Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Authored by: Rick Mur - CCIE3 #21946 (R&S / SP / Storage), JNCIE-SP #851
IPexperts
Lab
Preparation
Workbook
for
Ciscos
CCIE
Data
Center
Lab
Before
We
Begin
This
product
is
part
of
the
IPexpert
suite
of
materials
that
provide
CCIE
candidates
and
network
engineers
with
a
comprehensive
training
program.
For
information
about
the
full
solution,
contact
an
IPexpert
Training
Advisor
today.
Telephone:
+1.810.326.1444
Email:
sales@ipexpert.com
Congratulations!
You
now
possess
one
of
the
ULTIMATE
CCIETM
Lab
preparation
and
network
operation
resources
available
today!
This
resource
was
produced
by
senior
engineers,
technical
instructors,
and
author
boasting
decades
of
internetworking
experience.
Although
there
is
no
way
to
100%
guarantee
success
rate
on
the
CCIE
Data
Center
Lab
exam,
we
feel
VERY
confident
that
your
chances
of
passing
the
Lab
will
improve
dramatically
after
completing
this
industry-recognized
Workbook!
Technical
Support
from
IPexpert,
and
your
CCIE
community!
IPexpert
is
proud
to
lead
the
industry
with
multiple
support
options
at
your
disposal
free
of
charge.
Our
online
communities
have
attracted
a
membership
of
over
20,000
of
your
peers
from
around
the
world!
At
blog.ipexpert.com,
you
can
keep
up
to
date
with
everything
IPexpert
does
and
read
the
latest
in
technical
articles
from
world-renowned
IPexpert
instructors.
At
OnlineStudyList.com,
you
may
subscribe
to
multiple
SPAM-free,
moderated
CCIE-focused
email
lists.
Feedback
Do
you
have
a
suggestion
or
other
feedback
regarding
this
book
or
other
IPexpert
products?
At
IPexpert,
we
look
to
you
our
valued
clients
for
the
real
world,
frontline
evaluation
that
we
believe
is
necessary
so
that
we
may
always
improve.
Please
send
an
email
with
your
thoughts
to
feedback@ipexpert.com
or
call
1.866.225.8064
(international
callers
dial
+1.810.326.1444).
In
addition,
for
those
using
this
book
as
CCIETM
preparation,
when
you
pass
the
CCIETM
Lab
exam,
we
want
to
hear
about
it!
Email
your
CCIETM
number
to
success@ipexpert.com
and
let
us
know
how
IPexpert
helped
you
succeed.
We
would
like
to
send
you
a
gift
of
thanks
and
congratulations.
This
is
a
legally
binding
agreement
between
you
and
IPEXPERT,
the
Licensor,
from
whom
you
have
licensed
the
IPEXPERT
training
materials
(the
Training
Materials).
By
using
the
Training
Materials,
you
agree
to
be
bound
by
the
terms
of
this
License,
except
to
the
extent
these
terms
have
been
modified
by
a
written
agreement
(the
Governing
Agreement)
signed
by
you
(or
the
party
that
has
licensed
the
Training
Materials
for
your
use)
and
an
executive
officer
of
Licensor.
If
you
do
not
agree
to
the
License
terms,
the
Licensor
is
unwilling
to
license
the
Training
Materials
to
you.
In
this
event,
you
may
not
use
the
Training
Materials,
and
you
should
promptly
contact
the
Licensor
for
return
instructions.
The
Training
Materials
shall
be
used
by
only
ONE
(1)
INDIVIDUAL
who
shall
be
the
sole
individual
authorized
to
use
the
Training
Materials
throughout
the
term
of
this
License.
Exclusions
of
Warranties
THE
TRAINING
MATERIALS
AND
DOCUMENTATION
ARE
PROVIDED
AS
IS.
LICENSOR
HEREBY
DISCLAIMS
ALL
OTHER
WARRANTIES,
EXPRESS,
IMPLIED,
OR
STATUTORY,
INCLUDING
WITHOUT
LIMITATION,
THE
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
AND
FITNESS
FOR
A
PARTICULAR
PURPOSE.
SOME
STATES
DO
NOT
ALLOW
THE
LIMITATION
OF
INCIDENTAL
DAMAGES
OR
LIMITATIONS
ON
HOW
LONG
AN
IMPLIED
WARRANTY
LASTS,
SO
THE
ABOVE
LIMITATIONS
OR
EXCLUSIONS
MAY
NOT
APPLY
TO
YOU.
This
agreement
gives
you
specific
legal
rights,
and
you
may
have
other
rights
that
vary
from
state
to
state.
Choice
of
Law
and
Jurisdiction
This
Agreement
shall
be
governed
by
and
construed
in
accordance
with
the
laws
of
the
State
of
Michigan,
without
reference
to
any
conflict
of
law
principles.
You
agree
that
any
litigation
or
other
proceeding
between
you
and
Licensor
in
connection
with
the
Training
Materials
shall
be
brought
in
the
Michigan
state
or
courts
located
in
Port
Huron,
Michigan,
and
you
consent
to
the
jurisdiction
of
such
courts
to
decide
the
matter.
The
parties
agree
that
the
United
Nations
Convention
on
Contracts
for
the
International
Sale
of
Goods
shall
not
apply
to
this
License.
If
any
provision
of
this
Agreement
is
held
invalid,
the
remainder
of
this
License
shall
continue
in
full
force
and
effect.
Entire
Agreement
This
is
the
entire
agreement
between
the
parties
and
may
not
be
modified
except
in
writing
signed
by
both
parties.
Contents
IPexperts
.....................................................................................................................................................
1
Lab
Preparation
Workbook
for
Ciscos
CCIE
Data
Center
Lab
.................................................................
1
Before
We
Begin
......................................................................................................................................
1
Feedback
.................................................................................................................................................
2
Additional
CCIETM
Preparation
Material
..................................................................................................
2
Issues
with
this
Book
...............................................................................................................................
2
IPEXPERT
END-USER
LICENSE
AGREEMENT
.............................................................................................
3
Copyright
and
Proprietary
Rights
............................................................................................................
3
Exclusions
of
Warranties
.........................................................................................................................
4
Choice
of
Law
and
Jurisdiction
................................................................................................................
4
Limitation
of
Claims
and
Liability
............................................................................................................
4
Entire
Agreement
....................................................................................................................................
5
U.S.
Government
-
Restricted
Rights
.......................................................................................................
5
Default
Lab
Topology
............................................................................................................................
10
Default
passwords
and
IP
addresses
.....................................................................................................
10
Chapter
1:
Introduction
to
CCIE
Data
Center
.............................................................................................
11
Who
Should
Read
this
Book?
................................................................................................................
12
How
to
Use
this
Book
............................................................................................................................
12
An
Introduction
to
CCIE
Data
Center
.....................................................................................................
12
Availability
.............................................................................................................................................
13
Written
exam
........................................................................................................................................
13
The
current
published
reading
list:
.......................................................................................................
13
Lab
exam
...............................................................................................................................................
14
Software
Versions
.................................................................................................................................
14
CCIE
Storage?
........................................................................................................................................
14
What
about
P
and
A
tracks?
..................................................................................................................
14
Troubleshooting
....................................................................................................................................
14
An
Introduction
to
the
Proctor
Labs
CCIE
Data
Center
hardware
rack
.................................................
15
Software
Versions
.................................................................................................................................
17
Chapter
2:
Data
Center
Networking
Layer
2
Infrastructure
......................................................................
19
(NX-OS)
......................................................................................................................................................
19
General
Rules
........................................................................................................................................
20
Pre-setup
...............................................................................................................................................
20
Topology
................................................................................................................................................
20
Configuration
tasks
................................................................................................................................
21
Task
1:
General
set-up
.......................................................................................................................
21
Task
2:
Implement
VLANs
..................................................................................................................
21
Task
3:
Implement
Private-VLANs
.....................................................................................................
22
Task
4:
Implement
Rapid
Spanning-Tree
protocol
............................................................................
23
Task
5:
Implement
Multiple
Spanning-Tree
protocol
........................................................................
24
Task
6:
Spanning-Tree
and
UDLD
features
........................................................................................
25
Task
7:
Fabric
Extenders
....................................................................................................................
25
Task
8:
Misc
features
.........................................................................................................................
26
Chapter
3:
Data
Center
Networking
Layer
3
Infrastructure
(NX-OS)
.........................................................
27
General
Rules
........................................................................................................................................
28
Pre-setup
...............................................................................................................................................
28
Copyright by IPexpert. All rights reserved.
Drawing
1:
Physical
Topology
Routing
..................................................................................................
29
Drawing
2:
Logical
Routing
Topology
....................................................................................................
29
...............................................................................................................................................................
29
Configuration
tasks
................................................................................................................................
30
Task
1:
Layer
3
topology
set-up
.........................................................................................................
30
Task
2:
Static
routing
.........................................................................................................................
30
Task
3:
EIGRP
.....................................................................................................................................
30
Task
4:
OSPF
.......................................................................................................................................
31
Task
5:
Redistribution,
BFD
and
ECMP
..............................................................................................
32
Task
6:
Layer
3
switching
features
.....................................................................................................
32
Drawing
3:
FabricPath
/
OTV
Topology
.................................................................................................
33
Task
7:
FabricPath
and
OTV
...............................................................................................................
33
Chapter
4:
Data
Center
Networking
High
Availability
(NX-OS)
..................................................................
35
General
Rules
........................................................................................................................................
36
Pre-setup
...............................................................................................................................................
36
Drawing
1:
Physical
Topology
................................................................................................................
37
Drawing
2:
Logical
Topology
..................................................................................................................
38
Configuration
tasks
................................................................................................................................
39
Task
1:
Topology
set-up
.....................................................................................................................
39
Task
2:
Port-Channels
........................................................................................................................
39
Task
3:
Virtual
Port-channels
(vPCs)
..................................................................................................
40
Task
4:
Graceful
Restart
/
Non-Stop
Forwarding
...............................................................................
41
Task
5:
HSRP
......................................................................................................................................
41
Task
6:
VRRP
......................................................................................................................................
42
Task
7:
GLBP
......................................................................................................................................
43
...........................................................................................................................................................
44
Task
8:
Virtual
Port-Channels
(vPCs)
and
FabricPath
.........................................................................
44
Chapter
5:
Data
Center
Storage
Networking
.............................................................................................
45
General
Rules
........................................................................................................................................
46
Pre-setup
...............................................................................................................................................
46
Drawing
1:
Physical
Topology
................................................................................................................
47
...............................................................................................................................................................
47
Configuration
tasks
................................................................................................................................
48
Task
1:
Initial
set-up
...........................................................................................................................
48
Task
2:
VSANs
....................................................................................................................................
49
Task
3:
Zoning
....................................................................................................................................
50
Task
4:
FC
Domain
.............................................................................................................................
51
Task
5:
Fibre
Channel
Security
Features
............................................................................................
52
Task
6:
Advanced
Features
................................................................................................................
53
Chapter
6:
Data
Center
Storage
Networking
Extension
............................................................................
54
General
Rules
........................................................................................................................................
55
Pre-setup
...............................................................................................................................................
56
Drawing
1:
Physical
Topology
................................................................................................................
56
Drawing
2:
Logical
Topology
..................................................................................................................
57
...............................................................................................................................................................
57
Configuration
tasks
................................................................................................................................
58
Task
1:
Initial
set-up
...........................................................................................................................
58
Task
2:
FCIP
........................................................................................................................................
58
Copyright by IPexpert. All rights reserved.
Task
3:
FCIP
Security
..........................................................................................................................
59
Task
4:
SAN
Extension
Tuner
.............................................................................................................
59
Task
5:
iSCSI
.......................................................................................................................................
59
Task
6:
iSLB
........................................................................................................................................
60
Chapter
7:
Data
Center
Unified
Fabric
.......................................................................................................
62
General
Rules
........................................................................................................................................
63
Pre-setup
...........................................................................................................................................
64
Drawing
1:
Physical
Topology
................................................................................................................
64
Drawing
2:
Logical
Topology
VSAN
20
...................................................................................................
65
Configuration
tasks
................................................................................................................................
66
Task
1:
Native
Fibre
Channel
on
Nexus
.............................................................................................
66
Task
2:
Fibre
Channel
over
Ethernet
(FCoE)
......................................................................................
66
Task
3:
Multi
hop
FCoE
......................................................................................................................
67
Task
4:
FCoE
Quality
of
Service
(QoS)
................................................................................................
67
Drawing
3:
NPV
topology
......................................................................................................................
68
Task
5:
N-Port
Virtualization
(NPV)
and
N-Port
ID
Virtualization
(NPIV)
...............................................
