IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf

8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf

1/84

IPexperts Lab Preparation Workboofor the Cisco CCIE Data Center v1.0 Lab Exa

Volume

Authored by: Rick Mur - CCIE3 #21946 (R&S / SP / Storage), JNCIE-SP #851


2/84

CCIE Data Center Lab Preparation Workbook

Copyright by IPexpert. All rights reserved. 1

IPexpertsLab Preparation Workbook for Ciscos CCIE

Data Center Lab

Before We Begin

This product is part of the IPexpert suite of materials that provide CCIE candidates and network

engineers with a comprehensive training program. For information about the full solution, contact an

IPexpert Training Advisor today.

Telephone: +1.810.326.1444

Email: [email protected]

Congratulations! You now possess one of the ULTIMATE CCIETM Lab preparation and network

operation resources available today! This resource was produced by senior engineers, technical

instructors, and author boasting decades of internetworking experience. Although there is no way to

100% guarantee success rate on the CCIE Data Center Lab exam, we feel VERY confident that your

chances of passing the Lab will improve dramatically after completing this industry-recognized

Workbook!

Technical Support from IPexpert, and your CCIE community!


3/84



IPexpert is proud to lead the industry with multiple support options at your disposal free of charge. Our

online communities have attracted a membership of over 20,000 of your peers from around the world!

At blog.ipexpert.com, you can keep up to date with everything IPexpert does and read the latest in

technical articles from world-renowned IPexpert instructors. At OnlineStudyList.com, you may subscribe

to multiple SPAM-free, moderated CCIE-focused email lists.

Feedback

Do you have a suggestion or other feedback regarding this book or other IPexpert products? At IPexpert,

we look to you our valued clients for the real world, frontline evaluation that we believe is necessary

so that we may always improve. Please send an email with your thoughts to [email protected] or

call 1.866.225.8064 (international callers dial +1.810.326.1444).

In addition, for those using this book as CCIETMpreparation, when you pass the CCIETM Lab exam, we

want to hear about it! Email your CCIETM number to [email protected] and let us know how

IPexpert helped you succeed. We would like to send you a gift of thanks and congratulations.

Additional CCIETMPreparation Material

IPexpert, Inc. is committed to developing the most effective Cisco CCIETM

R&S, Security, Voice, Wireless

and Data Center Lab certification preparation tools available. Our team of certified networking

professionals develops the most up-to-date and comprehensive materials for networking certification,

including self-paced workbooks, online Cisco hardware rental, classroom training, online (distance

learning) instructor-led training, audio products, and video training materials. Unlike other certification-

training providers, we employ the most experienced and accomplished teams of experts to create,

maintain, and constantly update our products. At IPexpert, we are focus on making your CCIETM Lab

preparation more effective.

Issues with this Book

This book is carefully edited to ensure the accuracy of all content. Should you find any error whatsoever,

please email a page reference and detailed comment to [email protected]. Your email will be

responded to promptly.


4/84



IPEXPERT END-USER LICENSE AGREEMENT

END USER LICENSE FOR ONE (1) PERSON ONLY

IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS,

DO NOT OPEN OR USE THE TRAINING MATERIALS.

This is a legally binding agreement between you and IPEXPERT, the Licensor, from whom you have

licensed the IPEXPERT training materials (the Training Materials). By using the Training Materials, you

agree to be bound by the terms of this License, except to the extent these terms have been modified by

a written agreement (the Governing Agreement) signed by you (or the party that has licensed the

Training Materials for your use) and an executive officer of Licensor. If you do not agree to the License

terms, the Licensor is unwilling to license the Training Materials to you. In this event, you may not use

the Training Materials, and you should promptly contact the Licensor for return instructions.

The Training Materials shall be used by only ONE (1) INDIVIDUAL who shall be the sole individual

authorized to use the Training Materials throughout the term of this License.

Copyright and Proprietary Rights

The Training Materials are the property of IPEXPERT, Inc. ("IPEXPERT") and are protected by United

States and International copyright laws. All copyright, trademark, and other proprietary rights in the

Training Materials and in the Training Materials, text, graphics, design elements, audio, and all other

materials originated by IPEXPERT at its site, in its workbooks, scenarios and courses (the "IPEXPERT

Information") are reserved to IPEXPERT.

The Training Materials cannot be used by or transferred to any other person. You may not rent, lease,

loan, barter, sell or time-share the Training Materials or accompanying documentation. You may not

reverse engineer, decompile, or disassemble the Training Materials. You may not modify, or create

derivative works based upon the Training Materials in whole or in part. You may not reproduce, store,

upload, post, transmit, download or distribute in any form or by any means, electronic, mechanical,

recording or otherwise any part of the Training Materials and IPEXPERT Information other than printing

out or downloading portions of the text and images for your own personal, non-commercial use without

the prior written permission of IPEXPERT.

You shall observe copyright and other restrictions imposed by IPEXPERT. You may not use the Training

Materials or IPEXPERT Information in any manner that infringes the rights of any person or entity.


5/84



Exclusions of Warranties

THE TRAINING MATERIALS AND DOCUMENTATION ARE PROVIDED AS IS. LICENSOR HEREBY DISCLAIMS

ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION, THE

IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SOME STATES

DO NOT ALLOW THE LIMITATION OF INCIDENTAL DAMAGES OR LIMITATIONS ON HOW LONG AN

IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU. This

agreement gives you specific legal rights, and you may have other rights that vary from state to state.

Choice of Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of the State of

Michigan, without reference to any conflict of law principles. You agree that any litigation or other

proceeding between you and Licensor in connection with the Training Materials shall be brought in the

Michigan state or courts located in Port Huron, Michigan, and you consent to the jurisdiction of such

courts to decide the matter. The parties agree that the United Nations Convention on Contracts for the

International Sale of Goods shall not apply to this License. If any provision of this Agreement is held

invalid, the remainder of this License shall continue in full force and effect.

Limitation of Claims and Liability

ANY ACTION ON ANY CLAIM AGAINST IPEXPERT MUST BE BROUGHT BY THE USER WITHIN ONE (1) YEAR

FOLLOWING THE DATE THE CLAIM FIRST ACCRUED, OR SHALL BE DEEMED WAIVED. IN NO EVENT WILL

THE LICENSORS LIABILITY UNDER, ARISING OUT OF, OR RELATING TO THIS AGREEMENT EXCEED THE

AMOUNT PAID TO LICENSOR FOR THE TRAINING MATERIALS. LICENSOR SHALL NOT BE LIABLE FOR ANY

SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND ON ANY

THEORY OF LIABILITY, REGARDLESS OF WHETHER LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF

SUCH DAMAGES. WITHOUT LIMITING THE FOREGOING, LICENSOR WILL NOT BE LIABLE FOR LOST

PROFITS, LOSS OF DATA, OR COSTS OF COVER.


6/84



Entire Agreement

This is the entire agreement between the parties and may not be modified except in writing signed by

both parties.

U.S. Government - Restricted Rights

The Training Materials and accompanying documentation are commercial computer Training

Materials and commercial computer Training Materials documentation, respectively, pursuant to

DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any use, modification, reproduction

release, performance, display, or disclosure of the Training Materials and accompanying documentation

by the U.S. Government shall be governed solely by the terms of this Agreement and shall be prohibited

except to the extent expressly permitted by the terms of this Agreement.

