Which two statements about a device with this configuration are true?

– by 5

Refer to the exhibit. Which two statements about a device with this configuration are true? (Choose two)


A. When a peer re-establishes a previous connection to the device. CTS retains all existing SGT mapping entries for 3 minutes
B. If a peer reconnects to the device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timer starts
C. If a peer re-establishes a connection to the device before the hold-down tier expires, the device retains the SGT mapping entries it learned during the previous connection for an additional 3 minutes
D. It sets the internal hold-down timer of the device to 3 minutes
E. When a peer establishes a new connection to the device, CTS retains all existing SGT mapping entries for 3 minutes
F. If a peer reconnects to the device within 180 seconds of terminating a CTS-SXP connection, the reconciliation timer starts

cisco-exams

5 thoughts on “Which two statements about a device with this configuration are true?

  1. Trustsec SXP delete hold down timer value needs to be configurable
    CSCvj48542

    Symptom:
    Currently the delete hold down timer value is set to 120 seconds by default and non-configurable. If an SXP connection is established, and IP-SGT mappings are learnt at the SXP listen, if the SXP connection is down, and not re-established within 120 seconds, then the mappings learnt from this SXP connection will be removed from the SXP listener per design. Some customers think 120 seconds is not sufficient. There is a request to make this delete hold down timer value configurable.

    Reply

  2. This one is tricky because there’s the hold-down timer and then the reconcilliation timer. The default for neogiated hold-down timers is 120s, and the exhibit shows the reconcilliation timer is set to 180s.

    chrome-extension://oemmndcbldboiebfnladdacbdfmadadm/https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/sec-usr-cts-xe-3s-book/sec-cts-sxpv4.pdf

    So, technically B&C are correct.

    Reply

  3. The answer most suitable is B&C.. As per the link provided, some entries are kept while invalid ones removed.

    While the SXP reconciliation period timer is active, the Cisco TrustSec software retains the SGT mapping entries learned from the previous connection and removes invalid entries.

    But the Answer A says’ “”””retains all existing “””

    Reply

  4. AC
    https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/16-10/configuration_guide/cts/b_1610_cts_9500_cg/configuring_sgt_exchange_protocol.html#task_sq4_mtl_2gb
    After a peer terminates an SXP connection, an internal hold-down timer starts. If the peer reconnects before the internal hold-down timer expires, the SXP reconciliation period timer starts. While the SXP reconciliation period timer is active, the Cisco TrustSec software retains the SGT mapping entries learned from the previous connection and removes invalid entries.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.