IPE DC Lab

-

CCIE Data Center Lab Preparation Workbook

Copyright ' by IPexpert. All rights reserved. 4

]8AJ# KL=KL=UKL=OU# 0*-!) # 8I&W6&;$KU,#

]8A

-



E&.%=-3(*( ;#%#(!&3%&(F&%

-



KU[ RZ9aZU ZBKAKC#ZBKAUC#ZBUC#ZB, KUY Z9aH9aZ ZBKAKC#ZBKAUC#ZBUC#ZB, KU Z9aH9aZU ZBKAKC#ZBKAUC#ZBUC#ZB, KLKK 98baI ZBUC#ZB, KLKU HaaI ZBUC#ZB, KKKK ]78I ZBUC#ZB, #

K= J""!2)#$%+(//(3!)2#HGJV"#3!$%#)0-&"=#U= 9)"5;$%0$#$%HGJV"#0;()/4#;&0$&*#()#$%"6&!+!&*#*&?!&"#

*($-=3%((?#8/(J+(?73/(=3%&H#.&8(K= c)#9$%&;)&$K_Y#0)*#9$%&;)&$K_#()#ZBU#0)*#ZB,#0#$;5).#/!).#"%(5/*#1()+!25;&*#U= J//#HGJV"#3%!%#0;&?!(5"/4#()+!25;&*#"%(5/*#1//(3&*#$(#60""#1&$3&&)#$%"3!$%&"#,= 9)01/Z60))!)2A>;&&

-



ZBU H/0)KLKK K\O=K\=UU,=K_U[ZB, 9$%&;)&$K_K K\O=K\=K,=U_,LZB, 9$%&;)&$K_U K\O=K\=U,=U_,LZB, H/0)KLKK K\O=K\=UU,=U_U[

K= 7()+!25;(5$&*#/!)."#0(;*!)2#$(#$%I#0**;&""!)2#!)+(;-0$!()#!)#$%$01/"$0$&*#01(?&=U= 7()+!25;cZI]#()#0//#!)$&;+0&"#&W&6$#$%ZH8E",= R"$%(6$!-0/#)&$3(;.#$46()#/!)."#3!$%#0#_,L#"51)&$-0".#0)*#&)"5;$%%!2%&"$

)5-1&;&*#"3!$%#1&(-&"#$%:a#()#$%($%&;#/!)."[= J""!2)#G((610.#!)$&;+0&"#3!$%#0)#8I#0**;&""#!)#$%0)2(+#K\O=KO=L=L_,U#3!$%#0#%("$

0**;&""#&@50/#$(#$%"3!$%#)5-1&;=Y= J*?&;$!"G((610.#!)$&;+0&"#!)$(#cZI]= 7()+!25;bbaI#5"!)2#$%ZH8#()#ZBU#0)*#ZB,#0)*#&)"5;$%0$#$%!"#/!).#0)#1"&*#0"

10.56#3%&)#$%/!)."#$(#ZBKAK#0)*#ZBKAU#+0!/=L($-=3%8(

?#8/(L+(B9!(K= c)#9$%&;)&$K_KY#()#1($%#ZBU#0)*#ZB,#0#"&;?&;#!"#())&$&*=#9)"5;$%0$#$%!"#"&;?&;#%0"#0

"!)2//!).#$(30;*"#$%"3!$%&"C#3%&;$%"3!$%&"#0$#0"#0#"!)2/"3!$%U= 9)"5;$%(;$"#$;0)"!$!()#$(#$%+(;30;*!)2#"$0$!--&*!0$&/4#0+$&;#$%&4#(-()/!)&C#$%&

"&;?&;#6(;$#"%(5/*#1#$;5).,= R"$%G((610.#!)$&;+0&"#+(;#.&&60/!?&"[= R"$%GJ7I#6;($((/#$(30;*"#$%"&;?&;#3%&;$%?I7#"3!$%&"#0*?&;$!"$%&-"&/?&"

3!$%#0#6;!(;!$4#?0/5(+#KLL#0)*#DJ7#0**;&""#KUP,[PYPXOP01P*

-



?#8/(**+(;!)(G0IF8 (VLAN Name Device

KU, RZ9aZ ZBKA,C#ZBKA[KU[ RZ9aU ZBKA,C#ZBKA[,LK R7ZK ZBKA,C#ZBKA[,L, R7ZU ZBKA,C#ZBKA[

K= 7;&0$$%HGJV"#5"!)2#$%)0-&"#"$0$&*#!)#$%$01/(?&=*($-=3%(

?#8/(*)+(N#1=.9#%"(W)(K= ]!)!"%#$%()+!25;0$!()#(+#>0".#\U= 9)01/]01;!I0$%#()#$%!)$&;+0&"#9$%&;)&$[_KX#$(#[_UL#()#ZBKA,#0)*#9$%&;)&$[_UK#$(

[_U,#()#ZBKA[=,= J//(3#HGJV#KU,#0)*#HGJV#KU[#$(#;(""#1&$3&&)#:7K#0)*#:7U[= ]01;!I0$%#0*h0&)!&"#"%(5/*#1$&;-!)0$&*#3%&)#)(#%&//(#60.&$"#0;&&!?&*#+(;#KU

"&()*"Y= >%/(3&"$#)5-1&;&*#/!).#"%(5/*#0/304"#1&+&;;&*#+;(-#:7K#$(#:7UC#3%&;$;0++!#+;(-

:7U#$(#:7K#"%(5/*#5"$%%!2%&"$#)5-1&;&*#/!).= 7()+!25;Z3!$%#8:E"#0(;*!)2#$(#$%Z3!$%#)5-1&;#SZBKA,#!"#Z8:#K,T

-



-



E&.%=-3()( E%-#4&(F&%

-



((?#8/(K+(@E0(K= 8)$&;+0+K_K,#0)*#+K_K[#()#D:ZU#"%(5/*#1()+!25;&*#$(#;5)#0"#0#"!)2//(2!0/#/!).#$(#

+K_,K#0)*#+K_,U#()#ZB,=#U= 9)01/#6;($((/#$(#)&2($!0$$%"$0$5"#(+#$%(;$A%0))&/#,= c)/4#0//(3#$%U#HZJV"#6;&?!(5"/4#;&0$&*##[= 9)"5;(5#"&$%]7VZ#&)$;!&"#(+#d(K= 9)"5;$%0$#0//#"3!$%&"#!)#$%)&$3(;.#05$%&)$!0$&0%#($%&;#()#0//#9A6(;$#/!)."#U= >%"3!$%#"%(5/*#5")#ZgJAK#%0"%#(+#iQ%("$)0-&n"&5;&%0"%jC#+(;#&W0-6/&P#

iD:ZK"&5;&%0"%j#,= 9)"5;$%0$#0//#9A6(;$"#0;&)+(;!)2#05$%&)$!0$!()#1&+(;(-!)2#()/!)

J($-=3%8((?#8/(M+(N!@9(

Host IP address Subnetmask VLAN

D:ZK K\O=KO=KKK=K UYY=UYY=UYY=KUO KKKK D:ZU K\O=KO=KKK=U UYY=UYY=UYY=KUO KKKK D:ZK KXU=UU=KU=KLK UYY=UYY=UYY=L KLKU

D:ZU KXU=UU=KU=KLU UYY=UYY=UYY=L KLKU

#

-



K= 7()+!25;ZBU#0)*#ZB,#$(#&)01/(--5)!0$!()#!)#$%-&)$!()&*#HGJV"#01(?&=##U= R"$%+!;"$#b!201!$9$%&;)&$#())&$!()#+(;#HGJV#KKKK#$;0++!#3%!%#"%(5/*#!)/5*#

OLU=Ke#$02#0)*#$%"&()*#b!201!$9$%&;)&$#())&$!()#+(;#HGJV#KLKUC#3%&;$%D:Z#"3!$%&"#3!//#"&)*#$;0++!#3!$%(5$#0#OLU=Ke#$02=#

,= 9)"5;$%"3!$%#6(;$"#S9$%&;)&$K_KK#0)*#9$%&;)&$K_KUT#$;0)"!$!()#!)$(#+(;30;*!)2#!--&*!0$&/4 #

[= R"I#0**;&""!)2#0"#$%$01/(?!*&"#Y= 9)"5;$%0$#$%+0!/5;(+#0#"!)2/b!201!$9$%&;)&$#())&$!()#0)*#$%&;&+(;]78I#$5))&/C#3!//#

)($#05")#]ZI]#;&A0/5/ 0$!()#= J//(3#1($%#HZJV#KOO#0)*#HZJV#U\\#()#$%!"#/!).#X= 9)"5;$%0$#ama:N#+;0-&"#0;"&)$#/(0//4#14#$%D:Z#"3!$%#$(#&)%0)$%&;+(;-0)

(+#3;!$$!()"#L($-=3%8(

((?#8/(Q+([-3=34(K= 7;&0$#*&?!&A0/!0"#+(;#&0%#]7#$0;2&$#5;;&)$/4#6;&"&)$=#U= 7;&0$#*&?!&A0/!0"#+(;#&0%#R7Z#!)!$!0$(;#10"&*#()#$%R7Z#6((/#"&$!()#,= >%*&?!&A0/!0"#*0$010"-04#()/4#1()+!25;&*#+;(-#D:ZK=#9)"5;//#($%&;#"3!$%&"#

()$0!)#$%"0-(64#(+#$%*&?!&A0/!0"#*0$010"&=#[= 9)"5;*&?!&A0/!0"#)0-&"#3!//#1.&6$#!)#$%l()!)2#()+!25;0$!()#0)*#3!//#)($#1

(?&;3;!$$&)#14#$%BBIV=#Y= 9)"5;$%0$#l()!)2#!"#;&0$&*#$(#"566(;$#$%R7Z#"&$!()=#7;&0$#"&60;0$l()&;#

!)!$!0$(;#0)*#$0;2&$=#S8)!$!0$(;"#3!//#1.)(3)#+;(-#$%R7Z#"&$!()T=#= >%$0;2&$#3%!%#"%(5/*#1"&*#!)#$%R7Z#l()!)2#!"#$%*!".#3!$%#BBIVP#

UUPLLPLLPKKPP0PUXP[#0)*#UKPLLPLLPKKPP0PUXP[#X= R"l()&"#3!$%#iDGUj#!)#$%)0-O= I(!)$"#!)#$%!"#$0".#0;()/4#030;*&*#!+#$%l()!)2#3(;."#"5&""+5//4#!)#$%R7Z#"&$!()#0"#

