Ccie DC Lab 2

1.
1 - DC2: Allocate ports and resources to VDC's

In Data Center 2 (DC2), there is one Cisco Nexus 7000 switch. On this switch VDC's are pre-configured for you. During
this task you will assign ports and resources to these VDC's.
DC2-N7K-1 is the default VDC
DC2-N7K-3 and DC2-N7K-4 are non-default VDC's
In DC2, allocate ports to VDC's as shown in this table:
Device Name ID Ports Type
DC2-N7K-1 1 Ethernet3/1-8, Ethernet 4/1-16 Ethernet
DC2-N7K-3 3 Ethernet 3/17-24, Ethernet 4/17-24 Ethernet
In DC2, you must configure resources for the VDC's. Use resource templates to perform this task.
Create and apply VDC resource templates as shown in this table:
Template Name VDC Name Resource Minimum Maximum
otv-template DC2-N7K-1 VRF 8 16
VLAN 16 32
Port-Channel 0 32
switch-template DC2-N7K-3 & VRF 16 32
DC2-N7K-4 VLAN 64 128
Port-Channel 32 64
In DC2, make sure that these high-availability policies are applied to the VDC's:
High-availability policy for DC2-N7K-1 must be RESET.

High-availability policy for DC2-N7K-3 and DC2-N7K-4 must be BRINGDOWN.
(2 Points)
DC2-N7K-1:
==========
license grace-period
no vdc combined-hostname
!
vdc resource template otv-template
limit-resource vrf minimum 8 maximum 16
limit-resource vlan minimum 16 maximum 32
limit-resource port-channel minimum 0 maximum 32
!
vdc resource template switch-template
limit-resource vrf minimum 16 maximum 32
limit-resource vlan minimum 64 maximum 128
limit-resource port-channel minimum 32 maximum 64
!
system hap-reset
!
vdc DC2-N7K-1 id 1
no limit-resource module-type
allocate interface ethernet 3/1-8, ethernet 4/1-16
template otv-template
!
vdc DC2-N7K-3 id 3
ha-policy single-sup bringdown dual-sup bringdown
template switch-template
!
vdc DC2-N7K-4 id 4
ha-policy single-sup bringdown dual-sup bringdown
template switch-template
!
1.2 - DC2: Implement VLANs

You must configure VLANs in Data Center 2. These VLANs will be used later in the exam. Assign the correct name and
type as outlined here. Configure these VLANs.
Device VLAN ID Name VLAN Mode
DC2-N7K-1 90 dci-site Classic Ethernet
4001 dci-data1 Classic Ethernet
DC2-N7K-3 30 iscsi FabricPath
DC2-N7K-4 40 esx-mgmt FabricPath
50 dmz FabricPath
DC2-N5K-1 30 iscsi FabricPath
DC2-N5K-2 40 esx-mgmt FabricPath
50 dmz FabricPath
70 vm-data Classic Ethernet
71 vm-data-nat Classic Ethernet
72 ace-ft Classic Ethernet
(1 Point)
DC2-N7K-1:
==========
install feature-set fabricpath
!
vlan 90
name dci-site
!
vlan 4001
name dci-data1
!
vlan 4002
name dci-data2
!
DC2-N7K-3:
==========
feature-set fabricpath
!
vlan 30
name iscsi
mode fabricpath
!
vlan 40
name esx-mgmt
mode fabricpath
!
vlan 50
name dmz
mode fabricpath
!
vlan 4001
name dci-data1
!
vlan 4002
name dci-data2
!
DC2-N7K-4:
==========
!
vlan 30
name iscsi
mode fabricpath
!
vlan 40
name esx-mgmt
mode fabricpath
!
vlan 50
name dmz
mode fabricpath
!
vlan 4001
name dci-data1
!
vlan 4002
name dci-data2
!
DC2-N5K-1:
==========
!
vlan 30
name iscsi
mode fabricpath
!
vlan 40
name esx-mgmt
mode fabricpath
!
vlan 50
name dmz
mode fabricpath
!
vlan 70
name vm-data
!
vlan 71
name vm-data-nat
!
vlan 72
name ace-ft
!
DC2-N5K-2:
==========
!
vlan 30
name iscsi
mode fabricpath
!
vlan 40
name esx-mgmt
mode fabricpath
!
vlan 50
name dmz
mode fabricpath
!
vlan 70
name vm-data
!
vlan 71
name vm-data-nat
!
vlan 72
name ace-ft
!
1.3 - DC2: Configure Layer 2 Links

In this task, you must configure Layer 2 port channels and trunk ports between Data Center 2 switches.
Configure the Layer 2 port channel between DC2-N7K-3 and DC2-N7K-4. Use this information to complete this task:
Use port channel number 200.
Allow only VLANs 90, 4001, and 4002 on the port channel.
Do not use LACP.
Port assignments are as follows:

VDC Name Port Channel Member Port
DC2-N7K-3 200 Ethernet 4/18-19
DC2-N7K-1 and DC2-N7K-3 are connected using a Layer2 link and a Layer 3 link. Configure the Layer 2 link between these
switches as a trunk port.
Use following information to complete this task:

Use VLAN 1 as the native VLAN
Allow only VLAN 90, 4001, 4002 on the trunk port.
VDC Name Trunk Port Mode