68
Task
6:
FCoE
NPV
...............................................................................................................................
69
Chapter
8:
Security
Features
.....................................................................................................................
70
General
Rules
........................................................................................................................................
71
Pre-setup
...............................................................................................................................................
71
Drawing
1:
Physical
Topology
................................................................................................................
71
Drawing
2:
Logical
Topology
..................................................................................................................
72
...............................................................................................................................................................
72
Configuration
tasks
................................................................................................................................
73
Task
1:
Port
Security
..........................................................................................................................
73
Task
2:
DHCP
Snooping,
DAI,
IP
Source
Guard
...................................................................................
74
Task
3:
Access
Control
Lists
...............................................................................................................
74
Task
4:
AAA
services
..........................................................................................................................
75
Task
5:
802.1X
....................................................................................................................................
76
Task
6:
Cisco
TrustSec
........................................................................................................................
77
Chapter
9:
Management
Features
.............................................................................................................
78
General
Rules
........................................................................................................................................
79
Pre-setup
...............................................................................................................................................
79
Drawing
1:
Physical
Topology
................................................................................................................
79
Drawing
2:
Logical
Topology
..................................................................................................................
80
...............................................................................................................................................................
80
Configuration
tasks
................................................................................................................................
81
Task
1:
Role
Based
Access
Control
(RBAC)
.........................................................................................
81
Task
2:
Traffic
monitoring
..................................................................................................................
82
Task
3:
NetFlow
.................................................................................................................................
82
Task
4:
Management
protocols
.........................................................................................................
82
Task
5:
Device
management
..............................................................................................................
83
Task
6:
Smart
Call
Home
and
GOLD
...................................................................................................
84
Chapter
10:
Data
Center
Unified
Computing
Networking
.........................................................................
85
General
Rules
........................................................................................................................................
86
Pre-setup
...............................................................................................................................................
87
Drawing
1:
Physical
Topology
................................................................................................................
87
Configuration
tasks
................................................................................................................................
88
Copyright by IPexpert. All rights reserved.
Task
1:
Initial
set-up
...........................................................................................................................
88
Task
2:
VLANs
.....................................................................................................................................
88
Task
3:
vNIC
templates
......................................................................................................................
88
Task
4:
Policies
and
pin
groups
..........................................................................................................
89
Task
5:
Quality
of
Service
...................................................................................................................
89
Task
6:
Disjoint
Layer
2
......................................................................................................................
90
Task
7:
Switch
mode
..........................................................................................................................
90
Chapter
11:
Data
Center
Unified
Computing
Storage
...............................................................................
91
General
Rules
.....................................................................................................................................
92
Pre-setup
...........................................................................................................................................
93
Drawing
1:
Physical
Topology
............................................................................................................
93
Configuration
tasks
............................................................................................................................
94
Task
1:
Initial
set-up
..............................................................................................................................
94
Task
2:
VSANs
........................................................................................................................................
94
Task
3:
Fibre
Channel
Trunks
and
Port
Channels
..................................................................................
95
Task
4:
Pools
..........................................................................................................................................
95
Task
5:
vHBA
templates
.........................................................................................................................
95
Task
6:
SAN
Pinning
and
Storage
Policies
..............................................................................................
96
Task
7:
Fibre
Channel
Boot
policies
.......................................................................................................
96
Task
8:
iSCSI
Boot
policies
.....................................................................................................................
97
Task
9:
Local
Disk
policies
......................................................................................................................
97
Chapter
12:
Data
Center
Unified
Computing
Servers
and
Blades
..............................................................
98
General
Rules
.....................................................................................................................................
99
Pre-setup
.........................................................................................................................................
100
Drawing
1:
Physical
Topology
..........................................................................................................
100
Configuration
tasks
..............................................................................................................................
101
Task
1:
Server
pools
.............................................................................................................................
101
Task
2:
UUID
pools
..............................................................................................................................
101
Task
3:
Management
IP
addresses
......................................................................................................
101
Task
4:
Server
policies
.........................................................................................................................
102
Task
5:
Service
Profile
Templates
........................................................................................................
102
Task
6:
Service
Profiles
........................................................................................................................
103
10
Chapter
1:
Introduction
to
CCIE
Data
Center
Chapter
1:
Introduction
to
CCIE
Data
Center
introduces
the
team
of
authors,
consultants,
and
editors
that
completed
this
book
and
describes
the
books
purpose.
This
chapter
also
provides
suggestions
for
the
usage
of
this
written
work.
11
12
The
scope
of
the
exam
is
pretty
much
based
on
the
usual
suspects,
so
in
summary
you
should
be
aware
of
the:
Availability
The
live
exam
is
available
from
September
1st.
Currently
there
are
no
dates
when
the
lab
is
available.
Written
exam
The
written
exam
has
an
extensive
blueprint
published
to
Cisco
Learning
Network
(CLN)
including
a
reading
list.
13
Please find the extensive blueprint published by Cisco on the bottom of this blog post.
Lab
exam
There
is
not
much
information
available
regarding
the
lab
exam.
Availability
is
not
mentioned.
There
is
however
information
regarding
the
hardware
list
and
this
is
an
immense
list
of
expensive
hardware
you
require:
Software
Versions
CCIE
Storage?
There
are
currently
no
plans
for
replacing
CCIE
Storage
for
CCIE
Datacenter.
Because
of
this,
there
will
not
be
a
large
focus
on
MDS/FC
configuration
as
there
is
another
track
for
that.
Troubleshooting
Troubleshooting
will
be
a
big
part
of
the
exam,
which
is
also
pretty
clear
in
the
blueprint.
There
is
no
confirmation
yet
how
this
will
be
introduced,
either
using
tickets
in
the
CCIE
R&S
or
just
by
pre-
configuration
on
the
lab.
I
can
imagine
that
they
pre-configured
a
broken
Nexus
1000V
on
an
ESX
installation
on
one
of
the
JBODs.
More
information
on
how
this
troubleshooting
is
done
will
be
available
during
other
Q&A
sessions.
The
implication
is
that
it
might
be
trouble
tickets
like
the
CCIE
R&S.
14
The
Nexus
7000
will
be
configured
with
VDC's
to
simulate
various
different
topologies
and
create
multiple
'core
switch'
layers
within
the
network.
Nexus
5548
will
be
used
as
a
'distribution'
layer
within
the
datacenter
network.
The
Nexus
2k's
can
be
configured
as
FEX
for
the
Nexus
7000;
Nexus
5000
and
the
Fabric
Interconnects
of
the
UCS
system
to
connect
the
UCS
C-series
rack
mount
servers.
The
VDC's
are
a
major
component
in
the
network
as
the
number
of
devices
is
limited
and
the
connectivity
is
very
much
based
on
a
best
practice
design.
The
below
drawing
illustrates
an
example
topology
from
our
new
CCIE
Data
Center
lab
preparation
workbook
which
is
currently
under
development.
All
these
interconnections
and
switches
are
based
within
a
single
physical
chassis
with
complete
separation
of
the
control
and
data
plane
protocols!
15
The
MDS
switches
used
in
the
lab
are
capable
of
a
ton
of
features.
The
blueprint
however
only
describes
certain
fibre-channel
features
which
are
considered
'basic'
features
like
zoning,
VSANs,
oversubscription
and
ISLs.
The
other
major
topic
on
the
blueprint
is
Fibre
Channel
Expansion
over
FCIP
and
iSCSI.
These
features
are
the
IP
features
supported
by
the
MDS
platform.
The
1G
Ethernet
connections
are
connected
to
the
Nexus
switches
for
testing
the
expansion
features.
Through
that
connection
it's
possible
to
connect
the
MDS
switches
across
another
connection
than
Fibre
Channel.
As
the
CCIE
Storage
track
is
not
being
replaced
by
the
CCIE
Data
Center
the
focus
on
Storage
Networking
(SAN)
features
is
not
that
big.
The
major
topics
are
more
in
the
features
that
aren't
tested
in
any
other
CCIE
track.
The
JBODs
mentioned
in
this
list
represent
just
plain
simple
hard-disks
that
are
connected
via
Fibre
Channel.
They
are
used
later
as
shared
storage
for
the
UCS
system.
The
third
major
component
within
the
hardware
blueprint
is
the
Unified
Computing
System
(UCS).
16
This
is
based
on
the
C-series
rackmount
servers,
connected
to
the
Fabric
Interconnects
so
the
C-series
can
also
be
managed
from
the
central
UCS
manager
the
same
as
the
Blade
chassis
is
managed.
The
blades
are
equipped
with
different
NICs.
This
also
means
a
little
different
configuration.
The
VIC
cards
are
the
most
interesting
ones
as
they
can
virtualize
NICs
to
present
to
the
OS.
Ones
inside
the
blades
there
is
a
pre-installed
VMware
ESX(i)
environment
with
a
Nexus
1000v
distributed
virtual
switch.
As
this
is
a
Cisco
lab
exam,
you
are
not
required
to
know
anything
about
VMware.
Of
course
you
will
need
to
be
able
to
install
this
environment
in
your
possible
own
lab,
but
when
you
step
into
the
lab
you
will
face
a
pre-installed
VMware
and
1000V.
After
that,
the
switch
is
not
configured
and
you
are
required
to
configure
it.
The
final
topic
on
the
blueprint
is
called
ANS
(Application
Networking
Services).
This
means
an
ACE
appliance
is
in
your
lab
that
you
will
need
to
configure.
There
is
not
much
very
interesting
going
on
there
and
you
will
not
see
a
lot
of
points
on
that
appliance.
You
will
need
to
know
the
topics
as
described
on
the
lab
blueprint
and
our
workbook
will
focus
a
whole
section
on
these
specific
topics.
The
last
components
are
used
for
management.
You
will
not
be
configuring
these
devices,
but
just
using
them
from
your
student
workstation
to
access
the
network.
What
is
not
mentioned
on
the
hardware
blueprint
list
is
that
you
will
also
need
to
be
able
to
configure
(or
set-up)
the
DCNM
software
as
is
being
given
by
Cisco
when
you
purchase
enough
Nexus
equipment.
Again
this
is
not
extremely
difficult,
but
you
need
to
be
aware
of
the
basic
configuration
items
related
to
this
software.
Software Versions
17
Above
you'll
find
a
reference
overview
of
the
used
software
versions.
The
exact
versions
are
still
unknown
where
we
might
be
using
newer
software
versions
as
our
IPexpert
lab
will
be
using
quite
new
hardware
for
virtualization
purposes.
Within
the
Nexus
7000
we
will
be
using
the
new
Supervisor
2E,
meaning
that
we
are
able
to
build
8
VDC's
and
1
management
VDC
meaning
we
have
enough
flexibility
for
some
challenging
topologies!
The
next
chapter
of
this
workbook,
Chapter
2:
Data
Center
Networking
Layer
2
Infrastructure
(NX-OS)
begins
with
the
initial
topic
on
the
CCIE
Data
Center
Blueprint
regarding
layer
2
switching,
VLANs,
Private-VLANs,
Spanning-Tree
and
other
layer
2
features
on
the
NX-OS
platform.
18
Chapter
2:
Data
Center
Networking
Layer
2
Infrastructure
(NX-OS)
Chapter
2:
Data
Center
Networking
Layer
2
Infrastructure
(NX-OS)
is
intended
to
let
you
be
familiar
with
the
NX-OS
CLI
on
the
Nexus
switches
and
afterwards
configure
Layer
2
Ethernet
features
on
the
physical
Nexus
switches
within
the
topology
as
shown
at
the
beginning
of
this
workbook.
We
highly
recommend
to
create
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
Our
devices
start
with
a
blank
configuration,
which
will
not
be
the
case
when
you
are
in
the
real
lab.
Then
devices
are
staged
with
configuration
containing
usernames/passwords,
management
IP
addressing,
core
IP
addressing
and
(possible)
errors.
19
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
3 hours
Pre-setup
Connect to the Nexus 7000 switch and Nexus 5000 switches within the topology
This
lab
is
intended
to
be
used
with
online
rack
access
provided
by
our
partner
Proctorlabs
(www.proctorlabs.com).
Connect
to
the
terminal
server
and
complete
the
configuration
tasks
as
detailed
below.