3&//#K($-=3%8(

-



?#8/(R+(I..&88(=3%&H#.&8(W)(K= I;&60;+K_\#0)*#+K_KL#()#1($%#D:Z#"3!$%&"#$(#1&""#6(;$"#+(;#$%R7Z#"4"$&-#

3%!%#3!//#;5)#!)#9)*Ag("$#D(*&=##U= >%&"())&$!()"#"%(5/*#1)*/&*#!)$(#0#"!)2//(2!0/#())&$!()#,= HZJV#KOO#"%(5/*#1$%)0$!?HZJV#[= R")5-1&;#KLU#()#D:ZK#0)*#)5-1&;#KL,#()#D:ZU#+(;#$%!"#())&$!()#Y=

-



E&.%=-3(J( C3=H=&A(!-D$7%=34(?#8/(*+(!"#88=8(=3=%=#2=\#%=-3(K= J""!2)#6(;$"#1C#3C#5#0)*#7#()#1($%#]01;!#8)$&;())&$"#$(#1Z&;?&;#I(;$"#U= 7%0""!"#"%(5/*#1*!"(?&;&*#3!$%#0)4#/!).#()+!25;0$!()C#15$#"%(5/*#5"//#[#/!)."#3%&)#

+5//4#!)!$!0/!l&*#0)*#5"$%&"$#/(0*A10/0)!)2#6(""!1/%&)#"566(;$&*#14#$%%0""!"#8c#-(*5/&" #

J($-=3%8((?#8/()+(G0IF8(#3A(C$2=3/8(K= 7;&0$HGJV"#0(;*!)2#$(#$%:7U#HGJV#/!"$#3%!%#%0"#1&&)#6;&?!(5"/4#()+!25;&*#()#$%

ZBKA,#0)*#ZBKA[#!)$&;+0&"#U= 7;&0$(;$A%0))&/"#+(;#$%$%&;)&$#56/!).#$;0++!#()#$%R7Z#"4"$&-#

J($-=3%8((?#8/(J+(GEIF8(#3A(C$2=3/8(K= 7;&0$HZJV#KOO#0)*#HZJV#U\\#()#1($%#]01;!#8)$&;())&$"#U= 7()+!25;$%(;$#HZJV"#0(;*!)2#$(#$%$0".#!)#$%Z$(;02"&$!()#,= 7;&0$(;$A%0))&/"#+(;#$%]!1;%0))&/#56/!).#$;0++!#()#$%R7Z#"4"$&-#

J($-=3%8(

-



((

?#8/(K+(9--28(Pool Name Prefix Size

BBIV :7mBBIVmJ ULPLLPLLPUYP

-



?#8/(M+(BF@!(%&D$2#%&(K= J//#?V87"#!)#$%"4"$&-#"%(5/*#1"&*#()#$&-6/0$&"#3%!%#0/304"#56*0$$%"&;?!

6;(+!//"(#0+$&;#0""(!0$!)2#$(#$%Z&;?!I;(+!/U= 7;&0$#?V87#$&-6/0$+(;#D0)02&-&)$#$;0++!=#>%!"#$;0++!#3!//#1"&)*#5)$022&*#+;(-#$%

1/0*&=#D06#$%!"#$;0++!#$(#HGJV#,LK=#9)"5;$%!"#?V87#!"#5"&*#6;!-0;!/4#()#]01;!#JC#15$#3%&)#0//#56/!)."#+0!/C#$%/0*!//#)($#)($!#+0!/(?&;#$(#]01;!#

-



?#8/(T+(E&B=.&(9-H=2&8(K= 7;&0$#)&3#"&;?!(+!/%!%#0)#1&A066/!&*#$(#-5/$!6//0*&"#05$(-0$!0//4#U= Z&$$!)2"#"%(5/*#()/4#1!)!$!0//4#65"%&*#$(#$%Z&;?!I;(+!/,= R"((/#0""!2)-&)$"#+;(-#6;&?!(5"/4#;&0$&*#6((/"#3%&;&?&;#6(""!1/[= 7;&0$,#?V87"=#%!"#6;(+!/"%(5/*#5"/(0/#"$(;02$(#1(($#+;(-=#J($-=3%8(

?#8/(*)+(,#3#4&D&3%(Setting Value

8I#0**;&"" KL=KL=UKL=UUU %&;!"#)(#:(-0!)#7()$;(//&;#!)#$%/01C#15$#0""5-$%&;!"#()

-



,= R"&;"#"%(5/*#1/$(#"&/&$#J$!?:!;&$(;4#05$%&)$!0$!()#3%&)#/(22!)2#!)#$(#$%R7Z#14#5"!)2#$%*;(6*(3)#1(W=#

-

CCIE Data Center Mock Lab Challenge Chapter 22

Copyright by IPexpert. All rights reserved. 1

Chapter 22: Mock Lab Challenge This lab is heavily layer 2, UCS and Storage focused and is designed to be quite challenging in these particular areas. It covers most of the configuration you can do with vPC and FabricPath. The lab is also quite long so allow enough time to do all the setup activities and then still have 8 hours remaining to complete the lab. If you can finish this lab within the allocated time you will know you have good speed!

Just like the real lab, some topics from the CCIE DC Blueprint may be missing from this lab: its important in your preparation that you attempt multiple Mock Labs so that you cover the entire range of topics and are truly the expert the CCIE DC requires you to be.

General Rules

Basic IP addressing, switching configuration and storage has already been pre-configured for you

Troubleshooting is a HUGE part of this practice lab! If you can troubleshoot, during your real exam you will have a much better chance of passing.

The tasks in this lab can be completed but you will need to troubleshoot if you run into problems as there are errors in the initial configuration.

NOTE: Static/default routes are NOT allowed unless otherwise stated in the task

NOTE: Do not create VLANs on devices not specified for those VLANs

Estimated Time to Complete: 8-10 Hours

Pre-setup

This lab is intended to be used with online rack access provided by our partner Proctor Labs (www.proctorlabs.com).

Please log in to your Data Center vRack at ProctorLabs.com A file should be available with this workbook in your eBooks/Download section of your

ipexpert.com login. The file is called InitialConfigLab22.txt. Follow the instructions in this file to load the initial configuration.

-



1.0 Data Center Configuration (32 points)

Note: Ensure you have loaded the initial setup as per the Pre-setup instructions

Task 1.1: Initial Setup (2 Points)

Configure the switches with the following VLANs and be sure to name them as per the table below

-



VLAN Switch Name 110 SW1-1,SW1-2,SW2,SW3 AcmeCorp-Data

120 SW1-1,SW1-2,SW2,SW3 AcmeCorp-Voice

130 SW1-1,SW1-2,SW2,SW3 AcmeCorp-DMZ

210 SW1-1,SW1-2, SW2,SW3 MegaCorp-Data

220 SW1-1,SW1-2, SW2,SW3 MegaCorp-Voice

230 SW1-1,SW1-2, SW2,SW3 MegaCorp-DMZ

500 SW1-1,SW1-2,SW1-3,SW1-4 Spine1

600 SW1-1,SW1-2,SW1-3,SW1-4 Spine2

10 SW1-1,SW1-2,SW1-3, SW1-4,SW2,SW3 NFS

100 SW1-1,SW1-2,SW1-3, SW1-4,SW2,SW3 iSCSI-Network

Task 1.2: L3 Initial configuration (2 Points)

Configure the following L3 Interfaces

VLAN Switch IP Address 100 SW1-3 10.0.100.1/24

10 SW1-4 10.0.10.1/24

110 SW2 10.100.10.1/24

210 SW3 10.200.10.1/24

Task 1.3: vPC Configuration (3 Points)

Configure vPC between SW1-1 and SW1-2 using only the following interfaces for the vPC peer link

-



Switch Interface SW1-1 Eth3/9

SW1-2 Eth3/10

You may use any vPC domain ID you choose. Configure a keepalive mechanism between SW1-1 and SW1-2 using a dedicated L3

interface on each switch as per the table below

Switch Interface SW1-1 Eth3/11

SW1-2 Eth3/12

Use any IP addressing information you desire for this keepalive link, but ensure it is located within its own dedicated VRF. Name the VRF IPExpertVRF

Ensure that in the event of both switches failing, but only one rebooting successfully and turning on successfully that after 240 seconds the switch will restore vPC functionality.

Task 1.4: vPC Configuration (3 Points)

Configure vPC between SW2 and SW3 using a domain ID of your choosing. Use mgmt0 for keepalive mechanism Ensure SW2 is the vPC Primary Use all available links between SW2 and SW3 for the vPC Peer link. Configure a back to back vPC from Sw2 and SW3 to SW1-1 and SW1-2 Ensure that this back to back vPC forms port channels using a negotiation protocol

Task 1.5: FabricPath Configuration (6 Points)

Configure SW1-3 and SW1-4 for fabric path and enable Fabric Path on the interfaces connecting these two switches

-



Configure Fabric Path on SW1-2 and SW1-1, ensuring all F-Line-card ports facing towards SW1-3 and SW1-4 are enabled for fabric path

To make identification of these switches easier, ensure the switches are assigned the following Switch IDs:

Switch Switch-ID SW1-3 130

SW1-4 140

SW1-2 120

SW1-1 110

The following VLANs should be set to FabricPath VLANs

Switch Switch-ID 500 FabricPath

600 FabricPath

100 FabricPath

10 FabricPath

SW1-1 and SW1-2 are the leaf switches in this configuration, configure spanning-tree as

appropriate in such a design bearing in mind that SW1-1 and SW1-2 are vPC Peers and that we want to avoid any STP convergence issues should the vPC primary switch fail (I.E. Both switches should be sending BPDUs)

All areas of FabricPath should be authenticated including Adjacencies and updates using the key CCIEDC-IPEXPERT

-



Task 1.6: FabricPath Traffic Engineering (4 Points)

The E4/19 and E4/11 interface on SW1-3 and SW1-1 respectively is a high-cost link that should not be used if the E4/20 and E4/12 link is available, use traffic engineering to meet this requirement

Ensure that the broadcast traffic tree used by Fabric Path is rooted at SW1-4 switch.

Task 1.7: vPC enhancement configuration (4 Points)

Configure the following ports On SW2 and SW3 to face down towards the Cisco UCS FI, each one will act as a separate uplink and thus should not be configured as a port channel.

Ensure that all ports transition to the forwarding spanning-tree state as quickly as possible as the Cisco UCS will not send any BDPUs

Ensure that SW2 and SW3 never allow their L3 VLAN 110 and VLAN 210 interfaces to go into the down state in the event of a VPC peer link failure.

Ensure that if SW3 was to lose its peer link to SW2 and suspend its vPC member ports that it would also in turn suspend its ports down to the FI so that the FI would know to use fabric A.