DC2-N7K-1 Ethernet 4/12 Layer 2
(1 Point)
DC2-N7K-3:
==========
interface ethernet 4/18-19
channel-group 200 mode on
no shutdown
!
interface port-channel 200
switchport
switchport mode trunk
switchport trunk allowed vlan 90,4001-4002
no shutdown
!
interface ethernet 4/20
switchport
switchport trunk native vlan 1
no shutdown
!
DC2-N7K-4:
==========
channel-group 200 mode on
no shutdown
!
switchport
no shutdown
!
DC2-N7K-1:
==========
switchport
no shutdown
!
1.4 - DC2: Configure Fabric Path
In DC2, enable fabric-path isis routing between DC2-N7K-3, DC2-N7K-4, DC2-N5K-1, and DC2-N5K-2
Perform these tasks:
Assure that all of the switches that are listed use the FabricPath network for Layer 2 switching between
them.
The port channel between DC2-N7K-3 and DC2-N7K-4 will not participate in FabricPath.
Create a port channel between DC2-N5K-1 and DC2-N5K-2, and enable FabricPath on the port channel.
Use any number for the port channel.
Configure switch ID 30, 40, 50, and 60 on DC2-N7K-3, DC2-N7K-4, DC2-N5K-1, and DC2-N5K-2
respectively.
Allow 20 seconds to detect any switch ID conflicts in the FabricPath domain.
Make sure that only two equal cost paths are selected in the FabricPath domain.
Make sure that DC2-N7K-3 and DC2-N7K-4 use DC2-N5K1 and DC2-N5K-2 as equal cost paths.
(3 points)
DC2-N7K-3:
==========
fabricpath switch-id 30
fabricpath timer linkup-delay 20
!
fabricpath domain default
maximum-path 2
!
switchport mode fabricpath
no shutdown
!
interface ethernet 3/21, ethernet 3/23
fabricpath isis metric 35
no shutdown
!
DC2-N7K-4:
==========
!
maximum-path 2
!
no shutdown
!
no shutdown
!
DC2-N5K-1:
==========
feature lacp
!
!
maximum-path 2
!
no shutdown
!
no shutdown
!
channel-group 200 mode active
no shutdown
!
no shutdown
!
DC2-N5K-2:
==========
feature lacp
!
!
maximum-path 2
!
interface ethernet 1/23-24, ethernet 1/29-30
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
1.5 - DC2: Configure vPC+ to Cisco UCS
In DC2, configure vPC domain 20 between DC2-N5K-1 and DC2-N5K-2. Perform these tasks:
Make sure that N5K-1 is always the vPC primary switch.
Use port channel ID 200 for the vPC peer link.
Do not add any new Layer 3 interfaces.
Use switch ID value 70.
Use port channel ID 10 toward Fabric Interconnect A (FI-A).
Use port channel ID 20 toward Fabric Interconnect B (FI-B).
Port channels to Cisco UCS should be configured as IEEE 802.1Q trunk interfaces that allow only VLANs
30, 40, 70, and 71.
Make sure that port channels 10 and 20 come up without waiting for the standard forward-time delay.
In a few months, our server team will connect a single-leg server on VLAN 300 that is connected to N5K-
2. Make sure that the interface does not go down in a dual-active scenario.
Make sure that vPC peer devices are the primary devices on LACP and use priority value 2500.
(3 Points)
DC2-N5K-1:
==========
feature vpc
!
vpc domain 20
role priority 1
system-priority 2500
peer-keepalive destination 10.1.0.52
!
vpc peer-link
no shutdown
!
no shutdown
!
no shutdown
!
switchport
switchport trunk allowed vlan 30,40,70,71
spanning-tree port type edge trunk
vpc 10
no shutdown
!
switchport
vpc 20
no shutdown
!
DC2-N5K-2:
==========
feature vpc
!
vpc domain 20
system-priority 2500
peer-keepalive destination 10.1.0.51
dual-active exclude interface-vlan 300
!
vpc peer-link
no shutdown
!
no shutdown
!
no shutdown
!
switchport
vpc 10
no shutdown
!
switchport
vpc 20
no shutdown
!
1.6 - DC2: Configure FEX

In Data Center 2 (DC2), configure active/active connections from DC2-N5K-1 and DC2-N5K-2 to the FEX. Use FEX 103 and
104 as indicated in this figure. Make sure both FEX instances skip any bootup tests.
(2 Points)
DC2-N5K-1:
==========
feature fex
!
fex 103
diagnostic bootup level bypass
!
fex 104
!
channel-group 103
no shutdown
!
channel-group 104
no shutdown
!
switchport mode fex-fabric
fex associate 103
vpc 103
no shutdown
!
fex associate 104
vpc 104
no shutdown
!
DC2-N5K-2:
==========
feature fex
!
fex 103
!
fex 104
!
channel-group 104
no shutdown
!
channel-group 103
no shutdown
!
fex associate 103
vpc 103
no shutdown
!
fex associate 104
vpc 104
no shutdown
!
1.7 - DC2: Implement Cisco NX-OS Layer 3 functionality

You must now configure Layer 3 interfaces on the Cisco Nexus 7000 switches in DC2. Configure the following:
WAN Layer 3 interfaces on DC2-N7K-3 and DC2-N7K-4

Layer 3 link between DC2-N7K-3 and DC2-N7K-1
Loopback interfaces on DC2-N7K-1, DC2-N7K-3, and DC2-N7K-4
WAN interfaces connect the Cisco Nexus 7000 switch to the WAN switch. The WAN switch is preconfigured. No
configuration is necessary on your part.
Configure the WAN IP addresses as shown in this table:
Device Name Interface IP Address Subnet Mask
DC2-N7K-3 Ethernet 4/23 10.4.1.9 30
DC2-N7K-4 Ethernet 4/31 10.4.1.13 30
Make sure that the jumbo frame size of 9100 bytes is allowed on the WAN.
DC2-N7K-1 and DC2-N7K-3 are connected with a Layer 2 link and Layer 3 link. Configure the Layer 3 link between these
switches.
In DC2, configure the Layer 3 link between DC2-N7K-1 and DC2-N7K-3:

DC2-N7K-1 Ethernet 4/5 10.4.1.22 30
DC2-N7K-3 Ethernet 4/24 10.4.1.21 30
In DC2, configure the loopback IP addresses as shown in this table:

DC2-N7K-1 Loopback 0 10.0.2.1 32
DC2-N7K-3 Loopback 0 10.0.2.3 32
DC2-N7K-4 Loopback 0 10.0.2.4 32
(2 Points)
DC2-N7K-1:
==========
interface loopback 0
ip address 10.0.2.1/32
no shutdown
!
ip address 10.4.1.22/30
mtu 9100
no shutdown
!
DC2-N7K-3:
==========
ip add 10.0.2.3/32
no shutdown
!
mtu 9100
no shutdown
!
ip address 10.4.1.21/30
mtu 9100
no shutdown
!
DC2-N7K-4:
==========
no shutdown
!
ip address 10.4.1.13/30
mtu 9100
no shutdown
!
1.8 - DC2: Configure SVI and HSRP

In DC2, configure the switch virtual interfaces as shown in this table:
DC2-N7K-3 VLAN 40 10.1.40.252 24
VLAN 4001 10.1.41.252 24
VLAN 4002 10.1.42.252 24
DC2-N7K-4 VLAN 40 10.1.40.253 24
VLAN 4001 10.1.41.253 24
VLAN 4002 10.1.42.253 24
In DC2, configure HSRP on DC2-N7K-3 and DC2-N7K-4 as shown in this table:

VLAN Virtual IP Address Group Active MD5 Key
VLAN 40 10.1.40.254 2 ANY CCIEDC
VLAN 4001 10.1.41.254 2 DC2-N7K-3 CCIEDC
VLAN 4002 10.1.42.254 2 DC2-N7K-3 CCIEDC
Use any key chain name. Make sure that HSRP waits 3 seconds before detecting a neighbor down instance. Also make
sure that DC2-N7K-3 is always the active router for VLAN 4001 and VLAN 4002.
(2 Points)
DC2-N7K-3:
==========
feature hsrp
feature interface-vlan
!
key chain ABC
key 0
key-string CCIEDC
!
interface vlan 40
ip address 10.1.40.252/24
no shutdown
hsrp version 2
hsrp 2
ip 10.1.40.254
timers 1 3
authentication md5 key-chain ABC
!
interface vlan 4001
ip address 10.1.41.252/24
no shutdown
hsrp version 2
hsrp 2
ip 10.1.41.254
priority 255
preempt
timers 1 3
!
interface vlan 4002
ip address 10.1.42.252/24
no shutdown
hsrp version 2
hsrp 2
ip 10.1.42.254
priority 255
preempt
timers 1 3
!
DC2-N7K-4:
==========
feature hsrp
!
key chain ABC
key 0
key-string CCIEDC
!
interface vlan 40
ip address 10.1.40.253/24
no shutdown
hsrp version 2
hsrp 2
ip 10.1.40.254
timers 1 3
!
interface vlan 4001
ip address 10.1.41.253/24
no shutdown
hsrp version 2
hsrp 2
ip 10.1.41.254
timers 1 3
!
interface vlan 4002
ip address 10.1.42.253/24
no shutdown
hsrp version 2
hsrp 2
ip 10.1.42.254
timers 1 3
!
1.9 - DC2: Implement Cisco NX-OS Layer 3 Routing
In DC2, set up EIGRP. Enable EIGRP within DC2 devices and on the connectivity to the WAN. Make sure that fast failure
detection is enabled. The core WAN router is preconfigured with EIGRP.
Perform these tasks on DC2-N7K-1:

Configure EIGRP with AS number 1.
Use the loopback 0 address as the router ID.
Configure interfaces E4/5 in EIGRP.
You are not permitted to use static routes.