Topology
20
Configuration
tasks
Task
1:
General
set-up
1. Erase
the
configuration
from
all
3
switches
and
reboot
and
2. Configure
the
default
parameters
as
mentioned
in
in
the
Generic
Lab
Topology
3. Configure
the
Nexus
7000
switch
with
a
hostname
of
SW1-1
and
the
Nexus
5500
switches
with
hostnames
of
SW2
and
SW3
4. Ensure
the
switches
will
not
perform
any
DNS
lookups
5. Configure
ipexpert.com
as
the
DNS
domain
name
6. Ensure
that
both
encrypted
and
unencrypted
management
connections
are
allowed
7. Save
the
configuration
using
the
wr
command
8. On
SW1-1
configure
a
message,
containing
the
hostname
and
warning
unauthorized
users,
that
is
shown
each
time
a
user
logs
in
9. Use
the
serial
number
of
SW1-1
as
the
ID
which
is
used
to
advertise
the
switch
using
CDP
10. Ensure
only
CDP
version
2
packets
are
sent
from
SW1-1
11. Disable
CDP
on
the
management
ethernet
interface
12. Ensure
a
log
message
is
generated
when
more
than
999
packets
per
second
are
sent
or
received
on
the
management
ethernet
interface
Task
2:
Implement
VLANs
1. Configure
all
inter-switch
links
as
described
by
the
topology
drawing
at
the
beginning
of
this
chapter
to
be
in
layer
2
trunk
mode
allowing
VLANs
100
up
to
499
2. After
specifying
the
allowed
range,
remove
VLAN
333
from
this
range
with
a
single
command,
without
specifying
the
previous
range
(or
parts
of
it)
again
3. Configure
all
switches
to
be
in
VTP
domain
IPexpert
4. Ensure
VLANs
are
removed
from
switches
that
have
no
active
hosts
in
that
VLAN,
except
for
VLAN
101.
This
VLAN
101
should
always
be
active
on
the
switch
not
depending
on
this
configuration
task
5. Enable
the
latest
version
of
VTP
6. Store
the
VTP
database
configuration
with
filename
ipexpert.dat
Copyright by IPexpert. All rights reserved.
21
7. Ensure
SW2
and
SW3
will
have
new
VLANs
being
pushed
by
SW1-1
and
are
not
able
to
create
new
VLANs
by
themselves
8. Secure
the
VTP
protocol
with
a
password
of
ipexpert
9. Create
VLANs
101,
102,
103
and
104
and
ensure
they
are
visible
on
all
switches
10. Assign
names
to
all
VLANs
by
format
of
IPexpertVLAN#
where
#
is
the
VLAN
number
11. Configure
SW1-1
so
the
following
output
is
matched
12. (Ports
section
should
show
all
active
trunks):
SW1-1(config)# sh ip igmp snooping
IGMP Snooping information for vlan
IGMP Snooping information for vlan
IGMP Snooping information for vlan
IGMP Snooping information for vlan
IGMP Snooping information for vlan
IGMP Snooping information for vlan
IGMP Snooping information for vlan
IGMP Snooping information for vlan
IGMP Snooping information for vlan
IGMP Snooping information for vlan
SW1-1(config)# sh vlan brief
| in vlan
1
101
102
103
104
105
1002
1003
1004
1005
VLAN Name
---- -----------------------------------1
default
101 VLAN0101
102 VLAN0102
103 VLAN0103
104 VLAN0104
1002 fddi-default
1003 token-ring-default
1004 fddinet-default
1005 trnet-default
Status
Ports
--------- -------------------------active
active
active
active
active
suspended
suspended
suspended
suspended
SW1-1(config)#
22
2. Ensure
that
hosts
in
VLAN
201
are
not
able
to
communicate
with
each
other,
but
only
to
the
firewall
connected
to
Ethernet3/19
3. Configure
ports
Ethernet3/20
and
Ethernet3/21
in
VLAN
201
4. Hosts
in
VLAN
202
and
203
are
able
to
communicate
to
each
other
in
the
VLAN
and
to
the
firewall,
but
not
to
hosts
in
the
other
VLAN
(202
cant
communicate
with
203
and
vice
versa)
5. Configure
ports
Ethernet3/22
and
Ethernet3/23
in
VLAN202.
Configure
ports
Ethernet3/24
and
Ethernet3/25
in
VLAN203
6. DMZ
servers
in
VLAN
204
need
to
be
secured.
They
are
not
allowed
to
communicate
to
each
other,
but
they
can
communicate
with
the
rest
of
the
IP
network
by
reaching
a
default
gateway
configured
on
SW1-1
with
IP
address
10.1.10.254/24
7. Hosts
connected
in
VLAN
204
are
connected
on
SW2.
Configure
the
first
trunk
connection
for
this
use.
Configure
Ethernet
1/21,
1/22
and
1/23
in
VLAN205
on
SW2
and
ensure
they
are
able
to
reach
the
default
gateway
to
the
network.
Hosts
are
not
allowed
to
communicate
to
each
other.
8. Other
hosts
of
VLAN
201
and
202
are
also
connected
to
SW2.
Use
the
second
trunk
connection
between
SW1
and
SW2
for
this
use.
The
hosts
of
VLAN201
are
connected
to
ports
Ethernet
1/24
and
1/25.
The
host
of
VLAN
202
is
connected
to
Ethernet
1/26
Task
4:
Implement
Rapid
Spanning-Tree
protocol
1. Ensure
non-core-facing
interfaces
on
SW2
and
SW3
are
not
generating
any
spanning-tree
topology
changes
2. Configure
SW2
to
be
the
root
bridge
for
VLAN
101
and
SW3
to
be
the
backup
root
bridge
3. Ensure
all
switches
are
using
optimal
spanning-tree
timers
for
the
size
of
the
layer
2
network
to
optimize
network
convergence.
Do
not
configure
timer
values
to
complete
this
task.
4. Configure
SW1
to
be
the
root
bridge
for
VLAN
102
5. Ensure
that
new
bridges
with
a
default
spanning-tree
configuration
will
never
be
elected
as
a
root
bridge
in
VLAN
102
when
SW1
fails
6. When
traffic
steering
is
necessary,
you
are
required
to
use
values
higher
than
100,000
7. Configure
the
network
in
such
a
way
that
SW1
is
using
SW3
as
the
best
path
towards
the
root
bridge
of
the
network
in
VLAN
101
8. Ensure
that
the
last
interface
(fourth
link)
between
all
switches
is
used
as
primary
23
9. Configure
spanning-tree
of
VLAN
103
to
converge
in
the
shortest
time
possible
10. Configure
all
inter-switch-links
to
utilize
IEEE
802.1w
Rapid
Connectivity
11. Remove
all
spanning-tree
related
configuration
from
interfaces
and
global
configuration
on
all
switches
before
continuing
with
the
next
task
Task
5:
Implement
Multiple
Spanning-Tree
protocol
1. Configure
SW1,
SW2
and
SW3
to
run
the
IEEE
802.1s
protocol
2. Configure
the
following
parameters
on
SW1
3. MST
name
of
IPexpert
4. MST
configuration
number
of
5
5. Map
VLAN
10
through
99
to
instance
1
6. Map
VLAN
100
through
199
to
instance
2
7. Map
VLAN
800
through
1299
to
instance
3
8. Ensure
MST
is
functioning
properly
on
all
switches
9. Assume
Private
VLANs
are
in
use.
Ensure
that
all
secondary
VLANs
are
in
the
same
MSTI
as
their
associated
primary
VLAN
10. Configure
SW2
to
be
the
root
bridge
for
instance
1
by
configuring
the
lowest
possible
value
11. Try
making
SW3
the
primary
root
bridge
for
instance
1
using
the
dedicated
command
for
this.
What
happens?
12. Make
SW3
the
backup
root
bridge
for
instance
1.
You
are
allowed
to
configure
other
switches,
but
not
SW3.
13. Ensure
all
switches
are
using
optimal
spanning-tree
timers
for
the
size
of
the
layer
2
network
to
optimize
network
convergence.
14. When
traffic
steering
is
necessary,
you
are
required
to
use
values
higher
than
100,000
15. Configure
the
network
in
such
a
way
that
SW1
is
using
SW3
as
the
best
path
towards
the
root
bridge
of
the
network
in
instance
2
16. Ensure
that
all
instances
use
a
different
interface
between
the
switches
to
ensure
load
balancing
between
instances.
Meaning
instance
0
uses
interface
1,
etc.
24
17. Ensure
BPDUs
are
discarded
when
the
network
is
larger
than
10
hops
18. Assume
a
switch
with
an
old
version
of
software
is
connected
to
Ethernet
1/16
on
SW2.
Configure
this
interface
to
pro-actively
send
pre-standard
MST
messages
Task
6:
Spanning-Tree
and
UDLD
features
1. Configure
SW3
so
that
all
ports,
when
not
configured
individually,
are
seen
as
network
edge
ports
2. Configure
Ethernet
1/10
on
SW3
so
the
port
is
put
in
error-disabled
state
when
spanning-tree
packets
are
received
3. Configure
Ethernet1/11
on
SW3
so
the
port
will
never
process
spanning-tree
protocol
data
units,
but
will
allow
other
layer
2
frames
4. Ensure
that
Ethernet
1/10
on
SW2
will
also
never
process
spanning-tree
protocol
packets,
but
you
are
not
allowed
to
configure
the
command
required
for
this
directly
under
the
interface
5. Ensure
Ethernet
1/11
on
SW2
will
never
become
a
root
port
on
the
switch
6. Ethernet1/12
on
SW2
should
never
become
the
designated
port
of
the
LAN
segment
7. Assume
the
network
is
running
MST
and
Ethernet
1/13
on
SW3
is
connected
to
a
Rapid-PVST+
network.
Ensure
that
this
port
will
fail
to
interoperate
with
this
other
kind
spanning-tree
protocol
for
security
reasons.
8. Use
a
Cisco-proprietary
protocol
which
allows
devices
that
are
connected
through
fiber
or
copper
cables
to
monitor
the
physical
configuration
of
the
cables
and
detect
when
a
unidirectional
link
exists
on
Ethernet
1/12
on
SW3
9. Use
a
method
on
Ethernet
1/12
on
SW3
which
disables
one
of
the
ports
on
the
link,
which
prevents
traffic
from
being
discarded.
Task
7:
Fabric
Extenders
1. Use
SW2
and
FEX1
for
these
tasks
2. Name
the
fabric
extender
as
IPexpert Fabric Extender 1
3. Ensure
the
LED
on
the
FEX
starts
blinking
for
easier
locating
the
FEX
in
a
rack
4. Ensure
the
output
of
the
following
show
command
is
matched
on
SW2:
Copyright by IPexpert. All rights reserved.
25
SW2# show interface port-channel 4 fex-intf
Fabric
FEX
Interface
Interfaces
--------------------------------------------------Po4
Eth101/1/48
Eth101/1/47
Eth101/1/46
Eth101/1/44
Eth101/1/43
Eth101/1/42
Eth101/1/40
Eth101/1/39
Eth101/1/38
Eth101/1/36
Eth101/1/35
Eth101/1/34
Eth101/1/32
Eth101/1/31
Eth101/1/30
Eth101/1/28
Eth101/1/27
Eth101/1/26
Eth101/1/24
Eth101/1/23
Eth101/1/22
Eth101/1/20
Eth101/1/19
Eth101/1/18
Eth101/1/16
Eth101/1/15
Eth101/1/14
Eth101/1/12
Eth101/1/11
Eth101/1/10
Eth101/1/8
Eth101/1/7
Eth101/1/6
Eth101/1/4
Eth101/1/3
Eth101/1/2
Eth101/1/45
Eth101/1/41
Eth101/1/37
Eth101/1/33
Eth101/1/29
Eth101/1/25
Eth101/1/21
Eth101/1/17
Eth101/1/13
Eth101/1/9
Eth101/1/5
Eth101/1/1
26
Chapter
3:
Data
Center
Networking
Layer
3
Infrastructure
(NX-
OS)
Chapter
3:
Data
Center
Networking
Layer
3
Infrastructure
is
intended
to
let
you
be
familiar
with
the
NX-OS
Layer
3
features
on
the
Nexus
platforms
to
create
a
basic
routed
network.
The
second
part
of
this
chapter
consists
of
Data
Center
extension
and
Layer
2
routing
features.
We
highly
recommend
to
create
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
The
lab
is
divided
in
two
pieces.
During
the
first
tasks
you
will
be
configuring
a
dynamically
routed
layer
3
network
using
EIGRP
and
OSPF
protocols.
The
second
part
of
this
chapter
is
based
on
the
Cisco
proprietary
technologies
FabricPath
and
OTV.
Multiple
topology
drawings
are
available
for
this
chapter.
Copyright by IPexpert. All rights reserved.