Task 1.8: FEX Configuration (3 Points)

After careful consideration of the Pros and Cons of eVPC and standard vPC, you have chosen not to implement eVPC

Configure the FEXs attached to SW2 and SW3 as per the table below

Switch Port VLAN(s) SW2 E1/9 110,120,130,10,100

SW3 E1/9 110,120,130,10,100

SW2 E1/10 210,220,230,10,100

SW3 E1/10 210,220,230,10,100

-



Ensure each FEX has a description, ### FEX 1XX ### where X is the FEX number

Task 1.9: vPC Member Port (3 Points)

Configure a vPC port channel down to the Cisco C-Series Server from port 1/15 on SW2 and SW3. This port channel should use no negotation to bring up this port channel

This Server provides some NFS functionality, so thus should carry the NFS VLAN Only ensuring this VLAN is untagged.

This port should be configured to bypass listening and learning for Spanning-tree as a server port should be.

Task 1.10: Access Ports (3 Points)

Configure port E1/11 on SW2 and SW3 for VLAN 100. Ensure the ports are set to bypass listening/learning Ensure the ports are untagged for this VLAN Ensure all traffic is tagged with a CoS value of 4

Switch Port FEX SW2 Eth1/13 FEX 192

SW3 Eth1/14 FEX 193

-



2.0 Storage Configuration (25 points)

Task 2.1: Initial VSAN Configuration (2 Points)

Configure the following VSAN/VLANs on the respective switches

Task 2.2: Trunking Port Channel (3 Points)

Configure a E SAN-Port Channel Trunk between MDS 1 and SW2 using the table below

Ensure this is a trunking E port Verify this port channel is up and trunking correctly. Hint: (highlight this section to show hint (Can we do that?) You are allowed to make any

changes to the default configuration necessary to bring this port channel up.

Task 2.3: JBOD Configuration (3 Points)

The JBOD Ports have been preconfigured for you

Switch VSAN VLAN MDS1 310 N/A

MDS1 320 N/A

MDS2 410 N/A

MDS2 420 N/A

MDS1 SW2 SAN-Port-Channel-Number Fc1/13 Fc1/31 113

Fc1/14 Fc1/32 114

-



You will be implementing boot from iSCSI for the ACME blade servers, ensure that JBOD 1 is in VSAN 310 for MDS 1 and 410 for MDS2, and JBOD 2 is in VSAN 320 for MDS1 and 420 for MDS2.

Task 2.4: E-Port traffic engineering (4 Points)

Configure two E Ports between MDS 2 and SW3

Configure the above so that port 13 and 31 carry VSAN 410 traffic primarily (with VSAN 420 as backup) and ports 14 and 32 carry VSAN 420 primarily (with VSAN 410 as backup)

Task 2.5: iSCSI implementation (6 Points)

Configure iSCSI on GI1/1 on MDS1 and MDS2 respectively Configure static targets as per the table below

Use the following IP addressing information on Gi1/1 on each switch.

Configure the following iSCSI initiators with system-assigned pWWNs

MDS2 SW3 Fc1/13 Fc1/31

Fc1/14 Fc1/32

VSAN Target PWWN IQN 310 22:00:00:11:c6:a6:24:4c iqn.2013-10.com.ipexpert:vsan310

410 21:00:00:11:c6:a6:24:4c iqn.2013-10.com.ipexpert:vsan410

Switch IP Address MDS1 10.0.100.10/24

MDS2 10.0.100.20/24

-



Task 2.6: FCoE Server Port (4 Points)

Configure an FCoE Connection from N5k1 and N5k2 down to the C Series server connected on port 1/15 on each switch. Keeping in mind the separation of fabrics.

The vFC should be configured in such a way that it does not rely on the port-channel being UP in order for the server to correctly login to the fabric.

This should carry vsan 310 on SW2 and 410 on SW3 respectively.

Task 2.7: Zoning (3 Points)

Based on the IQNs created above, create the following zones on MDS1 and MDS2 using basic zoning, be sure to use the iQN symbolic node names in your zoning.

Configure a zone called VSAN310_Zoneset in VSAN 310 with the following Zones and Members

Zone Name VSAN310_Zone_Blade1

Members WWPN 22:00:00:11:c6:a6:24:4c

IQN iqn.2013-10.com.ipexpert:init1a:3

Configure a zone called VSAN410_Zoneset in VSAN 410 with the following Zones and Members

Zone Name VSAN410_Zone_Blade1

Switch IQN MDS1 iqn.2013-10.com.ipexpert:init1a:3

MDS2 iqn.2013-10.com.ipexpert:init1a:2

-



3.0 UCS Configuration (43 points)

As a cloud services provider, your UCS infrastructure is a common resource between multiple companies, the UCS configuration below is based on the idea that the infrastructure is shared. Keep this in mind with all questions and solutions.

Task 3.1: Uplink/Server port configuration (3 Points)

Configure the following ports as Uplink ports

Switch Port FI-A 9

FI-A 10

FI-B 9

FI-B 10

Configure the following ports as Server ports.

Switch Ports FI-A 1,3,5,7

FI-B 1,3,5,7

Task 3.2: VLAN Configuration (2 Points)

Configure the following VLANs on UCS

VLAN Name 110 AcmeCorp-Data

-



120 AcmeCorp-Voice

130 AcmeCorp-DMZ

210 MegaCorp-Data

220 MegaCorp-Voice

230 MegaCorp-DMZ

10 NFS

100 iSCSI-Network

Task 3.3: Disjoint L2 (5 Points)

In order to keep the network traffic separated for MegaCorp and AcmeCorp, configure a disjoint L2 domain, VLANs 110-130 should travel over the Port 9 uplink on FI-A and FI-B. VLANs 210 230 should travel over Port 10. The NFS and iSCSI networks are a shared resource and thus can travel across both uplinks.

Your junior engineer does not understand the concept of designated receiver and its impact on network traffic, login to the Cisco CLI and run the command to show the designated receiver for VLAN 110. Save this command and its output as a notepad file on your desktop.

Task 3.4: SAN Connectivity (6 Points)

Although SAN Connectivity is not required for initial deployment, MegaCorp have requested you provision the network in preparation for SAN Connectivity in the near future. The ports on the FI are Ports 2/1 and 2/2 and the ports on the MDSs are FC1/9 and FC1/10

Configure the following VSANs and VLANs on Cisco UCS, Where VSAN 310 and 410 are used by the AcmeCorp, and VSANs 410 and 420 are used by MegaCorp.

VSAN Mapped VLAN Fabric 310 310 FI-A

320 320 FI-A

-



410 410 FI-B

420 420 FI-B

The storage uplinks between the FIs should be able to handle multiple VSANs, they should also be configured as a SAN-Port-Channel in order to provide the highest possible bandwidth.

Your junior engineer often has difficulty setting up a SAN Port channel from UCS to other storage devices, this is often because he does not know what configuration Cisco UCS will place onto the SAN Port channel when configured from the GUI, show him the commands required on the UCS CLI to see the configuration applied to your SAN port channels and paste the output into notepad, then save on your desktop.

Task 3.5: Pool Configuration (3 Points)

Two organizations must be created within Cisco UCS, AcmeCorp and MegaCorp, create these two organizations and then assign the following UUID, MAC address, WWPN and WWNN Pools

Organization Pool Type Pool Name Value Size AcmeCorp Mac MAC_POOL 00:25:B5:00:00:00 32

AcmeCorp UUID UUID_POOL Derived (Prefix)

Suffix (000A-000000000001)

32

AcmeCorp IQN IQN_POOL Prefix: iqn.2013-10.com.ipexpert

Block: init1A

Start with: 0

4

AcmeCorp Iscsi Initiator N/A 10.0.100.100-10.0.100.131/24 (GW: 10.0.100.1) (DNS: N/A)

32

-



Task 3.6: Jumbo MTU Support (6 Points)

Both iSCSI and NFS, like FC traffic are crucial bits of storage traffic that should be assigned a class that implements Pause frames and their MTU should be able to reach the maximum allowed on the nexus platform. Assign to Class 4 CoS 4.

The north Nexus 5k Switches from the FI should support this configuration. Continue up the storage network and implement this configuration all the way to MDS1

and MDS2. Our final goal will be to ensure that our iSCSI and NFS vNICs on our server blades are able to connect to the 10.0.100.10 and 10.0.100.20 iSCSI Target Portal IP addresses with an MTU of 9216 with no fragmentation (dont forget about IP overheads, so exact value may not be 9216). You are allowed to make all necessary changes to L3 and L2 MTU configuration.

Task 3.7: vNIC Template (4 Points)

Create a vNIC template for iSCSI and NFS for AcmeCorp Only These templates should not be configured for a method of failover that is transparent to

the operating system: storage traffic should utilize a separate Fabric A/Fabric B configuration.

Name these templates iSCSI-vNIC-A and NFS-vNIC-A for Fabric A, iSCSI-vNIC-B and NFS-vNIC-B for Fabric B.

VLAN 100 should be native VLAN for iSCSI and VLAN 10 is native for NFS These vNICs should support Jumbo MTUs. The Template should be configured in such a way that changes to the template at a later

date are not reflected on vNICs that were created based off the template.

Task 3.8: Description Support (2 Points)

The Physical Server Blade 1 was purchased by AcmeCorp. In order to easily show this fact, ensure the GUI reflects this as per the screenshot below:

-



Task 3.9: Service Profile Configuration (4 Points)

Create a service profile called iSCSIBlade under the AcmeCorp organization using the pools assigned previously

The vNIC templates should be utilized in the creation of the iSCSI NIC as per the table below

vNIC Template iscsi-A iSCSI-vNIC-A

nfs-A NFS-vNIC-A

iscsi-B iSCSI-vNIC-B

nfs-B NFS-vNIC-B

Do not create any vHBAs Ensure your server uses a local disk configuration policy that can only be applied to

servers with enough disks to support RAID 0. Read the below section which relates to boot from SAN and configure the iSCSI overlays

as part of the service profile

Task 3.10: Boot from SAN (5 Points)

Configure two iSCSI overlays to be used for boot from SAN Name the overlays iscsioverlay-A and iscsioverlay-B respectively Create a boot from SAN iSCSI Policy called iSCSI-Boot

-



Assign this boot policy to your service profile and make the necessary iSCSI parameter changes, the destination static target should be iqn.2013-10.com.ipexpert:vsan310 for Fabric A and iqn.2013-10.com.ipexpert:vsan410 for Fabric B

Please note the server will not boot a copy of ESX, you do not have to successfully boot the server into an operating system, just prepare the server so that it will install to a SAN disk and boot from SAN in the future.

Task 3.11: Locale Implementation (3 Points)

Create a Locale called AcmeLocale for AcmeCorp and a Locale Called MegaLocale for MegaCorp

Create an admin user for AcmeCorp called AcmeAdmin and a user for Megacorp called MegaAdmin

Ensure these users only have access to the appropriate locales.