Configure interface E4/23 and E4/24 in EIGRP.
Advertise these SVIs into EIGRP
o VLAN 40
o VLAN 4001
o VLAN 4002
You are not permitted to configure EIGRP on the VLAN interface.
Make sure that a summary route is sent for VLAN 40, VLAN 4001, and VLAN 4002.

Configure interface E4/31 in EIGRP.
Advertise these SVIs into EIGRP
o VLAN 40
o VLAN 4001
o VLAN 4002
You are not permitted to configure EIGRP on the VLAN interface.
Make sure that a summary route is sent for VLAN 40, VLAN 4001, and VLAN 4002.
(3 Points)
DC2-N7K-1:
==========
feature eigrp
feature bfd
!
router eigrp 1
autonomous-system 1
router-id 10.0.2.1
bfd
no shutdown
!
ip router eigrp 1
no ip redirects
no shutdown
!
DC2-N7K-3:
==========
feature eigrp
feature bfd
!
router eigrp 1
autonomous-system 1
router-id 10.0.2.3
bfd
no shutdown
!
ip router eigrp 1
ip summary-address eigrp 1 10.1.40.0/22
no ip redirects
no shutdown
!
route-map ABC permit 10
match interface vlan 40 vlan 4001 vlan 4002
!
router eigrp 1
redistribute direct route-map ABC
!
DC2-N7K-4:
==========
feature eigrp
feature bfd
!
router eigrp 1
autonomous-system 1
router-id 10.0.2.4
bfd
no shutdown
!
ip router eigrp 1
ip summary-address eigrp 1 10.1.40.0/22
no ip redirects
no shutdown
!
route-map ABC permit 10
match interface vlan 40 vlan 4001 vlan 4002
!
router eigrp 1
redistribute direct route-map ABC
!
1.10 - DC2: Configure ACL

In this task, you will configure an IP access list on the WAN interface on DC2 switches.
Allow traffic to VLAN 40, VLAN 4001, and VLAN 4002 via the WAN interface according to this table:
Switch Name WAN Interface Destination Traffic Allowed

DC2-N7K-3 Ethernet 4/23 VLAN 40: 10.1.40.0/24 Any Traffic to this Network
VLAN 4001: 10.1.41.0/24 World Wide Web
Secure Socket Layer
Telnet
Secure Socket Layer
Telnet
DC2-N7K-4 Ethernet 4/31 VLAN 40: 10.1.40.0/24 Any Traffic to this Network
Secure Socket Layer
Telnet
Secure Socket Layer
Telnet
(4 Points)
DC2-N7K-3:
==========
ip access-list ABC
permit ip any 10.1.40.0/24
permit tcp any 10.1.41.0/24 eq telnet
permit tcp any 10.1.41.0/24 eq www
permit tcp any 10.1.41.0/24 eq 443
permit udp any any range 3784 3785
permit eigrp any any
permit pim any any
permit gre any any
permit icmp any any
permit igmp any any
permit udp 20.0.0.1/32 eq ntp any
permit ip 10.1.1.214/32 any
deny ip any any
!
ip access-group ABC in
!
DC2-N7K-4:
==========
ip access-list ABC
permit ip any 10.1.40.0/24
permit udp any any range 3784 3785
permit eigrp any any
permit pim any any
permit gre any any
permit icmp any any
permit igmp any any
permit udp 20.0.0.1/32 eq ntp any
deny ip any any
!
ip access-group ABC in
!
1.11 - DC2: Configure syslog and NTP
In DC2, make sure that DC2-N7K-3 receives the time from the NTP server 20.0.0.1.
There is a syslog server on a remote site that is accessible from the WAN network. Configure DC2-N7K-3 to send logs to
syslog. The IP address of the syslog server is 10.0.0.1.
(1 Point)
DC2-N7K-1:
==========
clock protocol ntp vdc 3
DC2-N7K-3:
==========
ntp distribute
ntp server 20.0.0.1
ntp commit
ntp source-interface ethernet 4/23
!
logging server 10.0.0.1
logging source loopback 0
!
1.12 - DC2: Configure STP

In this task, you will configure Spanning Tree Protocol in Data Center 2.
Complete these tasks on DC2-N7K-1, DC2-N7K-3, and DC2-N7K-4:
Configure Multiple Spanning Tree for VLAN 4001 and VLAN 4002.
Make sure that DC2-N7K-3 is the root for VLAN 4001 and VLAN 4002.
Use this information to configure MST:
o MST region = 1
o Name = ccie
o MST revision number = 5
Enable Bridge Assurance on the appropriate ports.
(2 Points)
DC2-N7K-3:
==========
spanning-tree mode mst
spanning-tree mst configuration
name ccie
revision 5
instance 1 vlan 4001-4002
!
spanning-tree mst 1 root primary
!
spanning-tree port type network
no shutdown
!
no shutdown
!
DC2-N7K-4:
==========
name ccie
revision 5
!
no shutdown
!
DC2-N7K-1:
==========
name ccie
revision 5
!
no shutdown
!
1.13 - DC1: Allocate Ports to VDCs and Implement VLANS
In DC1, allocate ports to VDCs as shown in this table:
Device Name ID Ports Type

DC1-N7K-1 1 Ethernet3/1-8, Ethernet4/1-8, Ethernet4/10, Ethernet
Ethernet 4/12, Ethernet 4/14, Ethernet 4/16
DC1-N7K-2 2 Ethernet3/9-16, Ethernet4/9, Ethernet 4/11, Ethernet
Ethernet 4/13, Ethernet 4/15
You must configure VLANs in Data Center 1. These VLANs will be used later in the exam. Assign the correct name and
type as outlined here.
Configure these VLANs on DC1-N7K-1, DC1-N7K-2, DC1-N7K-3, and DC1-N7K-4:
Device Name VLAN ID VLAN Name VLAN Mode
DC1-N7K-1 90 dci-site Classic Ethernet
DC1-N7K-2 4001 dci-data1 Classic Ethernet
DC1-N7K-3 4002 dci-data2 Classic Ethernet
DC1-N7K-4
(2 Points)
DC1-N7K-1:
==========
license grace-period
no vdc combined-hostname
!
vdc DC1-N7K-1 id 1
allocate interface ethernet 4/10, ethernet 4/12
allocate interface ethernet 4/14, ethernet 4/16
!
vdc DC1-N7K-2 id 2
allocate interface eth 3/9-16, ethernet 4/9
allocate interface ethernet 4/11, ethernet 4/13, ethernet 4/15
!
vdc DC1-N7K-3 id 3
!
vdc DC1-N7K-4 id 4
!
DC1-N7K-1#
DC1-N7K-2#
DC1-N7K-3#
DC1-N7K-4#
===========
vlan 90
name dci-site
!
vlan 4001
name dci-data1
!
vlan 4002
name dci-data2
!
1.14 - DC1: Configure Layer 2 links