27
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
3 hours
Pre-setup
Connect to the Nexus 7000 switch and Nexus 5000 switches within the topology
Load
the
initial
configuration
of
Chapter
2
on
the
Nexus
7000
switch
to
stage
the
Virtual
Device
Contexts
needed
for
this
lab
When
starting
the
second
part
of
this
lab
for
configuring
Fabric
Path
and
OTV
the
second
set
of
initial
configuration
should
be
loaded
on
the
Nexus
7000
to
create
a
different
topology
with
Virtual
Device
Contexts
This
lab
is
intended
to
be
used
with
online
rack
access
provided
by
our
partner
Proctor
Labs
(www.proctorlabs.com).
Connect
to
the
terminal
server
and
complete
the
configuration
tasks
as
detailed
below
28
29
Configuration
tasks
Task
1:
Layer
3
topology
set-up
Configure
the
Nexus
5500
switches
with
hostnames
of
SW2
and
SW3.
The
Nexus
7000
VDCs
should
already
have
hostnames
through
the
loading
of
the
initial
configuration.
Use
switchto
vdc
and
switchback
to
move
between
different
switches
on
the
Nexus
7000.
Configure all switches so they can all carry the layer 2 VLANs as described in drawing 1
Ensure SW1-3 can ping the loopback address of SW1-4 from its own loopback address
SW1-1
should
be
able
to
ping
the
loopback
address
of
SW1-2
and
vice
versa
without
using
the
directly
connected
link
between
those
switches,
but
should
use
the
path
over
SW1-3
and
SW1-4
for
this
Configure
SW1-2
to
be
a
blackhole
for
the
192.0.1.0/24
prefix.
Give
this
entry
a
tag
of
666 and
an
increased
preference
of +1
Ensure that all layer 3 interfaces on SW1-2 do not send out any unreachable messages
Remove
all
static
routes
before
continuing
with
the
next
tasks
Task 3: EIGRP
Ensure
Loopbacks
are
reachable
and
dynamically
advertised.
Ensure
that
there
are
no
attempts
to
make
adjacencies
on
the
Loopback
interfaces.
Use 64999 as autonomous system number and IPEXPERT as the EIGRP process name
30
Change the bandwidth that EIGRP may use on an interface 10% lower than default
Update
the
link
between
SW1-2
and
SW1-4
so
the
EIGRP
neighbor
is
declared
down
after
4
hello
packets.
You
are
only
allowed
to
change
configuration
on
SW1-2
to
accomplish
this
Routes which are declared active should become Stuck in Active after 5 minutes
Routes should be advertised as unreachable when there are more than 50 hops in the network
Task 4: OSPF
Configure
the
OSPF
network
as
shown
in
drawing 2.
Use
the
dotted
decimal
notation
to
configure
area 264
Ensure that all OSPF routers can reach each others Loopback addresses
Ignore the MTU size between SW1-1 and SW1-3 when forming an adjacency
Ensure that SW2 will never become a designated router on any OSPF interface
Ensure that SW3 will never become a designated router on any OSPF interface
Ensure all adjacencies in area 0 are secured using a hashed version of IPexpertSecure
Ensure that routers do not attract traffic for 2 minutes after booting up
31
Ensure full reachability is achieved while maintaining all requirements from previous tasks
Ensure all links towards area 0 are used when traffic is exiting area 1
Ensure
that
all
Dynamic
Routing
adjacencies
on
SW1-2
towards
adjacent
devices
are
terminated
using
a
dedicated
detection
protocol
BFD
sessions
between
SW1-2
and
SW3
should
be
secured
using
a
hashed
key
of
IPexpertSecure
Configure OSPF and EIGRP so they use the dedicated fast-hello failure detection mechanism
Ensure
a
static
layer
2
to
layer
3
mapping
is
created
on
VLAN
112
on
SW1-1
for
198.18.112.24
to
mac
address
abcd.1234.5678
Configure
SW2
so
that
it
detects
duplicate
IP
addresses
and
updates
its
cache
on
Ethernet1/5
Ensure
that
SW1-1
reserves
space
for
2750
outstanding
ARP
entries
in
the
ASIC
to
prevent
the
ARP
replies
are
dropped
when
returned
and
attempted
to
install
in
the
ASIC
hardware
32
Task
7:
FabricPath
and
OTV
Load
the
initial
configuration
file
for
part 2 of chapter 2,
which
will
create
a
topology
according
to
drawing 3
Ensure
hosts
on
VLAN
666
can
communicate
via
layer
2
on
all
4
edge
switches
using
the
technologies
as
mentioned
in
drawing 3
Use the 198.18.10.0/24 subnet when a layer 3 link is required in the topology
Ensure
traffic
is
using
all
links
between
the
switches
to
reach
from
SW2
and
SW3
to
SW1-3
and
SW1-4
33
Verify
this
task
is
completed
successfully
by
being
able
to
ping
all
198.18.66.x
interfaces
of
all
edge
switches
34
Chapter
4:
Data
Center
Networking
High
Availability
(NX-OS)
Chapter
4:
Data
Center
Networking
High
Availability
(NX-OS)
is
intended
to
let
you
be
familiar
with
the
NX-OS
High
Availability
features
on
the
Nexus
platforms
to
create
a
high
available
network.
Various
types
of
deployments
of
Port-channels
and
Virtual
Port-channels
are
discussed
in
this
chapter.
The
second
part
of
this
chapter
focuses
on
First
Hop
Redundancy
Protocols
(FHRPs)
and
High
Available
features
of
dynamic
routing
protocols.
The
third
part
focuses
on
a
special
implementation
of
virtual
port-channels
in
FabricPath
networks.
We
highly
recommend
creating
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
Multiple
topology
drawings
are
available
for
this
chapter.
35
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
3 hours
Pre-setup
Connect to the Nexus 7000 switch and Nexus 5000 switches within the topology
Load
the
initial
configuration
of
Chapter
4
on
the
Nexus
7000
switch
to
stage
the
Virtual
Device
Contexts
needed
for
this
lab
When
starting
the
third
part
of
this
lab
regarding
virtual
Port-Channels
within
FabricPath
networks
the
second
set
of
initial
configuration
should
be
loaded
on
the
Nexus
7000
to
create
a
different
topology
with
Virtual
Device
Contexts
This
lab
is
intended
to
be
used
with
online
rack
access
provided
by
our
partner
Proctor
Labs
(www.proctorlabs.com).
Connect
to
the
terminal
server
and
complete
the
configuration
tasks
as
detailed
below
36
37
38
Configuration
tasks
Task
1:
Topology
set-up
1. Configure
the
Nexus
5500
switches
with
hostnames
of
SW2
and
SW3.
The
Nexus
7000
VDCs
should
already
have
hostnames
through
the
loading
of
the
initial
configuration.
Use
switchto
vdc
and
switchback
to
move
between
different
switches
on
the
Nexus
7000.
2. Create
the
VLANs
as
are
required
on
the
switches
as
shown
in
drawing 2
3. Configure
IP
addressing
on
SVI
and
interfaces
according
to
drawing 2
4. Configure
all
switches
to
have
a
Loopback0
interface
with
an
IP
address
of
198.18.0.Z/32
where
Z
is
the
router
number
/
host
address
as
specified
in
drawing 2
Task
2:
Port-Channels
1. Configure
Ethernet3/1
and
Ethernet3/2
on
SW1-1
and
Ethernet1/1
and
Ethernet
1/2
on
SW2
to
be
a
single
logical
connection
to
carry
the
VLAN
required
as
stated
in
drawing
2.
Use
number 1
for
this
connection.
2. Configure
Ethernet3/5
and
Ethernet3/6
on
SW1-2
and
Ethernet1/1
and
Ethernet1/2
on
SW3
to
be
a
single
logical
connection
to
carry
the
VLAN
required
as
stated
in
drawing 2.
Use
number 2 for
this
connection.
3. Configure
logical interface 1
to
negotiate
its
bundling
capabilities
between
the
switches
4. SW2
should
never
actively
start
negotiating
link
bundling
5. Logical interface 1
is
used
for
bandwidth
reasons
and
should
therefore
shutdown
when
there
is
less
than
20Gbps
capacity
available
in
the
bundle
6. Logical interface 1
should
mark
interfaces
as
hot-standby
when
additional
interfaces
are
added
to
the
bundle
7. Configure
Ethernet1/5
and
Ethernet1/6
on
SW2
and
SW3
to
negotiate
a
link
bundle.
Use
number 3
for
this
interface.
8. Configure
logical interface 3
with
IP
addressing
in
the
198.18.23.0/24
subnet.
Use
host
IP
addresses
as
previously
used
for
these
switches.
9. Ensure
that
when
no
dynamic
link
bundling
advertisements
are
received
on
an
interface
on
logical interface 3.
The
physical
interface
is
brought
up
in
an
Individual
state.
39
10. There
are
plans
to
increase
the
capacity
between
SW2
and
SW3
to
80Gbps
with
additional
interfaces
for
resiliency
purposes.
Ensure
that
Ethernet1/5 is
always
chosen
to
participate
in
the
bundle
and
Ethernet1/6
should
be
selected
as
a
hot-standby
link
when
additional
interfaces
are
added
to
the
bundle.
11. Logical interface 3
should
use
a
very
fast
detection
mechanism
to
signal
the
removal
of
an
interface
in
the
bundle
12. Configure
SW2
and
SW3
to
load-balance
between
the
interfaces
in
link-bundles
using
the
most
packet
header
information
as
possible.
13. Remove
any
configuration
related
to
interface
bundle 1
and
2
from
the
switches
before
continuing
with
the
next
task
Task
3:
Virtual
Port-channels
(vPCs)
1. Ensure
its
possible
to
create
Multi-Chassis
Link
Aggregation
Groups
(link
bundles)
on
SW1-1
and
SW1-2.
Use
ID 100
for
this.
2. SW1-2
should
be
the
primary
device
3. Ensure
its
possible
to
create
Multi-Chassis
Link
Aggregation
Groups
(link
bundles)
on
SW2
and
SW3.
Use
ID 200
for
this.
4. Send
keep
alive
messages
across
the
mgmt0
interfaces
of
domain 200
switches
5. Use
a
dedicated
SVI
with
IP
addressing
in
the
subnet
of
198.18.5.0/24
to
send
keep
alive
messages
between
switches
in
domain 100.
Ensure
that
the
keep
alive
messages
are
not
using
the
global
IP
routing
table.
Use
Ethernet3/10
on
SW1-1
and
Ethernet 3/12
on
SW1-2
for
this.
6. Configure
Ethernet3/9
on
SW1-1
and
Ethernet3/11 on
SW1-2
as
peer-link
7. Bundle
Ethernet1/7
and
Ethernet1/8
on
SW2
and
SW3
and
configure
this
as
the
peer-
link
8. Ensure
domain 100
brings
up
its
vPCs
once
a
peer
fails
or
reboots.
Delay
this
process
for
5
minutes.
9. SW2
and
SW3
should
be
seen
as
a
single
Spanning-Tree
root
with
a
priority
of
8192
10. Configure
an
MC-LAG
connection
between
SW1-1, SW1-2 and
SW2.
Use
Ethernet3/1
on
SW1-1.
Ethernet3/3
on
SW1-2
and
Ethernet1/1
and
Ethernet 1/2
on
SW2.
Use
number
101
for
this
connection
40
11. Configure
a
vPC
connection
between
SW2,
SW3
and
SW1-2.
Use
Ethernet3/5
and
Ethernet3/7
on
SW1-2,
Ethernet1/3
on
SW2
and
Ethernet1/3 on
SW3.
Use
number
102
for
this
connection.
12. Use
the
remaining
connections
between
SW1-1, SW1-2, SW2 and
SW3
and
bundle
them
in
a
single
logical
interface
with
number
103.
13. Ensure
all
VLANs
required
for
Drawing 2
are
allowed
on
the
vPC
links
14. Use
1234.5678.90ab
as
the
single
MAC
address
that
is
used
for
the
identification
of
domain
100 LACP
packets
Task
4:
Graceful
Restart
/
Non-Stop
Forwarding
1. Configure
dynamic
routing
protocols
according
to
drawing 2.
Ensure
Loopback
interfaces
of
SW2
and
SW1-1
can
ping
each
other
and
SW1-2
and
SW3
can
ping
each
other
2. Ensure
that
the
routers
running
OSPF
keep
their
routing
information
and
keep
forwarding
traffic
to
neighbors
when
they
are
rebooting
3. An
older
router
that
will
take
a
little
over
2 minutes
to
reboot
will
be
connected
to
SW2.