-


1 Copyright 2013 by IPexpert. All rights reserved.

Chapter 21: Mock Lab Challenge 2

Chapter 21: Mock Lab Challenge 2 is the second of 3 mock lab challenges that will test you on all aspects of the CCIE Data Center Blueprint. This first lab will have an equal difficulty level as the actual lab to get you familiar with the set-up and all aspects involved.

We highly recommend creating your own diagram at the beginning of each lab so you are able to draw on your own diagram, making it much easier when you step into the real lab.

Multiple topology drawings are available for this chapter.

General Rules

Try to diagram out the task. Draw your own connections the way you like it Create a checklist to aid as you work thru the lab Take a very close read of the tasks to ensure you dont miss any points during grading! Monitor your time. This is a Mock Lab. Verify how many points you earn in a given time

frame Partial credit is not given. Any task should be completed 100% to receive credit You require a score of 80 out of 100 points to have a passing score

Estimated Time to Complete: < 8 hours

-



Solutions In this chapter we are working on the second of 3 Mock Lab Challenges that this workbook contains. This mock lab challenge will simulate a full CCIE Data Center Lab experience. This first lab has a difficulty level which is similar or a little lower than that of the CCIE Data Center lab. Still this is a tough lab and you will need to work on a lot of different tasks and keep an absolute close eye on the wording of the tasks. Be sure to read the whole task before starting with the configuration or you will be needing to go back and change topics.

The devices have a little configuration loaded on them already to make the initial configuration easier. Be very careful as the configuration might have errors in it that you will be forced to correct. This might cost precious time while doing this mock lab.

When you are progressing through the tasks you will see that there will be small drawings in the text to help you. Pay close attention to the task itself as the text is always leading. The diagram is only there to help you.

Try to measure the time it takes you to finish sections and the whole lab so you get a good understanding on which part you need to study more. You should be able to finish a full scale lab like this in like 6 hours to have enough time to go back and re-read the tasks and your questions. When you are rushing through the tasks you will not always be sharp to answer the question 100% correct. Know that you will not get any partial credit for any task so you need to be absolutely sure that your answer is correct otherwise the points are not given to you.

-



Section 1 Data Center Networking

Task 1: VDC allocations

The first task is about verifying the pre-configuration on the Nexus 7000. It is pre-configured with 4 VDCs which have a port allocation configured. The lab states a certain port allocation which should be properly checked when starting with the lab.

Its a very good practice in checking all the configurations for all the devices you are faced with in the lab. Some might have pre-configuration and some will not.

SW1-1

vdc combined-hostname vdc SW1-1 id 1 limit-resource module-type m1 f1 m1xl allow feature-set fabricpath allocate interface Ethernet3/1,Ethernet3/3,Ethernet3/5,Ethernet3/7,Ethernet3/9 ,Ethernet3/11,Ethernet3/13,Ethernet3/15,Ethernet3/25-32 allocate interface Ethernet4/1-2,Ethernet4/9-12,Ethernet4/25-32 limit-resource vlan minimum 1 maximum 2 limit-resource monitor-session minimum 0 maximum 2 limit-resource monitor-session-erspan-dst minimum 0 maximum 23 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum 768 limit-resource u4route-mem minimum 96 maximum 96 limit-resource u6route-mem minimum 24 maximum 24 limit-resource m4route-mem minimum 58 maximum 58 limit-resource m6route-mem minimum 8 maximum 8 vdc SW1-2 id 2 limit-resource module-type m1 f1 m1xl allocate interface Ethernet3/2,Ethernet3/4,Ethernet3/6,Ethernet3/8,Ethernet3/1 0,Ethernet3/12,Ethernet3/14,Ethernet3/16 allocate interface Ethernet4/3-4,Ethernet4/13-16 boot-order 1 limit-resource vlan minimum 1 maximum 2 limit-resource monitor-session minimum 0 maximum 2 limit-resource monitor-session-erspan-dst minimum 0 maximum 23 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum 768

-



limit-resource u4route-mem minimum 8 maximum 8 limit-resource u6route-mem minimum 4 maximum 4 limit-resource m4route-mem minimum 8 maximum 8 limit-resource m6route-mem minimum 5 maximum 5 vdc SW1-3 id 3 limit-resource module-type m1 f1 m1xl allocate interface Ethernet3/17,Ethernet3/19,Ethernet3/21,Ethernet3/23 allocate interface Ethernet4/5-6,Ethernet4/17-20 boot-order 1 limit-resource vlan minimum 1 maximum 2 limit-resource monitor-session minimum 0 maximum 2 limit-resource monitor-session-erspan-dst minimum 0 maximum 23 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum 768 limit-resource u4route-mem minimum 8 maximum 8 limit-resource u6route-mem minimum 4 maximum 4 limit-resource m4route-mem minimum 8 maximum 8 limit-resource m6route-mem minimum 5 maximum 5 vdc SW1-4 id 4 limit-resource module-type m1 f1 m1xl allocate interface Ethernet3/18,Ethernet3/20,Ethernet3/22,Ethernet3/24 allocate interface Ethernet4/7-8,Ethernet4/21-24 boot-order 1 limit-resource vlan minimum 1 maximum 2 limit-resource monitor-session minimum 0 maximum 2 limit-resource monitor-session-erspan-dst minimum 0 maximum 23 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum 768 limit-resource u4route-mem minimum 8 maximum 8 limit-resource u6route-mem minimum 4 maximum 4 limit-resource m4route-mem minimum 8 maximum 8 limit-resource m6route-mem minimum 5 maximum 5

We see that some things are not properly configured where we could run into serious problems if not fixed. Besides the fact that we loose points.

SW1-1

no vdc combined-hostname vdc SW1-1 id 1 limit-resource vlan minimum 1 maximum 4094

-



vdc SW1-2 id 2 limit-resource vlan minimum 1 maximum 4094 vdc SW1-3 id 3 limit-resource vlan minimum 1 maximum 4094 vdc SW1-4 id 4 limit-resource vlan minimum 1 maximum 4094

We see a combined-hostname command, which means that our switch names will not match our drawings and our tasks. By configuring the NO command, only the VDC name will be used as the hostname for that particular VDC.

Next we also see a very limited resource being allocated to the amount of VLANs that can be created per VDC. This should be changed as we will be configuring much more than 2 VLANs probably. If this would not be changed, we would receive an error message when trying to configure more than 2 VLANs in any given VDC.

We also verify the other (if existing) pre-configurations and we do not see any errors there. Pay close attention to the port allocations of the VDCs.

Task 2: DC 1 VLAN

In this next task we start configuring our VLANs on the locations that we need them to be.

This is not a difficult task, but pay close attention to the numbers, names and which switches you configure them on as you could not only loose this single point. This might result in loosing all the points for this section if its related to a certain VLAN!

SW1-1

SW1-1(config)# vlan 123 SW1-1(config-vlan)# name USERS SW1-1(config-vlan)# vlan 124 SW1-1(config-vlan)# name USERS2 SW1-1(config-vlan)# vlan 125 SW1-1(config-vlan)# name SERVERS SW1-1(config-vlan)# vlan 126 SW1-1(config-vlan)# name SERVERS2

SW1-2

SW1-2(config)# vlan 123 SW1-2(config-vlan)# name USERS SW1-2(config-vlan)# vlan 124 SW1-2(config-vlan)# name USERS2

-



SW1-2(config-vlan)# vlan 125 SW1-2(config-vlan)# name SERVERS SW1-2(config-vlan)# vlan 126 SW1-2(config-vlan)# name SERVERS2

SW2

SW2(config)# vlan 123 SW2(config-vlan)# name USERS SW2(config-vlan)# vlan 124 SW2(config-vlan)# name USERS2 SW2(config-vlan)# vlan 125 SW2(config-vlan)# name SERVERS SW2(config-vlan)# vlan 126 SW2(config-vlan)# name SERVERS2 SW2(config-vlan)# vlan 1011 SW2(config-vlan)# name EIGRP SW2(config-vlan)# vlan 1012 SW2(config-vlan)# name VRRP SW2(config-vlan)# vlan 1111 SW2(config-vlan)# name FCIP

SW3

SW3(config)# vlan 123 SW3(config-vlan)# name USERS SW3(config-vlan)# vlan 124 SW3(config-vlan)# name USERS2 SW3(config-vlan)# vlan 125 SW3(config-vlan)# name SERVERS SW3(config-vlan)# vlan 126 SW3(config-vlan)# name SERVERS2 SW3(config-vlan)# vlan 1011 SW3(config-vlan)# name EIGRP SW3(config-vlan)# vlan 1012 SW3(config-vlan)# name VRRP SW3(config-vlan)# vlan 1111 SW3(config-vlan)# name FCIP

Verify that the VLANs are properly created and that they are in the VLAN database.

-



SW1-1(config)# show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Eth4/1, Eth4/2, Eth4/9, Eth4/10 Eth4/11, Eth4/12, Eth4/25 Eth4/26, Eth4/27, Eth4/28 Eth4/29, Eth4/30, Eth4/31 Eth4/32 123 USERS active 124 USERS2 active 125 SERVERS active 126 SERVERS2 active VLAN Type Vlan-mode ---- ----- ---------- 1 enet CE 123 enet CE 124 enet CE 125 enet CE 126 enet CE

Task 3: Trunk interfaces

Next we configure our trunk link between the 2 Nexus 5000 switches in the topology. Pay attention to only allow the VLANs that are required according to the mock lab VLAN list. Another thing to think about is to enable Spanning-Tree Bridge Assurance.

Lets first configure the trunk connection between the 2 switches.

SW2

SW2(config-if)# int e1/5-6 SW2(config-if-range)# sw mode trunk SW2(config-if-range)# spanning-tree port type network SW2(config-if-range)# sw trunk allowed vlan 123,124,125,126,1011,1012,1111

SW3

SW3(config-if)# int e1/5-6 SW3(config-if-range)# sw mode trunk SW3(config-if-range)# spanning-tree port type network

-



SW3(config-if-range)# sw trunk allowed vlan 123,124,125,126,1011,1012,1111 !Command: show running-config interface Ethernet1/5-6 !Time: Sun Oct 13 12:35:47 2013 version 5.1(3)N1(1) interface Ethernet1/5 switchport mode trunk switchport trunk allowed vlan 123-126,1011-1012,1111 spanning-tree port type network interface Ethernet1/6 switchport mode trunk switchport trunk allowed vlan 123-126,1011-1012,1111 spanning-tree port type network

Next we should make sure that Ethernet1/5 will go into blocking state when this is required by Spanning-Tree calculations. Normally we would fix Spanning-Tree traffic engineering using the cost metric, but in this case we are using multiple connections between the same physical switches. Therefore we need to be using port priority instead of cost.