IF YOU DO NOT AGREE WITH THE ABOVE TERMS AND CONDITIONS, DO NOT OPEN OR USE THE

TRAINING MATERIALS AND CONTACT LICENSOR FOR INSTRUCTIONS ON RETURN OF THE TRAINING

MATERIAL


7/84



ContentsIPexperts ...................................................................................................................................................... 1

Lab Preparation Workbook for Ciscos CCIE Data Center Lab .................................................................. 1

Before We Begin ....................................................................................................................................... 1

Feedback ................................................................................................................................................... 2

Additional CCIETM

Preparation Material ................................................................................................... 2Issues with this Book ................................................................................................................................ 2

IPEXPERT END-USER LICENSE AGREEMENT .............................................................................................. 3

Copyright and Proprietary Rights ............................................................................................................. 3

Exclusions of Warranties .......................................................................................................................... 4

Choice of Law and Jurisdiction ................................................................................................................. 4

Limitation of Claims and Liability .............................................................................................................. 4

Entire Agreement ..................................................................................................................................... 5

U.S. Government - Restricted Rights ........................................................................................................ 5

Default Lab Topology ................................................................................................................................ 9

Default passwords and IP addresses ........................................................................................................ 9

Chapter 1: Introduction to CCIE Data Center .............................................................................................. 10

Who Should Read this Book?.................................................................................................................. 11

How to Use this Book ............................................................................................................................. 11

An Introduction to CCIE Data Center ...................................................................................................... 11

Availability .............................................................................................................................................. 12

Written exam .......................................................................................................................................... 12

The current published reading list: ......................................................................................................... 12

Lab exam ................................................................................................................................................. 13

Software Versions ................................................................................................................................... 13

CCIE Storage? .......................................................................................................................................... 13

What about P and A tracks? ................................................................................................................... 13

Troubleshooting ..................................................................................................................................... 13

An Introduction to the Proctor Labs CCIE Data Center hardware rack .................................................. 14Software Versions ................................................................................................................................... 16

Chapter 2: Data Center Networking Layer 2 Infrastructure ....................................................................... 18

(NX-OS) ........................................................................................................................................................ 18

General Rules .......................................................................................................................................... 19

Pre-setup ................................................................................................................................................ 19

Topology ................................................................................................................................................. 19

Configuration tasks ................................................................................................................................. 20

Task 1: General set-up ........................................................................................................................ 20

Task 2: Implement VLANs ................................................................................................................... 20

Task 3: Implement Private-VLANs....................................................................................................... 21

Task 4: Implement Rapid Spanning-Tree protocol ............................................................................. 22Task 5: Implement Multiple Spanning-Tree protocol ......................................................................... 23

Task 6: Spanning-Tree and UDLD features ......................................................................................... 24

Task 7: Fabric Extenders ..................................................................................................................... 24

Task 8: Misc features .......................................................................................................................... 25

Chapter 3: Data Center Networking Layer 3 Infrastructure (NX-OS) .......................................................... 26

General Rules .......................................................................................................................................... 27

Pre-setup ................................................................................................................................................ 27


8/84



Drawing 1: Physical Topology Routing ................................................................................................... 28

Drawing 2: Logical Routing Topology ..................................................................................................... 28


Task 1: Layer 3 topology set-up .......................................................................................................... 29

Task 2: Static routing........................................................................................................................... 29

Task 3: EIGRP ....................................................................................................................................... 29

Task 4: OSPF ........................................................................................................................................ 30

Task 5: Redistribution, BFD and ECMP ............................................................................................... 30

Task 6: Layer 3 switching features ...................................................................................................... 31

Drawing 3: FabricPath / OTV Topology .................................................................................................. 32

Task 7: FabricPath and OTV ................................................................................................................ 32

Chapter 4: Data Center Networking High Availability (NX-OS) ................................................................... 34

General Rules .......................................................................................................................................... 35

Pre-setup ................................................................................................................................................ 35

Drawing 1: Physical Topology ................................................................................................................. 36

Drawing 2: Logical Topology ................................................................................................................... 37


Task 1: Topology set-up ...................................................................................................................... 38Task 2: Port-Channels ......................................................................................................................... 38

Task 3: Virtual Port-channels (vPCs) ................................................................................................... 39

Task 4: Graceful Restart / Non-Stop Forwarding ................................................................................ 40

Task 5: HSRP ........................................................................................................................................ 40

Task 6: VRRP ........................................................................................................................................ 41

Task 7: GLBP ........................................................................................................................................ 42

Task 8: Virtual Port-Channels (vPCs) and FabricPath .......................................................................... 43

Chapter 5: Data Center Storage Networking .............................................................................................. 44

General Rules .......................................................................................................................................... 45

Pre-setup ................................................................................................................................................ 45

Drawing 1: Physical Topology ................................................................................................................. 46Configuration tasks ................................................................................................................................. 47

Task 1: Initial set-up ............................................................................................................................ 47

Task 2: VSANs ...................................................................................................................................... 48

Task 3: Zoning ..................................................................................................................................... 49

Task 4: FC Domain ............................................................................................................................... 50

Task 5: Fibre Channel Security Features ............................................................................................. 51

Task 6: Advanced Features ................................................................................................................. 52

Chapter 6: Data Center Storage Networking Extension ............................................................................. 53

General Rules .......................................................................................................................................... 54

Pre-setup ................................................................................................................................................ 55


Drawing 2: Logical Topology ................................................................................................................... 56


Task 1: Initial set-up ............................................................................................................................ 57

Task 2: FCIP ......................................................................................................................................... 57

Task 3: FCIP Security ........................................................................................................................... 58

Task 4: SAN Extension Tuner .............................................................................................................. 58

Task 5: iSCSI......................................................................................................................................... 58

Task 6: iSLB .......................................................................................................................................... 59


9/84



Chapter 7: Data Center Unified Fabric ........................................................................................................ 61

General Rules .......................................................................................................................................... 62

Pre-setup ............................................................................................................................................. 63


Drawing 2: Logical Topology VSAN 20 .................................................................................................... 64


Task 1: Native Fibre Channel on Nexus ............................................................................................... 65

Task 2: Fibre Channel over Ethernet (FCoE) ....................................................................................... 65

Task 3: Multi hop FCoE ....................................................................................................................... 66

Task 4: FCoE Quality of Service (QoS) ................................................................................................. 66

Drawing 3: NPV topology ........................................................................................................................ 67

Task 5: N-Port Virtualization (NPV) and N-Port ID Virtualization (NPIV) ................................................ 67

Task 6: FCoE NPV ................................................................................................................................ 68

Chapter 8: Security Features ....................................................................................................................... 69

General Rules .......................................................................................................................................... 70

Pre-setup ................................................................................................................................................ 70


Drawing 2: Logical Topology ................................................................................................................... 71Configuration tasks ................................................................................................................................. 72

Task 1: Port Security ........................................................................................................................... 72

Task 2: DHCP Snooping, DAI, IP Source Guard .................................................................................... 73