Ensure
that
your
configuration
supports
this
4. Ensure
that
SW3
supports
ISSU
5. SW3
should
keep
routes
from
restarting
neighbors
for 5 minutes
6. Signal
a
restart
as
fast
as
possible
on
SW3
Task
5:
HSRP
1. Ensure
that
hosts
on
VLAN 111
are
always
able
to
reach
their
default
gateway,
when
one
of
the
2
switches
fails
2. Use
a
Cisco
proprietary
protocol
for
this
use,
which
uses
a
single
active
default
gateway
3. Use
the
.1
host
IP
address
as
the
default
gateway
for
this
network
segment
4. Make
the
switches
primary
and
backup
according
to
the
best
practice
5. Use
a
hashed
key
of
IPexpertYEAR1
to
secure
this
protocol
from
now
until
December
31st
the
same
year.
At
January
1st
one
year
later
the
key
should
change
to
IPexpertYEAR2.
Ensure
that
switches
keep
accepting
the
old
key
for
at
least
2
more
hours
41
6. When
the
backup
switch
is
active
and
the
primary
switch
comes
back
online
after
a
reboot.
Ensure
that
it
will
take
back
the
active
role
after
the
switch
is
up
for
3 minutes
7. Give
this
process
a
name
of
IPexpertVLAN111
8. A
switch
should
declare
its
neighbor
down
within
1 second
9. When
one
of
the
Ethernet
uplinks
fails
the
priority
should
be
lowered
with
1/10th of
the
configured
priority
value
10. When
a
second
Ethernet
uplink
fails
the
switch
should
stop
forwarding
Layer
3
traffic
and
send
traffic
across
the
vPC
peer-link
11. The
default
gateway
MAC
address
should
be
the
MAC
address
of
one
of
the
physical
Ethernet
interfaces
Task
6:
VRRP
1. Ensure
that
hosts
on
VLAN 121
are
always
able
to
reach
their
default
gateway,
when
one
of
the
2
switches
fails
2. Use
a
standards
based
protocol
for
this
use,
which
uses
a
single
active
default
gateway
3. When
clients
on
VLAN 121
issue
an
ARP
request
for
the
Default
Gateway
it
should
respond
with
MAC
address
0000.5E00.0174 without
configuring
this
MAC
address
in
the
configuration
4. Use
the
.254
host
IP
address
as
the
default
gateway
for
this
network
segment
5. Configure
SW1-2
as
the
primary
switch
using
a
value
of
200
6. Use
a
clear
text
password
of
IPexpert
to
secure
the
protocol
7. Ensure
a
higher
priority
backup
router
does
not
take
over
the
role
of
a
lower
priority
active
router.
Configure
this
only
on
the
current
primary
switch.
8. Ensure
that
SW1-2
becomes
the
standby
router
after
30
seconds,
when
the
Loopback
address
of
SW3
disappears
from
the
routing-table
9. Switches
should
declare
their
neighbors
down
in
10 seconds
42
Task
7:
GLBP
1. Ensure
that
hosts
on
VLAN 222
are
always
able
to
reach
their
default
gateway,
when
one
of
the
2
switches
fails
2. Use
a
load
balancing
Cisco
proprietary
protocol
3. Use
the
.55
host
IP
address
as
the
default
gateway
for
this
network
segment
4. Both
routers
should
be
capable
of
forwarding
traffic.
5. SW1-1
should
be
answering
all
ARP
requests
6. When
the
Loopback
address
of
one
of
the
upstream
switches
disappears
from
the
routing
table
the
switches
should
no
longer
be
AVF
7. Delay
the
take
over
of
the
AVF
role
for
a
standby
switch
for
3 minutes
if
any
current
AVF
fails
8. The
router
should
become
the
AVG
after
30 seconds
if
it
has
a
higher
priority
than
the
current
AVG
9. Ensure
the
routers
support
In-Service-Software-Upgrades
43
Task
8:
Virtual
Port-Channels
(vPCs)
and
FabricPath
1. Load
the
initial
configuration
of
Chapter 4 Task 8
on
the
Nexus
7000
switch
to
stage
the
Virtual
Device
Contexts
needed
for
this
lab
2. Configure
the
FabricPath
network
to
stretch
VLAN
666
between
all
Leaf
switches
3. Ensure
the
PC
connected
to
SW2
and
SW3
is
able
to
connect
using
a
virtual
Port-Channel
with
number 100
on
all
places
where
necessary
to
configure
a
number
Copyright by IPexpert. All rights reserved.
44
Chapter
5:
Data
Center
Storage
Networking
Chapter
5:
Data
Center
Storage
networking
is
intended
to
let
you
be
familiar
with
the
Storage
Networking
features
on
the
Cisco
MDS
switches.
Configuring
traditional
Fibre
Channel
networks
and
basic
Fibre
Channel
features.
We
highly
recommend
creating
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
Multiple
topology
drawings
are
available
for
this
chapter.
45
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
5 hours
Pre-setup
The
switches
start
with
a
blank
configuration.
You
will
be
creating
parts
of
your
own
Initial
Configuration
for
later
labs.
This
lab
is
intended
to
be
used
with
online
rack
access
provided
by
our
partner
Proctor
Labs
(www.proctorlabs.com).
Connect
to
the
terminal
server
and
complete
the
configuration
tasks
as
detailed
below
46
47
Configuration
tasks
Task
1:
Initial
set-up
1. Give
the
MDS
switches
in
the
topology
the
following
hostnames:
MDS1,
MDS2.
Configure
the
default
username
and
password
according
to
the
generic
lab
topology
2. Ensure
that
they
can
be
reached
through
the
management
network
using
IP
addresses
in
the
range
as
stated
in
the
initial
set-up
information
at
the
beginning
of
the
workbook.
Use
Host
IP
addresses
of
.10
and
.11
3. Use
the
default
gateway
of
the
management
subnet
as
Time
Synchronization
server
4. Do
not
use
any
automatic
selection
of
interface
type
for
this
lab,
unless
specifically
stated
5. Do
not
use
any
automatic
speed
selected
for
interfaces
6. Use
200MBps
connections
towards
the
JBODs
7. JBODs
on
MDS2
should
automatically
detect
the
interface
speeds
8. Ensure
Fabric Logins
are
done
by
the
connected
JBODs
9. Enable
the
links
between
the
MDS
switches
as
standard
based
ISLs
10. Configure
a
descriptive
name
on
all
interfaces
consisting
of
the
name
and
port
of
the
device
which
is
connected.
You
are
prohibited
to
use
the
description
command.
11. Ensure
the
connection
towards
JBOD1
is
easily
physically
located
on
MDS1
12. The
fiber
connected
to
fc1/10
is
of
low
quality
causing
errors
on
the
interface.
Ensure
the
switch
does
not
go
into
err-disable
state,
because
of
this
reason.
13. Ensure
that
interfaces
on
the
MDS
switches
are
shutdown
when
no
configuration
is
applied
to
them
14. All
disks
inside
of
the
JBODs
should
be
identified
on
the
MDS
switches
with
a
simple
name
in
the
form
of
JxDy
where
X
is
the
JBOD
number
and
Y
is
the
disk
number.
15. The
simple
device
names
should
be
seen
on
both
MDS
switches,
by
only
configuring
one
of
the
switches.
The
names
should
not
be
VSAN
dependent.
16. Ensure
applications
that
use
the
simple
names
will
follow
changes
to
the
database
17.
Interface fc1/1
on
MDS1
will
be
used
for
a
long
reach
link.
Enable
the
most
credit
buffers
as
possible
and
enable
recovery
of
credits
48
18. JBOD1
on
MDS1
is
only
allowed
to
send
packets
with
a
maximum
size
of
2000
bytes
19. Enable
B2B
credit
state
change
numbers
on
all
JBOD
interfaces
Task
2:
VSANs
1. Create
VSAN
10,
20,
30
and
40
with
names
of
IPX_VSAN_#,
where
#
is
the
VSAN
number
2. Configure
fc1/5
on
MDS1
in
VSAN 10
and
fc1/6
on
MDS2
3. Configure
fc1/5
on
MDS2
and
fc1/6
on
MDS1
in
VSAN 20
4. Ensure
that
when
WWPN
20:11:00:0a:31:00:aa:de
is
automatically
placed
in
VSAN 30
when
it
comes
online
anywhere
in
the
Fibre
Channel
fabric
5. Ensure
that
J1D1
is
automatically
placed
in
VSAN 40
when
it
comes
online
in
the
fabric
6. MDS1
should
use
the
Source
and
Destination
FCID
for
load
balancing
across
equal
cost
paths
in
VSAN 10
7. MDS2
should
use
Exchange
based
load
balancing
across
different
interfaces
in
a
port-channel
in
VSAN 20
8. Ensure
that
all
ISLs
of
the
MDS
switches
are
capable
of
transferring
multiple
VSANs
across
the
same
interface
9. Configure
fc1/1
and
fc1/3
on
both
MDS
switches
as
a
single
logical
connection
using
number
101
10. Interfaces
fc1/1
and
fc1/3
should
negotiate
their
bundling
capabilities
11. Create
a
single
logical
connection
consisting
of
fc1/2
and
fc1/4
on
both
MDS1 and MDS2
switches
with
number
127
12. VSAN 30
should
only
use
the
logical
interface
127
13. VSAN 40
should
only
use
logical
interface
101
14. VSAN 10
and
VSAN 20
should
be
able
to
cross
both
ISL
bundles
between
the
MDS
switches
15. VSAN 10
should
always
use
bundle
101
as
its
primary
connection
to
the
other
MDS
16. VSAN 20
should
always
use
the
bundle 127
as
its
primary
connection
to
the
other
MDS
17. Packets
traversing
VSAN 30
should
be
guaranteed
to
reach
their
destination
in
the
same
order
as
they
have
left
the
source.
49
18. Traffic
between
J1D1
and
J2D2
in
VSAN 10
should
always
use
the
bundle 127 as
long
as
the
interface
is
up
19. The
Lowest
domain ID
in
VSAN 20
should
be
the
Multicast
root
switch
20. Use
incremental
Dijkstra
algorithm
calculations
in
VSAN 30
21.
22. Configure
an
IP
connection
between
the
MDS
switches
across
the
ISL
links.
Use
VSAN 50 for
this
use,
which
can
flow
across
all
ISLs.
Use
an
IP
subnet
of
198.18.50.x/24
with
.1
and
.2
as
host
IP
addresses
Task
3:
Zoning
1. Configure
zoning
in
VSAN 10
so
the
following
disks
are
able
to
communicate,
ensure
that
the
simple
names
are
kept
in
the
configuration:
a. J1D2
b. J1D3
c. J1D4
2. Configure
zoning
for
VSAN 10
so
the
following
disks
can
see
each
other,
use
the
WWPN
of
the
disks:
a. J1D5
b. J1D6
3. Ensure
all
disks
of
interface
fc1/6
on
MDS2
are
able
to
see
each
other
in
VSAN 10.
Perform
the
configuration
on
MDS1.
4. FC
frames
sent
to
a
destination
FCID
of
0xFFFFFF
should
only
arrive
at
disk
J1D5
and
J1D6
5. Activate
the
zoning
in
VSAN 10
6. Copy
the
current
zoneset
of
VSAN 10.
7. Remove
the
zone
created
in
question 3
from
the
just
copied
zoneset
and
add
another
zone
that
adds
all
disks
of
JBOD2
using
their
FCIDs
8. Ensure
that
this
second
zoneset
is
not
activated,
but
it
seen
on
both
MDS
switches.
You
are
not
allowed
to
change
any
configuration
on
MDS1
50
9. Ensure
that
all
changes
to
all
zonesets
are
replicated
between
all
switches
in
VSAN 10
every
time
a
zoneset
is
activated
10. Use
zoning
compliant
with
FC-GS-4
and
FC-SW-3
in
VSAN 20
11. Use
inline
zone
creation
for
VSAN 20
12. Zoning
in
VSAN 20
should
ensure
that
the
following
disks
are
able
to
read
data
from
each
other,
but
never
write:
a. J2D1
b. J2D2
c. J2D3
13. Create
a
zone
in
VSAN 20
that
ensures
the
following
disks
are
prioritized
over
other
disks
when
ISLs
are
congested.
Use
the
FWWN
of
the
disks:
a. J2D4
b. J2D5
14. When
devices
are
not
specified
in
zones
in
VSAN 20,
they
should
be
allowed
to
read
data
from
each
other
15. J2D5
LUN 19
and
J1D6
LUN 116
should
be
able
to
communicate
to
each
other
in
VSAN
20.
No
other
LUNs
on
those
disks
can
communicate
16. Activate
zoning
in
VSAN 20 and
ensure
its
seen
on
both MDS1 and MDS2
Task
4:
FC
Domain
1. Configure
FC
Domain
IDs
in
VSAN 10.