In this task, you must configure Layer 2 port channels and trunk ports between Data Center 1 switches.
Configure the Layer 2 port channel between DC1-N7K-3 and DC1-N7K-4. Use this information to complete this task:
Use port channel number 200.
Allow only VLANs 90, 4001, and 4002 on the port channel.
Use LACP.
Use VLAN 90 as the native VLAN.
Make sure that the native VLAN is tagged.
Here are the port assignments:

Device Name Port Channel Member Port
DC1-N7K-1 and DC1-N7K-3 are connected using a Layer 2 link and a Layer 3 link. In this task, you will configure the Layer
2 link between these switches as a trunk port. Use this information to complete this task:
Allow only VLANs 90, 4001, and 4002.
Device Name Trunk Port Mode
DC1-N7K-2 and DC1-N7K-4 are connected using a Layer 2 and a Layer 3 link. In this task, you will configure the Layer 2
link between these switches as a trunk port. Use this information to complete this task:
Allow only VLANs 90, 4001, and 4002.
Device Name Trunk Port Mode
(2 Points)
DC1-N7K-3:
==========
vlan dot1q tag native
feature lacp
!
no shutdown
!
switchport
no shutdown
!
switchport
no shutdown
!
DC1-N7K-4:
==========
feature lacp
!
no shutdown
!
switchport
no shutdown
!
switchport
no shutdown
!
DC1-N7K-1:
==========
!
switchport
no shutdown
!
DC1-N7K-2:
==========
!
switchport
no shutdown
!
1.15 - DC1: Implement Cisco NX-OS Layer 3 functionality

You must now configure Layer 3 interfaces on the Cisco Nexus 7000 switches in DC1. Configure the following:
WAN Layer 3 interfaces on DC1-N7K-3 and DC1-N7K-4
Loopback interfaces on DC1-N7K-1, DC1-N7K-2, DC1-N7K-3, and DC1-N7K-4
WAN interfaces connect the Cisco Nexus 7000 switch to the WAN switch. The WAN switch is preconfigured. No
configuration is necessary on your part.
Configure the WAN IP addresses as shown in this table:

DC1-N7K-3 Ethernet 4/23 10.4.1.1 30
DC1-N7K-4 Ethernet 4/31 10.4.1.5 30
Make sure that the jumbo frame size of 9100 bytes is allowed on the WAN.
switches.
DC1-N7K-1 Ethernet 4/5 10.4.1.17 30
DC1-N7K-3 Ethernet 4/24 10.4.1.18 30
switches.
DC1-N7K-2 Ethernet 4/9 10.4.1.26 30
DC1-N7K-4 Ethernet 4/25 10.4.1.25 30
In DC1, configure the loopback IP addresses as shown in this table:

DC1-N7K-1 Loopback0 10.0.1.1 32
DC1-N7K-2 Loopback0 10.0.1.2 32
DC1-N7K-3 Loopback0 10.0.1.3 32
DC1-N7K-4 Loopback0 10.0.1.4 32
(2 Points)
DC1-N7K-1:
==========
no shutdown
!
ip address 10.4.1.18/30
mtu 9100
no shutdown
!
DC1-N7K-3:
==========
no shutdown
!
mtu 9100
no shutdown
!
ip address 10.4.1.17/30
mtu 9100
no shutdown
!
DC1-N7K-4:
==========
no shutdown
!
mtu 9100
no shutdown
!
ip address 10.4.1.25/30
mtu 9100
no shutdown
!
DC1-N7K-2:
==========
no shutdown
!
ip address 10.4.1.26/30
mtu 9100
no shutdown
!
1.16 - DC1: Configure SVI and HSRP

In DC1, configure SVI 4001 and 4002 on DC1-N7K-3 and DC1-N7K-4:
DC1-N7K-3 VLAN 4001 10.1.41.250 24
VLAN 4002 10.1.42.250 24
DC1-N7K-4 VLAN 4001 10.1.41.251 24
VLAN 4002 10.1.42.251 24
Configure HSRP on DC1-N7K-3 and DC1-N7K-4 as shown in this table:

VLAN Virtual IP Group Active MD5 Key
VLAN 4001 10.1.41.254 2 DC1-N7K-3 CCIEDC
VLAN 4002 10.1.42.254 2 DC1-N7K-3 CCIEDC
Use any key chain name. Make sure that HSRP waits 3 seconds before detecting a neighbor down instance. Also make
sure that DC1-N7K-3 is always the active router for VLAN 4001 and VLAN 4002.
(2 Points)
DC1-N7K-3:
==========
feature hsrp
!
key chain ABC
key 0
key-string CCIEDC
!
interface vlan 4001
ip address 10.1.41.250/24
no shutdown
hsrp version 2
hsrp 2
ip 10.1.41.254
priority 255
preempt
timers 1 3
!
interface vlan 4002
ip address 10.1.42.250/24
no shutdown
hsrp version 2
hsrp 2
ip 10.1.42.254
priority 255
preempt
timers 1 3
!
DC1-N7K-4:
==========
feature hsrp
!
key chain ABC
key 0
key-string CCIEDC
!
interface vlan 4001
ip address 10.1.41.251/24
no shutdown
hsrp version 2
hsrp 2
ip 10.1.41.254
timers 1 3
!
interface vlan 4002
ip address 10.1.42.251/24
no shutdown
hsrp version 2
hsrp 2
ip 10.1.42.254
timers 1 3
!
1.17 - DC1: Implement Cisco NX-OS Layer 3 Routing
In DC1, set up EIGRP. Enable EIGRP within DC1 and also on the connectivity to the WAN. Make sure that fast failure
detection is enabled.
The core WAN router is preconfigured with EIGRP.




