCNA Routing and Switching Complete Study Guide

Cisco Intelligent WAN (IWAN) application simplifies the provisioning of IWAN network profiles with simple business policies. The IWAN application defines business-level preferences by application or groups of applications in terms of the preferred path for hybrid WAN links. Doing so improves the application experience over any connection and saves telecom costs by leveraging cheaper WAN links.

Shadow rules are the rules that are never matched (usually because of the first rules). For example two access-list statements:

access-list 100 permit ip any any
access-list 100 deny tcp host A host B

Then the second access-list statement would never be matched because all traffic have been already allowed by the first statement. In this case we call statement 1 shadows statement 2.

Question 5


The ACL Path Analysis tool in APIC-EM can help to identify where the traffic was blocked in the transmission.


Question 6


Icon icon_1.jpg means “there are ACLs that permit the traffic applied on the interface”.

Icon icon_2.jpg means “traffic may or may not be blocked. For example, if your traffic matches a deny access control entry (ACE), traffic is denied. However, if your traffic matches any other ACEs, it is permitted. You can get this type of results if you leave out the protocol, source port, or destination port when defining a path trace”.

Icon icon_3.jpg means “there is an ACL on the device or interface that is blocking the traffic on the path”.

Icon icon_4.jpgmeans “there are no ACLs applied on the interface”.

Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-5-x/path_trace/user-guide/b_Cisco_Path_Trace_User_Guide_1_5_0_x/b_Cisco_Path_Trace_User_Guide_1_5_0_x_chapter_0111.html

Comments (18) Comments
  1. Xee
    May 25th, 2017

    Hello 9tut, Any knowledge base for it?

  2. Anonymous
    June 28th, 2017

    any basic tutorial?

  3. Аni
    June 28th, 2017

    Any basic tutorial

  4. seyf
    October 3rd, 2017

    q5 is A or C ???

  5. Oscar.W
    November 18th, 2017

    pleasss!! Can someone lend me latest dumps for CCNA exam, I’m going to take the ccna exam this Monday :)

  6. Lateef
    November 21st, 2017

    How was your exam? @Oscar
    @Others, you can pay $10 on udemy and get complete access to tutotials of this topic. Look for Chris Bryant CCNA.

  7. teste
    December 1st, 2017


  8. GLG
    December 1st, 2017

    Meu exame é 7/12!!!
    SDN assunto tenso viu!!!

  9. Is this the link to download the dumps ?
    February 4th, 2018

    @seyf- it is A . cisco apic em uses pathtrace tool to perform path analysis for traffic blockages.

  10. Mitterand
    February 5th, 2018

    Could someone, please, send me latest dumps for CCNA? Thanks for your assistance.

  11. Mitterrand
    February 9th, 2018

    Hi! Where do I get questions related to these answers, please? Help desperately need! Many thanks.

  12. Bekar Shekiladze
    August 1st, 2018

    Hi 9tut, I dont know how to contact you otherwise, I joined ccna one month premium membership, although I need ICND2, I already have ICND1 certification. So is there anyhow difference, or ICND2 has different questions?

  13. james
    August 30th, 2018

    where can i get ccna braindumps

  14. Q4
    October 8th, 2018

    I thought this ACL Analysis tool does not exist, but here’s a video, at 3:30 you can see it in all it’s glory:

  15. venki
    October 26th, 2018

    qn 3: option “d” seems to be correct …” the Cisco APIC-EM
    does just that: offer enterprise SDN using the same switches and routers already installed in
    networks.”——reference from WENDELL ODOM off cert guide

  16. ahmed saeed
    December 27th, 2018

    I agree with Venki on the same point because APIC-EM is and SDN Controller for current no supporting SDN Cisco Device as it uses some support SBI protocols like CLI(SSH, Telnet)

    So Answer D is more logical

  17. Question 3
    January 22nd, 2019

    Why is D not included in the answers?

  18. Anonymous
    May 30th, 2019

    hi, anybody took the new CCNA exam? Any advice please ?

Add a Comment