	Java Games: Flashcards, matching, concentration, and word search.

FINAL-SPREADSHEET-DCUFI

Tools

A	B
Fibre Channel Communciation	initiator aka server to target - aka SAN - uses a credit based system - transmitter does not send a frame until receiver tells transmitter that receiver can accept frame - receiver always in control
Fibre channel frame	(1)Word (2)Frame (3) Sequence (4) Exchange
Fibre Channel Config	(1)interface fc2/1-5 (2)switchport mode E (3)switchport mode auto(4)switchport fcrxbufsize 2000(5)switchport fcrxbbcredit 5 mode e(6)no system default switchport shutdown san - turns default fc setting to up instead of down (default)
RCSN	registered state change notification anything changes this is sent out - disks leaving, entering etc. - SW-RCSN - sent switch to switch
N_Port communication steps	(1) N_Port logs into its attached F_Port - FLOGI or fabric login
FLOGI	Fabric Login - pWWN (hardware-HBA) and get a FCID (logical-assigned) - this is how stuff is "routed" in the Fibre Channel World - show flogi database - shows all the mappings
PLOGI	N port logging into to its target N port
PLRI	N port must exchange ULP with target to ensure target and initiator can communicate
pWWN	port world wide name - identify port in device - 64 or 128 bits
nWWN	node world wide name - identify device - 64 or 128 bits
Fibre Channel Address Format	(1)Domain - defines a switch - 8 bit field only 239 allowed (2)Area - groups of ports within domain (3)Port-ID - devices on port
FCID	first byte is a Fibre Channel Domain (akin to a SM in the ip world)
VSAN	is like a vlan - is carried on a TE port or trunk expansion port
F Port	Fabric Port Access Port - actual port on switch -always connects to N - note expects only one host
N Port	Node Port - CNA - SAN - UCS etc. - end user port - anything with an HBA - target or initiator - connects only to F
E Port	Expansion Port - ISL - port connecting 2 switches together - aka dot1q - must hardset it (1) (config)# fc2/13 (2) (config-if)# switchport mode e - some autonegotiate this - only goes E to E or switches
FL_Port	Fabric Loop port
NL_Port	Node Loop port
NP Port	an N Port in NPV mode connected to a switch via and F_Port (has multiple logins is a "hidden switch")
TE Port	trunking extension port - create EISL between switches - multiple VSANs
TF Port	trunking f port expands functionality of F ports to support VSAN trunking - connects to TNP
TNP Port	connects to a Trunked F port or TF port
SD Port	Spanned Destination Port
FC verification commands	show int fc2/3 brief - sh int bbcredit
principal switch	assigns domain IDs to confirm that there are no duplicates - FCID needs to be unique - NOTE: Domain ID and principle switch is per VSAN
configuring domain parameters 4	(1)fcdomain domain 3 static vsan 8 - must have(2)fcdomain domain 5 preferred vsan 14 - would like this one (3)fcdomain priority 200 vsan 10 - priority 1 is highest default 128 - ELECTION is NOT PRE-EMPTIVE (4)fcdomain restart disruptive vsan 10 - would restart VSAN DISRUPTIVE
verification fibre channel	show fcdomain -
VSAN fabric services that are unique	(1)login server(2)name server(3)zone server(4)management server(5)FSPF routing(6)services run, managed and configured indpendently
VSAN numbering	(1)VSAN 1 - default (2) VSAN 2 - 4093 - user configurable (3) 4094 - isolated vsan
trunking	(1) on/on or on/auto - TE port (2)1st on/off or auto/auto - E port (non-trunk connection between 2 switches)
VSAN trunking configuration	(1)int fc2/2(2)switchport mode e(3)switchport trunk mode on(4)switchport speed 4000(5)switchport trunk allowed vsan 1-10
VSAN verification	show int fc2/2 brief - show int trunk vsan 1-1000
2 VSAN types	(1)port based VSAN - switch-wide configuration (2)WWN-based VSAN - device port belongs to VSAN
VSAN tagging 4 traits	(1)traffic isolation (2)each frame is uniquely identified,vsan-id stripped when crosses E port, vsan-id maintained over TE port(3)SAN and priority in header for QoS(4)FC-ID re-used across multiple VSANs
SAN port channel config	(1) int fc1/7(2)channel-group 1(3)int fc3/5(2)channel-group 1
SAN port channel auto-config	(1) int fc1/7(2)channel-group auto(3)int fc3/5(2)channel-group auto
SAN port channel verification	show san-port-channel summary - show san-port-channel database - show int fa2/1
VSAN 6 traits	(1)ea. VSAN own principal switch & domainID allocate policy(2)principlal switch ea. VSAN on physically different switch(3)ea.switch separate domain ID for ea. active VSAN(4)domainIDs can overlap between VSANs(5)domainID & FCID allocate policy static or dynamic(6)default is VSAN 1
Reserved VSAN	(1) can configure VSAN2 - 4094 - 4000 VSAN max(2)VSAN 1 is default can't be deleted(3)VSAN 4079 - TF-TN port link - carries exchange virtual fabrics protocol (EVFP)(4)4094 reserved VSAM or isolated VSAN for deleted VSANs not propogated-always present can't be deleted
IVR	(1)allows selective routing between specific members from 2 or more VSANs(2)IVR is stateful(3)traffic is blocked and cannot pass VSAN boundry(4)route(Domain ID) redistribution from one VSAN to the other enables IVR
Edge VSAN	these are target devices (or initator on other end)
Edge Switch	target switches (or initator on other end)
IVR-enabled Border switch	like a router
Transit VSAN	intermediary or pass through
IVR operation 5	(1)Source ID (SID) (2) destination ID (DID) unchanged over VSAN (3) VSAN_ID changes across VSAN (4)NOTE: also uses source domain ID and destination domain ID (5) VSAN rewrite table is like a routing table in IP
VSAN AFID 6	autonomous fabric ID (1) identifies IVR topology (2) contains VSAN with unique ID (3) manually configured (4) can have up to 64 of them (5) same VSAN can exist in different AFIDs (6) tunnel and IVR NAT assists with this
show fcdomain domain-list	shows the list of all storage switches in the network - aka routing table
FSPF	fabric shortest path first - runs for Fibre Channel is a "routing protocol" automatically happens - analyzes cost - does not account for traffic load - all frames in exchange follow same path - path changes only due to fabric change
Zoning	restrict communication between devices in the same Fibre Channel or VSAN - zone consists of one or more zone members - zones set has one or more zones
Zoning rules	(1)zones can overlap (2)zones typically do not cross VSAN boundries(3)exception is IVR zones(4)zones are per-VSAN specific
soft zoning	(1)implemented in switch software(2)name server responds to discovery queries only with devices found in zone or zones of the requester
hard zoning	(1)enforced by ACLs in port ASIC (2) applied to all data path traffic
zone membership types 5	(1)pWWN,fWWN, FCID, interfaces with sWWN(2)domain ID and port number(3)ip address (4)symbolic node name(iSCSI name)(5)Fibre Channel or device alias
VSAN traits 8	(1)VSAN separate routing and namespance(2)limit uni,multi,broadcast traffic(3)members - physical port or pWWN(4)endpoint - HBA(5)member enforcement-at each E port,source and dest port(6)scope-large(7)config changes-only when ports needed(8)use-per app or dept
Zone traits 8	(1)zone in same vsan same routing(2)limit unicast traffic(3)members - pWWN(4)endpoint - HBA can be in multiple(5)member enforcement-source and dest port(6)scope-initiator and target not outside zone(7)config changes-frequent(8)use-single initiator
show port-resources module 2	will tell you if it is shared or not should not be oversubscribed - gives a lot of other information as well - switchport rate mode dedicated
SAN design	typically a core edge device because you do not want a large amount of "hops" as the max possible FCID is 239
show fspf internal route vsan 1	shows routing table
show fcns database	shows the entire fabric in the VSAN
show port-channel usage or database	good info for port-channel in here
NPV	node port virtualization-extension to NPIV- allows blade switch or ToR fabric device to behave as an NPIV based HBA to the core Fibre Channel Switch-aggregates host ports(N ports) into one or more uplinks (psuedo-interswitch links)to core switches - allows to save domain IDs
NPV explained 5 parts	(1)FC services-most switched off(2)switching operation-acts as proxy - subordinate to FC switch(3)does not use Domain ID - no domain ID limitation(4)scalability and manageability-eliminates need for server adminstrators to manage SAN-3rd party integration VSAN scalable(5)no QoS
NPV Mode	(1)NPV edge switch aggregates locally connected host ports (N Ports) into one or more uplinks to the core switches (2)allows blade and TOR switches to behave as NPIV-based HBA to core Fibre Channel Switch
NPV config	(1)feature NPV(2)vsan database(3)vsan 3 int fc2/1,fc7-8(4)vsan 3 interface fc2/2, fc9(5)int fc2/1(6)switchport mode F(6)int fc2/8(7)switchport mode NP(goes to NPIV switch)(8)npv traffic-map server-int fc 2/1 external-interface fc2/7 (manually pinning)
verifying NPV	(1)show npv status (2)show npv traffic-map
FCoE for NPV license	(1)Storage Protocols Services Package is needed - if do feature fcoe and feature npv- do wr erase and reboot switch (2) if do feature fcoe - npv does not do write-erase requires fcoe_npv_pkg
fcoe NPV config	(1)feature fcoe-npv(2)feature lacp(3)qos (optional)(4)vsan database(5)vsan 5(6)vlan 50(7)fcoe vsan 50(8)int vfc 1(9)bind int e2/1(10)switchport mode F(11)int vfc 130(12)bind int po13(13)switchport mode NP
verification fcoe npv	show int vfc 1 - show int vfc 130 - show vlan fcoe - show npv status -
NPIV	node port ID virtualization - (1)provides a means to assign multiple FCIDs to a single N port(2)multiple applications can use same HBA(3)use of different pWWNs(4)usage applies to virtual servers-VMWare,HyperV,Xenserver
NPV and NPIV support	Edge -NPV&NPIV (1)MDS 9124,9134,9148(2)Fibre Channel Blade switches IBM and HP(3)Nexus 5K and 5500(4)UCS 6100 and 6200 -Core-NPIV-(1)MDS 9500 Series MultiLayer Directions(2)MDS 9216 multilayer and 9222i(3)MDS 9124,9134,9148(4)3rd party switches
NPIV config	(1)feature NPIV(2)int fc1/1(3)switchport mode F(4)switchport mode F(5)switchport mode trunk - NPIV F port prepped for multiple requests
verification npv & npiv	show [npv\|npiv] database
Fibre Channel Zoning	by default there is Hard Zoning - you need zoning so initiator knows which target to talk to
Hard Zoning	meaning the switches drop all traffic from the initiators unless you specifically list targets is done through creating a ZONE and ZONE SET
Zone (ACE)	association between pWWN of initiator to pWWN of target - CALLED the LUN MASK
Zone Set (basically ACL)	what zone goes into - can have multiple zones in it but ONLY one ACTIVE ZONE SET
configuring zones	(1)(config)# zone mode enhanced vsan 1 (2)(config)# zoneset name VSAN1_ZONESET vsan 1 (3)(config-zoneset)# zone name UCS_TO_SAN (4)(config-zoneset-zone)# member pwwn [initiator] (5) (config-zoneset-zone)# member pwwn [target]