SW3(config)# show span vlan 123 VLAN0123 Spanning tree enabled protocol rstp Root ID Priority 32891 Address 002a.6a1a.7c41 Cost 2000 Port 133 (Ethernet1/5) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32891 (priority 32768 sys-id-ext 123) Address 002a.6a1f.de81 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Eth1/5 Root FWD 2000 128.133 Network P2p Eth1/6 Altn BLK 2000 128.134 Network P2p

-



By default the lower priority is better, therefore in this case Ethernet1/5 would always win the election and Ethernet1/6 will be blocking traffic.

SW3

SW3(config)# SW3(config)# int e1/5 SW3(config-if)# spanning-tree vlan 1-4094 port-priority ? Port priority in increments of 32 SW3(config-if)# spanning-tree vlan 1-4094 port-priority 200 ERROR: % Port Priority in increments of 32 is required Allowed values are: 0 32 64 96 128 160 192 224 SW3(config-if)# spanning-tree vlan 1-4094 port-priority 192

SW2

SW2(config)# int e1/5 SW2(config-if)# spanning-tree vlan 1-4094 port-priority 192

Just like with the Spanning-Tree priority the port-priority needs to be configured in certain increments. In this case its increments of 32. Therefore we configure our port priority to be higher, meaning to make Ethernet1/6 more interesting in the election.

SW3(config-if)# show span vlan 123 VLAN0123 Spanning tree enabled protocol rstp Root ID Priority 32891 Address 002a.6a1a.7c41 Cost 2000 Port 134 (Ethernet1/6) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32891 (priority 32768 sys-id-ext 123) Address 002a.6a1f.de81 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type

-



---------------- ---- --- --------- -------- -------------------------------- Eth1/5 Altn BLK 2000 192.133 Network P2p Eth1/6 Root FWD 2000 128.134 Network P2p

After a link flap, the new port is now elected to be the new forwarding port and Ethernet1/5 is now blocking traffic.

Finally we should enable Jumbo frames in our configuration. This is enabled using the global QoS policy configuration.

By default the normal QoS policy is applied to the Nexus 5000 switches. When we enable the FCoE features it will activate the FCoE QoS configuration. So because we will be using the FCoE features later on, we will already enable it here in our configuration.

First take a look at the default policy-map for network-qos. We can then copy and paste that configuration to ensure we are using a consistent configuration.

SW3# show policy-map type network-qos Type network-qos policy-maps =============================== policy-map type network-qos default-nq-policy class type network-qos class-default mtu 1500 multicast-optimize policy-map type network-qos fcoe-default-nq-policy class type network-qos class-fcoe pause no-drop mtu 2158 class type network-qos class-default mtu 1500 multicast-optimize

-



We will be using the FCoE policy to create our own policy as we are not able to change the default policies.

SW2

SW2(config)# policy-map type network-qos FCOE-JUMBO SW2(config-pmap-nq)# class type network-qos class-fcoe SW2(config-pmap-nq-c)# mtu 2158 SW2(config-pmap-nq-c)# pause no-drop SW2(config-pmap-nq-c)# class type network-qos class-default SW2(config-pmap-nq-c)# multicast-optimize SW2(config-pmap-nq-c)# mtu ? MTU value SW2(config-pmap-nq-c)# mtu 9216 SW2(config-pmap-nq-c)# exit SW2(config-pmap-nq)# exit SW2(config)# system qos SW2(config-sys-qos)# service-policy type network-qos FCOE-JUMBO SW2(config-sys-qos)# exit

SW3

SW3(config)# policy-map type network-qos FCOE-JUMBO SW3(config-pmap-nq)# class type network-qos class-fcoe SW3(config-pmap-nq-c)# mtu 2158 SW3(config-pmap-nq-c)# pause no-drop SW3(config-pmap-nq-c)# class type network-qos class-default SW3(config-pmap-nq-c)# multicast-optimize SW3(config-pmap-nq-c)# mtu 9216 SW3(config-pmap-nq-c)# exit SW3(config-pmap-nq)# exit SW3(config)# system qos SW3(config-sys-qos)# service-policy type network-qos FCOE-JUMBO SW3(config-sys-qos)# exit

On the Nexus 5000 platform its not possible to configure MTU directly under the interfaces.

After applying the new policy to the system qos section we see the MTU is now set.

SW3(config)# show policy-map system type network-qos

-



Type network-qos policy-maps =============================== policy-map type network-qos FCOE-JUMBO class type network-qos class-fcoe match qos-group 1 pause no-drop mtu 2158 class type network-qos class-default match qos-group 0 mtu 9216 multicast-optimize SW3(config)#

Task 4: Routing

Next a bit more complicated task is our next configuration. The routing features will be used a lot and we will see different subjects being tested in this single task.

We will first focus on the IP addressing in this lab. It is very easy to miss a different subnetmask for example. In your lab everything works, but the task is wrong, because you did not comply to the rules of the task.

Next the OSPF protocol will be configured and finally the EIGRP protocol where we will need to configured some redistribution as well.

First the IP addressing. Its a lot of typing and again pay attention to the subnet masks!

SW1-1

SW1-1(config)# int e3/9 SW1-1(config-if)# no sw SW1-1(config-if)# ip add 198.18.12.1/25 SW1-1(config-if)# no shut SW1-1(config-if)# int e3/11 SW1-1(config-if)# ip add 198.18.21.1/24 SW1-1(config-if)# no shut SW1-1(config-if)# int e3/5 SW1-1(config-if)# ip add 198.19.13.1/30 SW1-1(config-if)# no shut SW1-1(config-if)# int e3/1

-



SW1-1(config-if)# ip add 198.19.12.1/26 SW1-1(config-if)# no shut

SW1-2

SW1-2(config)# int e3/10 SW1-2(config-if)# ip add 198.18.12.2/25 SW1-2(config-if)# no shut SW1-2(config-if)# int e3/12 SW1-2(config-if)# ip add 198.18.21.2/24 SW1-2(config-if)# no shut SW1-2(config-if)# int e3/2 SW1-2(config-if)# ip add 198.19.22.1/30 SW1-2(config-if)# no shut SW1-2(config-if)# int e3/6 SW1-2(config-if)# ip add 198.19.223.1/30 SW1-2(config-if)# no shut SW1-2(config-if)#

SW2

SW2(config)# int e1/1 SW2(config-if)# no sw SW2(config-if)# ip add 198.19.12.2/26 SW2(config-if)# no shut SW2(config-if)# int e1/2 SW2(config-if)# no sw SW2(config-if)# ip add 198.19.22.2/30 SW2(config-if)# no shut SW2(config-if)# feature interface-vlan SW2(config)# int vlan 1011 SW2(config-if)# ip add 198.19.23.1/24 SW2(config-if)# no shut SW2(config-if)#

SW3

SW3(config)# int e1/1 SW3(config-if)# no sw SW3(config-if)# ip add 198.19.13.2/30 SW3(config-if)# no shut SW3(config-if)# int e1/2

-



SW3(config-if)# no sw SW3(config-if)# ip add 198.19.23.2/30 SW3(config-if)# no shut SW3(config-if)# feature interface-vlan SW3(config-if)# int vlan 1011 SW3(config-if)# ip add 198.19.223.2/24 SW3(config-if)# no shutdown

After configuring the IP addresses on all of the interfaces we need to configure the OSPF network. In this case we need to assign a correct network type to the correct network interfaces. This means that we need to assign a point-to-point network type on the /30 links and a broadcast network type on the other links. There we need to make sure the highest numbered switch will receive the higher OSPF DR priority setting.

SW1-1

SW1-1(config)# feature ospf SW1-1(config)# router ospf 1 SW1-1(config-router)# int e3/9 SW1-1(config-if)# ip router ospf 1 area 0 SW1-1(config-if)# int e3/11 SW1-1(config-if)# ip router ospf 1 area 0 SW1-1(config-if)# int e3/1 SW1-1(config-if)# ip router ospf 1 area 0 SW1-1(config-if)# int e3/5 SW1-1(config-if)# ip router ospf 1 area 0 SW1-1(config-if)# ip ospf network point-to-point SW1-1(config-if)#

SW1-2

SW1-2(config)# feature ospf SW1-2(config)# router ospf 1 SW1-2(config-router)# exit SW1-2(config)# int e3/10 SW1-2(config-if)# ip router ospf 1 area 0 SW1-2(config-if)# ip ospf priority 200 SW1-2(config-if)# int e3/12 SW1-2(config-if)# ip router ospf 1 area 0 SW1-2(config-if)# ip ospf priority 200 SW1-2(config-if)# int e3/2 SW1-2(config-if)# ip router ospf 1 area 0

-



SW1-2(config-if)# ip ospf network point-to-point SW1-2(config-if)# int e3/6 SW1-2(config-if)# ip router ospf 1 area 0 SW1-2(config-if)# ip ospf network point-to-point SW1-2(config-if)#

SW2

SW2(config-if)# feature ospf SW2(config)# router ospf 1 SW2(config-router)# SW2(config-router)# SW2(config-router)# exit SW2(config)# int e1/1 SW2(config-if)# ip ospf prio 200 SW2(config-if)# ip router ospf 1 area 0 SW2(config-if)# int e1/2 SW2(config-if)# ip router ospf 1 area 0 SW2(config-if)# ip ospf network point-to-point SW2(config-if)#

SW3

SW3(config-if)# feature ospf SW3(config)# SW3(config)# SW3(config)# router ospf 1 SW3(config-router)# int e1/1 SW3(config-if)# ip ospf network point-to-point SW3(config-if)# ip router ospf 1 area 0 SW3(config-if)# int e1/2 SW3(config-if)# ip ospf network point-to-point SW3(config-if)# ip router ospf 1 area 0 SW3(config-if)#

Next we check if all OSPF adjacencies are up and if the right devices became the DR routers.

SW1-1(config-if)# sh ip ospf nei OSPF Process ID 1 VRF default Total number of neighbors: 4 Neighbor ID Pri State Up Time Address Interface 198.19.12.2 200 FULL/BDR 00:10:35 198.19.12.2 Eth3/1

-



198.19.13.2 1 FULL/ - 00:01:17 198.19.13.2 Eth3/5 198.18.12.2 200 FULL/DR 00:12:17 198.18.12.2 Eth3/9 198.18.12.2 200 FULL/DR 00:12:17 198.18.21.2 Eth3/11 SW1-2(config-if-range)# sh ip ospf nei OSPF Process ID 1 VRF default Total number of neighbors: 4 Neighbor ID Pri State Up Time Address Interface 198.19.12.2 1 FULL/ - 00:08:36 198.19.22.2 Eth3/2 198.19.13.2 1 FULL/ - 00:07:44 198.19.23.2 Eth3/6 198.18.12.1 1 FULL/BDR 00:10:26 198.18.12.1 Eth3/10 198.18.12.1 1 FULL/BDR 00:10:26 198.18.21.1 Eth3/12 SW2(config-if)# sh ip ospf nei OSPF Process ID 1 VRF default Total number of neighbors: 2 Neighbor ID Pri State Up Time Address Interface 198.18.12.1 1 FULL/DR 00:08:39 198.19.12.1 Eth1/1 198.18.12.2 1 FULL/ - 00:08:32 198.19.22.1 Eth1/2 OSPF Process ID 1 VRF default Total number of neighbors: 2 Neighbor ID Pri State Up Time Address Interface 198.18.12.1 1 FULL/ - 00:01:43 198.19.13.1 Eth1/1 198.18.12.2 1 FULL/ - 00:10:01 198.19.23.1 Eth1/2

Next we configure our Loopback interfaces and advertise them into OSPF.