Task 3: Access Control Lists ................................................................................................................. 73

Task 4: AAA services............................................................................................................................ 74

Task 5: 802.1X ..................................................................................................................................... 75

Task 6: Cisco TrustSec ......................................................................................................................... 76

Chapter 9: Management Features .............................................................................................................. 77

General Rules .......................................................................................................................................... 78

Pre-setup ................................................................................................................................................ 78

Drawing 1: Physical Topology ................................................................................................................. 78Drawing 2: Logical Topology ................................................................................................................... 79


Task 1: Role Based Access Control (RBAC) .......................................................................................... 80

Task 2: Traffic monitoring ................................................................................................................... 81

Task 3: NetFlow ................................................................................................................................... 81

Task 4: Management protocols .......................................................................................................... 81

Task 5: Device management ............................................................................................................... 82

Task 6: Smart Call Home and GOLD .................................................................................................... 83


10/84



Default Lab Topology

Default passwords and IP addresses

Default management username / password: admin / IPexpert123

Other passwords: ipexpert

Management IP addressing: 172.16.100.0/24

Management Default Gateway: 172.16.100.254


11/84



Chapter 1:

Introduction to CCIE

Data Center

Chapter 1: Introduction to CCIE Data Center introduces the team of authors, consultants, and editors

that completed this book and describes the books purpose. This chapter also provides suggestions for

the usage of this written work.


12/84



Who Should Read this Book?

This workbooks primary audience is for those CCIE candidates that are searching for the most

comprehensive and error-free materials available covering the CCIE Data Center practical lab exam.

These students should possess a home rack of equipment for CCIE-level command-line practice, they

should possess an equipment emulator (for certain parts of the topology), or they should rent

equipment from a company likewww.proctorlabs.com.The authors and technical editors exhaustively

tested all of the demonstrations found throughout the technology tasks, troubleshooting- and full-scale

lab exercises against all practice rack options described earlier. Where issues arise with popular

equipment emulators, the text makes note. This book is the most remarkably thorough and technically

accurate book written on the CCIE Data Center lab exam to date.

How to Use this Book

This book breaks all specific CCIE Data Center technologies down on a chapter-by-chapter basis for a

complete and thorough review of this broad set of topics. Each chapter is broken down is various tasksregarding the subject. Following this, the Detailed Solutions Guide provided with this workbook provides

an intense examination of the operation of the tasks, including key aspects of troubleshooting for the

specific technology. After this, the book presents some of the most common issues that can result with a

particular technology-set, and most importantly, details the simple troubleshooting tools and steps that

succeed for remediation.

The final chapters conclude the book with sample lab scenarios that provide a full scale lab exam as you

will see it when you take the actual test. The Detailed Solutions Guide then provides a well-designed

approach for troubleshooting each major task and offers detailed explanations. The text provides

reference guides for the most popular and powerful showand debugcommands for a specific

technology.

Each chapter uses specific initial configurations on the specific chapter. Readers may download initial

configurations, or install them in a simple Graphical User Interface (GUI) onwww.proctorlabs.com.

Students are encouraged to follow along on a rack of equipment for every section of every chapter. This

really enhances and strengthens the learning process.

An Introduction to CCIE Data Center

Since the release of the Nexus platform there has been talk about when these platforms were to be

introduced in a CCIE track. With the introduction of UCS in 2009 this became an even higher request

especially since UCS really took off in sales.
http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/


13/84



The scope of the exam is pretty much based on the usual suspects, so in summary you should be aware

of the:

UCS B-series blade systems

UCS C-series rackmount systems connected to UCS Manager via FEX

Virtual Interface Cards (virtualized NICs and HBAs) in all servers Nexus 7000 with all features like VDC, OTV, FabricPath, etc.

Nexus 5500 with all features like FCoE, FEX

Nexus 2000 connected to either the 5k or the 7k

Nexus 1000V distributed virtual switch in ESX

o There is no mention of any VMware product in the blueprint, so expect ESX and vCenter

to be pre-installed on the UCS blades and FC boot to pre-configured disks

MDS 9222i for connecting FC storage to UCS

ACE appliance

DCNM management software

Availability

The live exam is available from September 1st

.

Currently there are no dates when the lab is available.

Written exam

The written exam has an extensive blueprint published to Cisco Learning Network (CLN) including a

reading list.

The current published reading list:

Data Center Fundamentals (ISBN-10: 1-58705-023-4)

NX-OS and Cisco Nexus Switching (ISBN-10: 1-58705-892-8)

Cisco Unified Computing System (UCS) (ISBN-10: 1-58714-193-0)

I/O Consolidation in the Data Center (ISBN-10: 1-58705-888-X)

Storage Networking Fundamentals (ISBN-10: 1-58705-162-1)
http://www.ciscopress.com/bookstore/product.asp?isbn=1587050234http://www.ciscopress.com/bookstore/product.asp?isbn=1587050234http://www.ciscopress.com/bookstore/product.asp?isbn=1587058928http://www.ciscopress.com/bookstore/product.asp?isbn=1587058928http://www.ciscopress.com/bookstore/product.asp?isbn=1587141930http://www.ciscopress.com/bookstore/product.asp?isbn=1587141930http://www.ciscopress.com/bookstore/product.asp?isbn=158705888Xhttp://www.ciscopress.com/bookstore/product.asp?isbn=158705888Xhttp://www.ciscopress.com/bookstore/product.asp?isbn=1587051621http://www.ciscopress.com/bookstore/product.asp?isbn=1587051621http://www.ciscopress.com/bookstore/product.asp?isbn=1587051621http://www.ciscopress.com/bookstore/product.asp?isbn=158705888Xhttp://www.ciscopress.com/bookstore/product.asp?isbn=1587141930http://www.ciscopress.com/bookstore/product.asp?isbn=1587058928http://www.ciscopress.com/bookstore/product.asp?isbn=1587050234


14/84



Please find the extensive blueprint published by Cisco on the bottom of this blog post.

Lab examThere is not much information available regarding the lab exam. Availability is not mentioned. There is

however information regarding the hardware list and this is an immense list of expensive hardware you

require:

Software Versions

NXOS v6.0(2) on Nexus 7000 Switches


NXOS v4.2(1) on Nexus 1000V

NXOS v5.2(2) on MDS 9222i Switches

UCS Software release 2.0(1x) for UCS-6248 Fabric Interconnect and all UCS systems

Software Release A5(1.0) on ACE4710

Cisco Data Center Manager software v5.2(2)

CCIE Storage?

There are currently no plans for replacing CCIE Storage for CCIE Datacenter. Because of this, there will

not be a large focus on MDS/FC configuration as there is another track for that.

What about P and A tracks?

A CCNA Data Center and CCNP Data Center will be released soon!

Troubleshooting

Troubleshooting will be a big part of the exam, which is also pretty clear in the blueprint. There is no

confirmation yet how this will be introduced, either using tickets in the CCIE R&S or just by pre-

configuration on the lab. I can imagine that they pre-configured a broken Nexus 1000V on an ESX

installation on one of the JBODs. More information on how this troubleshooting is done will be available

during other Q&A sessions. The implication is that it might be trouble tickets like the CCIE R&S.