MDS1
should
be
using
a
static
ID
of
34
and
MDS2
should
prefer
to
use
an
ID
of
0x34,
but
can
use
a
different
one
when
this
is
already
taken
2. Ensure
MDS1
is
the
principal
switch
in
VSAN 10
3. Domain
IDs
for
new
switches
should
be
handed
out
in
a
sequential
order
4. Disruptive
restarts
from
other
switches
should
not
affect
MDS1
5. Ensure
the
J1D1
disk
in
VSAN 10
gets
assigned
an
FCID
in
the
range
of
0x222200
to
0x2222FF
6. MDS2
should
be
assigning
Domain
IDs
to
other
switches
in
the
fabric
for
VSAN 20.
MDS2
should
use
a
range
of
0xB0
to
0xCE.
Copyright by IPexpert. All rights reserved.
51
7. MDS1
should
prefer
a
Domain
ID
of
214
in
VSAN 20
8. Ensure
that
VSAN 30
is
prepared
for
fast-restart
52
Task
6:
Advanced
Features
1. Assume
that
there
is
a
topology
with
more
than
2
MDS
switches.
Ensure
that
Cisco
Call
Home
configuration
is
distributed
between
all
switches.
MDS2
has
its
own
call-home
configuration
and
should
not
be
changed
when
other
switches
are
changed.
Other
distributed
configuration
should
not
be
affected
by
this
configuration
2. Your
manager
has
asked
you
to
come
up
with
a
list
of
all
SCSI
hosts
connected
to
VSAN 10.
Save
this
list
to
a
file
called
VSAN10hosts.txt
on
the
flash
of
MDS1.
3. The
list
of
SCSI
hosts
should
be
generated
every
24
hours
and
the
text
file
on
the
flash
should
be
updated
with
the
updated
list.
4. J1D1
and
J2D1
are
synchronized
with
each
other.
J1D1
is
the
primary
disk
and
J2D1
is
its
backup.
Ensure
that
hosts
in
VSAN 10
can
automatically
keep
accessing
the
disk
when
the
primary
fails.
When
the
failed
disk
is
replaced
and
working
again,
it
should
return
to
being
the
primary
disk.
Copyright by IPexpert. All rights reserved.
53
Chapter
6:
Data
Center
Storage
Networking
Extension
Chapter
6:
Data
Center
Storage
networking
Extension
is
intended
to
let
you
be
familiar
with
the
Storage
Networking
features
on
the
Cisco
MDS
switches.
This
chapter
will
be
about
configuring
IP
features
like
iSCSI,
iSLB
and
FCIP
including
the
relevant
Security
features
for
Fibre
Channel
extension
across
IP
connections.
We
highly
recommend
creating
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
Multiple
topology
drawings
are
available
for
this
chapter.
54
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
5 hours
55
Pre-setup
The
switches
start
with
a
blank
configuration.
You
will
be
creating
parts
of
your
own
Initial
Configuration
for
later
labs.
This
lab
is
intended
to
be
used
with
online
rack
access
provided
by
our
partner
Proctor
Labs
(www.proctorlabs.com).
Connect
to
the
terminal
server
and
complete
the
configuration
tasks
as
detailed
below
Copyright by IPexpert. All rights reserved.
56
57
Configuration tasks
1. Leave
the
configurations
of
MDS1
and
MDS2
in
tact
from
the
previous
exercises.
2. Configure
the
Nexus
5000
switches
SW2
and
SW3
with
the
VLANs
as
stated
in
Drawing
2.
MDS1
and
MDS2
should
be
able
to
communicate
over
these
VLANs
to
each
other
across
SW2
and
SW3.
3. Both
GigabitEthernet
interfaces
on
each
MDS
switch
should
have
access
to
all
VLANs
required
in
this
lab
4. When
required,
use
IP
addresses
in
the
range
of
198.18.X.Y/24
in
this
lab.
Where
X
is
the
VLAN
number
and
Y
is
the
Host
address
as
stated
in
Drawing 2
Task
2:
FCIP
1. Configure a FCIP
7. Create a FCIP
8. Ensure
this
connection
will
receive
a
higher
QoS
priority
than
FCIP 1
9. VSAN 10, 20
and
50
may
be
transported
across
this
connection
10. Ensure
VSAN 10
uses
FCIP 1
as
primary
link
and
VSAN 20
uses FCIP 2
as
the
primary
link
on
MDS1,
where
MDS2
is
configured
vice
versa
11. The
FCIP 2
tunnel
should
be
brought
down
when
no
TCP
packets
are
received
for
90
seconds
58
12. The
FCIP 2
connection
should
use
the
highest
possible
compression
13. Ensure
FCIP 1
supports
a
method
that
sends
R_RDY
messages
locally,
which
causes
that
write
actions
are
done
faster
14. The
FCIP 2
connection
should
be
high
available.
A
third FCIP
connection
is
allowed
for
this
task.
Keep
high
availability
in
mind
when
configuring
the
third FCIP
connection.
When
a
failure
occurs
in
the
FCIP 2
connection
this
should
not
be
noticed
by
the
FSPF
protocol.
The
use
of
Ethernet
port-channels
for
this
question
is
prohibited.
Task
3:
FCIP
Security
1. Protect
the
failover
mechanism
of
the
FCIP 1
connection
using
a
MD5
hash
of
SecureIPexpert
2. Traffic
crossing
the
FCIP 1
connection
should
be
transferred
encrypted
across
the
IP
network.
3. Use
an
MD5
hash,
AES 128-bits
encryption
and
use
a
pre-shared-key
of
IPexpertEncrypt
Task
4:
SAN
Extension
Tuner
1. Do
not
use
any
dynamic
configuration
option
which
might
be
available
in
this
task
2. Use
GigabitEthernet1/1
for
this
task
on
MDS1
3. Create
an
iSCSI
portal
on
this
interface
using
the
iSCSI
VLAN
as
mentioned
in
Drawing 2
4. Use
a
non-default
port
for
the
iSCSI
portal
5. iSCSI
traffic
leaving
this
interface
should
be
marked
with
DSCP 22
59
14. When
the
disk
J1D3
fails,
J2D3
should
seamlessly
take
over.
When
the
disk
in
J1D3
has
been
replaced
it
should
automatically
switch
back
to
this
primary
target
15. Enable
trespass
support
16. Improve
read
performance
on
MDS1
for
iSCSI
traffic
17. Configure
an
iSCSI
portal
in
the
iSCSI
VLAN
as
mentioned
in
Drawing 2
on
MDS2
GigabitEthernet1/1
18. All
iSCSI
initiators
on
this
new
portal
should
appear
as
a
single
N-port
in
the
Fibre
Channel
fabric
19. Enable
data-digest
on
this
portal
20. Configure
3
initiators
on
MDS2
named
iqn.initiator-server-1,
iqn.initiator-server-2
and
iqn.initiator-server-3.
21. Give
the
3
initiators
access
to
J1D1
in
VSAN 10
without
configuring
the
VSAN
database
for
VSAN 10
22. Use
a
single
zone
with
2
entries
to
accomplish
this
Task
6:
iSLB
1. Do
not
use
any
dynamic
configuration
option
which
might
be
available
in
this
task
2. Configure
an
iSLB
portal
on
GigabitEthernet1/2
on
MDS1
and
MDS2 on
the
iSLB
VLAN
as
presented
in
Drawing 2
3. Configuration
for
iSLB
targets
and
initiators
may
only
be
done
on
MDS2
Copyright by IPexpert. All rights reserved.
60
4. When
MDS2
fails,
MDS1
should
automatically
take
over
all
sessions
5. Ensure
that
both
MDS
switches
are
using
weighted
load
balancing.
6. Manual
zoning
changes
are
not
allowed
7. Configure
5
initiators
with
names
of
iqn.islb-initiator-host-1
through
host-5
8. Ensure
the
initiators
are
assigned
with
a
nWWN
and
2
pWWNs
which
are
automatically
assigned
by
the
MDS
switch
9. Zones
should
have
IPexpert
in
their
name
10. Host 3 is
a
database
server,
which
will
have
more
iSCSI
connections
than
the
other
hosts.
Ensure
load
balancing
takes
care
of
this.
11. All
initiators
should
have
access
to
J2D2
LUN
0x0
and
0x1
in
VSAN 10
which
should
be
presented
as
LUN
0xA
and
0xB.
Do
not
use
the
virtual-target
command.
12. Use
J1D2
as
a
backup
when
J2D2
fails.
The
target
should
not
switch
back
when
J2D2
is
repaired
13. The
J1D1
disk
in
VSAN 20
should
be
made
high-available
on
the
2
MDS
switches.
Ensure
iqn.islb-initiator-host-3
is
the
only
host
that
can
access
it
on
both
MDS
switches
using
the
resilient
iSLB
portal.
Do
not
use
the
virtual-target
command.
14. The
use
of
auto-zoning
is
not
allowed
for
the
question
above
as
is
zoning
based
on
Symbolic Name
or
IP
addressing
15. Ensure
all
initiators
are
authenticated
with
a
username
of
host-1
through
host-5
with
a
password
of
iSLBpassw0rd
16. Do
not
remove
any
configuration
from
the
MDS
switches
when
continuing
with
the
next
chapter
Copyright by IPexpert. All rights reserved.
61
Chapter
7:
Data
Center
Unified
Fabric
Chapter
7:
Data
Unified
Fabric
is
intended
to
let
you
be
familiar
with
the
Storage
Networking
features
available
on
the
Cisco
Nexus
switches
and
combined
with
the
Cisco
MDS
switches.
This
chapter
will
be
about
implementing
FCoE
features
inside
of
the
Nexus
switches
and
the
backwards
compatibility
with
Native
FC
connections.
Besides
that
we
will
be
looking
at
N-Port
Virtualization
configurations..
We
highly
recommend
creating
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
Multiple
topology
drawings
are
available
for
this
chapter.
62
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
2 hours
63
Pre-setup
The
Nexus
switches
start
with
a
blank
configuration.
You
will
be
creating
parts
of
your
own
Initial
Configuration
for
later
labs.
The MDS switches are using the configuration from the previous chapters
This
lab
is
intended
to
be
used
with
online
rack
access
provided
by
our
partner
Proctor
Labs
(www.proctorlabs.com).
Connect
to
the
terminal
server
and
complete
the
configuration
tasks
as
detailed
below
64
65
Configuration
tasks
Task
1:
Native
Fibre
Channel
on
Nexus
1. Leave
the
configurations
of
MDS1
and
MDS2
in
tact
from
the
previous
exercises.
2. Set
the
GigabitEthernet
interfaces
on
MDS1
and
MDS2
to
shutdown,
so
all
iSCSI
and
FCIP
connections
are
down
3. SW2
and
SW3
should
participate
in
VSAN 10
and
VSAN 20
using
native
Fibre
Channel
interface
fc1/31
and
fc1/32.
Use
fc1/13
and
fc1/14
on
the
MDS
switches.
4. Ensure
the
interfaces
are
seen
as
a
single
connection
for
the
FSPF
protocol
5. Request
the
lowest
Domain ID
possible,
but
accept
any
other
as
given
out
by
the
principal
switch
6. Ensure
all
devices
in
VSAN 10
and
VSAN 20
are
visible
on
SW2
and
SW3
7. Keep
in
mind
the
security
mechanism
active
in
VSAN 10
and
VSAN 20
7. Non-FCoE
traffic
is
not
allowed
to
cross
the
link.
You
are
not
allowed
to
use
the
switchport trunk allowed vlan
command.
Copyright by IPexpert. All rights reserved.
66
Task
3:
Multi
hop
FCoE
10.
Task
4:
FCoE
Quality
of
Service
(QoS)
4. The
link
between
SW2
and
SW3
is
2000 meters
long.
Ensure
the
topology
supports
lossless
Ethernet
on
this
link.
5. Fibre
Channel
frames
crossing
the
Nexus
switches
may
never
be
fragmented
67
68
Task
6:
FCoE
NPV
1. Configure
SW2
to
support
N-Port
Virtualization.
A
reboot
of
the
switch
is
not
allowed
to
accomplish
this
task
2. Use
Ethernet1/8
on
SW3
as
the
link
where
the
logins
are
received
from
SW2
69
Chapter
8:
Security
Features
Chapter
8:
Security
Features
is
intended
to
let
you
be
familiar
with
the
Security
features
which
are
available
on
the
Nexus
platform.
You
will
be
configuring
both
AAA
services
and
other
management
security
as
well
as
LAN
security
features
like
DHCP
snooping
and
other
protective
features.
We
highly
recommend
creating
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
Multiple
topology
drawings
are
available
for
this
chapter.