(3 Points)
DC1-N7K-1:
==========
feature eigrp
feature bfd
!
router eigrp 1
autonomous-system 1
router-id 10.0.1.1
bfd
no shutdown
!
ip router eigrp 1
no ip redirects
no shutdown
!
DC1-N7K-2:
==========
feature eigrp
feature bfd
!
router eigrp 1
autonomous-system 1
router-id 10.0.1.2
bfd
no shutdown
!
ip router eigrp 1
no ip redirects
no shutdown
!
DC1-N7K-3:
==========
feature eigrp
feature bfd
!
router eigrp 1
autonomous-system 1
router-id 10.0.1.3
bfd
no shutdown
!
ip router eigrp 1
no ip redirects
no shutdown
!
DC1-N7K-4:
==========
feature eigrp
feature bfd
!
router eigrp 1
autonomous-system 1
router-id 10.0.1.4
bfd
no shutdown
!
ip router eigrp 1
no ip redirects
no shutdown
!
ip router eigrp 1
no ip redirects
no shutdown
!
1.18 - DC1 and DC2: Configure OTV
You must now perform Cisco Data Center Interconnect (DCI) between DC1 and DC2. The WAN core is enabled for
multicast. During this task, you will make sure that DC1-N7K-1, DC1-N7K-2, DC1-N7K-3, and DC1-N7K-4 are configured
appropriately to support OTV within DC1.
Similarly, make sure that DC2-N7K-1, DC2-N7K-3, and DC2-N7K-4 are configured appropriately to support OTV in DC2.
VLAN 4001 and VLAN 4002 must be extended between DC1 and DC2. All other VLANs will stay local to the data center.
Do not create additional VLANs for this task.
You are allowed to use a multicast address range to achieve the task.
The RP address is 20.0.0.1. PIM sparse mode is running in the WAN core.
In Data Center 1, perform these tasks:

On the Layer 2 trunk port between DC1-N7K-1 and DC1-N7K-3, only allow VLANs that must be extended.
On the Layer 2 trunk port between DC1-N7K-2 and DC1-N7K-4, only allow VLANs that must be extended.
Use VLAN 90 as the site VLAN.
In Data Center 2, perform these tasks:
On the Layer 2 trunk port between DC2-N7K-1 and DC2-N7K-3. Only allow VLANs that must be extended.
Use VLAN 90 as the site VLAN.
After completing these infrastructure tasks, configure the necessary DCI tasks as specified in the question. Then verify
that DCI was successful by pinging SVIs 4001 and 4002 from DC1-N7K-3 and DC2-N7K-3.
Make sure that HSRP is localized within each data center.
(3 Points)
DC1-N7K-1:
==========
feature otv
!
ip igmp version 3
no shutdown
!
otv site-id 0x1
otv site-vlan 90
!
interface overlay 0
otv join-interface ethernet 4/5
otv control-group 239.1.1.1
otv data-group 232.1.1.0/24
otv extend-vlan 4001-4002
no shutdown
!
DC1-N7K-2:
==========
feature otv
!
ip igmp version 3
no shutdown
!
otv site-id 0x1
otv site-vlan 90
!
interface overlay 0
no shutdown
!
DC1-N7K-3:
==========
feature pim
ip pim rp-address 20.0.0.1
!
ip igmp version 3
ip pim sparse-mode
no shutdown
!
ip pim sparse-mode
no shutdown
!
DC1-N7K-4:
==========
feature pim
!
ip igmp version 3
ip pim sparse-mode
no shutdown
!
ip pim sparse-mode
no shutdown
!
DC2-N7K-1:
==========
feature otv
!
ip igmp version 3
no shutdown
!
otv site-id 0x2
otv site-vlan 90
!
interface overlay 0
no shutdown
!
DC2-N7K-3:
==========
feature pim
!
ip igmp version 3
ip pim sparse-mode
no shutdown
!
ip pim sparse-mode
no shutdown
!
DC2-N7K-4:
==========
feature pim
!
ip pim sparse-mode
no shutdown
!
DC2-N7K-1:
==========
DC1-N7K-1:
==========
DC1-N7K-2:
==========
ip access-list ALL_IPs
permit ip any any
!
ip access-list HSRP_IP
permit udp any 224.0.0.102/32 eq 1985
!
vlan access-map HSRP_Localization 10
match ip address HSRP_IP
action drop
!
vlan access-map HSRP_Localization 20
match ip address ALL_IPs
action forward
!
vlan filter HSRP_Localization vlan-list 4001-4002
!
mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c9f.f000 ffff.ffff.f000
mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000 0000.0000.0000
!
route-map OTV_HSRP_filter permit 10
match mac-list OTV_HSRP_VMAC_deny
!
otv-isis default
vpn Overlay0
redistribute filter route-map OTV_HSRP_filter
!
Section II Storage
Refer to this figure:
2.1 Fibre Channel Port Channel, ISL, and Trunking
You have been asked to help resolve a non-optimal Fibre Channel port channel between DC2-MDS-1 and DC2-N5K-2.
The desired result is that port channel ID 22 is up at 8 Gb/s between the two devices and that only VSANs 1 and 200 are
able to traverse it.
(3 Point)
DC2-N5K-2:
==========
feature fcoe
!
slot 2
port 1-16 type fc
!
copy running-config startup-config
!
poweroff module 2
!
no poweroff module 2
!
vsan database
vsan 200
vsan 999
!
interface san-port-channel 22
channel mode active
switchport mode E
switchport trunk mode on
switchport trunk allowed vsan 1
switchport trunk allowed vsan add 200
no switchport trunk allowed vsan add 999
no switchport speed
switchport speed 4000
no shutdown
!
interface fc 2/1-2
channel-group 22 force
no shutdown
!
DC2-MDS-1:
==========
vsan database
vsan 200
vsan 999
!
channel mode active
switchport mode E
switchport rate-mode dedicated
no switchport trunk allowed vsan add 999
no switchport speed
switchport speed 4000
no shutdown
!
interface fc 1/5-6
channel-group 22 force
no shutdown
!
2.2 - Implement Fibre Channel NPV and NPIV Features

Configure the two Fibre Channel links between DC2-N5K-1 and DC2-MDS-1 to be two parallel, non-trunking, NPV-NPIV
links for VSAN 100.
The customer demands that servers in VSAN 100 that use these links be distributed equally at all times, even in the
event that one of the links goes down and comes back up.
DC2-N5K-1:
==========
feature fcoe
!
slot 2
port 1-16 type fc
!
copy running-config startup-config
!
poweroff module 2
!
no poweroff module 2
!
vsan database
vsan 100
vsan 100 interface fc 2/1
!
interface fc 2/1-2
switchport mode NP
switchport trunk mode off
no shutdown
!
npv auto-load-balance disruptive
!
DC2-MDS-1:
==========
feature npiv
!
vsan database
vsan 100
!
interface fc 1/1-2
switchport mode F
switchport trunk mode off
no shutdown
!
2.3 - Implement FCoE NPV Features