15/84



An Introduction to the Proctor Labs CCIE Data Center hardware rack

The IPexpert CCIE Data Center rack will support 100% of the features that are tested on the lab! We

have based the topology to be close as possible on the CCIE Data Center rack layout, but have ensured

that all features and functionality is there.

Our CCIE Data Center rack layout is based on the very limited information that has been made availableby Cisco. IPexpert has been in close contact with the people involved in creating this lab exam, and

therefore the layout of the rack is based on some early examples and the published components and

software version blueprint.

As you will see the topology is very much based on a common datacenter design and has more 'static'

layout than other CCIE tracks.

The blueprint specified the following components to be in the lab:

First is the NX-OS Networking equipment.

Nexus7009 (with licensing)

o (1) Sup

o (1) 32 Port 10Gb (F1 Module)

o (1) 32 Port 10Gb (M1 Module)

Nexus5548

Nexus2232

The Nexus 7000 will be configured with VDC's to simulate various different topologies and create

multiple 'core switch' layers within the network.

Nexus 5548 will be used as a 'distribution' layer within the datacenter network. The Nexus 2k's can be

configured as FEX for the Nexus 7000; Nexus 5000 and the Fabric Interconnects of the UCS system to

connect the UCS C-series rack mount servers. The VDC's are a major component in the network as the

number of devices is limited and the connectivity is very much based on a best practice design.

The below drawing illustrates an example topology from our new CCIE Data Center lab preparation

workbook which is currently under development.

All these interconnections and switches are based within a single physical chassis with complete

separation of the control and data plane protocols!


16/84



Second is the storage networking (SAN) equipment:

Dual attached JBODs = Fibre Channel disks MDS 9222i (dual fabric)

The MDS switches used in the lab are capable of a ton of features. The blueprint however only describes

certain fibre-channel features which are considered 'basic' features like zoning, VSANs, oversubscription

and ISLs. The other major topic on the blueprint is Fibre Channel Expansion over FCIP and iSCSI. These

features are the IP features supported by the MDS platform. The 1G Ethernet connections are connected

to the Nexus switches for testing the expansion features. Through that connection it's possible to

connect the MDS switches across another connection than Fibre Channel. As the CCIE Storage track is

not being replaced by the CCIE Data Center the focus on Storage Networking (SAN) features is not that

big. The major topics are more in the features that aren't tested in any other CCIE track.

The JBODs mentioned in this list represent just plain simple hard-disks that are connected via F ibre

Channel. They are used later as shared storage for the UCS system.

The third major component within the hardware blueprint is the Unified Computing System (UCS).

UCS-6248 Fabric Interconnects

UCS-5108 Blade Chassis

o B200 M2 Blade Servers

o Palo/VIC mezzanine card

o Menlo/Emulex mezzanine card

UCS C200 Series Server = Connected to Fabric Interconnects

o VIC card for C-series


17/84



This is based on the C-series rackmount servers, connected to the Fabric Interconnects so the C-series

can also be managed from the central UCS manager the same as the Blade chassis is managed.

The blades are equipped with different NICs. This also means a little different configuration. The VIC

cards are the most interesting ones as they can virtualize NICs to present to the OS.

Ones inside the blades there is a pre-installed VMware ESX(i) environment with a Nexus 1000v

distributed virtual switch. As this is a Cisco lab exam, you are not required to know anything about

VMware. Of course you will need to be able to install this environment in your possible own lab, but

when you step into the lab you will face a pre-installed VMware and 1000V. After that, the switch is not

configured and you are required to configure it.

The final topic on the blueprint is called ANS (Application Networking Services). This means an ACE

appliance is in your lab that you will need to configure. There is not much very interesting going on there

and you will not see a lot of points on that appliance. You will need to know the topics as described on

the lab blueprint and our workbook will focus a whole section on these specific topics.

The last components are used for management. You will not be configuring these devices, but just using

them from your student workstation to access the network.

Cisco Catalyst Switch 3750 = management ethernet connections

Cisco 2511 Terminal Server = console lines

What is not mentioned on the hardware blueprint list is that you will also need to be able to configure

(or set-up) the DCNM software as is being given by Cisco when you purchase enough Nexus equipment.

Again this is not extremely difficult, but you need to be aware of the basic configuration items related to

this software.

Software Versions



NXOS v4.2(1) on Nexus 1000v

NXOS v5.2(2) on MDS 9222i Switches

UCS Software release 2.0(1x) for UCS-6248 Fabric Interconnect and UCS system

Software Release A5(1.0) for ACE 4710

Cisco Data Center Manager software v5.2(2)


18/84



Above you'll find a reference overview of the used software versions. The exact versions are still

unknown where we might be using newer software versions as our IPexpert lab will be using quite new

hardware for virtualization purposes. Within the Nexus 7000 we will be using the new Supervisor 2E,

meaning that we are able to build 8 VDC's and 1 management VDC meaning we have enough flexibilityfor some challenging topologies!

The next chapter of this workbook, Chapter 2: Data Center Networking Layer 2 Infrastructure (NX-OS)

begins with the initial topic on the CCIE Data Center Blueprint regarding layer 2 switching, VLANs,

Private-VLANs, Spanning-Tree and other layer 2 features on the NX-OS platform.


19/84



Chapter 2: Data

Center Networking

Layer 2Infrastructure

(NX-OS)

Chapter 2: Data Center Networking Layer 2 Infrastructure (NX-OS)is intended to let you be familiar

with the NX-OS CLI on the Nexus switches and afterwards configure Layer 2 Ethernet features on the

physical Nexus switches within the topology as shown at the beginning of this workbook. We highly

recommend to create your own diagram at the beginning of each lab so you are able to draw on your

own diagram, making it much easier when you step into the real lab. Our devices start with a blank

configuration, which will not be the case when you are in the real lab. Then devices are staged with

configuration containing usernames/passwords, management IP addressing, core IP addressing and

(possible) errors.


20/84



General Rules

Try to diagram out the task. Draw your own connections the way you like it

Create a checklist to aid as you work thru the lab

Take a very close read of the tasks to ensure you dont miss any points during grading!

Take your time. This is not a Mock Lab, so no time constraints are in place for finishing this

particular chapter

Estimated Time to Complete: 3 hours

Pre-setup

Connect to the Nexus 7000 switch and Nexus 5000 switches within the topology

Use the central topology drawing at the start of this workbook

This lab is intended to be used with online rack access provided by our partner Proctorlabs

(www.proctorlabs.com). Connect to the terminal server and complete the configuration tasks as

detailed below.