70
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
4 hours
Pre-setup
This
lab
is
intended
to
be
used
with
online
rack
access
provided
by
our
partner
Proctor
labs
(www.proctorlabs.com).
Connect
to
the
terminal
server
and
complete
the
configuration
tasks
as
detailed
below
71
72
Configuration
tasks
Task
1:
Port
Security
1. Configure
a
basic
configuration
for
the
3
Nexus
switches
SW1,
SW2
and
SW3,
using
the
defaults
as
stated
at
the
beginning
of
this
workbook.
2. Create
VLANs
where
necessary
in
this
chapter.
3. Configure
a
port-channel
of
the
first
2
interfaces
between
each
switch.
Use
a
standards
based
protocol
to
negotiate
the
bundling
parameters.
The
result
should
be
equal
to
Drawing 2
4. Ensure
that
only
10
hosts
are
able
to
use
Ethernet1/11
on
SW2.
The
port
should
go
into
errdisable
when
the
11th
host
is
connected
to
the
interface.
5. Ensure
that
the
learnt
MAC
addresses
are
cleared
on
the
Ethernet1/11
interface
on
SW2
after
they
did
not
send
any
traffic
for
6 minutes.
6. Only
the
following
MAC
addresses
are
able
to
access
Ethernet1/11
on
SW3
a. 0010.4431.a1b3
b. 10:22:a0:f5:b3:de
c. 0011.99ff.22aa
d. 55:81:a0:9a:b0:0c
e. ba01.dad3.c0ff
7. Ensure
packet
count
is
logged
for
all
violating
packets
on
Ethernet1/11
on
SW3
8. Ensure
that
no
more
than
100
MAC
addresses
are
learnt
on
the
port-channel
between
SW2
and
SW3.
The
interfaces
should
keep
working,
but
stop
learning
and
deny
access
to
possible
new
MAC
addresses
after
the
number
has
been
reached.
9. On
the
port-channel
between
SW2
and
SW3
the
amount
of
MAC
addresses
should
be
divided
between
VLAN 10,
11,
12
and
13.
Ensure
VLAN 10
can
use
2/3 of
the
maximum.
10. Ensure
all
MAC
addresses
on
the
port-channel
between
SW2
and
SW3
are
saved
in
the
database
11. Create
a
routed
interface
of
Ethernet1/7
on
SW2
with
IP
address
198.18.100.1/24.
Create
a
VLAN 100
interface
on
SW3
with
IP
address
198.18.100.2.
12. Ensure
that
only
the
host
with
MAC
address
1234.5678.abcd
can
access
Ethernet1/7
on
SW3.
Its
not
allowed
to
configure
this
MAC
address
on
SW3.
Copyright by IPexpert. All rights reserved.
73
13. Ensure
SW2
and
SW3
are
able
to
ping
each
other.
Task
2:
DHCP
Snooping,
DAI,
IP
Source
Guard
6. Ensure
that
ARP
requests
to
IP
addresses
that
fall
in
the
range
of
198.18.50.0/28
are
always
allowed
7. Ensure
that
SW1
keeps
a
log
of
the
last
50
deny
and
accept
messages
8. Ensure
that
SW1
also
checks
for
invalid
or
unexpected
IP
addresses
in
ARP
packets
9. Ensure
that
all
IP
traffic
is
checked
for
spoofing
attacks
on
interface
Ethernet3/11,
Ethernet3/13
and
Ethernet3/14
using
the
DHCP
Snooping
database.
10. A
host
with
MAC
address
4019.a201.b04e
and
a
statically
configured
IP
address
of
198.18.50.254
is
connected
to
Ethernet3/12
on
SW1.
Ensure
this
host
is
allowed
access.
11. Configure
a
SVI
with
IP
address
198.18.50.1/24
in
VLAN 50
on
SW1.
12. Ensure
that
all
traffic
entering
the
VLAN
interface
is
checked
against
the
routing
table
to
ensure
that
the
switch
knows
the
Destination
IP
address
of
the
packet
and
it
has
a
routing
entry
towards
this
network.
A
default
route
would
also
qualify
for
this
check.
Task
3:
Access
Control
Lists
1. Use
a
protection
on
VLAN
50
of
SW1
to
protect
it
against
denied
traffic
according
to
the
following
rules.
2. Be
as
specific
as
possible.
3. The
198.18.255.100
host
is
allowed
to
access
hosts
in
VLAN 50.
74
4. Secure
Web
traffic
coming
from
servers
in
198.18.128.0/18
to
VLAN 50
is
allowed.
Clients
in
VLAN 50
are
using
non-reserved
ports.
10. In
addition
to
the
IP
security
of
VLAN
50
your
manager
also
wants
to
only
allow
valid
MAC
addresses
from
the
Server
farm
to
access
hosts
in
VLAN
50.
The
servers
have
MAC
addresses
in
the
range
of
0bad.c0ff.ee00
up
to 0bad.c0ff.eeff.
11. Statistics
should
be
collected
per
entry
in
VLAN 50
12. Ensure
the
control plane
of
SW2
and
SW3
is
optimized
for Layer 3 routing
Task
4:
AAA
services
75
SW2
should
perform
a
fall-back
to
local
user
database
in
case
the
RADIUS
server
does
not
respond.
For
access
to
the
console
port
only
the
local
user
database
should
be
used
On
SW3
a
Cisco
proprietary
protocol
should
be
used
for
authenticating
SSH
users.
When
users
do
not
have
a
role
assigned,
they
should
not
be
able
to
log-in
to
the
switch.
Users
that
try
to
log-in
shout
be
notified
when
AAA
servers
are
unreachable
Use
the
strongest
encryption
for
the
local
username/password
database
available
and
ensure
that
existing
passwords
are
converted
Ensure
accounting
is
enabled
on
SW2
The
TACACS+
users
are
configured
with
IOS-style
privilege
levels.
Ensure
SW3 honors
these.
SW2
should
require
local
user
entries
to
use
strong
passwords.
SW3
does
not
enforce
this.
Create
a
user
on
SW3
with
your
first
name
as
username
which
expires
on
December
31st
of
this
year.
Task
5:
802.1X
1. Hosts
that
want
to
access
SW1
are
required
to
authenticate.
Hosts
are
connected
at
interfaces
Ethernet3/25
up
to
3/31
2. Users
should
be
authenticated
by
the
RADIUS
server
3. On
Ethernet3/26
and
Ethernet3/27
it
should
be
possible
to
have
multiple
hosts
connected
4. After
an
hour
the
authentication
should
be
re-checked
against
the
RADIUS
server
for
all
interfaces
participating
in
the
authentication.
You
are
not
allowed
to
use
global
configuration
commands
for
this
task.
5. Interface
Ethernet3/31
has
a
printer
connected
that
has
no
software
to
support
this
authentication.
Ensure
the
interface
is
still
authenticated
against
the
RADIUS
server.
6. The
switch
should
allow
up
to
4
authentication
attempts
before
denying
access
7. Ensure
all
activity
on
the
switch
is
logged
with
the
RADIUS
server
Copyright by IPexpert. All rights reserved.
76
Task
6:
Cisco
TrustSec
7. Ensure
switches
authenticate
each
other
without
using
the
RADIUS
server
for
exchanging
SGTs.
8. You
are
allowed
to
use
a
SVI
on
each
switch
in
VLAN
99
with
the
IP
subnet
of
198.18.99.0/24
9. Leave
all
configuration
in
place
on
the
switches
when
continuing
with
the
next
chapter.
77
Chapter
9:
Management
Features
Chapter
9:
Management
Features
is
intended
to
let
you
be
familiar
with
the
Management
features
which
are
available
on
the
Nexus
platform.
You
will
be
configuring
Role
Based
Access
Control
(RBAC),
SNMP,
Syslog,
NetFlow,
NTP
and
many
more.
We
highly
recommend
creating
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
Multiple
topology
drawings
are
available
for
this
chapter.
Copyright by IPexpert. All rights reserved.
78
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
4 hours
Pre-setup
The Nexus switches start with configuration from the previous chapter
This
lab
is
intended
to
be
used
with
online
rack
access
provided
by
our
partner
Proctor
Labs
(www.proctorlabs.com).
Connect
to
the
terminal
server
and
complete
the
configuration
tasks
as
detailed
below
79
80
Configuration
tasks
Task
1:
Role
Based
Access
Control
(RBAC)
VLANs
VLAN Interfaces
Spanning-Tree
You
are
not
allowed
to
configure
these
features
directly
under
the
role
configuration
for
user1
User2
is
not
allowed
to
change
configuration,
but
is
allowed
to
verify
everything
related
to
o
Access Lists
Routing protocols
Licensing
User2 can only configure Layer 3 protocols in VRF VPN1, VPN2 and VPN3
81
Task
2:
Traffic
monitoring
Regulations
determine
that
all
traffic
entering
SW1
through
the
port-channels
connecting
to
SW2
and
SW3
should
be
monitored,
but
only
for
VLAN 50
and
99.
Ensure
the
MTU
size
for
the
monitoring
is
consistent
at
1100
bytes,
no
matter
what
the
MTU
of
the
source
packet
is
An
interface
on
a
third
party
switch
is
being
monitored,
but
the
monitoring
server
is
connected
to
Ethernet3/20
on
SW1.
Use
a
Layer 2
transportation
to
pick
up
this
traffic.
Use VLAN 601
for
this
task.
Ensure
this
Layer 3
monitoring
traffic
receives
a
high priority
treatment
throughout
the
network
Use
the
finest
granularity
possible
for
the Layer 3
monitoring
session.
Task 3: NetFlow
Use
SW1
for
this
task.
The
port-channels
to
the
other
switches
should
be
used
for
collecting
information
Create a flow record based on the IPv4 source and destination IP address
Ensure the flow ID is captured and the pps (packets per second) 64-bit counter
Ensure that 5 out of 150 packets are sampled that enter the port-channels of SW1
Ensure
that
its
possible
for
Layer 2
fields
to
be
exported
to
the
flow
server
Ensure the management server 172.16.100.110 receives version 2c traps from SW1
82
This
server
should
also
be
able
to
read
information
from
SW1
while
using
a
classical
community
string
of
IPexpert
User
version3
with
password
version3password
should
be
able
to
access
SW1
using
SNMP version 3
Ensure that the version3 user has the same rights as the storage-admin user
Devices other than SW2 and SW3 should not be able to synchronize time with SW1
SW1 should identify itself to other Cisco devices with its serial number
Interface
Ethernet1/10-20
on
SW2
and
SW3
has
devices
connected
that
are
outside
of
your
management
domain.
They
should
not
be
able
to
see
any
information
about
the
devices
that
they
are
connected
to.
You
should
be
able
to
compare
differences
with
a
newer
version
of
the
configuration
compared
to
the
now
saved
one
83
Ensure the hostname and the date and time are included in the filename that is saved
Users
logging
in
to
the
switches
should
see
a
message
that
they
are
logging
in
to
the
IPexpert CCIE Data Center Lab
Save
a
show tech-support
to
the
flash
and
compress
the
file
by
creating
the
zip
file
manually.
Task
6:
Smart
Call
Home
and
GOLD
During boot-up all switches should run the maximum level of diagnostics
SW1
should
generate
a
message
towards
the
on-call
support
engineer
when
a
critical
issue
occurs.
SW1 is the core switch and an important switch. Ensure this is noticed in the messages.
You
are
allowed
to
create
one
additional
destination profile
for
the
previous
question
84
Chapter
10:
Data
Center
Unified
Computing
Networking
Chapter
10:
Data
Center
Unified
Computing
Networking
is
intended
to
let
you
be
familiar
with
the
Networking
features
which
are
available
on
the
Unified
Computing
platform.
You
will
be
configuring
VLANs,
Port-Channels,
switch
modes,
PIN
groups
and
Polices
related
to
the
Networking
features
of
the
UCS
system.
We
highly
recommend
creating
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
Multiple
topology
drawings
are
available
for
this
chapter.
85
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
4 hours
86
Pre-setup
The UCS system and Fabric Interconnects start with a blank configuration
This
lab
is
intended
to
be
used
with
online
rack
access
provided
by
our
partner
Proctorlabs
(www.proctorlabs.com).
Connect
to
the
terminal
server
and
complete
the
configuration
tasks
as
detailed
below
87
Configuration
tasks
Task
1:
Initial
set-up
Ensure
that
the
Fabric
Interconnects
are
able
to
be
managed
with
IP
addresses
172.16.100.6,
.7
and
.8.
The
172.16.100.8
address
should
be
the
Virtual
IP
address
to
manage
the
interconnect
cluster.