Create a logical device within DC2-N7K-1 that is capable on FCoE functionality. Use the following parameters:
Device Name ID Port Allocation
Initialize this logical device with the following parameters:
Password : cisco
Mgmt IP : 10.1.1.23
Mgmt Netmask : 255.255.255.0
Mgmt Gateway : 10.1.1.254
Telnet : Enabled
Configure a FCoE NPV-NPIV F-Port trunking and port-channeling link between the DC2-N7K-2 and DC2-N5K-1 switches.
Create VSAN 100 and allow only this VSAN across this link. This link should be configured to use LACP. Make sure that
SID/DID/OXID load-balancing is used across this link. Use port channel ID 11.
(3 points)
DC2-N7K-1:
==========
install feature-set fcoe
license fcoe module 3
!
system qos
service-policy type network-qos default-nq-7e-policy
!
no vdc DC2-N7K-2 id 2
!
vdc DC2-N7K-2 type storage id 2
allocate interface ethernet 3/9-16
allocate fcoe-vlan-range 100,200
!
switchto vdc DC2-N7K-2
!
DC2-N7K-2:
==========
interface mgmt 0
ip address 10.1.1.23/24
no shutdown
!
ip route 0.0.0.0/0 10.1.1.254
!
feature telnet
feature fport-channel-trunk
feature-set fcoe
feature npiv
feature lacp
feature lldp
!
vsan database
vsan 100
!
vlan 100
fcoe vsan 100
!
no shutdown
!
switchport
switchport trunk allowed vlan 100
no shutdown
!
interface vfc-port-channel 11
bind interface port-channel 11
switchport mode F
no shutdown
DC2-N5K-1:
==========
vsan database
vsan 100
!
vlan 100
fcoe vsan 100
!
no shutdown
!
switchport
no shutdown
!
interface vfc 11
switchport mode NP
no shutdown
!
port-channel load-balance ethernet source-dest-port
!
2.4 Troubleshoot Multihop FCoE

The customer reports that the FCoE VE Port channel between the DC2-N7K-2 and DC2-N5K-2 switches is no working. You
have been asked to resolve the issue and get the FCoE VE Port channel working. Once it is up, it should transport VSAN
200 only. The link should be formed with LACP and use port channel ID 12. Traffic form the N5K to the N7K must load-
balance with SID/DID. The resolution must not impact port channel 11.
(3 points)
DC2-N7K-2:
==========
vsan database
vsan 200
!
vlan 200
fcoe vsan 200
!
no shutdown
!
switchport
no shutdown
!
interface vfc-port-channel 12
switchport mode E
no shutdown
!
DC2-N5K-2:
==========
no fcoe fcmap
!
vsan database
vsan 200
!
vlan 200
fcoe vsan 200
!
no shutdown
!
switchport
no shutdown
!
interface vfc 12
switchport mode E
no shutdown
!
port-channel load-balance ethernet source-dest-ip
!
DC1-N7K-1:
==========
port-channel load-balance src-dst ip-l4port module 3
!
2.5 - Implement IP Storage Based Solution
Configure two FCIP links between the DC1-MDS-1 and DC2-MDS-1 switches. Allow VSANs 1, 100 and 200 across both
links. The customer has a firewall between the date centers that only permits connections for each FCIP tunnel with port
3005. The connections must only be initialized from the DC2-MDS-1 side. Link MTU should be able to accommodate a
complete Fibre Channel frame. Use FCIP profiles 10 and 20, and interfaces FCIP 10 and 20.
Device Name Primary Link Address Secondary Link Address

DC1-MDS-1 10.3.1.1/30 10.3.1.5/30
DC2-MDS-1 10.3.1.2/30 10.3.1.6/30
(2 points)
DC1-MDS-1:
==========
feature fcip
!
interface gigabitethernet 1/3
ip address 10.3.1.1 255.255.255.252
switchport mtu 2300
no shutdown
!
ip address 10.3.1.5 255.255.255.252
switchport mtu 2300
no shutdown
!
fcip profile 10
ip address 10.3.1.1
port 3005
!
fcip profile 20
ip address 10.3.1.5
port 3005
!
interface fcip 10
use-profile 10
peer-info ipaddr 10.3.1.2
switchport mode E
passive-mode
no shutdown
!
interface fcip 20
use-profile 20
peer-info ipaddr 10.3.1.6
switchport mode E
passive-mode
no shutdown
!
DC2-MDS-1:
==========
feature fcip
!
ip address 10.3.1.2 255.255.255.252
switchport mtu 2300
no shutdown
!
ip address 10.3.1.6 255.255.255.252
switchport mtu 2300
no shutdown
!
fcip profile 10
ip address 10.3.1.2
!
fcip profile 20
ip address 10.3.1.6
!
interface fcip 10
use-profile 10
peer-info ipaddr 10.3.1.1 port 3005
switchport mode E
no shutdown
!
interface fcip 20
use-profile 20
peer-info ipaddr 10.3.1.5 port 3005
switchport mode E
no shutdown
!
2.6 Implement FCoE Host Configuration

Configure FCoE connections for DC2-SRV-3 and DC2-SRV-4.
DC2-SRV-3 port 1 should be in VSAN/VLAN 200. Use vfc 311 for this interface.
Interface vfc20 must always use DC2-N5K-1 uplink FC 2/2.
All required configurations on the host side are preconfigured. You are only required to configure the N5K and N7K
sides. You have access to both servers' Cisco Integrated Management Controllers in case you need to verify and
troubleshoot from the host side.
DC2-N7K-2:
==========
switchport
no shutdown
!
interface vfc 311
bind interface ethernet 3/11
switchport mode F
no shutdown
!
vsan database
vsan 200 interface vfc 311
!
DC2-N5K-1:
==========
switchport
no shutdown
!
interface vfc 20
switchport mode F
no shutdown
!
npv traffic-map server-interface vfc 20 external-interface fc 2/2
!
vsan database
!
DC2-N5K-1:
==========
fex 103
fcoe
!
interface ethernet 103/1/20
switchport
switchport trunk allowed vlan 1,100
no shutdown
!
interface vfc 320
bind interface ethernet 103/1/20
switchport mode F
no shutdown
!
vsan database
!
DC2-N5K-2:
==========
fex 104
fcoe
!
interface ethernet 104/1/20
switchport
switchport trunk allowed vlan 1,200
no shutdown
!
interface vfc 420
bind interface ethernet 104/1/20
switchport mode F
no shutdown
!
vsan database
!
Section 3 - Unified Computing
You have been tasked to configure and troubleshoot an existing computing solution based on Cisco UCS. DC2 will be
hosting your primary computing cluster. Your primary storage array resides in DC1 and is reachable via the FCIP link that
was already configured. You must configure all Cisco UCS endpoints as well as SAN and LAN devices as instructed. No
access is required to the storage array. Please review this topology subset, which shows the relevant devices for this
section.
Reference Topology:
Note: The port numbers on the topology diagram are the physical port numbers.
3.1 - Troubleshoot Cisco UCS Domain Infrastructure
You have been tasked to reconfigure the uplink connectivity for your Cisco UCS domain. Configure the uplinks as shown
in the diagram. Port channel IDs and VPC IDs should match each side of the links where applicable.
The network administrator previously implemented a disjoint Layer 2 network design. This is no longer required.
Remove all disjoint layer 2 configurations from Cisco UCS and disable any uplinks that are not listed in this reference
diagram.
(5 points)
DC2-N5K-1:
==========
switchport
no shutdown
!
interface vfc 5
switchport mode F
no shutdown
!
vsan database
!
DC2-N5K-2:
==========
feature npiv
!
switchport
no shutdown
!
interface vfc 5
switchport mode F
no shutdown
!
vsan database
!
3.2 - Modify CoS for iSCSI
Some of your blades will use iSCSI. To accommodate this, perform these configurations:
Configure the Silver CoS queue to accommodate 9000-byte frames
Create a QoS policy named ccie-dc-qos and assign the Silver priority. Allow full host control.
Assign the QOS policy to the two existing vNIC templates.
(3 Points)
3.3 - Create FCoE Boot Policy
Create a boot policy that meets these criteria:
Name of policy: fcoe-boot-pol.
The CD-ROM should be the first boot device.
The second boot device should be the SAN Boot Primary, using LUN ID 0 on Fabric B.
Obtain target WWN information from the resources that are at your disposal.
(3 Points)
DC1-MDS-1:
==========
interface fc 1/10-11
switchport mode fx
no shutdown
!
vsan database
!
DC1-MDS-1# show flogi database