Topology
http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/


21/84



Configuration tasks

Task 1: General set-up

1. Erase the configuration from all 3 switches and reboot and

2. Configure the default parameters as mentioned in in the Generic Lab Topology

3. Configure the Nexus 7000 switch with a hostname of SW1-1 and the Nexus 5500 switches with

hostnames of SW2 and SW3

4. Ensure the switches will not perform any DNS lookups

5. Configure ipexpert.com as the DNS domain name

6. Ensure that both encrypted and unencrypted management connections are allowed

7. Save the configuration using the wrcommand

8. On SW1-1 configure a message, containing the hostname and warning unauthorized users, that

is shown each time a user logs in

9. Use the serial number of SW1-1 as the ID which is used to advertise the switch using CDP

10.Ensure only CDP version 2 packets are sent from SW1-1

11.Disable CDP on the management ethernet interface

12.Ensure a log message is generated when more than 999 packets per second are sent or received

on the management ethernet interface

Task 2: Implement VLANs

1. Configure all inter-switch links as described by the topology drawing at the beginning of this

chapter to be in layer 2 trunk mode allowing VLANs 100 up to 499

2. After specifying the allowed range, remove VLAN 333 from this range with a single command,

without specifying the previous range (or parts of it) again

3. Configure all switches to be in VTP domain IPexpert

4. Ensure VLANs are removed from switches that have no active hosts in that VLAN, except for

VLAN 101. This VLAN 101 should always be active on the switch not depending on this

configuration task

5. Enable the latest version of VTP

6. Store the VTP database configuration with filename ipexpert.dat


22/84



7. Ensure SW2 and SW3 will have new VLANs being pushed by SW1-1 and are not able to create

new VLANs by themselves

8. Secure the VTP protocol with a password of ipexpert

9. Create VLANs 101, 102, 103 and 104 and ensure they are visible on all switches

10.Assign names to all VLANs by format of IPexpertVLAN# where # is the VLAN number

11.Configure SW1-1 so the following output is matched

12.(Ports section should show all active trunks):

SW1-1(config)# sh ip igmp snooping | in vlanIGMP Snooping information for vlan 1

IGMP Snooping information for vlan 101

IGMP Snooping information for vlan 102IGMP Snooping information for vlan 103

IGMP Snooping information for vlan 104IGMP Snooping information for vlan 105IGMP Snooping information for vlan 1002

IGMP Snooping information for vlan 1003IGMP Snooping information for vlan 1004

IGMP Snooping information for vlan 1005

SW1-1(config)# sh vlan brief

VLAN Name Status Ports---- -------------------------------- --------- --------------------------

-----1 default active101 VLAN0101 active

102 VLAN0102 active

103 VLAN0103 active104 VLAN0104 active1002 fddi-default suspended1003 token-ring-default suspended

1004 fddinet-default suspended1005 trnet-default suspended

SW1-1(config)#

Task 3: Implement Private-VLANs

Note: This lab will be using unused ports in the topology to simulate hosts being connected. Forclarification of the tasks its advisable to read the entire task before starting your configuration.

1. A firewall is connected to Ethernet3/19 on SW1-1 which should receive all traffic from DMZ

hosts. This port should be in VLAN 200. You are allowed to change configuration from the

previous task to accomplish this.


23/84



2. Ensure that hosts in VLAN 201 are not able to communicate with each other, but only to the

firewall connected to Ethernet3/19

3. Configure ports Ethernet3/20 and Ethernet3/21 in VLAN 201

4. Hosts in VLAN 202 and 203 are able to communicate to each other in the VLAN and to the

firewall, but not to hosts in the other VLAN (202 cant communicate with 203 and vice versa)

5. Configure ports Ethernet3/22 and Ethernet3/23 in VLAN202. Configure ports Ethernet3/24 and

Ethernet3/25 in VLAN203

6. DMZ servers in VLAN 204 need to be secured. They are not allowed to communicate to each

other, but they can communicate with the rest of the IP network by reaching a default gateway

configured on SW1-1 with IP address 10.1.10.254/24

7. Hosts connected in VLAN 204 are connected on SW2. Configure the first trunk connection for

this use. Configure Ethernet 1/21, 1/22 and 1/23 in VLAN205 on SW2 and ensure they are able

to reach the default gateway to the network. Hosts are not allowed to communicate to each

other.

8. Other hosts of VLAN 201 and 202 are also connected to SW2. Use the second trunk connection

between SW1 and SW2 for this use. The hosts of VLAN201 are connected to ports Ethernet 1/24

and 1/25. The host of VLAN 202 is connected to Ethernet 1/26

Task 4: Implement Rapid Spanning-Tree protocol

1. Ensure non-core-facing interfaces on SW2 and SW3 are not generating any spanning-treetopology changes

2. Configure SW2 to be the root bridge for VLAN 101 and SW3 to be the backup root bridge

3. Ensure all switches are using optimal spanning-tree timers for the size of the layer 2 network to

optimize network convergence. Do not configure timer values to complete this task.

4. Configure SW1 to be the root bridge for VLAN 102

5. Ensure that new bridges with a default spanning-tree configuration will never be elected as a

root bridge in VLAN 102 when SW1 fails

6. When traffic steering is necessary, you are required to use values higher than100,000

7. Configure the network in such a way that SW1 is using SW3 as the best path towards the root

bridge of the network in VLAN 101

8. Ensure that the last interface (fourth link) between all switches is used as primary


24/84



9. Configure spanning-tree of VLAN 103 to converge in the shortest time possible

10.Configure all inter-switch-links to utilize IEEE 802.1w Rapid Connectivity

11.Remove all spanning-tree related configuration from interfaces and global configuration on all

switches before continuing with the next task

Task 5: Implement Multiple Spanning-Tree protocol

1. Configure SW1, SW2 and SW3 to run the IEEE 802.1s protocol

2. Configure the following parameters on SW1

3. MST name of IPexpert

4. MST configuration number of 5

5. Map VLAN 10 through 99 to instance 1



8. Ensure MST is functioning properly on all switches

9. Assume Private VLANs are in use. Ensure that all secondary VLANs are in the same MSTI as their

associated primary VLAN

10.Configure SW2 to be the root bridge for instance 1 by configuring the lowest possible value

11.Try making SW3 the primary root bridge for instance 1 using the dedicated command for this.

What happens?

12.Make SW3 the backup root bridge for instance 1. You are allowed to configure other switches,

but not SW3.

13.Ensure all switches are using optimal spanning-tree timers for the size of the layer 2 network to

optimize network convergence.

14.When traffic steering is necessary, you are required to use values higher than100,000

15.Configure the network in such a way that SW1 is using SW3 as the best path towards the root

bridge of the network in instance 2

16.Ensure that all instances use a different interface between the switches to ensure load balancing

between instances. Meaning instance 0 uses interface 1, etc.


25/84



17.Ensure BPDUs are discarded when the network is larger than 10 hops

18.Assume a switch with an old version of software is connected to Ethernet 1/16 on SW2.

Configure this interface to pro-actively send pre-standard MST messages

Task 6: Spanning-Tree and UDLD features

1. Configure SW3 so that all ports, when not configured individually, are seen as network edge

ports

2. Configure Ethernet 1/10 on SW3 so the port is put in error-disabled state when spanning-tree

packets are received

3. Configure Ethernet1/11 on SW3 so the port will never process spanning-tree protocol data

units, but will allow other layer 2 frames

4. Ensure that Ethernet 1/10 on SW2 will also never process spanning-tree protocol packets, but

you are not allowed to configure the command required for this directly under the interface

5. Ensure Ethernet 1/11 on SW2 will never become a root port on the switch

6. Ethernet1/12 on SW2 should never become the designated port of the LAN segment

7. Assume the network is running MST and Ethernet 1/13 on SW3 is connected to a Rapid-PVST+

network. Ensure that this port will fail to interoperate with this other kind spanning-tree

protocol for security reasons.