applying zoneset	(1)(config)# zoneset activate name VSAN1_ZONESET vsan 1 (2)(config)#zone commit -saves zoneset
verification	show zoneset active vsan 1 - should show across fabric - zone mode enhanced allows that to occur - advertised using Cisco Fabric Services (CFS)
UCS verification commands	show npv external-interface-usage - shows blade vHBA aka vfc show pinning server-interfaces - show int vfc702 - tells us location on UCS
setting up san port channel	(1) (config)# int san-port-channel 128 (2) (config-if)# channel-mode active - PCP is protocol being run - verification command show run int san-port-channel 128
FC	(1)Physical (2) FC (3) FCP (4) SCSI R&W (5) Application Layer - 7K does not support FC
FCoE	(1)Physical(2) Ethernet (3) FCoE (4) FCP (5) SCSI R&W (6) Application Layer
FCIP	(1)Physical(2) Ethernet (3) IP (4) TCP (5) FCIP (6) FCP (7) SCSI R&W (8) Application Layer
iSCSI	(1)Physical(2) Ethernet (3) IP (4) TCP (5) iSCSI (6) SCSI R&W (7) Application Layer
QoS Verification	show policy-map system type network-qos, show policy-map, show table-map, show policy-map int e1/5 input
Goals of QoS	(1) bandwidth(2)delay(3)jitter(4)packet loss
QoS Categories	(1)classification -put in different classes(2)marking-"coloring" packets based on classification:CoS,DSCP,QoS group(3)mutation-change header QoS fields to all in or out packets (4)policing - used to enforce a rate-limit by dropping or marking down packets(5)queuing and scheduling - control BW allocated
QoS actions In	(1)queuing and scheduling(2)mutation(3)classification(4)marking(5)policing
QoS actions out	(1)classification(2)marking(3)policing(4)mutation(5)queuing and scheduling
MQC	(1)define traffic classes using CLASS MAPS (2) define policies for traffic classes using policy maps (3)apply service policy on interface (in or out) using SERVICE-POLICY command
MQC 3 commands types for traffic & policies	(1)class-map - used for class of traffic based on match criteria(2)table-map-defines one set of packet field values to another set of field values(3)policy-map-defines a set of policies applied on class maps
Class-map and policy-map object types	(1)network qos-defines CoS properties across switches and vdcs-IS A VDC POLICY(2)qos-used for marking,mutation,ingress port trust state and policing(3)queuing-MQC objects used for marking,queuing and shaping - CAN APPLY ONE POLICY MAPS OF EACH TYPE in each direction
only two policy types	qos(mutation map applied here)(policing) and queuing (shaping and queuing)
policing	exceed the rate and you will be dropped-traffic is (1)conforming (2)exceeding (WARNING) or (3)violating-DROP - can be done ingress or egress - supports marking or re-marking
shaping	outgoing direction only - out-of-profile packets are queued until buffer is full - buffer minimizes retransmits - no remarking or marking
6 ways to mark	(1)set precedence 5(2)set dscp af31-most common(3)set qos-group 5(4)set discard-class 5(5)set cos 4(6)set cos cos-dscp-map
traffic policing single token bucket	(1)sufficient tokens transmit-decrement token bucket(2)exceed tokens will drop - Bc-burst size Tc-time interfval CIR - committed information rate - CIR=Bc/Tc
single rate policing configuration	(1)policy-map type qos INGRESS(2)class CUST-A(3)police cir 256000(4)conform transmit violate drop
single rate 3 color	(1)policy-map type qos INGRESS(2)class CUST-A(3)police cir 256000 pir 256000 conform transmit(4)exceed set dscp dscp table(5)cir-markdown-map violate drop
traffic policing dual token bucket	Be=excess token burst size Tc=tokens in Bc bucket Te=tokens in Be bucket - return - conform - exceed - violate - if goes over exceeed is violated
Queueing and Scheduling	(1)queuing is congestion management (2)congestion avoidance
tail drop	queue is too full so we drop - want to avoid we need selection as to what is dropped
random early detection	randomly drop packets before queue is full - increases drop rate as the average queue size increases (1)no drop - good (2)random drop - when average queue is between minimum and maximum(3)tail-drop - average size is at max or above
WRED	drops less important packet first - profile defined by minimum and maximum
Tail drop config	(1)policy-map type queuing EGRESS(2)class type queuing 1p3q4t-out-pq1(3)queue-limit cos 5 10 mbytes(4)queue-limit cos 3 7 mbytes(5)queue-limit cos 0 3 mbytes
WRED config	(1)policy-map type queuing EGRESS(2)class type queuing 1p3q4t-out-pq1(3)random-detect cos-based aggregate 10 mbytes 20 mbytes(4)random-detect cos 5,7 15 mbytes 20 mbytes
Bandwidth Queuing Example	(1)policy-map type queuing shape queues(2)class type queuing 1p3q4t-out-pq1-SYSTEM DEFINED QUEUE(3)bandwidth 10 mbps
Priority Queuing Example	(1)policy-map type queuing shape queues(2)class type queuing 1p3q4t-out-pq1-SYSTEM DEFINED QUEUE(3)priority
Shaping Configuration Queuing Example	(1)policy-map type queuing shape queues(2)class type queuing 1p3q4t-out-pq1-SYSTEM DEFINED QUEUE(3)shape percent 25
FCoE	(1)standard fiber channel frame size max 2148 DF bit set (2)ethertype 0x8906(3)class-fcoe enables MTU of 2240
Converged Network Adapter	CNA - allows 10G connection Fibre Channel over Ethernet
ENode	FCoE end node - FCoE endpoint - has an adapter operating as virtual N port (VN Port)
VNPort	virtual node port
FCF	Fibre Channel Forwarder - FCoE switch - connects to VF Port or F port also connects to VE Port - logins occur here
VF Port	connects to end node - like an FPort
VE Port	connect to other VE Ports or FCFs (Fibre Channel Forwarders)
FCoE memorization keys	(1)just add V before it (2)FCF is new though
FCoE 3 traits	(1)Data Plane(2)transport most of FC frames(3)transports all SCSI traffic(4)Ethertype 0x8906(5)defined in FC-BB-5
FIP 3 traits	Fibre Channel over Ethernet Initialization Protocol (1)control plane (2)Discovers FCFs that are connected to FCoE VLAN-establishes virtual link between adapter and FCF or 2 FCFs-logs in and out of FC Fabric(3)Ethertype 0x8914(4)defined in FC-BB-5
FIP initial link establishment 3	(1)FCoE vlan discovery-uses NATIVE vlan(2)FCF discovery(3)Fabric Login
FIP Process 5	(1)Host solicitation(2)switch provides the Fabric-unique FC-MAP(3)host performs FLOGI(4)FCF provides FCID(5)Host uses FPMA for subsequent transmissions - Fabric Provided MAC Address - is how communication occurs
FPMA - 2 parts to it	(1)FC-MAP (MAC-Address)- can use with NPIV(2)Fibre Channel ID(FCID)
Single Hop FCoE	(1)direct attached(2)attached to 2232-must be single homed and attached to 5k-FIP gen 2 CNA(3)remote attached-transport frames-need Jumbo Frames(4)FIP snooping(5)vPC-FCoE cannot travel over peer link(6)FCoE NPV-no domain ID consumption
FIP Snooping	Automatically configures ACLs - no spoofing allowed
feature FCoE	when enable by default it creates the queue and gives the storage traffic priority and LLDP is enabled - 7K is not defaulted - license fcoe module 2 - NOTE: storage policy has the NO DROP class - FCoE 0x8906 - NOTE:storage VDC port can be assigned to multiple VDCs
MULTI-HOP FCoE	means you are running from CNA -> 5k/2K -> MDS - 5K - 7k -> FCoE SAN - same options as single just do multiple hops - (1) max 7 hops(2)10,000 logins per fabric(3)8,000 zones per switch(4)500 zone sets(5)5K,7K,MDS 9500, UCS 6200
MDS and 5K	is FCoE and FC
7K configuration of FCoE	(config)#license fcoe module 2(config)#install feature-set fcoe(config)#feature lldp(config)#system qos(config-sys-qos)#service-policy type network-qos default-nq-7e-policy(default)(config)#int e2/7-8(config-if)#switchport mode trunk(config-if)#spanning-tree port type edge trunk
7K configuration of FCoE #2	(config)# vdc SAN(config-vdc)# allocate int e2/7-8(config-vdc)# allocate fcoe-vlan-range 2-10(4)switchto vdc SAN(5)feature lldp(config)# int e2/7-8(config-if)#shutdown lan
7K VDC config	(1)Data VDC is a shared port that connect to the CNA(2)Storage VDC is a Dedicated Port that only carries FCoE traffic NOT DATA traffic-goes to other FCoE capable device
5K configuration of FCoE	(1)feature fcoe(2)int e1/1-2(3)switchport mode trunk(4)spanning-tree type edge trunk(5)switchport trunk native vlan 5(6)switchport trunk allowed vlan 5,2(6)priority-flow-control mode on(5)int e1/2(6)shutdown lan(7)fcoe fcmap 0e.fc.2a(8)fcoe fcf-priority 40(9)fcoe fka-adv-period 10
5K FCoE VLAN and Virtual Interface Config	(1)vlan 200(2)fcoe vsan 2(3)interface vfc 20(4)switchport mode F(5)bind mac-add 00:0a:00:00:00:36(6)interface vfc 21(7)switchport mode E(8)bind e2/4(8)vsan database(9)vsan 2 int vfc 20(10)vsan 2 int vfc 21
7K FCoE VLAN and Virtual Interface Config	(1)switchto vdc fcoe_vdc(2)vlan 200(3)fcoe vsan 2(4)interface vfc 20(4)switchport mode F(5)bind e2/3(6)interface vfc-port-channel 21(7)switchport mode E(8)vsan database(9)vsan 2 int vfc 20(10)vsan 2 int vfc-port-channel 21
Verification FCoE VSAN and VLAN 6	(1)show vlan fcoe(2)show vsan membership(3)show int brief(4)show int vfc 20(5)show fcoe(6)show vsan
fibre channel ping	fcping fcid 0x4a00dc vsan 2
3 types of vFC interfaces	(1) VF - virtual fabric(default) (2)VE - virtual expansion (3)N-Port Virtualization (NPV)
Default FC-MAP and range	00.FC.00 range is from 00.FC.00 to 0E.FC.FF - command is fcoe fcmap 0e.fc.2a - NOTE: should not mess with default - is fine
Fabric Priority and range	fcoe fcf-priority 40 - default priority is 128 - 0 is lowest 256 is highest
default advertisement	fcoe fka-adv-period 10 - default is 8 range is from 4 to 60 seconds
FCoE interface guidelines 4	(1)can be ethernet or port-channel (2)can be connected to FIP snooping bridges(3)must be trunk ports(4)must be configured with portfast
FCoE VLAN mapped to VSAN 5 guidelines	(1) must be in allowed VLAN list(2)cannot be the native VLAN of the trunk port(3)should only carry FCOE traffic(4)should not be default VLAN (VLAN 1)(5)not supported on private vlans
7K FCoE 2 guidelines	(1) Nexus 7K supports Gen-2 or newer CNAs only(2)QoS policy must be same on all Cisco FCoE switches in the network
7K Storage VDC 5 guidelines	(1)should provide only storage-related features(2)FCoE feature set can be enabled in only one VDC(3)FCoE VLANs configured in the FCoE allocated VLAN range(4)Uses resources from a Cisc Nexus 7K F-series module(5)does not support rollback
7K shared interfaces 2 guidelines	(1) can be shared with only one other VDC (2)do not support certain features - SPAN, private VLANs,port-channels,access mode,mac-packet-classify
NOTE about Zoneset	zones must be the same or you will get an error - is why you use command (config)# zone mode enhanced vsan 1
5K FCoE NPIV 4	to blade connects via vF-Port and FI is vNP (node proxy) - NOTE: FCoE all is v before it - (1) feature NPIV (2) (config)# int vfc112 (3) (config-if)# bind interface e1/12 (4) (config-if)# switchport mode f