--------------------------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
--------------------------------------------------------------------------
fc1/10 100 0x5f0108 21:00:00:04:CF:27:27:E8 20:00:00:04:CF:27:27:E8
fc1/11 200 0xee0108 22:00:00:04:CF:27:27:E8 20:00:00:04:CF:27:27:E8
!
3.4 - Create WWxN Pool
Create these resource pools or policies:
Sequentially allocated WWxN pool called ccie-dc-wwxn.
Add a WWN block starting with 20:00:00:25:B5:C0:FF:EE of the minimum size.
(2 points)
3.5 - Create I/O Connectivity Policies
Create a LAN connectivity policy that meets these requirements:
Name: ccie-lan-con-pol
Create two vNICs named eth0 and eth1 and bind each vNIC to a unique existing vNIC template.
Adapter settings should be optimized for VMware
Create a SAN connectivity policy that meets these requirements:

Name: ccie-san-con-pol
Create a single vHBA named fc0 and assign it to VSAN 200
Use existing WWxN pool that was previously created.
(4 Points)
3.6 - Cisco UCS Initiator Zoning
Now that you have created your connectivity policies, you must add your initiators to the correct MDS zones. Ensure
that the existing MDS zones are correctly configured to ensure that your Cisco UCS initiators and targets can
communicate. Add initiator WWNs as required, using the resources that are at your disposal.
(3 points)
DC2-MDS-1:
==========
clear zone database vsan 200
!
zone mode enhanced vsan 200
!
zone name zone_ucs_vsan200 vsan 200
member pwwn 22:00:00:04:CF:27:27:E8
member pwwn 20:00:00:25:B5:C0:FF:EE
member pwwn 20:00:00:25:B5:C0:FF:EF
member pwwn 20:00:00:25:B5:C0:FF:F0
member pwwn 20:00:00:25:B5:C0:FF:F1
!
zoneset name zs_vsan200 vsan 200
member zone_ucs_vsan200
!
zoneset activate name zs_vsan200 vsan 200
!
zone commit vsan 200
!
3.7 - Remote Boot Host Over FCoE Multihop
As part of this questions and the next one, you must create a service profile. Detailed requirements for the service
profile are provided here. Part of your objective is to ensure that the previously installed operating system successfully
boots with your configured service profile.
Note: If object names are not explicitly provided, you can use your own naming convention. If policies or settings are not
explicitly provided, use the default values.
Perform the following configurations:

Create a service profile named fcoe-boot in the root organization.
This profile should be restricted to blades that have no local disks installed.
Assign the LAN and SAN connectivity policies that were created in the previous section.
The service profile should use the previously created ccie-xxxx resource pools.
Assign the boot policy that you created in the previous section.
Associate the service profile with Server 1/1 and ensure that the ESX host boots up.
(4 Points)
3.8 - Configure Cisco UCS Authentication
LDAP authentication had been configured by one of your colleagues, but they are unable to perform a successful test
authentication. Your task is to troubleshoot and resolve the issue. The LDAP administrator has confirmed that these
details are correct.
No access to the Microsoft Active Directory server is required.
Active Directory Object Value

Domain Controller 10.1.1.214
Bind User CN=ucs binduser, OU=CiscoUCS, DC=cciedc, DC=lab
Bind User Password Cisco
Base DN DC=cciedc, DC=lab
Port 389
Filter $AMAccountName=$userid
Group Authorization Enable
Authentication Domain Name ldap-domain
Group Recursion Recursive
Target Attribute memberOf
LDAP provider group Name ldap-group
Active Directory Group Mapped Cisco UCS Role

ucsaaa aaa
ucsnetwork network
Active Directory Test User Expected Role
john.smith aaa
(5 Points)
3.9 - Configure Call Home Monitoring
Your manager has instructed you to configure Call Home for Cisco UCS. Call Home should be configured to only send
notifications regarding association failures.
Use these details for configure Call Home:
No need to test Call Home or send inventory
Contact: John Smith

Phone: +1555-555-5555
Email: john.smith@cisco.com
Address: 555 Tasman
Contract ID: 555
From Email: DC2-UCS@cisco.com
Reply To: DC2-UCS@cisco.com
SMTP Server: 10.1.1.201
(2 Points)
Section 4 - Data Center Virtualization with Cisco Nexus 1000V
The Cisco Nexus 1000V Switch has been previously installed. All VMware configurations have been completed. No access
to VMware vCenter or the host is required. The Cisco VSM contains a basic configuration. After a review of these
directives, make any necessary changes.
4.1 - Implement Virtual Switch Module

Assuming that your Cisco UCS blade booted successfully in the previous section, there should be two modules inserted
and online on Cisco VSM.
Modify the uplink port profile to use manual subgroup IDs. The manual subgroup ID for each uplink interface should
match with the vmnic numbering of the host.
Example: vmnic1 = subgroup ID 1, vmnic2 = subgroup ID 2, and so on.
(3 Points)
N1KV# show module
Mod Ports Module-Type Model Status
--- ----- ----------------------------- -------------- ----
1 0 Virtual Supervisor Module Nexus1000V active *
25 332 Virtual Ethernet Module NA ok
56 332 Virtual Ethernet Module NA ok
Mod SW HW
--- ------------------ ---------------------------------------------
1 4.2(1)SV2(2.2) 0.0
25 4.2(1)SV2(2.2) VMware ESXi 5.1.0 Releasebuild-1483097 (3.1)
56 4.2(1)SV2(2.2) VMware ESXi 5.1.0 Releasebuild-1483097 (3.1)
Mod Server-IP Server-UUID Server-Name

--- --------------- ------------------------------------ ----------
1 10.200.1.150 NA NA
25 10.1.40.10 fc3c5001-7bc8-e411-1111-00000000000a 10.1.40.10
56 10.1.40.11 fc3c5001-7bc8-e411-1111-00000000000a 10.1.40.11
N1KV# show interface brief

----------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
----------------------------------------------------------------------
mgmt0 -- up 10.200.1.150 1000 1500
----------------------------------------------------------------------
Ethernet
Interface VLAN Type Mode Status Reason Speed Port Ch #
----------------------------------------------------------------------
Eth25/1 1 eth trunk up none 20G
----------------------------------------------------------------------
Vethernet VLAN Type Mode Status Reason Speed
----------------------------------------------------------------------
Veth1 40 virt access up none auto
----------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
----------------------------------------------------------------------
control0 -- up -- 1000 1500
N1KV(config)# module vem 25 execute vemcmd show port
LTL VSM Port Admin Link State PC-LTL SGID Vem Port Type
17 Eth25/1 UP UP FWD 0 vmnic0
49 Veth1 UP UP FWD 0 vmk0
N1KV(config)# module vem 56 execute vemcmd show port