SW1-1

SW1-1(config-if)# int lo0 SW1-1(config-if)# ip add 198.18.0.1/32 SW1-1(config-if)# ip router ospf 1 area 0 SW1-1(config-if)#

SW1-2

SW1-2(config)# int lo0 SW1-2(config-if)# ip add 198.18.0.12/32 SW1-2(config-if)# ip router ospf 1 area 0 SW1-2(config-if)#

-



SW2

SW2(config-if)# int lo0 SW2(config-if)# ip add 198.18.0.2/32 SW2(config-if)# ip router ospf 1 area 0

SW3

SW3(config-if)# int lo0 SW3(config-if)# ip add 198.18.0.3/32 SW3(config-if)# ip router ospf 1 area 0

We verify that the new Loopback addresses are injected into OSPF. SW3(config-if)# sh ip route ospf IP Route Table for VRF "default" '*' denotes best ucast next-hop '**' denotes best mcast next-hop '[x/y]' denotes [preference/metric] 198.18.0.11/32, ubest/mbest: 1/0 *via 198.19.13.1, Eth1/1, [110/5], 00:18:14, ospf-1, intra 198.18.0.2/32, ubest/mbest: 2/0 *via 198.19.13.1, Eth1/1, [110/9], 00:18:14, ospf-1, intra *via 198.19.23.1, Eth1/2, [110/9], 00:18:19, ospf-1, intra 198.18.0.12/32, ubest/mbest: 1/0 *via 198.19.23.1, Eth1/2, [110/5], 00:18:19, ospf-1, intra 198.18.12.0/25, ubest/mbest: 2/0 *via 198.19.13.1, Eth1/1, [110/8], 00:18:14, ospf-1, intra *via 198.19.23.1, Eth1/2, [110/8], 00:18:19, ospf-1, intra 198.18.21.0/24, ubest/mbest: 2/0 *via 198.19.13.1, Eth1/1, [110/8], 00:18:14, ospf-1, intra *via 198.19.23.1, Eth1/2, [110/8], 00:18:19, ospf-1, intra 198.19.12.0/26, ubest/mbest: 1/0 *via 198.19.13.1, Eth1/1, [110/8], 00:18:14, ospf-1, intra 198.19.22.0/30, ubest/mbest: 1/0 *via 198.19.23.1, Eth1/2, [110/8], 00:18:19, ospf-1, intra SW3(config-if)#

-



The final question of our routing task is to configure another routing protocol between SW2 and SW3.

SW3

SW3(config-if)# feature eigrp SW3(config)# router eigrp 1 SW3(config-router)# int vlan 1011 SW3(config-if)# ip router eigrp 1

SW2

SW2(config)# feature eigrp SW2(config)# router eigrp 1 SW2(config-router)# int vlan 1011 SW2(config-if)# ip router eigrp 1 SW2(config-if)#

After establishing the adjacency between the 2 switches we will configure our redistribution which is what we need to finalize the routing task. To ensure we offer redundancy we need to make sure that all routes of both protocols are available at any time. Now fortunately due to the nature of the EIGRP protocol we do not need to worry about routing loops.

SW2

SW2(config-if)# route-map PERMIT permit 10 SW2(config-route-map)# exit SW2(config)# router eigrp 1 SW2(config-router)# redistribute ospf 1 route-map PERMIT SW2(config-router)# router ospf 1 SW2(config-router)# redistribute eigrp 1 route-map PERMIT SW2(config-router)# exit SW2(config-route-map)# router eigrp 1 SW2(config-router)# redistribute direct route-map PERMIT SW2(config-router)#

SW3

SW3(config-if)# route-map PERMIT permit 10 SW3(config-route-map)# exit SW3(config)# router eigrp 1 SW3(config-router)# redistribute ospf 1 route-map PERMIT SW3(config-router)# router ospf 1 SW3(config-router)# redistribute eigrp 1 route-map PERMIT

-



SW3(config-router)# exit SW2(config-route-map)# router eigrp 1 SW2(config-router)# redistribute direct route-map PERMIT SW2(config-router)#

What we do need to take care for is that the direct routes (in this case the Loopback address) needs to be advertised as well in case of a failure. Therefore besides advertising possible OSPF links, we need to advertise the direct links and we receive EIGRP routes for all OSPF destinations. Therefore we have a correct working network again in case of a double failure.

SW2(config-if-range)# sh ip route eigrp IP Route Table for VRF "default" '*' denotes best ucast next-hop '**' denotes best mcast next-hop '[x/y]' denotes [preference/metric] 198.18.0.1/32, ubest/mbest: 1/0 *via 198.19.223.2, Vlan1011, [170/51456], 00:00:11, eigrp-1, external 198.18.0.12/32, ubest/mbest: 1/0 *via 198.19.223.2, Vlan1011, [170/51456], 00:00:11, eigrp-1, external 198.18.12.0/25, ubest/mbest: 1/0 *via 198.19.223.2, Vlan1011, [170/51456], 00:00:11, eigrp-1, external 198.18.21.0/24, ubest/mbest: 1/0 *via 198.19.223.2, Vlan1011, [170/51456], 00:00:11, eigrp-1, external SW3(config-router)# sh ip route eigrp IP Route Table for VRF "default" '*' denotes best ucast next-hop '**' denotes best mcast next-hop '[x/y]' denotes [preference/metric] 198.18.0.2/32, ubest/mbest: 1/0 *via 198.19.223.1, Vlan1011, [170/51456], 00:00:02, eigrp-1, external SW3(config-router)#

-



Task 5: vPC

Next we will start configuring the Virtual Port-Channel feature. This feature is always complicated to configure where we really need to focus on the order of operation in how we enable the feature on the Nexus switches.

SW2

SW2(config-router)# feature vpc SW2(config)# SW2(config)# SW2(config)# vpc domain 5 SW2(config-vpc-domain)# peer-keepalive destination 198.18.0.3 source 198.18.0.2 vrf default SW2(config-vpc-domain)# role priority 255 Warning: !!:: vPCs will be flapped on current primary vPC switch while attempting role change ::!! Note: --------:: Change will take effect after user has re-initd the vPC peer-link ::-------- SW2(config-vpc-domain)# sys system-mac system-priority SW2(config-vpc-domain)# system-priority 100 SW2(config-vpc-domain)# system-mac 12:34:56:78:ab:cd SW2(config-vpc-domain)# auto-recovery ? reload-delay Duration to wait after reload to recovery vPCs SW2(config-vpc-domain)# auto-recovery reload-delay ? Time-out for restoring vPC links (in seconds) SW2(config-vpc-domain)# auto-recovery reload-delay 300 Warning: Enables restoring of vPCs in a peer-detached state after reload, will wait for 240 seconds (by default) to determine if peer is un-reachable SW2(config-vpc-domain)#

SW3

SW3(config)# feature vpc

-



SW3(config)# vpc domain 5 SW3(config-vpc-domain)# peer-keepalive destination 198.18.0.2 source 198.18.0.3 vrf default SW3(config-vpc-domain)# system-priority 100 SW3(config-vpc-domain)# system-mac 12:34:56:78:ab:cd SW3(config-vpc-domain)# auto-recovery reload-delay 300 SW3(config-vpc-domain)#

Now we configured the basic parameters for the VPC feature and we verify that the peer-keepalive which we configured is operational.

SW2(config-vpc-domain)# sh vpc Legend: (*) - local vPC is down, forwarding via vPC peer-link vPC domain id : 5 Peer status : peer link not configured vPC keep-alive status : peer is alive Configuration consistency status: failed Per-vlan consistency status : failed Configuration consistency reason: vPC peer-link does not exist Type-2 consistency status : failed Type-2 consistency reason : vPC peer-link does not exist vPC role : none established Number of vPCs configured : 0 Peer Gateway : Disabled Dual-active excluded VLANs : - Graceful Consistency Check : Disabled (due to peer configuration)

Next we configure the VPC peer-link.

SW3

SW3(config-vpc-domain)# int e1/6 SW3(config-if)# channel-gr 6 mode on SW3(config-if)# int po6 SW3(config-if)# sw mode trunk SW3(config-if)# vpc peer-link Please note that spanning tree port type is changed to "network" port type on vPC peer-link. This will enable spanning tree Bridge Assurance on vPC peer-link provided the STP Bridge Assurance (which is enabled by default) is not disabled.

-



SW3(config-if)#

SW2

SW2(config-vpc-domain)# int e1/6 SW2(config-if)# channel-gr 6 mode on SW2(config-if)# int po6 SW2(config-if)# sw mode trunk SW2(config-if)# vpc peer-link

We verify the vPC peer-link

SW2(config-if)# show vpc Legend: (*) - local vPC is down, forwarding via vPC peer-link vPC domain id : 5 Peer status : peer adjacency formed ok vPC keep-alive status : peer is alive Configuration consistency status: success Per-vlan consistency status : success Type-2 consistency status : success vPC role : primary Number of vPCs configured : 0 Peer Gateway : Disabled Dual-active excluded VLANs : - Graceful Consistency Check : Enabled vPC Peer-link status --------------------------------------------------------------------- id Port Status Active vlans -- ---- ------ -------------------------------------------------- 1 Po6 up 1,1011 SW2(config-if)#

Everything seems operational!

Next we can start configuring the VPCs themselves.

SW2

SW2(config-if)# feature lacp SW2(config)# int e1/15

-



SW2(config-if)# channel-gr 15 mode active SW2(config-if)# int po15 SW2(config-if)# sw mode trunk SW2(config-if)# span port type edge trunk Warning: Edge port type (portfast) should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when edge port type (portfast) is enabled, can cause temporary bridging loops. Use with CAUTION SW2(config-if)# vpc 15

SW3

SW3(config-if)# feature lacp SW3(config)# int e1/15 SW3(config-if)# channel-gr 15 mode activ SW3(config-if)# int po15 SW3(config-if)# sw mode trunk SW3(config-if)# span port type edge trunk Warning: Edge port type (portfast) should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when edge port type (portfast) is enabled, can cause temporary bridging loops. Use with CAUTION SW3(config-if)# vpc 15

After configuring the vPC interfaces the vPC should come online when the access port is correctly configured.