1280 VIC 8 traits	(1)next gen VIC (2)dual 4 x 10G connectivity to Fabric (3)PCIex16 Gen 2 host interfaces (4)256 PCIe devices (5)same host-side drives as VIC (M81KR)(6)SR-IOV capable(7)fabric failover capability(8)1st gen VIC features with enhancements
F1 7K F132XP-15 Support	(1)7K(2)32 1 and 10 gig E (3)lossless Ethernet capable (4)PFC, ETS and DCBX(5)512 ports per system(6)Storage VDC(7)FCoE License Per Line Card(8)32 ports at line rate
F2 7K F248XP-25	(1)7K(2)48 1 and 10 gig E (3)lossless Ethernet capable (4)PFC, ETS and DCBX(5)768 ports per system(6)Storage VDC(7)FCoE License Per Line Card(8)Supervisor 2 and 2E(9)Fabric 2(10)48 ports at line rate
DS-X9708-K9 MDS	(1)MDS(2)8 10 gig E line rate (3)lossless Ethernet capable (4)PFC, ETS and DCBX(5)Supervisor 2A and Fabric 2(6)FCoE only ports(7)FCoE license
UCS config	can go into FI and configuire as FCoE uplink - UCS goes to upstream as an NPV port to 5K which is NPIV
Blade to IOM	vF on IOM side and vN on blade side or E-Node (as FCoE calls it)
Spanning-Tree and Storage	NOTE: configure all as edge ports or edge trunk to UCS FI or whenever there is a convergence event it will crash
show license usage	shows all licenses - FC_FEATURE_PKG - full FC license - FCOE_NPV_PKG - only FCoE - MUST REBOOT - when you move it into npv mode erases config (have a copy)
EvPC	when run this with FCoE you need to make certain the Traffic says separate because A and B side must communicate separately with the SAN in case of a failure - (1) (config)# fex 101 (2) (config-fex)# fcoe - separates A from B side - is supported but OVERCOMPLICATED
Product Families Nexus 7K	Usually Core - F3 must have 7700 to run supports up to 192 100 GE and 384 40 GE - 7000 - 768 10 GE 192 40 GE and 32 100 GE - HAS FCoE not FC - SUPPORTS SSO (stateful switchover) and ISSU (in service software upgrade)
M-Cards	L3 usually - MPLS - OTV - one supports LISP
F-Cards	L2 usually - FEX - vPC, FabricPath, FCOE - F Card can use some L3 from M card - also F3 cards support OTV, LISP and MPLS - most of the newer F Cards can interoperate with M in same VDC - NOTE F3 MAKES M-Card Obsolete
Nexus 6K	Port Density is used for End of Row design - would connect to FEXes
Nexus 5K	aggregation or access - 5500 supports basically everything - note - T is copper - UP is unified port
Nexus 2K	FEXes - fabric extenders - is extension of a switch like a linecard - routing and switching done by parent - uses VN-TAGging (switching done by VN-Tag in the frame) - Fabric Extender Fabric Interfaces (GO TO 5K or 7K) - host interfaces go down to servers
Nexus 1000V	Virtual switch - essentially replaces switch within hypervisor
MDS 9700 & 9500	Core - connects to physical storage - FC and FCoE - 9516, 9706, 9710
MDS 9200 & 9100	Edge - connect to servers - FC and FCoE - 9148, 9148S, 9250i, 9222i, 9148, 9148
MDS and SAN	high speed, more density and support FCIP SAN extension (aka SAN storage over and IP tunnel)
EoR design	have a rack of high density ethernet or SAN switches run all servers to it - insane amount of long cable runs
MoR design	middle of row - runs everything to the middle - shorter cable design but still a similar problem
ToR design	same cables but within the rack, shorter runs can use things like TWINAX much cheaper - no distance concerns - usually run 4 (LAN and SAN) (two for A and two for B) - must then get more switches unless you do FCoE then cut in half parent switch at EOR
Unified Fabric	FCoE - have less cabling because run FC and Ethernet over same cable - FCP inside of Ethernet - ethernet tunnels FC - unified wire is the name of the actual cable
FCoE Standards	(1)Part of T11 standard FC-FC-BB-55(2)802.1 standard (1)PFC-802.1Qbb(2)ETS IEEE-802.1Qaz(3)DCBx-IEEE-802.1Qaz
PFC	Priority flow control-802.1Qbb(1)enables lossless Ethernet using pause based on 802.1p COS(2)link is congested CoS assigned to "no drop" will be paused(3)other traffic continues and relies on upper layer retrans(4)not limited to FCoE
ETS	Enhanced transmission selection-802.1Qaz-BW management & priority selection(1)sharing of BW between classes(2)minimum BW is guaranteed-can be used by other classes if not in use(3)bursty traffic in managed classes can exist along strict priority classes
QCN	Quantized Congestion Notification - QCN - 802.1Qau - congestion awareness and avoidance
DCBX	parameters for DCB devices - uses LLDP(1)PTP link discovery(2)neg PFC, ETS, FCoE(3)responsible for link-up down signals(4)discover peer DCB capabilities(5)misconfig detect(6)peer config-admin parameters-operational parameter(info only)-local parameters(no exchange)
DCBx	Data Center Bridging exchange - if negotiation fails results in:(1)per-priority-pause not enabled on CoS values(2)vFC not coming up-when DCBV is being used in FCoE environment
FCoE functionality	inside of Ethernet packet ethertype 0x8906 tells you it is storage
VDC	virtual device contexts - control plane - VLAN,VRF and VSAN & other processes are separate data - physical port separation and management plane - unique mgmt IP, user database and roles - virtualization
VRF	separates layer 3 data and control plane complete different RIB - VLAN is layer 2 (private vlan) - separate RIB and FIB - need to put interfaces into this - show vrf - show ip route vrf sales
VRF 5K	vrf-lite - needs LAN enterprise services and L3 card
VRF 7K	full vrf - Enterprise Services License
vrf configuration	(config)#vrf context sales(config-vrf)# ip route 10.0.0.0/8 172.16.1.2 - vrf static route (config)#interface vlan 11 (config-if)# vrf member sales (config-if)#ip address 172.16.1.1
vrf configuration with OSPF	(config)#vrf context guest(config)#router ospf 1(config-router)# vrf guests(config)# int vlan 4(config-if)#vrf member guest(config-if)#ip address 10.10.10.1/24(config-if)# ip router ospf 1 area 0
vrf config with EIGRP	(config)#vrf context voice(config)#router eigrp 1(config-router)# vrf voice(config)# int vlan 5(config-if)#vrf member voice(config-if)#ip address 10.1.1.1/24 (config-if)#ip router eigrp 1
why use VDCs	(1) VDCs allow multiple logical roles per physical chassis (2) multi-tenancy (3) VDCs are required to separate certain services on 7K eg. (1)Dual Core - mergers (2)multiple aggregation blocks-different business units(3) service insertion - can separate aggregation and access
VDCs multiple logical roles per chassis	(1) core L3 switch (2) aggregation L2 switch (3) OTV authoritative edge device (4) FabricPath Spine Switch NOTE: when you allocate an physical port it must be configured in that VDC
VDC multiple tenancy	(1) VDCs as a managed service to customers (2) customer manages their own L2 & L3 policies (3) physical resources are split between multiple customers (4) reduce space, power, cooling in Data Center
VDCs required to run certain services	(1) OTV Authoritative Edge Device (must be in own VDC) and SVIs (2) F2/F2e modules and M modules have limitations (3) storage VDC for FCoE
Number of VDCs and modules	(1) SUP 1 - 1 Admin - 4 user VDCs (TAC only supports 4 not 4 + 1) (2) Sup2 - 4 + 1 Sup2E - 1 admin + 8 user - NOTE: you share the same PHYSICAL control plane but is separate much like a VM shares virtual resources - After SUP 1 Admin from Default
Admin VDC control chassis-wide stuff	(1) Create and delete other VDcs (2) allocate ports to VDCs (3) allocate or limit resourcves to VDCs (4) remotely manage the entire chassis (5) IOS upgrade (6)can't be deleted
Admin VDC Supervisor 2/2E	Pure Admin context -CoPP Config-ISSU&EPLD-VDC creation,suspension,deletion, interface allocation, show tech-support, debug, GOLD diagnostics, systemwide QoS, port-channel LB algorithm, improved security, simplify configuration for data plane VDC,1+1 without License
Admin VDC	license management done here but limited feature support - CPU shares determined by priority - must be Sup 2/2e - Advanced Services License Needed to use VDCs - NOTE: to use FCoE need the storage VDC- NEED F-MODULE
Implementing VDC	POAP - Power on Auto Provisioning - are no interfaces in admin vdc by default except mgmt ethernet interface - own vrf and interface meant to be OOB switchto allows you to go into other vdc's from admin
VDC resource types	(1)Global - allocated to all VDCs-boot image,switch name, NTP servers, CoPP config, in-band SPAN sessions(2)shared resources: OOB ethernet management port(3)dedicated resources-allocated to a VDC -physical switch ports, VLAN/VRF limits
RBAC	role based access control - Network Admin -full control - Network-Operator - read-only rights - VDC Admin - full control VDC-Operator -read only in VDC
verification VDC	show vdc membership - term width (sets terminal width) - show vdc - will show which line cards are supported - where detail (where at in cli) - show int e1/1 capabilities - tells speeds will accept - port group members - show int e101/1/1 switchport - show vdc resources
configuration VDC	(1) (config)# vdc 7k1 (2) (config)# vdc 7k1 (3) (config-vdc)# allocate interface e1/1 - NOTE gen 1 are port groups - F2e and above are all non-blocking (4) (config)# switchto vdc NK7K1 (5) (config)# username brian password cisco role vdc-admin(6)switchback
resource limitation allows	can do a "limit-resource module-type m1 m1xl m2xl f2e" - (config-vdc)# limit-resource vlan minimum 32 maximum 4094 (config)#vdc resource template production (config-vdc-template)#limit resources vlan minimum 10 maximum 20 (config-vdc)# template production
vdc removing combined hostname	(1) (config)# no vdc combined hostname (will just list the vdc)
F1-card & M1-card routing & interoperability	if have cards that must run in different vdc you must connect from one to another to route or have at least one port in the card in that vdc provided that they can talk and assuming F line card needs M-card for some functionality
FEX	management etc. done on parent or management switch - have downlinks (to servers) and uplinks (to parent or master)
configuring FEX	5K - feature fex 7k - install feature-set fex - (admin vdc) feature-set fex - 802.1BR bridge port extension aka fex - configure downstream ports (1) (config-if)# switchport mode fex-fabric (turns on VN-Tag) (2) (config-if)# fex associate 101 (line card in master (is master specific))
active-active fex	(1)(config)#feature fex (config)# fex 131 (config-fex)# pinning max-links(config)#int e1/1-5(config-if-range)#switchport mode fex-fabric
verification	(1) show fex (2) show fex details - NOTE: is 2 control planes on 5Ks
enhanced vPC	goes from 5K to FEX and from FEX to server - from a server point of view it appears like it is talking to only one switch -all connections are redundant - NOTE: 5500 supports 24 L2 Fexes and 8 L2/L3 FEXs.