8. Use a Cisco-proprietary protocol which allows devices that are connected through fiber orcopper cables to monitor the physical configuration of the cables and detect when a

unidirectional link exists on Ethernet 1/12 on SW3

9. Use a method on Ethernet 1/12 on SW3 which disables one of the ports on the link, which

prevents traffic from being discarded.

Task 7: Fabric Extenders

1. Use SW2 and FEX1 for these tasks

2. Name the fabric extender as IPexpert Fabric Extender 1

3. Ensure the LED on the FEX starts blinking for easier locating the FEX in a rack

4. Ensure the output of the following show command is matched on SW2:


26/84



SW2# show interface port-channel 4 fex-intfFabric FEX

Interface Interfaces---------------------------------------------------

Po4 Eth101/1/48 Eth101/1/47 Eth101/1/46 Eth101/1/45

Eth101/1/44 Eth101/1/43 Eth101/1/42 Eth101/1/41Eth101/1/40 Eth101/1/39 Eth101/1/38 Eth101/1/37


Eth101/1/28 Eth101/1/27 Eth101/1/26 Eth101/1/25Eth101/1/24 Eth101/1/23 Eth101/1/22 Eth101/1/21Eth101/1/20 Eth101/1/19 Eth101/1/18 Eth101/1/17

Eth101/1/16 Eth101/1/15 Eth101/1/14 Eth101/1/13

Eth101/1/12 Eth101/1/11 Eth101/1/10 Eth101/1/9


Task 8: Misc features

1. Read this whole section first, before starting your configuration!

2. Configure Ethernet 5/16, 5/17 and 5/18 on SW1-1 with the settings from the following bullets (3

through 6).

3. Layer 2 trunk port with VLAN 101 through 104 allowed

4. Rx flowcontrol should be enabled

5. Disable the automatic cross/straight cable detection

6. show interface should show usage statistics using sampling intervals of 30, 60 and 120 seconds

7. You are only allowed to have the settings for these interfaces showing up oncein the

configuration


27/84



Chapter 3: Data

Center Networking

Layer 3

Infrastructure (NX-

OS)

Chapter 3: Data Center Networking Layer 3 Infrastructureis intended to let you be familiar with the

NX-OS Layer 3 features on the Nexus platforms to create a basic routed network. The second part of this

chapter consists of Data Center extension and Layer 2 routing features. We highly recommend to create

your own diagram at the beginning of each lab so you are able to draw on your own diagram, making it

much easier when you step into the real lab. The lab is divided in two pieces. During the first tasks you

will be configuring a dynamically routed layer 3 network using EIGRP and OSPF protocols. The second

part of this chapter is based on the Cisco proprietary technologies FabricPath and OTV. Multiple

topology drawings are available for this chapter.


28/84



General Rules





particular chapter


Pre-setup



Load the initial configuration of Chapter 2 on the Nexus 7000 switch to stage the Virtual Device

Contexts needed for this lab

When starting the second part of this lab for configuring Fabric Path and OTV the second set of

initial configuration should be loaded on the Nexus 7000 to create a different topology with

Virtual Device Contexts

This lab is intended to be used with online rack access provided by our partner Proctor Labs


detailed below


29/84



Drawing 1: Physical Topology Routing

Drawing 2: Logical Routing Topology


30/84



Configuration tasks

Task 1: Layer 3 topology set-up

Configure the Nexus 5500 switches with hostnames of SW2 and SW3. The Nexus 7000 VDCs

should already have hostnames through the loading of the initial configuration. Use switchto

vdcand switchbackto move between different switches on the Nexus 7000.

Configure all switches so they can all carry the layer 2 VLANs as described indrawing 1

Configure sufficient inter-switch-links to carry the VLANs between the switches

Configure IP addressing on SVI and physical interfaces according todrawing 1

Configure all switches to have a Loopback0 interface with an IP address of 198.18.0.Z/32

where Zis the router number / host address as specified in drawing 1

Task 2: Static routing

Ensure SW1-3 can ping the loopback address of SW1-4 from its own loopback address

SW1-1 should be able to ping the loopback address of SW1-2 and vice versa without using the

directly connected link between those switches, but should use the path over SW1-3 and SW1-4

for this

Configure SW1-2 to be a blackhole for the 192.0.1.0/24 prefix. Give this entry a tag of666 and

an increased preference of+1

Ensure that all layer 3 interfaces on SW1-2 do not send outanyunreachablemessages

Remove all static routes before continuing with the next tasks

Task 3: EIGRP

Configure a secure EIGRP adjacency between SW1-2 and SW1-4

Ensure Loopbacks are reachable and dynamically advertised. Ensure that there are no attempts

to make adjacencies on the Loopback interfaces.

Use 64999as autonomous system number and IPEXPERTas the EIGRP process name

Configure 4 static routes for 198.18.4.0/24 through198.18.7.0/24 on SW1-4 and

ensure they are reachable through a single EIGRP routing entry on SW1-2. Besides the single

entry the 198.18.5.0/24network should also be seen in the routing table of SW1-2.


31/84



Use wide metrics with a scaling factor of 64

Change the bandwidth that EIGRP may use on an interface 10% lower than default

Update the link between SW1-2 and SW1-4 so the EIGRP neighbor is declared down after 4 hello

packets. You are only allowed to change configuration on SW1-2 to accomplish this

Routes which are declared active should becomeStuck in Activeafter 5 minutes

Routes should be advertised as unreachable when there are more than 50 hops in the network

Update the K3 value on the SW1-2 to SW1-4 interfaces to 500

Task 4: OSPF

Configure the OSPF network as shown in drawing 2. Use the dotted decimal notation to

configure area 264

Ensure that all OSPF routers can reach each others Loopback addresses

Ignore the MTU size between SW1-1 and SW1-3 when forming an adjacency

Ensure that SW2 will never become a designated router on any OSPF interface

Ensure that SW3 will never become a designated router on any OSPF interface

Ensure all adjacencies in area 0 are secured using a hashed version of IPexpertSecure

Ensure area 1 is secure using a simple-text-password of IPexpert

Configure 4 additional Loopback interfaces on SW2 with IP addresses of198.18.128.1/24

through 198.18.131.1/24and ensure they are seen as a single entry in the backbone area

and other areas without overlapping other IP space

Configure a Loopback1 interface on SW1-3 with an IP address of 198.18.13.1/24and

ensure this whole subnet is seen throughout the layer 3 network

Type 3, 4 and 5 LSAs are not allowed in area 1

Ensure that routers do not attract traffic for 2 minutes after booting up

Task 5: Redistribution, BFD and ECMP

Configure redistribution between EIGRP and OSPF on SW1-4 and SW1-2


32/84



Ensure full reachability is achieved while maintaining all requirements from previous tasks

Ensure all links towards area 0 are used when traffic is exiting area 1

Ensure that all Dynamic Routing adjacencies on SW1-2 towards adjacent devices are terminated

using a dedicated detection protocol

BFD sessions between SW1-2 and SW3 should be secured using a hashed key of

IPexpertSecure

Ensure neighbor failures on SW1-2 are detected within 300ms

Configure OSPF and EIGRP so they use the dedicated fast-hello failure detection mechanism