Finally we verify that our other vPC settings are correct, like the role assignments and the LACP MAC addresses, etc.

SW2(config-if)# show vpc role vPC Role status ---------------------------------------------------- vPC role : primary Dual Active Detection Status : 0 vPC system-mac : 12:34:56:78:ab:cd

-



vPC system-priority : 100 vPC local system-mac : 54:7f:ee:c2:7d:01 vPC local role-priority : 255 SW2(config-if)#

Task 6: FEX

Next we will start configuring our Fabric Extender task. This task is about enabling the Nexus 2200 switches that we have connected to our Nexus 5000 switches.

We need to make sure that they are connected to both of the Nexus 5000 switches, which means we are going to connect them using a VPC configuration.

Pay attention to the numbering of the FEX as this is crucial during your lab.

SW2

SW2(config-if)# feature fex SW2(config)# int e1/13 SW2(config-if)# channel-gr 13 mode on SW2(config-if)# int po13 SW2(config-if)# sw mode fex SW2(config-if)# fex asso 105 SW2(config-if)# vpc 13 SW2(config-if)# SW2(config-if)# int e1/14 SW2(config-if)# channel-gr 14 mode on SW2(config-if)# int po14 SW2(config-if)# sw mode fex SW2(config-if)# fex asso 106 SW2(config-if)# vpc 14

SW3

SW3(config-if)# feature fex SW3(config)# int e1/13 SW3(config-if)# channel-gr 13 mode on SW3(config-if)# int po13 SW3(config-if)# sw mode fex SW3(config-if)# fex asso 105 SW3(config-if)# vpc 13 SW3(config-if)# SW3(config-if)# int e1/14 SW3(config-if)# channel-gr 14 mode on

-



SW3(config-if)# int po14 SW3(config-if)# sw mode fex SW3(config-if)# fex asso 106 SW3(config-if)# vpc 14

After configuring our VPC based FEX set-up we see that our FEXes are coming online and we configured them using a vPC where they also got the correct number. SW2(config-if)# show fex FEX FEX FEX FEX Number Description State Model Serial ------------------------------------------------------------------------ 105 FEX0105 Online N2K-C2248TP-1GE SSI14310218 106 FEX0106 Online N2K-C2248TP-1GE SSI142916SP SW2(config-if)# show int fex-fabric Fabric Fabric Fex FEX Fex Port Port State Uplink Model Serial --------------------------------------------------------------- 105 Eth1/13 Active 1 N2K-C2248TP-1GE SSI14310218 106 Eth1/14 Active 1 N2K-C2248TP-1GE SSI142916SP SW2(config-if)# show vpc Legend: (*) - local vPC is down, forwarding via vPC peer-link vPC domain id : 5 Peer status : peer adjacency formed ok vPC keep-alive status : peer is alive Configuration consistency status: success Per-vlan consistency status : success Type-2 consistency status : success vPC role : primary Number of vPCs configured : 99 Peer Gateway : Disabled Dual-active excluded VLANs : - Graceful Consistency Check : Enabled vPC Peer-link status --------------------------------------------------------------------- id Port Status Active vlans -- ---- ------ --------------------------------------------------

-



1 Po6 up 1,1011 vPC status ---------------------------------------------------------------------------- id Port Status Consistency Reason Active vlans ------ ----------- ------ ----------- -------------------------- ----------- 13 Po13 up success success - 14 Po14 up success success - 15 Po15 up success success - 106496 Eth105/1/1 up success success 1

This whole process might take a while, so please be patient when configuring vPC with FEXes. It might take up to 10 minutes for the whole switch to be discovered, not incorporating a possible software upfes

Next we will make use of the FEXes by configuring another port-channel down to a connecting router. This means we will be configuring an EvPC.

SW2

SW2(config-if)# int e105/1/1 SW2(config-if)# channel-gr 100 mode active SW2(config-if)# int e106/1/1 SW2(config-if)# channel-gr 100 mode active SW2(config-if)# int po100 SW2(config-if)# sw mode trunk SW2(config-if)# span port type edge trunk Warning: Edge port type (portfast) should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when edge port type (portfast) is enabled, can cause temporary bridging loops. Use with CAUTION SW2(config-if)# sw trunk allowed vlan 125-126 SW2(config-if)# no shut

SW3

SW3(config-if)# int e105/1/1 SW3(config-if)# channel-gr 100 mode active

-



SW3(config-if)# int e106/1/1 SW3(config-if)# channel-gr 100 mode active SW3(config-if)# int po100 SW3(config-if)# sw mode trunk SW3(config-if)# span port type edge trunk Warning: Edge port type (portfast) should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when edge port type (portfast) is enabled, can cause temporary bridging loops. Use with CAUTION SW3(config-if)# sw trunk allowed vlan 125-126 SW3(config-if)# no shut

Finally we verify the EvPC configuration by checking if the vPC is reported up on both of the vPC peers. SW3(config-if)# sh vpc Legend: (*) - local vPC is down, forwarding via vPC peer-link vPC domain id : 5 Peer status : peer adjacency formed ok vPC keep-alive status : peer is alive Configuration consistency status: success Per-vlan consistency status : success Type-2 consistency status : success vPC role : secondary Number of vPCs configured : 100 Peer Gateway : Disabled Dual-active excluded VLANs : - Graceful Consistency Check : Enabled vPC Peer-link status --------------------------------------------------------------------- id Port Status Active vlans -- ---- ------ -------------------------------------------------- 1 Po6 up 1,1011 vPC status

-



---------------------------------------------------------------------------- id Port Status Consistency Reason Active vlans ------ ----------- ------ ----------- -------------------------- ----------- 13 Po13 up success success - 14 Po14 up success success - 262243 Po100 up success success -

Task 8: First Hop Redundancy

Next task is to configure some FHRP protocols. Which means we need to ensure Layer 3 redundancy for layer 2 hosts.

This means that we will be configuring protocols like HSRP and VRRP. The first task states that we should configure a First Hop Redundancy mechanism for VLAN 1012. IP addressing for this VLAN is not configured yet and will first need to be done.

We are using a standards based FHRP which means we are going to use VRRP.

SW2

SW2(config)# feature vrrp SW2(config)# int vlan 1012 SW2(config-if)# ip add 172.22.12.1/24 SW2(config-if)# vrrp 1 SW2(config-if-vrrp)# address 172.22.12.254 SW2(config-if-vrrp)# no shut SW2(config-if-vrrp)# exit SW2(config-if)# no shut SW2(config-if)#

SW3

SW3(config)# feature vrrp SW3(config)# int vlan 1012 SW3(config-if)# ip add 172.22.12.2/24 SW3(config-if)# vrrp 1 SW3(config-if-vrrp)# address 172.22.12.254 SW3(config-if-vrrp)# no shut SW3(config-if-vrrp)# exit SW3(config-if)# no shut

-



SW3(config-if)#

we configured the VRRP protocol using the defaults. Before configuring the tweaks that we need to do, we first configure the HSRP protocol for VLAN 125.

SW2

SW2(config-if)# feature hsrp SW2(config-if)# int vlan 125 SW2(config-if)# ip add 172.22.125.2/24 SW2(config-if)# hsrp 1 SW2(config-if-hsrp)# ip 172.22.125.1 SW2(config-if-hsrp)# no shut SW2(config-if)# no shut SW2(config-if)#

SW3

SW3(config-if)# feature hsrp SW3(config)# int vlan 125 SW3(config-if)# ip add 172.22.125.3/24 SW3(config-if)# hsrp 1 SW3(config-if-hsrp)# ip 172.22.125.1 SW3(config-if-hsrp)# no shut SW3(config-if)# no shut SW3(config-if)#

Then we verify that the switches have reachability to each other across these 2 VLANs to ensure the FHRP protocols are working.

SW2(config-if)# sh vrrp Interface VR IpVersion Pri Time Pre State VR IP addr --------------------------------------------------------------- Vlan1012 1 IPV4 100 1 s Y Master 172.22.12.254 SW2(config-if)# sh hsrp brie P indicates configured to preempt. | Interface Grp Prio P State Active addr Standby addr Group addr Vlan125 1 100 Standby 172.22.125.3 local 172.22.125.1 (conf) SW2(config-if)# SW3(config-if)# show vrrp

-



Interface VR IpVersion Pri Time Pre State VR IP addr --------------------------------------------------------------- Vlan1012 1 IPV4 100 1 s Y Backup 172.22.12.254 SW3(config-if)# show hsrp brie P indicates configured to preempt. | Interface Grp Prio P State Active addr Standby addr Group addr Vlan125 1 100 Active local 172.22.125.2 172.22.125.1 (conf) SW3(config-if)#

We see that a master and a standby router is elected for both protocols, meaning our configurations work!

Next we need to make sure that SW2 is the primary gateway for VLAN 1012 and SW3 is the gateway for VLAN 125. Funny enough this is already the case by default, but of course we need to make sure of this by configuring priority values.

SW2

SW2(config-if)# int vlan 1012 SW2(config-if)# vrrp 1 SW2(config-if-vrrp)# priority 120 SW2(config-if-vrrp)#

SW3

SW3(config-if)# int vlan 125 SW3(config-if)# hsrp 1 SW3(config-if-hsrp)# prio 120 SW3(config-if-hsrp)#

After applying the configuration we see that the priority values are correctly applied to both the FHRP protocols.

SW2(config-if-vrrp)# show vrrp Interface VR IpVersion Pri Time Pre State VR IP addr --------------------------------------------------------------- Vlan1012 1 IPV4 110 1 s Y Master 172.22.12.254 SW2(config-if-vrrp)# show hsrp brie P indicates configured to preempt. | Interface Grp Prio P State Active addr Standby addr Group addr

-



Vlan125 1 100 Standby 172.22.125.3 local 172.22.125.1 (conf) SW2(config-if-vrrp)# SW3(config-if-hsrp)# show vrrp Interface VR IpVersion Pri Time Pre State VR IP addr --------------------------------------------------------------- Vlan1012 1 IPV4 100 1 s Y Backup 172.22.12.254 SW3(config-if-hsrp)# show hsrp brie P indicates configured to preempt. | Interface Grp Prio P State Active addr Standby addr Group addr Vlan125 1 125 Active local 172.22.125.2 172.22.125.1 (conf) SW3(config-if-hsrp)#

Next we need to tweak the reasons why the HSRP configuration should fail-over. Well before we configure our tracking groups to monitor the OSPF uplinks, we need to make sure that the other switch will take over the primary role when a switch is still online. This means using the HSRP pre-empt feature.