types of enhanced vPC	(1) single homed to single fex (2) dual-homed server to a single fex port channeled(3)dual-homed server port channeled to pair of fexes(4)dual homed active/standby connected by NIC teaming to 2 FEXs - ALL 2 5k's with VPC - 2 5Ks - 3 FEXES
enhanced vPC config - 2K to 5K- 8 parts	TRADITIONAL VPC then - (1)(config)#fex 101(2)fcoe(3)int vfc 1(4)bind interface e 101/1/1-bind to one interface only (must do for storage traffic)(5)fex 102(6)fcoe(7)interface vfc 1(8)interface e102/1/1 (configuration on peer switch)
enhanced vPC and storage traffic	(1) FCOE traffic single homed-aka sticky pathways to storage traffic(2)only ethernet traffic is load balanced
beacon command	allows you to configure a flashing LED light on the port (1) (config-if)# beacon
spanning-tree command for int	show spanning-tree int e101/1/1 detail - 3 features cannot turn off on fex - (1) port type is edge (2) bpdufilter is enable by default (3) bpduguard is enabled by default
port channel load-balance ethernet	allows you to configure load balance based on (1) destination ip, mac and port (UDP or TCP) (2) source ip, mac and port (3) source-dest ip, mac, port
nexus interface configuration	need to configure manually show interface \| i Ethernet\|Hardware - shows you what speeds it supports - show int e1/1 transceiver (will show type twinax - FC etc.) NOTE:NEXUS most configs must be manually set
manual configuration of nexus ports	switchport mode trunk, switchport mode access - ONLY support 802.1q - can control VLANs allowed out and in - LACP and Etherchannel - only port channel - LACP IEEE 802.3AD -> active or passive make it LACP
show run command	accepts show run all (shows defaults) -
different switch default c ommands	defaults to no system default switchport (makes all routed port), system default switchport shutdown - (defaults to shut) - no system default switchport fabricpath (defaults to no fabricpath)
can do ranges in most commands	show run int e1/3 - 9 , show int e1/3 - 6 brief
sh int trunk	output and what it means (1) STP forwarding - none = blocking - forwarding - ROOT port (2) also will show err-disabled ports etc.
show spanning-tree	runs rapid-pvst (PVRST+) - show spanning-tree \| i VLAN\|Priority\|Address - good command (1)ONLY ports in FWDing states have MAC's associated with them(2)all need to agree on root bridge within STP domain(3)spanning-tree per VLAN per VDC
bridge priority	Priority Value + System-ID-Extension (VLAN #) -
OTV	each DC has its own spanning-tree values - as OTV blocks spanning-tree
show mac address-table dynamic vlan [#]	on switch's trunk port tells you from where you are learning your MAC addresses from - NOTE: will not learn MACs from interfaces in BLK state
Port Channel on NX-OS	LAG - link aggregation - Etherchannel or LACP (802.3ad) - show port-channel summary - [U (under port-channel) -good - P (under port) - good]- show port-channel database [int] - NOTE: once link is in channel cannot make changes in the member links
LACP ID	made up of a (1) priority ID and (2) MAC address
configuring LACP	(1) feature lacp (2) configs each int identical - show port-channel compatibility parameters (for abbreviated list add \| i \*)- lists issues (3)(config)#default int e2/7 - 8(4)(config)# int e2/7 - 8(5)(config-if-range)# channel-group 100 mode [active\|passive\|on]
LACP notes	(1) best practice use both active (2) same channel-group on each side of link even though it is only locally significant - show port-channel usage (shows port channels in use on switch) - when create a new channel causes port to bounce
load balancing and port-channel	show port-channel traffic - NOTE: 7K port-channel load-balance done on admin VDC - can do per module or fex -or globally - show port-channel load-balance - shows you how it is load balancing presently
LACP suspend-individual	suspends if you forget to add other side of channel
show int po2 \| in bia	MAC address of physical port
vPC peer link	connects two 5Ks and synchronizes (1)MAC-address table (2) ARP cache (3) multicast info - among other items (control plane) makes them think it is one switch
Host vPC	connects directly to the host server
sVIF and dVIF	when in the fex fabric the devices connect to
3 steps to vPC config on 5k	(1) vPC keepalive (2) vPC peer-link (3) vPC members
vPC configuration	(1)feature vPC (2)(config)#vPC domain 2 (3)(config-vpc-domain)#peer-keepalive dest 10.10.10.10 - NOTE: must be L3 port - can use mgmt port(4)(config-vpc-domain)# vpc peer-link (L2 connection-usually port-channel)(5)in port channel add vpc # (config-if)# vpc 100
vPC additional confgurations	(1) ip arp synchronize - updates tables through CFS (MAC table,IGMP snooping,Config consistency,member port status,arp cache) - NOTE: one switch is elected primary though (peer link and keepalive not same) (peer link min 2 10G) (vpc 10/40/100G)(only 2 switches per domain)
vPC keepalive	(1) different vrf and vlan (2)upstream L3 switch (3) OOB management VERIFICATION - show vpf brief - show vpc consistency-parameters global - show vpc consistency-parameters vpc
ISSU on 5K - on 7K uses 1st only so always	in single homed 2k environment can do it - in multiple homed (diagonal connection) cannot
Enhanced vPC	if 2 FEXs and 2 5Ks each goes to each fex on vPC have a vPC to the FEX and then on a FEX a vpc to the end host - NOTE: must have a matching configuration on each 5K or you can run into issues
Traits of FabricPath	(1)up to 256 links (2)ECMP(3)shortest path(4)single ingress lookup(5)enhanced L2 only works on F1 and F2 mods and 5500 NOTE: need enhanced L2 license
FabricPath topology	FabricPath - Spine & FabricPath Leaf - uses SPF (shortest path tree) between switches - each switch is given a FabricPath ID - runs CLNS - does not run on IP
How it works	(1) ARP Req (2) Encapsulated in IP (3) Encapsulated in Ethernet (4) Encapsulated in FabricPath - floods this information everywhere much like spanning-tree - then ARP reply comes back - within FabricPath header is Src Switch ID and Dst Switch ID though
FabricPath routing	routes based on Switch ID - Spine does not learn MAC address table only Switch ID table (aka Outer Destination Addresss 48 bits - Outer Source Address 48 bits) - otherwise known as TRILL - can have L2 or L3 FabricPath in the core
Classic FabricPath Pod	(1)simple configuration - no peer link - no switch pairs - no port channels (2)design flexibility - easily extensible (3) No STP - no traditional bridging - no topology changes - no loops
Leaf	must learn MAC address tables - have a regular ethernet port on it - an Edge leaf has FabricPath and L3 Routing
Support	5K - 6K - 7K and 2K all run it
FabricPath and Trill	NOTE: can also handle TRILL-trill more limited cannot handle VPC+, FHRP, Mutliple topologies , conversational learning by can do both PTP and shared interswitch links
configuring FabricPath	(1) admin VDC install feature-set fabricpath(2)w/i VDC turn on feature-feature-set fabricpath(3)fabricpath switch-id 10(4)spanning-tree vlan 6-20 priority 8192(5)add FP interfaces(config-if)# switchport mode fabricpath(6)add FP vlans(config-vlan)# mode fabricpath
vPC+	is vPC in FabricPath it sees the VPC as a switch-ID - vPC+ subswitch ID - is 8 bits - is essentially a port ID or a port-channel NOTE: LID - local-id is not used here
vPC+ configuration	(1)vPC+ config-vpc domain 1(8)(config-vpc-domain)#fabricpath switch-id 1000
fabricPath load balancing config	(1)fabricpath load-balance unicast layer3 (2)fabricpath load-balance multicast include-vlan
vPC+ requirements	(1) peer link & member ports - F1/F2 ports (2) VLANs- FabricPath VLANs only (3) peer-link switchport mode FabricPath Core port for peer-link
vPC and FabricPath	(1) peer link & member ports -M1, F1/F2 ports (2) VLANs- Class Ethernet or FabricPath VLANs only (3) peer-link classic ethernet trunk port
FabricPath view	show mac address-table dynamic vlan 10 - (switch-id)SWID.(subswitch-id)SSID.(local-id or source/destination port)LID - show fabricpath switch ID - is random but can manually set it - Config# fabricpath switch-id 58 - show feature-set - show feature-set services fabricpath
shows the routing table	show fabricpath route - show fabricpath isis database detail - nickname is Switch-ID - show fabricpath isis trees - show fabricpath isis adjacencies - show fabricpath topology vlan active
FabricPath site interconnect	(1) uses dark fiber (2)arbitrary interconnect topoology (3) high BW fast convergence (4)STP isolation (5) MAC scalability (5) VLANs can be extended and others terminated
FabricPath and IS-IS	(1)replaces STP as control plane protocol(2)Link-Sate with ECMP(3)build SPF trees(4)No ip dependency (uses CLNS)(5)easily extensible(6)minimal knowledge of IS-IS- done auto(7)controls switch ID table(8)max of 16 paths(can change)
FabricPath and STP	(1)sees as a single bridge(2)should be configured as the root - cisco recommends to set to 8192 (3)no bpdus are forwarded over fabric
FP VLAN vs. CE VLAN	(1) classic ethernet VLAN are terminated when enter FP (2)FP VLAN go through all sites as can traverse Fabric
Ingress FabricPath Switch	(1)determines destination Switch ID(2)encapsulates frame in FabricPath Header
Outer Destination/Source Address FP	(1) Contains destination/source switch ID (2)destination address used for routing through FabricPath Core NOTE: NO MAC learning in FabricPath core is all done by Switch ID
FabricPath Header Information	(1) Switch ID - unique number ID each FP switch (2)sub-switch ID - IDs devices/hosts connected via VPC (3)Port ID - identifies destination or source interface(4)FTag - forwarding tag - identifies topology or multidestination tree(5)TTL-decrements each hop to prevent loops
FabricPath MAC Learning (conversational)	(1)Local (local site) - when received from Classic ethernet port only learns source MAC (2)Remote(remote site)-when traffic received on FP ports-learned from source MAC only if destination mac is laready know as local-broadcast and unknown unicast not in there
FabricPath and L3 integration 1st method	(1) hosts leverage multiple default gateways(2)each host sees a single DG(3)Fabric provide them transparently with multiple active DG(4)multi-pathing can be extended to L3 domain outside fabric
FabricPath and L3 integration 2nd method	(1) fabirc provides seamless L3 integration(2)arbitrary number of routed interfaces can be created at edge or w/i fabric(3)attached L3 devices can peer with those interfaces(4)HW can handle millions of possible routes
FabricPath and Multicast	(1)IGMP behaves as usual in FP edge switches (2)reeceivers are signaled using GM-LSP in IS-IS - basically IS-IS handles the creation of trees
OTV	L2 traffic over layer 3 transport - connects 2 Data Centers - used for vMOTION feature as they must be in the same VLAN - OTV can use any L2 or L3 transport - only support on 7K - overlay transport virtualization
Issues with Traditional Solutions	EoMPLS (Ethernet over MPLS) Virtual Private LAN Services (VPLS) or Dark Fiber - (1)complex deployment and management (2)transport dependent(3)ineffecient use of bandwidth(4)Failure from one DC can affect the other
AED	must have unicast and multicast to reach each other - is sort of like a root (really should be root) forwards for a set or
benefits of OTV	(1)dynamic encapsulation-no psuedo-wire maintenance-optimal multicast replication-multi-point connectivity-point-to-cloud model(2)protocol learning-preserved failure boundry-built-in loop prevention-automated multihoming-site independence
configuration OTV basic	(1) feature OTV (2) (config-if-range)# no switchport (3)(config-if-range)#channel-group 10 mode active(4)(config)# int po10(5)(config-if)# ip address 10.1.1.1 255.255.255.0 (6) (config-if)#ip igmp version 3(7)(config-if)# vlan 10(8)(config-vlan)# otv site-vlan 78
Edge Device	encapsulates and decapsulates between L2 and OTV and all Cisco OTV functions - when arrives 2 options (1) frame destined for somewhere within internal interface (2) frame destinated to MAC learned over overlay interface (42 byte tag added set DF bit and increase MTU)
internal interface	connects to the VLANs that are to be extended
Join Interface	joins the overlay network
overlay interface	encapsulates L2 frames in IP packets
site vlan	synchronizes control plane between devices at the same site - must be same on each device at site
site identifier	identifies site - must be same for every device at site
configuration of overlay	(1) interface overlay 1 (2)(config-if)# otv control-group 239.1.1.1(3)(config-if)#otv data-group 232.1.1.0/28(4)(config-if)#otv join-interface e2/1(5)(config-if)# otv extend-vlan 5-10 - advertises MAC address over the overlay
verification	show otv, show otv route, show otv isis adjacency
neighbor discovery in OTV	(1) multcast (2) if no multicast can use adjacency server
adjacency server	can use this if do not have a multicast capable L3 network (1) int ov1 (config-if-overlay)#otv adjacency-server unicast-only(config-if-overlay)# otv use-adjancency server 1.2.3.4 unicast only - all devices must register to this server
OTV issue	cannot configure L3 SVI in same VDC as OTV - (1) move to another device (2)separate VDC
OTV supports authentication	cleartext or md 5(config)#interface overlay 1 (config-if)#otv isis authentication-check(config-if)#otv isis authentication-type md5 (config-if)#otv isis authentication keychain OTVKeys
L3 features in NX-OS	M cards and F2e/F3, Nexus 5500 - need Expansion MODULE though (not line rate) and 5600 is by default L3 support - also need licenses and such -
Nexus 7K	LAN_ENTERPRISES_LICENSES - get you all the L3 in 7K
Graceful Restart	OSPF, IS-IS, EIGRP and BGP all supported - on by default when turn feature on
getting routing running	(1) turn on feature (2) (config-if)# ip address 192.168.2.1/24, (config-if)#ip route ospf 10 area 1 (config-if)# ip ospf passive-interface - note when redistribute YOU MUST call a route map
turning on policy-routing	feature pbr - not supported in 5k only 7k
BFD	better than fast hellos supports all IGP, BGP, IGMP, OTV - configure once for a chassis and then on interface - 7k downloads processing to CPUs on I/O modules - very fast keepalives NOTE: disable ICMP redirects !!!