LTL VSM Port Admin Link State PC-LTL SGID Vem Port Type
50 Veth1 UP UP FWD 0 vmk0
port-profile type Ethernet system-uplink

channel-group auto mode on sub-group manual
no shutdown
!
system jumbomtu 9000
!
interface Ethernet 25/1
sub-group-id 0
no shutdown
!
sub-group-id 1
no shutdown
!
sub-group-id 2
no shutdown
!
sub-group-id 3
no shutdown
!
track network-state
!
N1KV#show network-state tracking

port- Network Tracking SG SG Tracking Members
channel Mode Vlan ID State SG Interface
----------------------------------------------------------------
Po2 Ok 1 0 Active Eth25/1 Eth25/1
1 Active Eth25/2 Eth25/2
Po3 Ok 1 2 Active Eth56/1 Eth56/1
3 Active Eth56/2 Eth56/2
4.2 - Troubleshoot: Basic port profile configuration
A colleague mistakenly configured the name of the vlan50 port profile. This port profile is already in use and must not be
deleted. Your task is to change the port profile name that is presented to VMware vCenter to dmz.
(2 Points)
port-profile type vethernet vlan50
vmware port-group dmz
no shutdown
!
4.3 - Advanced port profile configuration, part 1

You have been tasked to configure the Cisco Nexus 1000V Switch to support iSCSI traffic for IP storage. One of your
colleagues has created a port profile called iscsi. The configuration is no complete. Your job is to modify the port profile
and any other configuration to support IP- based storage.
(3 points)
port-profile type vethernet iscsi
capability iscsi-multipath
system vlan 30
no shutdown
!
system vlan 1,30,40,70
no shutdown
!
4.4 - Advanced port profile configuration, part 2

To ensure that proper QoS is applied to your IP storage traffic, configure the iscsi port profile to assign a CoS value of 2
to all traffic. This will align with the CoS that was previously configured in the Cisco UCS section. You may use any names
you want for policy names.
(2 points)
policy-map type qos iscsi
class class-default
set cos 2
!
port-profile type vethernet iscsi
service-policy type qos output iscsi
service-policy type qos input iscsi
!
mtu 9000
no shutdown
!
UCS / N1Kv Reference Section
Device IP Username Password
UCS-Cluster-IP 10.1.1.50 admin cisco
DC-FI-A 10.1.1.51 admin cisco
DC-FI-B 10.1.1.52 admin cisco
DC2-N5K-1 10.1.1.41 admin cisco
DC1-MDS-1 10.1.1.61 admin cisco
DC2-MDS-1 10.1.1.62 admin cisco
N1Kv (VSM) 10.1.1.212 admin cisco
UCS Pools / Resources Pool Name Starting Value Qty (if applicable)
UUID suffix ccie-dc-uuid 1111-000000000001 10
WWPN (Fabric A) ccie-dc-wwpn-a 20:00:00:25:B5:10:10:01 4
WWPN (Fabric B) ccie-dc-wwpn-b 20:00:00:25:B5:10:10:0A 4
WWNN ccie-dc-wwnn 20:00:00:25:B5:11:10:01 4
MACs ccie-dc-mac 00:25:B5:00:00:01 32
Managements IPs (KVM) 10.1.1.53/24 7
Management Gateway 10.1.1.254
Storage Objects Value

Fiber Channel SAN Boot LUN ID 0
SAN Boot Policy ccie-boot-pol
Fabric A zone name zone_ucs_van100
Fabric B zone name zone_ucs_vlan200
Zone set name zs_vsan100, zs_vsan200
Zone names zone_ucs_vsan100, zone_ucs_vsan200
VLAN ID VLAN Name

30 iscsi
40 esx-mgmt
50 dmz
70 vm-data
71 vm-data-nat

Ccie DC Lab 2

Uploaded by

Copyright:

Available Formats

Ccie DC Lab 2

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ccie DC Lab 2

Uploaded by

Copyright:

Available Formats

1.

1 - DC2: Allocate ports and resources to VDC's

High-availability policy for DC2-N7K-1 must be RESET.

1.2 - DC2: Implement VLANs

1.3 - DC2: Configure Layer 2 Links

Port assignments are as follows:

Use following information to complete this task:

VDC Name Trunk Port Mode

1.6 - DC2: Configure FEX

1.7 - DC2: Implement Cisco NX-OS Layer 3 functionality

WAN Layer 3 interfaces on DC2-N7K-3 and DC2-N7K-4

In DC2, configure the Layer 3 link between DC2-N7K-1 and DC2-N7K-3:

In DC2, configure the loopback IP addresses as shown in this table:

1.8 - DC2: Configure SVI and HSRP

In DC2, configure HSRP on DC2-N7K-3 and DC2-N7K-4 as shown in this table:

Perform these tasks on DC2-N7K-1:

Perform these tasks on DC2-N7K-3:

Perform these tasks on DC2-N7K-4:

1.10 - DC2: Configure ACL

Switch Name WAN Interface Destination Traffic Allowed

1.12 - DC2: Configure STP

Device Name ID Ports Type

1.14 - DC1: Configure Layer 2 links

Here are the port assignments:

1.15 - DC1: Implement Cisco NX-OS Layer 3 functionality

Configure the WAN IP addresses as shown in this table:

In DC1, configure the loopback IP addresses as shown in this table:

Device Name Interface IP Address Subnet Mask

1.16 - DC1: Configure SVI and HSRP

Configure HSRP on DC1-N7K-3 and DC1-N7K-4 as shown in this table:

Perform these tasks on DC1-N7K-1:

Perform these tasks on DC1-N7K-2:

Perform these tasks on DC1-N7K-3:

Perform these tasks on DC1-N7K-4:

In Data Center 1, perform these tasks:

In Data Center 2, perform these tasks:

2.2 - Implement Fibre Channel NPV and NPIV Features

2.3 - Implement FCoE NPV Features

Initialize this logical device with the following parameters:

2.4 Troubleshoot Multihop FCoE

Device Name Primary Link Address Secondary Link Address

2.6 Implement FCoE Host Configuration

DC1-MDS-1# show flogi database

Create a SAN connectivity policy that meets these requirements:

Perform the following configurations:

Active Directory Object Value

Active Directory Group Mapped Cisco UCS Role

Contact: John Smith

4.1 - Implement Virtual Switch Module

Mod Server-IP Server-UUID Server-Name

N1KV# show interface brief

N1KV(config)# module vem 56 execute vemcmd show port

port-profile type Ethernet system-uplink

N1KV#show network-state tracking

4.3 - Advanced port profile configuration, part 1

4.4 - Advanced port profile configuration, part 2

Storage Objects Value

VLAN ID VLAN Name