Task 6: Layer 3 switching features

Ensure a static layer 2 to layer 3 mapping is created on VLAN 112 on SW1-1 for

198.18.112.24to mac address abcd.1234.5678

Configure SW2 so that it detects duplicate IP addresses and updates its cache on

Ethernet1/5

Ensure that SW1-1 reserves space for 2750outstanding ARP entries in the ASIC to prevent the

ARP replies are dropped when returned and attempted to install in the ASIC hardware

Configure all switches so they use RFC 1191


33/84



Drawing 3: FabricPath / OTV Topology

Task 7: FabricPath and OTV

Load the initial configuration file forpart 2 of chapter 2, which will create a topology

according to drawing 3

Create VLAN 666 on all relevant switches in the topology

Ensure hosts on VLAN 666 can communicate via layer 2 on all 4 edge switches using the

technologies as mentioned in drawing 3

Use the 198.18.10.0/24subnet when a layer 3 link is required in the topology

Configure VLAN interfaces (SVIs) with the following IP addresses:

SW2: 198.18.66.1/24

SW3: 198.18.66.2/24

SW1-3: 198.18.66.3/24

SW1-4: 198.18.66.4/24

Ensure traffic is using all links between the switches to reach from SW2 and SW3 to SW1-3 and

SW1-4


34/84



Verify this task is completed successfully by being able to ping all198.18.66.xinterfaces of

all edge switches


35/84



Chapter 4: Data

Center Networking

High Availability

(NX-OS)

Chapter 4: Data Center Networking High Availability (NX-OS)is intended to let you be familiar with the

NX-OS High Availability features on the Nexus platforms to create a high available network. Various

types of deployments of Port-channels and Virtual Port-channels are discussed in this chapter. The

second part of this chapter focuses on First Hop Redundancy Protocols (FHRPs) and High Available

features of dynamic routing protocols. The third part focuses on a special implementation of virtual

port-channels in FabricPath networks.

We highly recommend creating your own diagram at the beginning of each lab so you are able to draw

on your own diagram, making it much easier when you step into the real lab.

Multiple topology drawings are available for this chapter.


36/84



General Rules





particular chapter


Pre-setup



Load the initial configuration of Chapter 4 on the Nexus 7000 switch to stage the Virtual Device

Contexts needed for this lab

When starting the third part of this lab regarding virtual Port-Channels within FabricPath

networks the second set of initial configuration should be loaded on the Nexus 7000 to create a

different topology with Virtual Device Contexts



detailed below


37/84



Drawing 1: Physical Topology


38/84



Drawing 2: Logical Topology


39/84


40/84



10.There are plans to increase the capacity betweenSW2and SW3to 80Gbps with additional

interfaces for resiliency purposes. Ensure that Ethernet1/5 is always chosen to participate

in the bundle and Ethernet1/6should be selected as a hot-standby link when additional

interfaces are added to the bundle.

11.Logical interface 3should use a very fast detection mechanism to signal the removal ofan interface in the bundle

12.Configure SW2and SW3to load-balance between the interfaces in link-bundles using the most

packet header information as possible.

13.Remove any configuration related to interface bundle 1and 2from the switches before

continuing with the next task

Task 3: Virtual Port-channels (vPCs)1. Ensure its possible to create Multi-Chassis Link Aggregation Groups (link bundles) on SW1-1

and SW1-2. Use ID 100for this.

2. SW1-2should be the primary device

3. Ensure its possible to create Multi-Chassis Link Aggregation Groups (link bundles) on SW2and

SW3. Use ID 200for this.

4. Send keep alive messages across themgmt0interfaces of domain 200switches

5. Use a dedicated SVI with IP addressing in the subnet of 198.18.5.0/24to send keep alivemessages between switches indomain 100. Ensure that the keep alive messages are not

using the global IP routing table. Use Ethernet3/10on SW1-1and Ethernet 3/12on

SW1-2for this.

6. Configure Ethernet3/9 on SW1-1and Ethernet3/11 on SW1-2as peer-link

7. Bundle Ethernet1/7and Ethernet1/8on SW2and SW3and configure this as the peer-

link

8. Ensure domain 100brings up its vPCs once a peer fails or reboots. Delay this process for 5

minutes.

9. SW2and SW3should be seen as a single Spanning-Tree root with a priority of 8192

10.Configure an MC-LAG connection between SW1-1, SW1-2 and SW2. Use Ethernet3/1on

SW1-1. Ethernet3/3on SW1-2and Ethernet1/1and Ethernet 1/2on SW2. Use

number 101for this connection


41/84



11.Configure a vPC connection betweenSW2, SW3and SW1-2. Use Ethernet3/5and

Ethernet3/7on SW1-2, Ethernet1/3on SW2and Ethernet1/3 on SW3. Use number

102for this connection.

12.Use the remaining connections between SW1-1, SW1-2, SW2 and SW3and bundle them in

a single logical interface with number 103.

13.Ensure all VLANs required for Drawing 2are allowed on the vPC links

14.Use 1234.5678.90abas the single MAC address that is used for the identification of domain

100 LACP packets

Task 4: Graceful Restart / Non-Stop Forwarding

1. Configure dynamic routing protocols according to drawing 2. Ensure Loopback interfaces of

SW2and SW1-1can ping each other and SW1-2and SW3can ping each other

2. Ensure that the routers running OSPF keep their routing information and keep forwarding traffic

to neighbors when they are rebooting

3. An older router that will take a little over2 minutesto reboot will be connected to SW2.

Ensure that your configuration supports this

4. Ensure that SW3supports ISSU

5. SW3should keep routes from restarting neighbors for5 minutes

6. Signal a restart as fast as possible on SW3

Task 5: HSRP

1. Ensure that hosts on VLAN 111are always able to reach their default gateway, when one of

the 2 switches fails

2. Use a Cisco proprietary protocol for this use, which uses a single active default gateway

3. Use the .1host IP address as the default gateway for this network segment

4. Make the switches primary and backup according to the best practice

5. Use a hashed key of IPexpertYEAR1 to secure this protocol from now until December 31st

the same year. At January 1stone year later the key should change to IPexpertYEAR2.

Ensure that switches keep accepting the old key for at least 2 more hours


42/84



6. When the backup switch is active and the primary switch comes back online after a reboot.

Ensure that it will take back the active role after the switch is up for3 minutes

7. Give this process a name of IPexpertVLAN111

8. A switch should declare its neighbor down within 1 second

9. When one of the Ethernet uplinks fails the priority should be lowered with1/10th of the

configured priority value

10.When a second Ethernet uplink fails the switch should stop forwarding Layer 3 traffic and send

traffic across the vPC peer-link

11.The default gateway MAC address should be the MAC address of one of the physical Ethernet

interfaces

Task 6: VRRP



2. Use a standards based protocol for this use, which uses a single active default gateway

3. When clients on VLAN 121issue an ARP request for the Default Gateway it should respond

with MAC address 0000.5E00.0174 without configuring this MAC address in the

configuration


5. Configure SW1-2as the primary switch using a value of 200

6. Use a clear text password of IPexpert to secure the protocol

7. Ensure a higher priority backup router does not take over the role of a lower priority active

router. Configure this only on the current primary switch.