SW2

SW2(config-if)# int vlan 125 SW2(config-if)# hsrp 1 SW2(config-if-hsrp)# preempt SW2(config-if-hsrp)#

SW3

SW3(config-if-hsrp)# int vlan 125 SW3(config-if)# hsrp 1 SW3(config-if-hsrp)# preempt SW3(config-if-hsrp)#

-



Next we start configuring our tracking objects. Iniitially we need to make sure that SW2 will not forward traffic related to vPC interfaces. This is done by using a special priority value, called the forwarding threshold.

SW3

SW3(config-if-hsrp)# int vlan 125 SW3(config-if)# hsrp 1 SW3(config-if-hsrp)# prio 120 forwarding-threshold lower 106 ? upper Set upper threshold value SW3(config-if-hsrp)# prio 120 forwarding-threshold lower 106 upper ? Upper threshold value SW3(config-if-hsrp)# prio 120 forwarding-threshold lower 106 upper 110 SW3(config-if-hsrp)# exit SW3(config-if)# track 1 interface ethernet1/1 ? *** No matching command found in current mode, matching in (config) mode *** . Sub interface separator ip IPv4 parameters line-protocol Track interface line-protocol SW3(config-if)# track 1 interface ethernet1/1 line-protocol ? *** No matching command found in current mode, matching in (config) mode *** SW3(config-if)# track 1 interface ethernet1/1 line-protocol SW3(config-track)# exit SW3(config)# track 2 interface ethernet1/2 line-protocol SW3(config-track)# exit SW3(config)# int vlan 125 SW3(config-if)# hsrp 1 SW3(config-if-hsrp)# track 1 ? decrement Decrements when tracked object goes down SW3(config-if-hsrp)# track 1 decrement 15 SW3(config-if-hsrp)# track 2 decrement 15 SW3(config-if-hsrp)#

-



What happens with this configuration is that when one of the OSPF uplinks fails, the priority value will be lowered with 15. This means that our priority value will be lowered from 120 to 105. This is lower than the forwarding-threshold describes and therefore the switch will no longer respond to Layer 3 requests on the HSRP virtual MAC.

When the second uplink fails, the priority falls to 90, which is lower than the next best router in the network. This router will take over the primary role.

The final question of this task is to take down a HSRP adjacency when no hello packets are received for 750ms. This means we need to configure subsecond hello intervals. On the Nexus 7000 we would have the option for BFD, but this in unsupported on the Nexus 5000.

SW3

SW3(config)# int vlan 125 SW3(config-if)# hsrp 1 SW3(config-if-hsrp)# timers ? Hello interval in seconds msec Specify hello interval in milliseconds SW3(config-if-hsrp)# timers msec ? Hello interval in milliseconds SW3(config-if-hsrp)# timers msec 250 ? Hold time in seconds msec Specify hold interval in milliseconds SW3(config-if-hsrp)# timers msec 250 msec ? Hold interval in milliseconds SW3(config-if-hsrp)# timers msec 250 msec 750 SW3(config-if-hsrp)#

SW2

SW2(config)# int vlan 125 SW2(config-if)# hsrp 1 SW2(config-if-hsrp)# timers msec 250 msec 750 SW2(config-if-hsrp)#

-



And we finished our FHRP task.

Task 9: FabricPath

The next task consists of 2 parts. The first part is configured now, where the second part is configured in the DC2 tasks. Pay attention that this could potentially cost a lot of points when something doesnt work.

We will start by configuring the switches of DC1 for FabricPath.

SW1-1

SW1-1(config)# conf t SW1-1(config)# feature-set fabricpath SW1-1(config)# fabric switch-id 11 SW1-1(config)# vlan 123 SW1-1(config-vlan)# mode fabricpath SW1-1(config-vlan)# vlan 124 SW1-1(config-vlan)# mode fabricpath SW1-1(config-vlan)# int e4/11-12 SW1-1(config-if-range)# sw mode fabricpath SW1-1(config-if-range)# fabric isis hello-interval ? Hello interval value *Default value is 10 SW1-1(config-if-range)# fabric isis hello-interval 3 SW1-1(config-if-range)# fabric isis hello-multiplier ? Hello multiplier value *Default value is 3 SW1-1(config-if-range)# fabric isis hello-multiplier 4 SW1-1(config-if-range)# exit SW1-1(config)# key chain FP_KEY SW1-1(config-keychain)# key 1 SW1-1(config-keychain-key)# key-string FPauth SW1-1(config-keychain-key)# exit SW1-1(config-keychain)# exit SW1-1(config)# fabricpath domain default SW1-1(config-fabricpath-isis)# authentication-type cleartext SW1-1(config-fabricpath-isis)# authentication key-chain FP_KEY SW1-1(config-fabricpath-isis)# authentication-check

-



SW1-1(config-fabricpath-isis)# exit SW1-1(config)#

We configured the proper Switch ID for FabricPath on SW1-1 and enabled the interfaces and VLANs. Next we ensured that the correct hello interval and multipliers are configured to support the 12 second failover.

Finally we need to make sure that all current and future links will support authentication. This means that we need to use the domain authentication instead of the link authentication.

Next is configuring SW1-2, the other switches will be configured in the second section of this task.

SW1-2

SW1-2(config)# conf t SW1-2(config)# feature-set fabricpath SW1-2(config)# fabric switch-id 12 SW1-2(config)# vlan 123 SW1-2(config-vlan)# mode fabricpath SW1-2(config-vlan)# vlan 124 SW1-2(config-vlan)# mode fabricpath SW1-2(config-vlan)# int e4/15-16 SW1-2(config-if-range)# sw mode fabricpath SW1-2(config-if-range)# fabric isis hello-interval 3 SW1-2(config-if-range)# fabric isis hello-multiplier 4 SW1-2(config-if-range)# exit SW1-2(config)# key chain FP_KEY SW1-2(config-keychain)# key 1 SW1-2(config-keychain-key)# key-string FPauth SW1-2(config-keychain-key)# exit SW1-2(config-keychain)# exit SW1-2(config)# fabricpath domain default SW1-2(config-fabricpath-isis)# authentication-type cleartext SW1-2(config-fabricpath-isis)# authentication key-chain FP_KEY SW1-2(config-fabricpath-isis)# authentication-check SW1-2(config-fabricpath-isis)# exit SW1-2(config)#

-



Task 10: OTV

Next is the configuration of the OTV feature. Pay close attention to the order of operation for configuring the OTV feature, because this matters a lot. We need to make sure we are configuring the right parameters.

There are a number of thing important in the OTV configuration.

Plain Layer 2 network for VLANs to be transported Layer 3 connectivity to other OTV device Empty Site-VLAN for AED election Multicast IP addressing for Control group SSM multicast group for Data group

All information is stated in the questioning, so we need to extract that and start configuring our devices.

We start by configuring the Layer 2 access interfaces for the VLANs that need to be transported between the Data Centers.

SW3

SW3(config)# vlan 201,202,203 SW3(config-vlan)# exit SW3(config)# int e1/4 SW3(config-if)# sw mode trunk SW3(config-if)# sw trunk allowed vlan 201-203 SW3(config-if)# span port type normal SW3(config-if)# no shut SW3(config-if)# exit SW3(config)# feature interface-vlan SW3(config)# int vlan 201 SW3(config-if)# ip add 198.0.201.3/24 SW3(config-if)# no shut SW3(config-if)# int vlan 202 SW3(config-if)# ip add 198.0.202.3/24 SW3(config-if)# no shut SW3(config-if)#

SW1-3

SW1-3(config)# vlan 201,202,203 SW1-3(config-vlan)# int e3/19 SW1-3(config-if)# sw SW1-3(config-if)# sw mode trunk

-



SW1-3(config-if)# sw trunk allowed vlan 201-203 SW1-3(config-if)# span port type normal SW1-3(config-if)# no shut SW1-3(config-if)# feature interface-vlan SW1-3(config)# int vlan 201 SW1-3(config-if)# ip add 198.0.201.13/24 SW1-3(config-if)# no shut SW1-3(config-if)# int vlan 202 SW1-3(config-if)# ip add 198.0.202.13/24 SW1-3(config-if)# no shut SW1-3(config-if)#

Next we configure our layer 2 and layer 3 interfaces on the OTV devices.

SW1-2

SW1-2(config)# vlan 201,202,203 SW1-2(config-vlan)# exit SW1-2(config)# int e3/8 SW1-2(config-if)# sw SW1-2(config-if)# sw mode trunk SW1-2(config-if)# sw trunk allowed vlan 201-203 SW1-2(config-if)# span port type normal SW1-2(config-if)# no shut SW1-2(config-if)# SW1-2(config-if)# int e3/14 SW1-2(config-if)# no sw SW1-2(config-if)# ip add 198.1.24.1/29 SW1-2(config-if)# no shut SW1-2(config-if)#

SW1-4

SW1-4(config)# vlan 201-203 SW1-4(config-vlan)# exit SW1-4(config)# int e3/20 SW1-4(config-if)# sw SW1-4(config-if)# sw mode trunk SW1-4(config-if)# sw trunk allowed vlan 201-203 SW1-4(config-if)# span port type normal SW1-4(config-if)# no shut SW1-4(config-if)# int e3/22

-



SW1-4(config-if)# no sw SW1-4(config-if)# ip add 198.1.24.2/29 SW1-4(config-if)# no shut SW1-4(config-if)#

Make sure the 2 OTV devices can reach each other across the Layer 3 cloud infrastructure.

SW1-4(config-if)# ping 198.1.24.1 PING 198.1.24.1 (198.1.24.1): 56 data bytes Request 0 timed out 64 bytes from 198.1.24.1: icmp_seq=1 ttl=254 time=1.141 ms 64 bytes from 198.1.24.1: icmp_seq=2 ttl=254 time=0.674 ms 64 bytes from 198.1.24.1: icmp_seq=3 ttl=254 time=0.719 ms 64 bytes from 198.1.24.1: icmp_seq=4 ttl=254 time=0.722 ms --- 198.1.24.1 ping statistics --- 5 packets transmitted, 4 packets received, 20.00% packet loss round-trip min/avg/max = 0.674/0.813/1.141 ms SW1-4(config-if)#

Verify that the Client devices cannot ping each other!

SW3(config-if)# ping 198.0.201.13 PING 198.0.201.13 (198.0.201.13): 56 data bytes Request 0 timed out Request 1 timed out Request 2 timed out Request 3 timed out Request 4 timed out --- 198.0.201.13 ping statistics --- 5 packets transmitted, 0 packets received, 100.00% packet loss SW3(config-if)#

Now we can start building our OTV solution, using the questions requirements. This means we are going to use Multicast where we are free to use multicast IP addressing. Pay attention to the Site Identifiers. These are given to you as decimal numbers, but the configuration in NX-OS is hexadecimal.

SW1-4

SW1-4(config-if)# feature otv SW1-4(config)# int overlay0

-



SW1-4

Documents

IPE DC Lab