enabling BFD	feature bfd (config)#no hard ip verify address identical (config)#router ospf 1(config-router)# bfd (config-if)#no ip redirects (config-if)#hsrp bfd
BFD verification	show bfd neighbor details
FHRP	HSRP, VRRP, GLBP - AVG-active virtual gateway and AVF - active virtual forwarder - vPC -(config-vpc-domain)#peer gateway - command to allow to forward no matter which peer (config-vpc-domain)#peer-switch - STP sees the VPC channel as one device root
FabricPath	use anycast HSRP to solve problems of having more than two routers in group - creates an emulated switch-id
Multicast Support	(1) IGMP snooping enabled by default (2) PIM Sparse Mode with Any Source Multicast (ASM) (3) PIM Sparse Mode with Source Specific Multicast (SSM)
IGMP snooping	groups broadcast IGMP join informing what multicast groups they are part of - L2 multicast operates using L3 forwarding rules - NX-OS - if not router running PIM must configure - IGMP querier must be configured - ON BY DEFAULT if multicast enabled
SSM	not supported in SSM so no vPC or FabricPath
NX-OS Multicast Control Plane Protocols	(1)IGMPv2 and 3 (2) PIMv2 Sparse Mode (3) Auto-RP & Bootstrap Router (BSR - industry standard) for RP assignment (4) MSDP and PIM for Anycast RP support (ONLY in NX-OS) (5) multicast BGP
DHCP Snooping-Control Plane(CP)	configure certain links as trusted and others untrusted - only will allow trusted port to respond -NOTE: (1) enabler dhcp snooping on VLAN (2) enable trusted port - note should add any statics into snooping table if you want to add the other 2
dhcp snooping config	(1)feature dhcp-snooping(2)ip dhcp snooping(3)ip dhcp snooping vlan 16(4)int e2/1(7)ip dhcp snooping trust
Dynamic ARP inspection (CP)	uses DHCP snooping table to ensure a malicious attack does not respond to gratituous ARPs saying they have a specific ARP
DAI config	(1)arp access-list ARP_ACL (2)permit ip host 1.1.1.1 mac host 000F.203B.BA85(3)ip arp inspection filter ARP_ACL vlan 100(4)ip arp inspection vlan 16(5)ip arp inspection log-buffer entriews 1024
IP Source Guard (CP)	confirm all ARP packets against DHCP snooping table and if does not match pitch it
ip source config	(1)feature dhcp-snooping(2)ip dhcp snooping(3)int e2/3(4)ip verify source dhcp-snooping-vlan NOTE:is interface specific
TrustSec (CTS)	802.1X, and SGACL or SGT (2 bytes tag up to 65,536 groups) or L2 encryption MACSec - 802.1AE (F needs to be 41 - 48) - every device needs to be authentication - SGT-security group tags-logical number of groups of users and servers with various priveleges
cts general concept	(1) 802.1x request (2)radius and AD authc/authz request(3)links up(4)SGT assigned(5)SGACL applied
Port Security L2 Data Plane - L2(DP)	limits a number of MAC addresses on port
port security configuration	(1)feature port-security(2)int e2/3(3)switchport port-security max 2(4)switchport port security violation PROTECT (drops packet does not increment counter)RESTRICT(drops packet and increments violation counter)SHUTDOWN(shuts down the port)
Storm Control - L2(DP)	against broadstorms or multicast storms - rate limit in Nexus a percent
storm control configuration	(1)int po1 (2) storm-control broadcast level 40(3)storm-control multicast level 40 (4)storm-control unicast level 40 - verification - show interface e1/1-2 counters storm-control
Mac Port ACLs and VLAN ACLs - L2(DP)	MAC ACL on port or VLAN 0000.00FF.FFFF - is a L2 wildcard - VLAN can only have one entry HAS implicit deny
Hardware Rate Limiter - L2(DP)	done on the ASIC level rate-limits certain traffic
IP port ACLs & VLAN ACLs - L3(DP)	ip port ACLs - can apply L3 ACL on VLAN
Unicast Reverse Path Forwarding - L3(DP)	uRPF - correlate IP source address to routing table there must be an entry in the routing table from a source
uRPF configuration	LOOSE-(1)int e2/1 (2)ip verify unicast source reachable-via-any-STRICT-(1)int e2/1(2)ip verify unicast source reachable-via rx
Hardware Rate Limiter - L3(DP)	rate limits certain traffic - show hardware filltering ip verify - shows the
config Hardware Rate Limiter	(1)hardware rate-limiter access-list-log 200(2)hardware rate-limiter layer-2 l2tp 10000
CoPP profile	want to leave as strict - control plane policing applied at the CPU - uses MQC - you will apply copp policy to control plane (1) control-plane (2)service-policy input MY-COPP-POLICY
AAA conifg	(TACACS+,Radius,LDAP) - aaa authentication login default group radius - aaa authentication login default console group RadServer
verification AAA	show aaa authentication, show aaa accounting
AAA server monitoring	(1)radius-server host 10.1.1.1 test idle-time 20(2)radius-server host 10.1.1.1 test username testuser password testpassword(3)radius-server deatime 30
aaa testing	test aaa server radius 10.1.1.1 test test
ssh	can be server or client - rsa or dsa - digital certs - VDC specific
ssh config	(1)ssh key rsa 1024 force(2)ssh login-attempt 5
ssh verification	show running-config security
ssh client	ssh user1@10.1.1.1 vrf management
user accounts	(1) max of 256(2)no reserved words
strong password	(1) minimum 8 characters(2)doesn't contain many consecutive characters(3)doesn't contain repeating characters(4)doesn't contain dictionary words(5)doesn't contain proper names(6)contains both upper and lower case(7)contains numbers
creating user account	username admin password cisco role network-admin
user account verification	show user-account - show role
creating user role	(1)role name RoleA(2)rule 1 rule 1 permit read-write feature-group L3(3)vlan policy deny(4)permit vlan 1-100(5)vrf policy deny(7K only)(6)interface policy deny(7)permit interface e1/1-2
radius server config	radius-server host 10.1.1.1 key cisco
radius server verification commands	show radius-server
radius server groups	(1)aaa group server radius RadServer(2)server 10.10.1.1(3)server 10.10.20.2(4)deadtime 30(5)use-vrf management
configuring ldap	(1)ldap-server host 10.10.20.2 enable-ssl(2)aaa group server ldap LDAP1Server(3)server 10.10.20.2
ldap verification	show ldap-server groups
RBAC	role name - can deny various commands with an ACL
Password Encryption	aes - type 6 password - config master password - uses password to encrypt further - (1) # key key-config ascii (2)(config)#feature password encryption aes (3)encryption re-encrypt obfuscated
cfs	cisco fabric services - show cfs application - these advertise and update over the fabric services command (1) (config)# cfs ipv4 distribute (2) (config)# role distribute (3) commit
cfs for switch profile	(config)#cfs ipv4 distribute (config-sync)#switch-profile PC-profile(config-sync-sp)# sync-peers destination 10.1.1.2(config)#int e1/1 - 16(config-sync-sp-if-range)#swithchport (config-if-range)#channel-group 1(config-sync-sp-if-range)#commit
cfs configuration 9 (3 x 3)	(1)cfs distribute (2)ntp distribute (3)ntp server 10.0.1.254(4)ntp commit OR (1)cfs distribute(2)cfs ipv6 distribute(3)cfs ipv4 mcast-address 239.255.1.1(4)cfs region 1 (2)ntp (3)call home
verification of cfs	VERIFICATION- (1)show switch profile (2) PC-profile status show switch-profile switch-profile status (3)show cfs application(4)show cfs status(5)show cfs peers(6)show cfs regions
cfs application	(1)call home(2)device alias(3)DVPM(4)IVR(both)(5)iSNS(uncoord)(6)NTP(7)port security(8)Radius&TACACS+(9)RBAC(10)Syslog(11)VSAN fctime(12)fcdomain allowed list(13)RCSN event timer(14)SCSI flow services(15)iSCSI load balance(16)Fabric Startup config manager(17)Flexattach virtual pWWN
cfs default config	(1)enabled(2)disabled over ip(3)default multicast is 239.255.70.83(4)default ipv6 multicast ff15::efff:4653
cfs distribution	(1)clear ntp session (2)ntp abort - not when cfs updates it locks the NX-OS so no other updates are possible
ntp explanation and config	set on default vdc on default vrf by default - max of 64 peers (1)ntp enable (2)ntp source 10.1.1.5 (3)ntp server 10.1.1.2 key 10 use-vrf RED(4)ntp peer 2001:0db8::4001 perfer use-vrf RED - is preferred server
ntp verification	show ntp peers - show ntp access-groups
ntp authentication	(1)ntp authentication-key 10 md5 cisco(2)ntp trusted-key 10(3)ntp authentication(4)ntp access-group peer ACL_NTP
ptp	(1)nx-os 5.2+(2)only 1 PTP process can control all(3)PTP only multicast comm-unicast not supported(4)PTP limited to single domain per net(5)PTP enabled only 7K F1 & F2 mod ports(6)PTP support transport via UDP not ethernet(7)mgmt message forwarded on ports on which PTP enabled
ptp config	(1) ptp source 192.0.10.1 (2)ptp priority1 1 (3)ptp priority2 1 - can prioritize whom we trust
EEM	(1)sending an email (2)disabling an interface (3)recover from event (reload or shutdown) - max length is 500 policies - communication methods - pager, email, XML and direct case to TAC
EEM Actions	(1)execute any cli command(2)update counter(3)log exception(4)force shutdown of any module(5)reload device(6)shutdown modules(7)generate syslog(8)smart call(9)snmp notification(10)default action for the system policy
EEM Config	(1)event manager applet monitorshutdown (2)(config-applet)#description "Monitors interface shutdwn"(3)(config-applet)#event cli match"conf t; interface*;shutdown" (4)(config-applet)#action 1.0 cli show int e3/1
Netflow information	(1)ingress interface(2)source ip address(3)destination ip(4)ip protocol(5)source port for UDP or TCP, 0 for other protocols(6)destination port for UDP or TCP, type and code for ICMP or 0 for other protocols(7)type of service
Netflow Guidelines and Limits	(1)config name for every flow monitor(2)use v9(3)max entries 512k(4)2k support bridged netflow(5)7K F1 not support bridge Netflow(6)no Netflow on 7K F2(7)Netflow L2 to L2,L3 to L3(8)rollback fail if modify record programmed in hardware(9)must config a src int if not be in disabled state
Netflow config	(1)feature netflow(2)flow exporter MARK(3)version 9(4)flow record RDR(5)match ipv4 source address(6)match ipv4 destination address(7)collect counter bytes(8)collect counter packets(9)flow monitor MON(10)record RDR(11)exporter nexusexample(12)int e1/2(13)ip flow Monitor output
SPAN src&dest	src.(1)ethernet(2)port-channel(3)in-band interface to control plane CPU(4)vlan(5)fabric port channels connected to Nexus 2K Destination(5)RSPAN vlans -L3 subinterfaces NOT support-DEST-same
SPAN Config	(1)(config)#monitor session 3(2)(config-monitor)#no shut(3)(config-monitor)#source int e2/1 -3, e3/1 rx(4)(config-monitor)#source int po2(4)(config-monitor)#destination int e2/5(5)(config-monitor)#no shut
ERSPAN Source	(1)ethernet(2)port-channel(3)in-band int to control plane CPU(4)vlan(5)fabric port channels connect to 2K Dest(5)Satellite ports & host int port-channels on Fex - in L2 access&trunk port&L3 Mode(DOESN'T MONITOR SUP TRAFFIC)
ERSPAN Destination	(1)ethernet(2)port-channel(3)cannot be both src.&dest.(4)destination no L2 STP or L3 routing(5)F1&F2 mod core ports, FEX host int (HIF)ports or (HIF)port-channels
ERSPAN Source Config#1	(1)int e14/30(2)(config-if)#no shut(3)(config)#monitor erspan origin ip-address 3.3.3.3 global(4)(config)#monitor session 1 type erspan-source(4)(config-erspan-src)#source int e14/30
ERSPAN Source Config#2	(5)(config-erspan-src)#erspan-id 1(6)(config-erspan-src)#ip ttl 15(7)(config-erspan-src)#ip dscp 5(8)(config-erspan-src)#vrf default(9)(config-erspan-src)#destination ip 9.1.1.2(10)(config-erspan-src)#no shut
ERSPAN Destination Config#1	(1)(config)#int e14/29(2)(config-if)#no shut(3)(config-if)#switchport(4)(config-if)#switchport monitor(5)(config-erspan-src)#source ip 9.1.1.2
ERSPAN Destination Config#2	(6)#(config-erspan-src)#destination int e14/29(7)(config-erspan-src)#vrf default(8)(config-erspan-src)#erspan-id 1(9)(config-erspan-src)#no shut
Call Home	(1)call home (2)(config-callhome)#email-contact admin@yourcompany.com(MAX 50)(3)(config-callhome)#phone-contact +1-800-555-1212(4)(config-callhome)#streetaddress 123 Mainstreet, Ourtown, USA(5)(config-callhome)# contract-id - ties in with EEM and GOLD
Call home destination profile and transport	(1)call home(2)destination-profile bigdatacenter(3)destination-profile bigdatacenter format full text(4)transport email smtp-server 10.1.1.1 use-vrf mgmt(5)tranport email from bob@ptoch.com(6)transport email reply-to bossofbob@ptoch.com
call home acceptable message format	(1)short text(2)full text(3)XML
Call Home Destination Profiles	(1)one or more alert groups(2)one or more email destinations(3)message format(4)message severity level
call home verification	show call home - show callhome transport-email
user account	max of 256 (1)username (2)password (3) expiry date (4) user roles
snmp capabilities	(1)v1 - 3(2)supports SNMP over IPv6(3)NX-OS supports on instance of SNMP per VDC on Cisco Nexus 7K series
snmp v2 config	(1)snmp-server community public ro (2)snmp-server community public ACL_PUBLIC_SNMP
snmp v3 config	(1)snmp-server user Admin auth sha cisco priv mypassword(2)snmp-user Admin enforcePriv(3)snmp-server host 10.1.1.1 informs version 3 auth NMS(4)snmp-server host 10.1.1.2 source int e2/1(5)snmp-server contact Admin(6)snmp-server location lab
snmp verification	(1)show snmp user (2)show snmp community(3)show snmp
Cisco NX-OS XML API	works with NETCONF-transport is SSHv2 (1)RPC(2)operation(3)content
NX-OS configuration methods	(1)CLI(2)XML API management interface(3)Cisco DCNM(4)User-defined GUI
VM-Fex feature enabling initial setup	(1)install feature-set virtualization(2)feature-set virtualization(3)feature vmfex(4)vethernet auto-create - NOTE: FOR VM
VM-Fex configuration	(1)svs connection MyCon(2)protocol vmware-vim(3) remote ip address 10.2.8.131 port 80 vrf management(4)dvs-name MyVMFEX(5)vmware dvs datacenter-name MyVC(6)connect
mpls config	(1) install feature-set mpls (2) feature-set mpls (3)feature mpls ldp(3)int gi0/0(4)mpls ip
mpls verification	(1) show mpls interface detail (2) show mpls ldp neighbor
LDP	responsible for label allocation - advertisement and redistribution of labels
LDP session	LDP discovery - done through multicast discovers neighbors sets up an LDP adjacency
LSR	forwards packets based on labels
Edge LSR	labels packets or forwards IP packet out of an MPLS domain
LSP	path from source to destination through MPLS enabled network
MPLS label	used for MPLS switching
LFIB	used to forward labeled packets populated by LDP
FIB	populated by routing table, mpls label is added to the FIB by the LDP
mpls vpn	(1) top label or outer label points to egress router (2) second label or inner label identifies egress vrf (RT=1:2), Label 100 (would be example of something in side MPLS label)
L3 mpls vpn config #1	(1)feature mpls l3vpn (2)ip route 10.1.2.0 255.255.255.0 Null0 tag 123(3)route-map ALLOW permit 10(4)match tag 123(5)interface gi1/1(6)
L3 mpls vpn config #2	(1)vrf member vpn-A(2)ip address 10.1.2.1/24(3)vrf context vpn-A(4)rd 100:1(5)ip route 10.1.2.0/24 gi1/1(6)address-family ipv4 unicast(7)router-target import 100:1 route-target export 100:1
lisp benefits	1)reduction of BGP table 2)effecient multihoming 3)ease of renumbering 4)mobility
lisp configuration	(1)feature lisp (2)ip lisp itr-etr (3) ip lisp database-mapping 153.16.21.0/24 128.223.156.222 priority 1 weight 100 (4) ip lisp itr map-resolver 128.223.156.139 (5) ip lisp etr map-server 128.223.156.139 key 6 s3cre3t
lip map resolver & server config	(1)ip list map-resolver (2)ip lisp map-server (3)lisp site ARIN-MR-MS(4)authentication-key 0 cisco(4)eid prefix 1.1.1.0/24
lisp verification	show ip lisp map-cache - show ip lisp
EID	EID - endpoint identifier An EID is an IPv4 or IPv6 address used in the source and destination address fields of the first (most inner) LISP header of a packet.
ITR	ITR - ingress tunnel router - recieves IP packets - sends LISP-encapsulated IP packets
ETR	ETR - egress tunnel router - receives LISP packet - de-encapsulates and delivers to LOCAL EID at the site
MR	MR - map resolver - receives maps requests from ITR and forwards to ALT
MS	MS - map server - receives map request via ALT and encapsulates Map-Requests to registered ETRs
PI	PI - provider independent
PA	PA - provider assigned
RLOC	RLOC - routing locator A RLOC is an IPv4 or IPv6 address of an egress tunnel router (ETR). A RLOC is the output of an EID-to-RLOC mapping lookup.
ALT	Alternative Topology - advertises EID prefixes - expect lisp packets are essentially the core
VN-Link	create a logical link between vNIC on a virtual machine and a Cisco UCS Fabric Interconnect - virtual machine aware networking
Adapter-FEX	divide a single physical link into multiple virtual links or channels - platforms 5500, UCS and 2200 - limited to physical link - but (5) switchport mode VN-Tag - brings FEX to UCS chassis - connects switch vethernet to server vnic - P81E or BCM57712
configuring npv	(1) npv enable NP uplink interface (config)# interface fc slot/port (config-if)# switchport mode NP - Server (config)# interface [fc slot/port \| vfc vfc-id] (config-if)# switchport mode F
vfc	virtual fibre channel - must bind to either an interface (1)(config)# vfc 20 (config-if)# switchport mode F (config-if)# bind interface eth 2/4 or mac-address 00:0a:00:00:00:36 (config-if)# no shut
configuring vsans	(1) (config)# vsan database (2) (config-vsan-db)# vsan 2 interface vfc 20, int fc2/1-4
niv	networking interface virtualization - removes switching from hypervisor and puts on hardware independent of hypervisor - 802.1Qbh
ehv	ethernet host virtualizer makes - niv - appear as one device
DPVM	dynamic port vsan membership - based on pWWN and nWWN - in cfs
fcoe config	(1) (config)# vdc 2 (config-vdc)# fcoe allocate fcoe-vlan-range 100-200 from vdc switch (config)# int vfc 4 (config-if)# bind interface ethernet 1/4 (config-if)#disable fka (fip keepalive) (2) configuring cross fabric map (config)#fcoe fcmap 0xefc10
fcoe logical endpoint	encapsulates and decapulates fc traffic
MDS differences	(1) FCIP (2) iSCSI (3) FICON - IBM Fibre Connection
cts configuration	(1)(config)#feature dot1x (2)(config)#feature cts(3)(config)#cts device-id MyDevice password cisco(4)(config)#aaa authentication cts default group Rad1(5)(config-if))#cts dot1x(6)(config-vlan)#cts role-based enforcement(7)cts sgt 0x00a2
using vrf with radius	(1) (config)#aaa group server radius Mygroup(2)(config-radius)# server 10.1.1.1(3)(config-radius)#use-vrf
CNA	Converged network adapter-appears to the OS as NICs and HBAs (1)Priority Flow Control(PFC)(2)Data Center Bridging(DCB)(3)FCoE Initialization Protocol(FIP)(4)Single Chip Implementation(5)Low power consumption
VxLAN	virtual extensible lan - is Layer 2 encapsulated in Layer 3 UDP packet
M-2 XL v non-XL	(1)MAC - both do 128K (2)Ipv4 - 128k v. 1M (3) ipv6 64k v 350k (4)Netflow both 512k (5)ACL - 64k v 128k - ALL M2(1) comprehensive L2 & L3 functionality (2)MPLS in hardware (3)OIR-online insertion and removal (4)Cisco Trustsec - SGT-based ACLs (5)MAC security-IEEE 802.1AE using AES cipher
F2	(1) L2 and L3 (2) FabricPath (3) FCoE
L2 Redundancy	(1)STP - Bridge Assurance, UDLD (2)vPC (3)FabricPath (Enhanced L2 package)
L2/L3 Redundancy	(1) HSRP (2) VRRP (3) GLBP
glbp load balancing options	(1) none-all traffic goes to AVG (2) weighted-each device has a weight (3) host-dependent-host goes to same VF (4) round robin-sequential allocation
L3 Routing Protocol Extensions	(1)BFD (2)Graceful restart-ospf v2/v3, EIGRP, ISIS and BGP(3)SPF optimization such as LSA pacing and incremental SPF
Anycast HSRP	(1) SVI (where HSRP address is configured) must be configured for HSRP version 2 (2) Anycast Bundle
Anycast HSRP bundle characteristics	(1) Anycast Bundle ID (2) Anycast Switch ID - must be configured (3) Anycast bundle switch priority (4) list of VLANs for which anycast HSRP will be provided
Anycast HSRP configuration	(1) interface vlan 10 (2) no shutdown (3) ip address 10.10.0.25x/24 (4) hsrp version 2 (5) hsrp 10 (6) 10.10.0.1 (MC Group 224.0.0.2)
HSRPv2	(1)group 0 - 4095(2)multicast 224.0.0.102(3)cleartext and MD5
scheduler configuration	feature scheduler(1) scheduler job name Mark (2)(config-job)# cli var name timestamp $(TIMESTAMP) ;copy running-config bootflash:/$(SWITCHNAME)-cfg.$(timestamp);copy bootflash:/$(SWITCHNAME)-cfg.$(timestamp) tftp://1.2.3.4/ vrf management
scheduling time	shedule schedule name BACKUP(2)job name backup-cfg(3)time daily 23:00
scheduler verification	show scheduler config - show schedule schedule name BACKUP
scheduler periodic times	(1)daily(2)weekly(3)monthly(4)delta(5)one-time
scheduler failure causes	(1)license expired for feature at time job scheduled(2)feature disabled at time when job scheduled(3)remove a module or module fails and a job for module is scheduled
VRRP	(1) standards based (2) vip can be shared with a device (3) can have more groups per interface (more devices) (4) can only track objects (5) no authentication (6) 255 groups (MC group 224.0.0.18)
GLBP	(1)all devices w/o creating multiple groups (2) single VIP many MACs (3) routes traffic to VIP sends to Virtual MAC (2)active virtual gateway-responds to ARP request with AVF MAC (3) active virtual forwarder - actively forwards traffic (1024 groups) 224.0.0.102 only tracks objects(4)md5 & cleartext authentication
nsf	(1) referred to as graceful restart-uninterrupted forwarding during restart of control plane processes (2) high availability manager restarts process (3) graceful restart messages to peers (4) control plane info received from peers and installed in all tables
Redundant Hardware	(1) Supervisor (2) switch fabric (3) power supplies (4) fan trays
SSO	stateful switch over - NOT disruptive - needed for switchover - (1) standby sup must be in ha-standby state (2) standby supervisor must be stable (3) auto-copy must be active (4) no auto-copy running - show boot auto copy - show auto-copy list
Sup Replacement	(1) #system switchover #out-of-service <slot-of-sup-to-replace> #reload module <replace-sup> force #copy bootflash:kickstart_image bootflash:kickstart image #copy bootflash :system_image bootflash:system_image
Sup Replacement Part 2	(1)(config)# boot kickstart bootflash:kickstart_image (2)(config)# boot system bootflash:system_image (3) (config)# copy run start
4 Power Redunancy Mode	(1) combine - none (2) power supply redundancy (N+1) guards against one power supply failure (3) input source redundancy (grid redundancy) (4) power supply and input - both
Gold	Generic online diagnostics (GOLD) will failover when unrecoverable error happens
ISSU	(1) copy kickstart image and new Cisco NX-OS image to both sups (2) examine impact of upgrade sh install all impact kickstart bootflash:image (3)perform upgrade install kickstart bootflash:image (4)verify (show version)
attach module 6	how to connect to a supervisor
Default	(1)IPv4 multicast mem Min-8 -8(2)IPv6 multicast mem Min-5-5(3)IPv4 unicast mem Min-8 -8(4)IPv6 unicast memory Min-4 -4(5)Port channels Min-0-768(6)SPAN Min-0-2(7)ERSPAN Min-0-23(8)VLANs Min-16-4094(9)VRFs Min-2-4096(10)Inband SRC session Min-0-1
Non-Default	(1)IPv4 multicast mem Min-58 -58(2)IPv6 multicast mem Min-8-8(3)IPv4 unicast mem Min-96 -96(4)IPv6 unicast memory Min-24 -24(5)Port channels Min-0-768(6)SPAN Min-0-2(7)ERSPAN Min-0-23(8)VLANs Min-16-4094(9)VRFs Min-2-4096(10)Inband SRC session Min-0-1
4 Port - Port Groups	M132XP-12 - F248XP-25 - F132XP-15- same VDC same PORT group - M148GT-11 - M148GS-11 - - M148GS-11L - if dedicated only one 10G port active all others must be shutdown
TCAMs of Modules for L3 non-XL linecards	128,000 IPv4 FIB entries 64,000 IPv6 FIB entries 64,000 ACL entries
Per Default-VDC High Availability	(1) dual-supervisor = switchover (2) single-supervisor=reload
Per non-default HA	(1) restart (default single sup) (2) switchover - (default dual sup) (3) bringdown (4) reload - single SUP
HA policy	(config-vdc)# ha-policy dual-sup restart single-sup restart - is how you change it
vdc all command	copy run start vdc-all - show run vdc all
UDLD	(1) (config# feature UDLD (2) (config)# UDLD aggressive - ports shut down when not see UDLD frames 8 times - normal - just sends a message - show udld neighbors
port-profile configuration	(1)(config)# port-profile type ethernet SERVERS (2) (config-port-prof)# swithport (3)(config-port-prof)#no shut(4)(config-port-prof)# swtichport mode access-APPLYING(config-if-range)# inherit port-profile SERVERS-VERIFY- show port-profile name SERVERS
unified ports	FCoE - Nexus also support fc 1,2,4,8 and ethernet of course
FEX config	(1)straight through static pinning - statically pinned to specific interfaces (one group for every uplink) (2)straight through with dyanmic pinning - uses port channels (3)Active-Active - uses vPC
Configuring FEX	(1)(config)#feature fex (config)# fex 111 (config-fex)#pinning max-links 4 (config)# interface 1/1 - 4 (config-if-range)#switchport mode fex-fabric (config-if-range)# fex associate 111 VERIFICATION - show fex
Adapter FEX Topologies	(1) single homed (straight to 5500) (2) single-homed 2k to 5500(3)dual-homed - 2 5500s to 1 FEX(4)Active-Standby - 2 nexus 5k(5)Active-Standby with FEX
Adapter FEX configuration procedure	(1)(config)#install feature-set virtualization(config)#feature-set virtualization(config)#veth auto-create(4)port-profile type vethernet user_data(config-if)#switchport mode vntagMANUAL-(config)#vethernet 21(config-if)#bind int e101/1/15 channel 1
Adapter FEX config for 2K	(1)install feature-set virtualization(2)feature-set virtualization(3)fex 101(4)fcoe(3)veth auto-create(5)int e101/1/1(6)switchport mode vntagMANUAL-(1)vethernet 21(2)bind int e101/1/1 channel 1(3)switchport mode trunk (4)int vfc 4(5)bind int vethernet21
Adapter FEX peer 2k config	(1) different fex # (2) different channel (3) different vethernet (4)different vfc
Adapter Fex FCOE	(1)single physical link split into multiple virtual channels(2)channels(3)FCoE switches 5500 and 2232(4)FCoE server UCS P81E for C-Series, support VNTag like BCM57712
Adapter FCoE channels	(1) identified by unique channel number(2)channel scope limited to physical link(3)Connects a server vNIC with a switch vEthernet interface(4)uses tagging with VNTag identifiers
Private VLAN	Primary VLAN - is the main vlan Secondary VLANs - are compartmentalized
2 Secondary VLANs	(1) community only talks with other people in same VLAN and the promiscuous port (2) Isolated can only talk to promiscuous cannot even talk to ports within their same vlan (3) promiscuous ports can talk to everyone can put ACLs here
private vlan configuration	(1)(config)#feature private vlan(config)#vlan 142(config-vlan)#private-vlan primary(config-vlan)#vlan 100-102(config-vlan)#private-vlan community(config-vlan)#vlan 103(config-vlan)#private vlan isolated(config-vlan)#vlan 142(config-vlan)#private-vlan assoc 100-103
private vlan community port config	(1) (config-if)#switchport mode private-vlan host (config-if)#switchport private-vlan host-association 142 101 VERIFY show interface e2/3 switchport
private vlan promiscious port config	(1) (config-if)#switchport mode private-vlan promiscuous (config-if)#switchport private-vlan mapping 142 101-103 VERIFY show interface e2/3 switchport
Bridge Assurance	spanning-tree type port type network - if the port does not receive a BPDU then puts in bridge assurance_inconsistent *BA_Inc (config)#spanning-tree bridge assurance.
MST instances	group of VLANs map to instances and each runs its own PVST instead of having a PVST for each VLAN - region is multiple switches
MST configuration	(1) spanning-tree mst configuration (2)(config-mst)#name MST-DC-1(config-mst)#revision 37(config-mst)#instance 1 vlan 100-199(config-mst)#instance 2 vlan 200 - 299 -> spanning-tree mode mst (changes spannning-tree mode to MST)
Loop Guard	if designated port becomes a root port it shouldn't happen so shutdown the port - similar to bridge assurance
extended vPC	Server VPC to FEX -> FEX VPC to 5k
Supported Nexus 5K vPC Topologies	(1) Switch dual-homed to a switch pair (2) single-home Fex(3) dual homed fex (4) dual-homed server connected by active/standby NIC teaming to 2 FEXs (5)extended vpc
Cisco ANM	(1) CSS (2) ACE (3) CSM (CSM-S) - uses RBAC for access
Cisco Prime LMS	(1) Monitoring and Troubleshooting (2) Inventory (3) audit and compliance management (4) reporting (5) work centers (6) administration
Cisco Nexus 5548UP,T,5596UP and T	L3 daughter card is capable of 160 GPS shared among the 48 ports.
6500 filesystem where IOS can be stored	(1)disk0: (2)sup-bootflash: (1) show file system - shows the file system of a device
3 parameters of TACACS+ on MDS 9000	(1) deadtime (2)timeout (3) retransmit
L3 Routing	IS-IS only on 7K - vPC peers should not have adjacency across it
7K and L3 Licensing	(1) RIPv2 by default (2) Enterprise Services License - all L3
5K and L3 Licensing	(1)default - Connected, Static, RIPv2, restricted OSPF, EIGRP stub, HSRP, VRRP, IGMPv2/3, PIMv2, RACL, uRPF (2) L3 LAN Enterprise License - all base + full EIGRP, unrestricted OSPF, BGP, VRF-lite
OSPF configuration	feature ospf(config)#router ospf 1(config-router)#router-id 1.1.1.1(4)default auto cost ref BW is 40G(config-router)#auto-cost reference-bandwidth 100G(5)interface vlan 10, vlan 20-25(config-if-range)#ip ospf 1 area 0(or)interfacee e1/1-3(config-if-range)#ip route ospf 1 area 0
OSPF authentication config	(config-if-range)#ip ospf authentication message-digest (config-if-range)#ip ospf message-digest-key 1 md5 cisco
EIGRP configuration	feature eigrp(config)#router eigrp 1(config-router)#router-id 1.1.1.1(5)interface vlan 10, vlan 20-25(config-if-range)#ip eigrp 1 area 0(or)interfacee e1/1-3(config-if-range)#ip router eigrp 1
EIGRP authentication config	(config)#key-chain EIGRP-CHAIN(config-keychain)#key 1(config-keychain-key)#key-string cisco (config-if-range)#ip auth mode eigrp 1 md5(config-if)#ip auth key-chain eigrp 1 EIGRP-CHAIN
IS-IS Config	feature IS-IS(config)#router ISIS DC(config-router)#net 49.0001.1921.6801.1011.00(config-router)#is-type-level-1(1)interface vlan 10, vlan 20-25(config-if-range)#ip router ISIS DC(or)interfacee e1/1-3(config-if-range)#ip router ISIS DC
IS-Authentication config	(config)#key-chain ISIS-CHAIN(config-keychain)#key 1(config-keychain-key)#key-string cisco (config-if-range)#ip auth mode eigrp 1 md5(config-if)#ip auth key-chain ISIS-CHAIN level 1
BGP configuration	feature bgp(config)#router bgp 65000(config-router)#router-id 1.1.1.1(config-router)#address-family ipv4 unicast (config-router-af)#network 192.168.16.0/20(
BGP neighbor	(config-router)# neighbor 10.1.1.2 remote-as 65001(config-router-neighbor)#address-family ipv4 unicast (config-router-neighbor)#neighbor 192.168.16.2 remote-as 65000(config-router-neighbor)#update-source loopback0(config-router-neighbor)#address-family ipv4 unicast
route filtering	(1) prefix-lists (2)AS path ACLs - used for filtering or route matching based on AS path attribute - reg-exs (3) community lists - BGP matching based on extended communities (4)route-maps
L3 redistribution	(config-router)# redistribute eigro 200 route-map EIGRP-TO-OSPF
PBR	feature pbr (config)# route-map SELECT-PROVIDER permit 10(config-route-map)#match ip address CUSTOMER-A(config-route-map)#set ip next-hop 10.1.1.1
Multicast and Nexus	(1)IGMP IPv4 (2)MLD for ipv6
Source Distribution Tree	(S,G) - every source you create a unique way for device to get information - S=source G=multicast - more memory to maintrain the table
Shared Distribution Tree	(*,G) - traffic is forward via a meeting point for this group - possible suboptimal paths - extra delay - less memory to maintain table - is a RP or rendezvous point
Group membership	IGMPv2/MLDv1, IGMPv3/MLDv2
Multicast Intradomain Routing	PIM Sparse Mode, PIM BiDir, PIM SSM
Multicast Interdomain Routing	MSDP and MBGP (7K)
Multicast Licensing 5K	5500 - L3 Base for PIM, PIM6 and MSDP
Multicast Licensing 7K	7K - Enterprise Services License HARDWARE - F-Series module is L2 only - F series requires M series in same VDC - vPC - supports only Any Source Multicast (ASM) PIM, not BiDir or PIM
Multicast configuration	(config)# interface vlan 10 (config-if)# ip igmp version 3 (config-if)# ipv6 mld version 1 - note when PIM is activated IGMP is when PIM 6 activate MLD is
verification of IGMP	show ip igmp int brief - show ip igmp groups 239.1.1.1 - show ip igmp groups 239.1.1.1 192.168.1.1
PIM and PIM6 Scenarios	(1)PIM & PIM6 static RP-any source multicast w/manually configured RP address(2)PIM & PIM6 Bootstrap Router(BSR)-ASM dynamically distributed RP using BSR mechanism-standard(3)PIM with Auto-RP(ipv4 only)-ASM with dynamically distributed auto-rp Cisco (4)SSM - ssm does not use RP
PIM with Static RP ipv4	feature PIM (config)#interface vlan 10(config-if)# ip pim sparse-mode(config-if)#interface e1/8-9(config-if-range)#ip pim sparse-mode(config)# ip pim rp-address 10.1.1.1 group-list 224.0.0.0/9
PIM with Static RP ipv6	feature PIM6(config)#interface e1/8-9(config-if-range)#ipv6 pim sparse-mode(config)# ipv6 pim rp-address 2001:0db9:0:abcd:1 group-list ff1e:abcd;def1::0/24
Configure BSR ipv4	(config)# ip pim bsr-candidate e2/1 hash-len 24 priority 192 (config)#ip pim rp-candidate e2/1 group-list 239.0.0.0/24
Configure BSR ipv6	(config)# ip pim6 bsr-candidate e2/1 hash-len 24 priority 192 (config)#ip pim6 rp-candidate e2/1 group-list ff1e:abcd:def1::0/24
Configure auto-rp	(config)# ip pim auto-rp mapping-agent e2/1 (config)#ip pim auto-rp rp-candidate e2/1 group-list 239.0.0.0/24
SSM (source specific multicast)	(config)#ip pim ssm range 239.128.1.0/24 (config)#ipv6 pim ssm range FF30::0/32
verification of PIM	show ip pim int brief - show ip pim neighbor - show ip pim rp - show ip pim group-range - show ip mroute 239.1.1.1
IGMP snooping	on by default if multicast on but if not - (config-vlan-config)#ip igmp snooping querier 192.168.37.1
MSDP configuration	feature MSDP (config)#interface lo1 (config-if)#ip address 192,168.1.1/32 (config)#ip msdp peer 192.168.1.2 connect-source lo1
DCNM for SAN	(1)real-time fabric & network health monitoring(2)VM-aware auto discovery & VM-Path analysis(3)VM-aware performance monitoring(4)detailed fabric topology views of DC infrastructure(5)comprehensive FCoE manage including provisioning, discovery & operation mon(6)custom reports
DCNM SAN components	(1)Cisco DCNM-SAN server(2)Cisco DCNM-SAN Client(3)Cisco DCNM-SAN Web Client(4)Cisco Device Manager(5)Cisco Performance Manager(6)Cisco Traffic Analyzer(7)Network Monitoring(8)Performance Monitoring
DCNM SAN scope	(1)Cisco MDS 9500, 9200, Multilayer Switches(2)9100 Multilayer Fabric Switches(3)7K(4)5K(5)3K(6)UCS 6100 and 6200
Cisco Prime DCNM for SAN Essentials Ed.	(1)Summary and host dashboards(2)automated fabric discovery(3)template reports(4)real-time performance snapshot(5)provisioning:Fibre Channel and FCoE(6)config mgmt:Switch&Fabric config using wizards(7)web services APIs(8)Fabric Topology views
Cisco Prime DCNM for SAN Advanced Ed.	(1)Federation and VSAN scoping(2)VM-Aware Monitoring(3)Multiple Fabrics performance monitoring(4)performance forecasting(5)Historical performance trending(6)event forwarding
DCNM for LAN operational mon of DC infra	(1)proactive monitoring(2)performance and capacity(3)topological views
DCNM for LAN DC Resource Mgmt	(1)automated discovery(2)config and change mgmt(3)template based provision
DCNM for LAN image mgmt	(1)integration with enterprise systems(2)web service APIs(3)event forwarding
License DCNM Features	(1)vPC(2)VDC(3)802.1X(4)GLBP,object tracking,key chain(5)HSRP(6)Cisco integrated security features(DHCP snoop,DAI,IP Source Guard)(7)port security tunnel int(8)config change control(archive,rollback,diff)(9)OS image mgmt
DCNM LAN Fault Mgmt	(1)industry standard event browser(2)event collection and normalization(3)per network feature correlation(4)noise filtering for root cause(5)event propagation
DCNM LAN Performance Monitoring	(1)real-time traffic stats(2)port util(3)port error(4)packet loss(5)GRE tunnel(6)port security(7)portchannel(8)vlan traffic(9)ARP packets(10)storm control stats(11)environmental status and resource mgmt(12)historical reports(13)visuals & exportable reports
DCNM LAN config and change mgmt	(1)auto retrieve config from Nexus platform and maintain versions of configs(2)support scheduled & on-demand archival(3)allow end users to browse thru different versions(4)change analysis by config compare(5)support merging of changes(6)rollback(7)save config after rollback
DCNM LAN VDC MGMT	(1)VDCs handled thru wizard(2)int allocate across VDC(3)resource limit enforce(4)resource consumption mon(5)IPv4&V6 capable(6)VDC-aware fault & perform mon(7)VDC aware RBAC(8)topology represent(9)VDC per chassis(10)VDC-to-VDC connectivity(11)real-time/delayed discovery
Cisco Device Manager	(1)Full switch config capabilities(2)vsan(3)port-channel(4)interfaces(5)RMON alerts and so one(6)real-time monitoring(7)device and summary views(8)Cisco License Manage(9)View license info(10)install and remove license key files
CDM Summmary of int on single switch	(1)configurable poll interval and thresholds(2)CPU, memory and flash usage(3)interface description, VSAN, port mode and connnectivity (4)receive and transmit utilization, errors and so on
CMP	Connectivity management processor - is completely separated for lights out management - ATTACH CMP - can attach to the CMP - ~, - to exit
2 ways to configure IP address on CMP	within CMP - (1)ip default-gateway 10.1.1.1 (2)interface cmp-mgmt (3)interface cmp-mgmt (4)ip address 10.1.1.2/24 - from main - interface cmp-mgmt module 5 (config-if-cmp)#ip address 192.0.2.1/24 (config-if-cmp)#ip default-gateway 192.0.2.10
enabling ssh or telnet	ssh server enable or telnet server enable
logging on CMP	logging level (1 - 7) - lower is worse - show logging level - show logging logfile
cmp	show run cmp - show start cmp - show tech-support cmp - any command must attach CMP if in NX-OS
cmp installing of OS	install module 5 cmp system bootflash:/....... , reload cmp module 5
taking control of CP from cmp	attach cp , ~, is esc character
rebooting cp and cmp and system	reload cp, reload system
7K Enterprise License	(1) OSPF(2)BGP(3)EIGRP(4)IS-IS(5)PIM and SSM(6)MSDP(7)policy based routing(8)GRE
7K Advanced Service Package	(1) VDC (2) Cisco Trustsec Solution
7K Scalable Feature Package	provides chassis license for XL feature modules(one per chassis) different license for each chassis model
7K Enhanced L2 Package	Cisco fabricpath support on F module
7K MPLS Services Package	MPLS
7K Storage Enterprise Package	(1)IVR over Fiber Channel and FCoE(2)IVR NAT over FC(3)VSAN-based ACL(4)Fabric bindings for open systems
5K FabricPath Services Package	FabricPath
5K FCoE NPV Package	FCoE NPV
5K L3 BaSe Services Package	(1)Static Routing(2)RIPv2(3)OSPF2(256 routes only)(4)EIGRP stub(5)HSRP/VRRP(6)IGMP v2 and 3, PIM 2 (Sparse Mode)(7)Routed ACL(8)uRPF
5K L3 Enterprise Services Package	(1) Full EIGRP(2)OSPF with scalability up to 8000 routes(3)BGP and VRF-lite (IP-VPN)(4)Max routes supported by L3 Hardware 8000
5K Storage Protocols Services Package	(1) Native Fibre Channel(2)FCoE(3)NPV(4)Fibre Channel Port Security(5)Fabric Binding
5K VM-Fex Package	VM-FEX
Obtaining License Key File	(1)Proof of Purchase(2)Website URL(3)Product Authorization Key(4)Switch Serial #(5)License Key through the email
EPLDs	(1)include FPGA-field programmable gate arrays(2)EPLDs-electronically programmable logic devices(3)CPLDs-complex programmable logic devices
EPLD upgrade	(1)Hardware Functionality enhancement or known issue resolution(2)functionality upgraded in firmware rather than hardware(3)cause service disruption(4)procedure that seldom occurs(5)not needed unless they fix required function
epld verification command	show version [module\|fan\|xbar] 7 epld - show install epld status
epld impact commands	(1)show install all impact epld bootflash:/n(all)(2)(I/O & sup)show install module[slot#]impact epld bootflash:/n(3)(fabric)show install xbar-module [slot#]impact epld bootflash:/n(4)(fan-tray)show install fan-module[slot#]impact epld bootflash:/n
epld install command	(1)install [module\|fan-module\|xbar][all\|slot#'s]epld epld-image(2)install all epld epld-image module [all\|slot] [fan-module\|xbar-module][all\|slot]

Gaile K. Rametta

Land O Lakes, FL

This activity was created by a Quia Web subscriber. Learn more about Quia
	Create your own activities