Ensure
the
UCS1
chassis
is
detected.
Interface
1/1
through
1/4
are
used
for
connecting
the
chassis
The
uplinks
are
connected
to
1/9
and
1/10.
Ensure
these
are
bundled
as
a
single
logical
connection
Ensure
the
Fabric Interconnects
are
easily
found
for
physical
maintenance
by
engineers
Ensure
the
chassis
and
servers
are
also
given
easy
readable
names
that
are
shown
in
the
Equipment tree
Task 2: VLANs
Create VLAN 11, 12, 13 and 15 with only using 2 create commands
Ensure
vNICs
on
fabric interconnect A
get
MAC
addresses
assigned
in
the
range
of
00:05:12:AA:00:00
to
00:05:12:AA:00:11
88
Create
a
vNIC
template
for
management
traffic
in
VLAN 10.
This
traffic
should
be
untagged
and
should
automatically
switch
over
between
fabrics.
Ensure
that
after
using
the
template
to
create
a
vNIC
it
does
not
stay
connected
with
it.
Create
vNIC
templates
with
vNIC#-$-XYZ
where
#
is
the
vNIC
number,
$
is
the
fabric
interconnect
on
which
its
active
and
XYZ
is
a
short
description
what
its
used
for
The
first
vNIC
pair
should
be
active
on
fabric interconnect A
and
should
carry
all
VLANs
except
the
Private
VLANs.
This
vNIC
should
be
using
the
new
settings
once
the
template
as
changed
after
the
creation
of
the
vNIC.
Create
a
redundant
vNIC
on
Fabric Interconnect B
with
the
same
settings
as
the
previous
question.
Ensure
vNICs
on
fabric interconnect B
get
MAC
addresses
assigned
in
the
range
of
00:05:12:BB:00:00
to 00:05:12:BB:00:22
The
second
vNIC
template
redundant
pair
should
carry
all
the
Private
VLANs
and
should
be
offered
with
2
paths
to
the
host
over
different
fabrics
Create
a
third
vNIC
which
is
active
on
fabric B
and
has
VLAN 11,12
and
13
enabled.
Frames
without
a
tag
should
be
assigned
to
VLAN 10.
Ensure the second redundant vNIC pair will not go down in case of an uplink failure
The
Private
VLAN
traffic
should
get
a
higher
priority
treatment
throughout
the
UCS
system
The
system
needs
to
differentiate
between
3
QoS
classes
and
a
class
for
FCoE
traffic.
Divide
traffic
evenly
across
the
3
classes
89
Traffic
entering
on
the
third
vNIC
marked
with
802.1p
bits
should
be
trusted
in
the
UCS
system
Ensure traffic on the management vNIC will never use more than 95Mbps of bandwidth
Create additional uplinks for Fabric A and Fabric B using ports 1/11 and 1/12
on
Fabric
and
on
Fabric
and
Ensure
vNICs
are
having
access
to
these
VLANs
while
maintaining
the
dispersion
between
uplinks
without
using
pin
groups
90
Chapter
11:
Data
Center
Unified
Computing
Storage
Chapter
11:
Data
Center
Unified
Computing
Storage
is
intended
to
let
you
be
familiar
with
the
Storage
features
that
are
available
on
the
Unified
Computing
platform.
You
will
be
configuring
VSANs,
FCoE
features,
Quality
of
Service,
SAN
pinning
and
many
more
features
We
highly
recommend
creating
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
Multiple
topology
drawings
are
available
for
this
chapter.
91
General
Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
4 hours
92
Pre-setup
93
Configuration
tasks
Ensure
you
keep
the
configuration
of
the
previous
chapter
for
the
UCS system
and
the
Nexus
switches.
Give
the
MDS
switches
in
the
topology
the
following
hostnames:
MDS1,
MDS2.
Configure
the
default
username
and
password
according
to
the
generic
lab
topology
Ensure
that
they
can
be
reached
through
the
management
network
using
IP
addresses
in
the
range
as
stated
in
the
initial
set-up
information
at
the
beginning
of
the
workbook.
Use
Host
IP
addresses
of
172.16.100.9
and
172.16.100.10
Enable
the
ISL
links
between
the
MDS
switches
on
fc1/1
through
fc1/4
and
trunk
all
VSANs.
Configure
the
JBOD
interfaces
fc1/5
and
fc1/6
so
FLOGIs
are
seen
from
the
JBOD
into
the
FC
Fabric
The
MDS
switches
should
support
Fabric
Interconnects
Fabric
Configure
the
interfaces
to
the
Fabric Interconnects
to
support
the
UCS
system.
The
UCS
Fabric Interconnects
are
connected
to
interfaces
fc1/9
on
the
MDS
switches
Task 2: VSANs
Hosts
in
VSAN 301
should
be
able
to
communicate
with
each
other
without
any
other
zoning
changes
Create VSAN 302 on Fabric A and VSAN 303 on Fabric B with matching VLAN IDs.
Copyright by IPexpert. All rights reserved.
94
Ensure that all created VSANs are transported across the FC Uplinks
Use fc1/32 as the connection to the MDS switches on both Fabric Interconnects
In
the
near
future
the
FC
connection
to
the
MDS
switches
will
be
expanded.
Ensure
that
this
can
be
done
without
any
downtime
by
inserting
a
physical
connection
in
a
single
logical
connection.
Task 4: Pools
WWNNs should be generated in the same range except with a prefix of 20:88:
The
VSAN 301
vHBAs
should
be
created
using
a
method
that
only
the
template
is
used
to
create
the
vHBA
and
after
that
its
disconnected
from
the
template.
The
template
should
only
be
used
for
initially
creating
the
vHBA,
after
the
creation
changes
to
the
template
should
not
be
propagated
to
the
vHBA,
but
it
should
always
be
possible
to
re-connect
it
again
to
have
changes
assigned
to
the
vHBA
from
the
template.
95
Create
another
vHBA
template
for
VSAN 304
on
Fabric B.
You
are
not
allowed
to
leave
the
vHBA
Template
wizard
for
this
task
Ensure vHBAs are assigned with the correct WWNs according to the previous task
Create
a
policy
so
the
vHBAs
are
using
best
practices
for
VMware
servers.
This
special
policy
should
support
up
to
512
LUNs
per FC target
This policy should also allow for maximum FLOGI and PLOGI retries
Ring Sizes should be 128 for Transmit, Receive and SCSI queues
Create a policy so that a server is able to boot from vHBAs in VSAN 301.
Before
the
server
boots
from
SAN,
it
should
try
to
boot
from
an
ISO
image
mounted
to
the
KVM
session.
Ensure that the server will still boot when one fabric is not available.
When
both
Fabrics
are
operational,
the
server
should
select
Fabric A.
You
can
assume
that
the
vHBA
of
Fabric A
has
a
lower
PCIe
bus
scan
order.
On Fabric B the WWPN for the boot disk is: 20:01:00:EE:DD:CC:BB:AA, LUN 21
VSAN 304
has
2
boot
disks
available
for
failover.
Both
are
using
the
same
WWPN
as
the
previous
policy,
except
they
are
using
LUN 5
for
both
targets.
Copyright by IPexpert. All rights reserved.
96
When
the
Fibre Channel fabric
is
completely
down
the
servers
using
VSAN 301
should
still
be
able
to
access
their
boot
disks
through
the
use
of
the
iSCSI
protocol
You do not need to configure the MDS switch for this task, assume this is pre-configured
The
names
of
the
iSCSI
vNICs
that
will
be
created
in
the
service
profile
are
iSCSIvNIC1
and
iSCSIvNIC2
The
iSCSI vNICs
should
have
TCP
Timestamps
enabled
and
the
connection
should
time-
out
after
30
seconds
When
blades
are
equipped
with
local
disks
they
should
get
a
protected
configuration
so
at
least
1
disk
is
able
to
fail
in
the
configuration.
Create
one
additional
policy
that
when
the
policy
is
applied
to
a
blade
where
the
local
disks
are
already
configured
that
this
is
overwritten
with
the
new
configuration
Create
a
policy
so
that
when
a
service
profile
is
disassociated
from
a
blade
the
disks
are
formatted
and
settings
in
the
BIOS
are
set
to
default
Copyright by IPexpert. All rights reserved.
97
Chapter
12:
Data
Center
Unified
Computing
Servers
and
Blades
Chapter
12:
Data
Center
Unified
Computing
Servers
and
Blades
is
intended
to
let
you
be
familiar
with
the
primary
features
of
the
Unified
Computing
System.
In
this
lab
we
will
be
configuring
all
settings
related
to
compute
blades
and
servers.
This
means
we
will
be
configuring
service
profiles,
templates
and
policies
related
to
the
compute
nodes.
We
highly
recommend
creating
your
own
diagram
at
the
beginning
of
each
lab
so
you
are
able
to
draw
on
your
own
diagram,
making
it
much
easier
when
you
step
into
the
real
lab.
Multiple
topology
drawings
are
available
for
this
chapter.
98
General
Rules
Try to diagram out the task. Draw your own connections the way you like it
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take
your
time.
This
is
not
a
Mock
Lab,
so
no
time
constraints
are
in
place
for
finishing
this
particular
chapter
4 hours
99
Pre-setup
100
Configuration
tasks
Task
1:
Server
pools
Ensure
you
keep
the
configuration
of
the
previous
chapter
for
the
UCS system,
the
Nexus
switches
and
the
MDS
switches.
Combine blades on the left side of the chassis in a pool named LEFT
Create
an
automatic
classification
of
compute
nodes
so
all
blades
with
48GB
of
RAM
are
set
together
inside
a
pool
called
48GB
Create
a
classification
so
all
blades
with
a
Cisco
VIC
card
will
be
combined
in
a
pool
called
VIC
Servers
should
get
an
Identifier
assigned
through
the
use
of
a
pool.
The
prefix
should
be
automatically
generated
by
the
UCS
Manager.
Create
a
second
identifier
pool
where
the
identifiers
should
start
with
01010202-ABCDDEF0-0ABB-AA,
a
total
of
16
identifiers
should
be
generated.
Create
an
IP
address
pool
for
addresses 172.16.100.20
up
to
27
with
a
mask
of
/24
and
a
gateway
of
.254
Assign IP addresses to the first 2 blades in the chassis by using the pool
Assign
static
IP
addresses
to
the
other
2
blades.
Blade 3
should
have
an
IP
address
of
172.16.100.28
and
blade 4
an
IP
address
of
172.16.100.29
The
other
addresses
in
the
pool
are
used
during
the
creation
of
service
profiles
101
Create
a
policy
so
the
settings
of
the
blade
are
set
to
the
following
parameters:
o
o Server
should
be
secured
by
a
hardware
feature
to
prevent
viruses
and
malicious
code
to
be
executed
o
o The server should be powered off when the OS is not booted after 20 minutes
Create
a
policy
so
that
changes
are
only
applied
to
the
servers
after
an
acknowledgement
by
the
user
Create
a
policy
for
SoL
users
with
a
username
of
IPexpert
and
a
password
of
IPexpert
Create
a
template
called
SP_template1
to
give
a
server
state
information
which
keeps
connected
to
the
profile
when
its
deployed.
The World Wide Node Name should be assigned using the pre-configured pool
The
disks
inside
the
blade
should
be
configured
with
a
RAID 1
configuration
which
is
not
overwritten
if
a
current
configuration
is
in
place
102
Pick names for the vHBA so the created boot policy will work without changes
Create
vNICs
for
management
and
2
for
data
traffic.
The
Data
vNICs
should
be
redundant
with
2
active
paths
across
fabrics
where
the
management
should
be
protected.
Ensure the vNICs are created with optimized settings for VMware
Configure
the
system
to
boot
from
SAN
in
VSAN 301 based
on
a
previously
configured
template.
The
user
should
confirm
changes
that
require
a
reboot.
Again
this
should
be
based
on
a
previously
configured
policy
Ensure BIOS settings are applied according to the policy created in Task 4
Enable
Serial over LAN
with
a
speed
of
19200bps
without
configuring
this
speed
directly
in
the
service profile
Users
accessing
the
Serial over LAN
feature
require
to
use
a
username
and
password
of
IPexpert
The
Management IP address
of
this
service
profile
should
be
coming
from
the
previously
configured
IP
address
pool
Hard Disks
should
not
be
erased
when
the
service profile
is
removed
from
the
blade.
Create
a
new
policy
to
support
this
configuration
called
NO_SCRUB
Assign
the
previously
created
template
to
all
servers
while
using
the
server
pool
containing
all
the
blades
in
the
chassis
You are not allowed to configure the pool under the template configuration
Copyright by IPexpert. All rights reserved.
103