8. Ensure that SW1-2becomes the standby router after 30 seconds, when the Loopback address

of SW3disappears from the routing-table

9. Switches should declare their neighbors down in 10 seconds


43/84



Task 7: GLBP



2. Use a load balancing Cisco proprietary protocol


4. Both routers should be capable of forwarding traffic.

5. SW1-1should be answering all ARP requests

6. When the Loopback address of one of the upstream switches disappears from the routing table

the switches should no longer beAVF

7. Delay the take over of theAVFrole for a standby switch for 3 minutesif any currentAVF

fails

8. The router should become theAVGafter 30 secondsif it has a higher priority than the

currentAVG

9. Ensure the routers support In-Service-Software-Upgrades


44/84



Task 8: Virtual Port-Channels (vPCs) and FabricPath

1. Load the initial configuration of Chapter 4 Task 8on the Nexus 7000 switch to stage the

Virtual Device Contexts needed for this lab

2. Configure the FabricPathnetwork to stretch VLAN 666 between all Leafswitches

3. Ensure the PC connected to SW2and SW3is able to connect using a virtual Port-Channel with

number 100on all places where necessary to configure a number


45/84



Chapter 5: Data

Center Storage

Networking

Chapter 5: Data Center Storage networkingis intended to let you be familiar with the Storage

Networking features on the Cisco MDS switches. Configuring traditional Fibre Channel networks and

basic Fibre Channel features.

We highly recommend creating your own diagram at the beginning of each lab so you are able to draw

on your own diagram, making it much easier when you step into the real lab.

Multiple topology drawings are available for this chapter.


46/84



General Rules





particular chapter


Pre-setup

Connect to the MDS switches within the topology


The switches start with a blank configuration. You will be creating parts of your own Initial

Configuration for later labs.



detailed below


47/84



Drawing 1: Physical Topology


48/84



Configuration tasks

Task 1: Initial set-up

1. Give the MDS switches in the topology the following hostnames:MDS1,MDS2. Configure the

default username and password according to the generic lab topology

2. Ensure that they can be reached through the management network using IP addresses in the

range as stated in the initial set-up information at the beginning of the workbook. Use Host IP

addresses of .10and .11

3. Use the default gateway of the management subnet as Time Synchronization server

4. Do notuse any automatic selection of interface type for this lab, unless specifically stated

5. Do notuse any automatic speed selected for interfaces

6. Use 200MBpsconnections towards the JBODs

7. JBODsonMDS2should automatically detect the interface speeds

8. Ensure Fabric Loginsare done by the connectedJBODs

9. Enable the links between theMDSswitches as standard based ISLs

10.Configure a descriptive name on all interfaces consisting of the name and port of the device

which is connected. You are prohibited to use the description command.

11.Ensure the connection towards JBOD1is easily physically located onMDS1

12.The fiber connected to fc1/10is of low quality causing errors on the interface. Ensure the

switch does not go into err-disablestate, because of this reason.

13.Ensure that interfaces on the MDS switches are shutdown when no configuration is applied to

them

14.All disks inside of the JBODs should be identified on the MDS switches with a simple name in the

form of JxDywhere Xis the JBOD number and Yis the disk number.

15.The simple device names should be seen on both MDS switches, by only configuring one of theswitches. The names should notbe VSAN dependent.

16.Ensure applications that use the simple names will follow changes to the database

17. Interfacefc1/1onMDS1will be used for a long reach link. Enable the most credit

buffers as possible and enable recovery of credits


49/84



18.JBOD1onMDS1is only allowed to send packets with a maximum size of 2000 bytes

19.Enable B2Bcredit state change numbers on all JBOD interfaces

Task 2: VSANs

1. Create VSAN 10, 20, 30 and 40 with names of IPX_VSAN_#, where #is the VSANnumber

2. Configure fc1/5onMDS1in VSAN 10and fc1/6onMDS2

3. Configure fc1/5onMDS2and fc1/6onMDS1in VSAN 20

4. Ensure that when WWPN 20:11:00:0a:31:00:aa:deis automatically placed in VSAN 30

when it comes online anywhere in the Fibre Channel fabric

5. Ensure that J1D1is automatically placed in VSAN 40when it comes online in the fabric

6.MDS1should use the Source and Destination FCID for load balancing across equal cost paths in

VSAN 10

7.MDS2should use Exchange based load balancing across different interfaces in a port-channel in

VSAN 20

8. Ensure that all ISLs of theMDSswitches are capable of transferring multipleVSANsacross the

same interface

9. Configure fc1/1and fc1/3on bothMDSswitches as a single logical connection using number

101

10. Interfaces fc1/1and fc1/3should negotiate their bundling capabilities

11.Create a single logical connection consisting of fc1/2and fc1/4on bothMDS1 andMDS2

switches with number 127

12.VSAN 30should only use the logical interface 127

13.VSAN 40should only use logical interface 101

14.VSAN 10and VSAN 20should be able to cross both ISL bundles between theMDSswitches

15.VSAN 10should always use bundle101as its primary connection to the otherMDS

16.VSAN 20should always use the bundle 127 as its primary connection to the otherMDS

17.Packets traversing VSAN 30should be guaranteed to reach their destination in the same order

as they have left the source.


50/84


51/84



9. Ensure that all changes to all zonesetsare replicated between all switches inVSAN 10every

time a zonesetis activated

10.Use zoning compliant with FC-GS-4and FC-SW-3in VSAN 20

11.Use inline zone creation for VSAN 20

12.Zoning in VSAN 20should ensure that the following disks are able toreaddata from each

other, but never write:

a. J2D1

b. J2D2

c. J2D3

13.Create a zone in VSAN 20that ensures the following disks are prioritized over other disks when

ISLs are congested. Use the FWWNof the disks:

a. J2D4

b. J2D5

14.When devices are not specified in zones inVSAN 20, they should be allowed to readdata

from each other

15.J2D5LUN 19and J1D6LUN 116should be able to communicate to each other in VSAN

20. No other LUNson those disks can communicate

16.Activate zoning in VSAN 20 and ensure its seen on bothMDS1 andMDS2

Task 4: FC Domain

1. Configure FC Domain IDs in VSAN 10.MDS1should be using a static ID of 34 andMDS2should

prefer to use an ID of 0x34, but can use a different one when this is already taken

2. EnsureMDS1is the principal switch in VSAN 10

3. Domain IDs for new switches should be handed out in a sequential order

4. Disruptive restarts from other switches should not affectMDS1

5. Ensure the J1D1disk in VSAN 10gets assigned an FCID in the range of 0x222200to

0x2222FF

6.MDS2should be assigning Domain IDs to other switches in the fabric for VSAN 20.MDS2

should use a range of 0xB0to 0xCE.


52/84



7.MDS1should prefer a Domain ID of 214 in VSAN 20

8. Ensure that VSAN 30is prepared for fast-restart

Task 5: Fibre Channel Securit

Documents

IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf