| A | B |
|---|
| Fibre channel frame format | (1)Word (2)Frame (3) Sequence (4) Exchange |
| FCoE Standards T11 Standard | FC-FC-BB-55 |
| FCOE Standards 802.1 standard | (1)PFC-802.1Qbb(2)ETS IEEE-802.1Qaz(3)DCBx-IEEE-802.1Qaz |
| PFC | Priority flow control-802.1Qbb(1)enables lossless Ethernet using pause based on 802.1p COS(2)link is congested CoS assigned to "no drop" will be paused(3)other traffic continues and relies on upper layer retrans(4)not limited to FCoE |
| ETS | Enhanced transmission selection-802.1Qaz-BW management & priority selection(1)sharing of BW between classes(2)minimum BW is guaranteed-can be used by other classes if not in use(3)bursty traffic in managed classes can exist along strict priority classes |
| QCN | Quantized Congestion Notification - QCN - 802.1Qau - congestion awareness and avoidance |
| DCBX | parameters for DCB devices - uses LLDP(1)PTP link discovery(2)neg PFC, ETS, FCoE(3)responsible for link-up down signals(4)discover peer DCB capabilities(5)misconfig detect(6)peer config-admin parameters-operational parameter(info only)-local parameters(no exchange) |
| DCBx | Data Center Bridging exchange - if negotiation fails results in:(1)per-priority-pause not enabled on CoS values(2)vFC not coming up-when DCBV is being used in FCoE environment |
| FCoE functionality | inside of Ethernet packet ethertype 0x8906 tells you it is storage |
| fcoe logical endpoint | encapsulates and decapulates fc traffic |
| FPMA | Fabric Provided MAC address - 48bits in length consist of FC-ID (24 bits) and FF-BB-5 provided address which is 256 bits in length |
| bridge priority | Priority Value + System-ID-Extension (VLAN #) - |
| LACP ID | made up of a (1) priority ID and (2) MAC address |
| vPC config on 5k | (1) vPC keepalive (2) vPC peer-link (3) vPC members |
| vPC configuration | (1)feature vPC (2)(config)#vPC domain 2 (3)(config-vpc-domain)#peer-keepalive dest 10.10.10.10 - NOTE: must be L3 port - can use mgmt port(4)(config-vpc-domain)# vpc peer-link (L2 connection-usually port-channel)(5)in port channel add vpc # (config-if)# vpc 100 |
| configuring FabricPath | (1) admin VDC install feature-set fabricpath(2)w/i VDC turn on feature-feature-set fabricpath(3)fabricpath switch-id 10(4)spanning-tree vlan 6-20 priority 8192(5)add FP interfaces(config-if)# switchport mode fabricpath(6)add FP vlans(config-vlan)# mode fabricpath |
| add vPC+ configuration | (7)config-vpc domain 1(8)(config-vpc-domain)#fabricpath switch-id 1000 |
| vPC+ | is vPC in FabricPath it sees the VPC as a switch-ID - vPC+ subswitch ID - is 8 bits - is essentially a port ID or a port-channel NOTE: LID - local-id is not used here |
| dhcp snooping config | (1)feature dhcp-snooping(2)ip dhcp snooping(3)ip dhcp snooping vlan 16(4)int e2/1(7)ip dhcp snooping trust |
| DAI config | (1)arp access-list ARP_ACL (2)permit ip host 1.1.1.1 mac host 000F.203B.BA85(3)ip arp inspection filter ARP_ACL vlan 5(4)ip arp inspection vlan 6(5)ip arp inspection log-buffer entries 1024-use DHCP snoop table ensure malicious attack not respond to gratituous ARPs must have specific ARP |
| ip source guard config (CP) | (1)feature dhcp-snooping(2)ip dhcp snooping(3)int e2/3(4)ip verify source dhcp-snooping-vlan NOTE:is interface specific - confirm all ARP packets against DHCP snooping table and if does not match pitch it |
| Cisco TrustSec has following prereqs | (1)You must install the Advance Service license(2)You must enable the 802.1X feature. |
| Cisco TrustSec guidelines & limitations | (1)CTS uses RADIUS(2)You can't configure both CTS and 802.1X(3)AAA for CTS only supported on (ACS)(4)CTS supports IPv4 only(5)SXP cannot use (mgmt 0) int(6)You can't enable CTS in 1/2 duplex(7)Do not perform (ISSUs) on Cisco NX-OS devices you have connected using CTS |
| cts general concept | (1) 802.1x request (2)radius and AD authc/authz request(3)links up(4)SGT assigned(5)SGACL applied |
| cts aaa config | (1)radius-server host 10.10.1.1 key Cisco123 pac (2)aaa group server radius Rad1(3)server 10.10.1.1(4)use-vrf management(5)aaa authentication dot1x default group Rad1(6)aaa authorization cts default group Rad1 |
| cts enabling of trustsec | (1)feature dot1x (2)feature cts(3)cts device-id device1 password Cisco321 |
| cts cleartext pw | (1)interface ethernet 2/1(2) cts dot1x |
| cts manual config | (1)interface ethernet 2/1(2)cts manual(3)sap pmk abcdef modelist {gcm-encrypt(default) | gmac | no-encap | null}](4)policy static sgt 0x20(5)interface ethernet 2/2(6)cts manual(7)policy dynamic identity device2 |
| port security configuration | (1)feature port-security(2)int e2/3(3)switchport port-security max 2(4)switchport port security violation PROTECT (drops packet does not increment counter)RESTRICT(drops packet and increments violation counter)SHUTDOWN(shuts down the port-DEFAULT setting) |
| storm control configuration | (1)int po1 (2) storm-control broadcast level 40(3)storm-control multicast level 40 (4)storm-control unicast level 40 - verification - show interface e1/1-2 counters storm-control |
| uRPF configuration loose v. strict | LOOSE-(1)int e2/1 (2)ip verify unicast source reachable-via-any-STRICT-(1)int e2/1(2)ip verify unicast source reachable-via rx - allow default - includes ip[ addresses not specifically in routing table - allow-self-ping - should not use b/c can cause DoS attack |
| AAA conifg | (TACACS+,Radius,LDAP) - aaa authentication login default group radius - aaa authentication login default console group RadServer |
| radius server groups | (1)aaa group server radius RadServer(2)server 10.10.1.1(3)server 10.10.20.2(4)deadtime 30(5)use-vrf management |
| Password Encryption | aes - type 6 password - config master password - uses password to encrypt further - (1) # key key-config ascii (2)(config)#feature password encryption aes (3)encryption re-encrypt obfuscated |
| EEM Actions | (1)execute any cli command(2)update counter(3)log exception(4)force shutdown of any module(5)reload device(6)shutdown modules(7)generate syslog(8)smart call(9)snmp notification(10)default action for the system policy |
| EEM Config | (1)event manager applet monitorshutdown (2)(config-applet)#description "Monitors interface shutdwn"(3)(config-applet)#event cli match"conf t; interface*;shutdown" (4)(config-applet)#action 1.0 cli show int e3/1 |
| Netflow config | (1)feature netflow(2)flow exporter MARK(3)version 9(4)flow record RDR(5)match ipv4 source address(6)match ipv4 destination address(7)collect counter bytes(8)collect counter packets(9)flow monitor MON(10)record RDR(11)exporter nexusexample(12)int e1/2(13)ip flow Monitor output |
| SPAN src&dest | src.(1)ethernet(2)port-channel(3)in-band interface to control plane CPU(4)vlan(5)fabric port channels connected to Nexus 2K Destination(6)virtual span (7K)(7)RSPAN vlans -L3 subinterfaces NOT support-DEST-same |
| SPAN Config | (1)(config)#monitor session 3(2)(config-monitor)#no shut(3)(config-monitor)#source int e2/1 -3, e3/1 rx(4)(config-monitor)#source int po2(4)(config-monitor)#destination int e2/5(5)(config-monitor)#no shut |
| ERSPAN Source | (1)ethernet(2)port-channel(3)in-band int to control plane CPU(4)vlan(5)fabric port channels connect to 2K Dest(5)Satellite ports & host int port-channels on Fex - in L2 access&trunk port&L3 Mode(DOESN'T MONITOR SUP TRAFFIC) |
| ERSPAN Destination | (1)ethernet(2)port-channel(3)cannot be both src.&dest.(4)destination no L2 STP or L3 routing(5)F1&F2 mod core ports, FEX host int (HIF)ports or (HIF)port-channels |
| ERSPAN Source Config | (1)int e1/3(2)monitor erspan origin ip-address 3.3.3.3 global(3)monitor session 1 type erspan-source(4)(config-erspan-src)#source int e1/3(5)(co..src)#erspan-id 1(6)(co..src)#ip ttl 15(7)(co..src)#ip dscp 5(8)(co..src)#vrf default(9)(co..src)#destination ip 1.1.1.2(10)(co..src)#no shut |
| ERSPAN Destination Config | (1)(config)#int e1/2(2)(config-if)#switchport monitor(3)monitor session 2 type erspan-destination(config-erspan-src)#source ip 1.1.1.2(4)#(config-erspan-src)#destination int e1/2(5)(co..dst)#vrf default(6)(co..src)#erspan-id 1(7)(co..src)#no shut |
| user account traits | max of 256 (1)username (2)password (3) expiry date (4) user roles |
| NX-OS configuration methods | (1)CLI(2)XML API management interface(3)Cisco DCNM(4)User-defined GUI |
| VM-Fex Server Configs | (1)Enable NIV mode (Inv->NetAdapters->Modify Adapter Parameters)(2)set number of interfaces (Inventory->NetAdapters->VNics->Add) |
| important things when adding VNIC | (1)Channel # (2)Port Profile(3)Enable Uplink Failover |
| VM-Fex feature enabling initial setup | (1)install feature-set virtualization(2)feature-set virtualization(3)feature vmfex(4)vethernet auto-create(5)int e1/1(6)switchport mode vntag - NOTE: FOR VM |
| VM-Fex Manual Creation Binding | (1) veth 1(2)bind e1/1 channel 10 |
| VM-Fex configuration | (1)svs connection MyCon(2)protocol vmware-vim(3) remote ip address 10.2.8.131 port 80 vrf management(4)dvs-name MyVMFEX(5)vmware dvs datacenter-name MyVC(6)connect |
| VM-Fex Port Profile | (1)port-profile type vethernet VM1 (2)dvs-name all(3)switchport mode access(4)switchport access vlan 10(5)no shut(6)state enabled |
| VM-Fex High Performance | (1)port-profile type vethernet VM 2 (2)high-performance host-netio |
| VM-Fex | 802.1BR |
| Benefits of High Performance Mode | (1)increases I/O performance and throughput (2)decreases I/O latency (3) improves CPU utilization for virtualizaed I/O intense applications |
| High Performance Mode Involves | (1)2 VMs are attached to a VIC in high performance mode (2) when the vMotion migration begins on one VM, the VM transitions to standard mode(3)VM migrates to other host, and standard mode is established (4) VM transitions back to high performance mode |
| lisp benefits | 1)reduction of BGP table 2)effecient multihoming 3)ease of renumbering 4)mobility |
| lisp configuration | (1)feature lisp (2)ip lisp itr-etr (3) ip lisp database-mapping 153.16.21.0/24 128.223.156.222 priority 1 weight 100 (4) ip lisp itr map-resolver 128.223.156.139 (5) ip lisp etr map-server 128.223.156.139 key 6 s3cre3t |
| glbp load balancing options | (1) none-all traffic goes to AVG (2) weighted-each device has a weight (3) host-dependent-host goes to same VF (4) round robin-sequential allocation |
| Anycast HSRP bundle characteristics | (1) Anycast Bundle ID (2) Anycast Switch ID - must be configured (3) Anycast bundle switch priority (4) list of VLANs for which anycast HSRP will be provided(5)You can create an anycast bundle that is an association between a set of VLANs and an anycast switch ID |
| Anycast HSRP example creation | You can create an anycast bundle that is an association between a set of VLANs and an anycast switch ID |
| Anycast HSRP configuration | (1)(config)# hsrp anycast 1 ipv4(2)(config-anycast-bundle)force gateway-down(3)switch-id 1300(4)vlan 1,20-30(5)priority 90(6)track 2(7)switch(config-anycast-bundle)# timer 15 25(8)no shut |
| HSRPv2 | (1)group 0 - 4095(2)multicast 224.0.0.102(3)cleartext and MD5 |
| Sup Replacement | (1) #system switchover(2)#out-of-service <slot-of-sup-to-replace>(3)#reload module <replace-sup> force (4)#copy bootflash:kickstart_image bootflash:kickstart image (5)#copy bootflash :system_image bootflash:system_image |
| Sup Replacement Part 2 - | (1)(config)# boot kickstart bootflash:kickstart_image (2)(config)# boot system bootflash:system_image (3) (config)# copy run start |
| Non-Default VDC 10 | (1)IPv4 multicast mem Min-8 -8(2)IPv6 multicast mem Min-5-5(3)IPv4 unicast mem Min-8 -8(4)IPv6 unicast memory Min-4 -4(5)Port channels Min-0-768(6)SPAN Min-0-2(7)ERSPAN Min-0-23(8)VLANs Min-16-4094(9)VRFs Min-2-4096(10)Inband SRC session Min-0-1 |
| Default VDC 10 | (1)IPv4 multicast mem Min-58 -58(2)IPv6 multicast mem Min-8-8(3)IPv4 unicast mem Min-96 -96(4)IPv6 unicast memory Min-24 -24(5)Port channels Min-0-768(6)SPAN Min-0-2(7)ERSPAN Min-0-23(8)VLANs Min-16-4094(9)VRFs Min-2-4096(10)Inband SRC session Min-0-1 |
| Per Default-VDC High Availability | (1) dual-supervisor = switchover (2) single-supervisor=reload |
| Per non-default HA | (1) restart (default single sup) deletes VDC and recreates using startup config (2) switchover - (default dual sup) (3) bringdown (4) reload - single SUP ONLY |
| Private VLAN | Primary VLAN - is the main vlan Secondary VLANs - are compartmentalized |
| Secondary VLANs & 1 Primary | (1) community only talks with other people in same VLAN and the promiscuous port (2) Isolated can only talk to promiscuous cannot even talk to ports within their same vlan (3) promiscuous ports can talk to everyone can put ACLs here |
| private vlan configuration | (1)feature private vlan(2)vlan 142(3)(config-vlan)#private-vlan primary(4)(c..vlan)#vlan 100-102(5)(c..vlan)#private-vlan community(6)(c..vlan)#vlan 103(7)(c..vlan)#private vlan isolated(8)(c..vlan)#vlan 142(9)(c..vlan)#private-vlan assoc 100-103 |
| private vlan community port config | (1) (config-if)#switchport mode private-vlan host (2)(config-if)#switchport private-vlan host-association 142 101 |
| private vlan promiscious port config | (1) (config-if)#switchport mode private-vlan promiscuous (2)(config-if)#switchport private-vlan mapping 142 101-103 |
| Bridge Assurance | spanning-tree type port type network - if the port does not receive a BPDU then puts in bridge assurance_inconsistent *BA_Inc (config)#spanning-tree bridge assurance. |
| epld impact commands | (1)show install all impact epld bootflash:/n(all)(2)(I/O & sup)show install module[slot#]impact epld bootflash:/n(3)(fabric)show install xbar-module [slot#]impact epld bootflash:/n(4)(fan-tray)show install fan-module[slot#]impact epld bootflash:/n |
| ISSU | (1) copy kickstart image and new Cisco NX-OS image to both sups (2) examine impact of upgrade sh install all impact kickstart bootflash:image (3)perform upgrade install kickstart bootflash:image(4)verify |
| 5 STEPS to Dual Sup Upgrade | (1)Standby Sup brought up with new image (automatic)(2)supervisor switchover(active->standby,automatic)(3)originally active supervisor brought up with new image (automatic)(4)CMP(Bios/Image upgrade)(automatic)(5)hitless upgrades and line card |
| Step 1 of ISSU | (1)copy ftp://user@1.1.11/n-7000-s1 kickstart.bin bootflash://sup-local(2)copy ftp://user@1.1.11/n-7000-s1-image.bin bootflash://sup-local(3)copy bootflash:/n-7000-s1 kickstart.bin bootflash://sup-2(4)copy bootflash:/n-7000-s1 normal.bin bootflash://sup-2 |
| Step 2 of ISSU | show install all impact kickstart bootflash:n7000-sl-kickstart.bin |
| Step3 of ISSU | install all kickstart bootflash:n7000-s1-kickstart.bin system |
| Step 4 of ISSU | show ver |
| radius server attributes | (1)deadtime(2)timeout(3)retransmit(merged) |
| TACACS | (1)deadtime(2)timeout |
| console login default value | local |
| default login method | (1)global pool of Radius Servers(2)named subset of Radius, TACACS+ or LDAP servers(3)local database (default)(4)username only (none) |
| Adapter FEX | allows you to go to server level and map multiple virtual interfaces over a singe ethernet interface using "channels" |
| Adapter FEX Topologies | (1) single homed (straight to 5500) (2) single-homed 2k to 5500(3)dual-homed - 2 5500s to 1 FEX(4)Active-Standby - 2 nexus 5k(5)Active-Standby with FEX |
| Adapter FEX config (auto & manual) | (1)(config)#install feature-set virtualization(2)(config)#feature-set virtualization(3)(config)#veth auto-create(4)port-profile type vethernet user_data(5)(config-if)#switchport mode vntagMANUAL-(6)(config)#vethernet 21(7)(config-if)#bind int e101/1/15 channel 1 |
| Adapter FEX config for 2K 11 ( auto/ man) | (1)install feature-set virtualization(2)feature-set virtualization(3)fex 101(4)fcoe(3)veth auto-create(5)int e101/1/1(6)switchport mode vntagMANUAL-(1)vethernet 21(2)bind int e101/1/1 channel 1(3)switchport mode trunk (4)int vfc 4(5)bind int vethernet21 |
| Adapter FEX peer 2k config | (1) different fex # (2) different channel (3) different vethernet (4)different vfc |
| Adapter Fex FCOE | (1)single physical link split into multiple virtual channels(2)channels(3)FCoE switches 5500 and 2232(4)FCoE server UCS P81E for C-Series, support VNTag like BCM57712 |
| Adapter FCoE channels | (1) identified by unique channel number(2)channel scope limited to physical link(3)Connects a server vNIC with a switch vEthernet interface(4)uses tagging with VNTag identifiers |
| Fibre channel frame format | (1)Word (2)Frame (3) Sequence (4) Exchange |
| Fibre Channel Config | (1)interface fc2/1-5 (2)switchport mode E (3)switchport mode auto(4)switchport fcrxbufsize 2000(5)switchport fcrxbbcredit 5 mode e(6)no system default switchport shutdown san - turns default fc setting to up instead of down (default) |
| RCSN | registered state change notification anything changes this is sent out - disks leaving, entering etc. - SW-RCSN - sent switch to switch |
| N_Port communication steps | N_Port logs into its attached F_Port - FLOGI or fabric login |
| FLOGI | Fabric Login - pWWN (hardware-HBA) and get a FCID (logical-assigned) - this is how stuff is "routed" in the Fibre Channel World - show flogi database - shows all the mappings |
| PLOGI | N port logging into to its target N port |
| PLRI | N port must exchange ULP with target to ensure target and initiator can communicate |
| pWWN | port world wide name - identify port in device - 64 or 128 bits |
| nWWN | node world wide name - identify device - 64 or 128 bits |
| Fibre Channel Address Format | (1)Domain - defines a switch - 8 bit field only 239 allowed (2)Area - groups of ports within domain (3)Port-ID - devices on port |
| FCID | first byte is a Fibre Channel Domain (akin to a SM in the ip world) |
| VSAN | is like a vlan - is carried on a TE port or trunk expansion port |
| F Port | Fabric Port Access Port - actual port on switch -always connects to N - note expects only one host |
| N Port | Node Port - CNA - SAN - UCS etc. - end user port - anything with an HBA - target or initiator - connects only to F |
| E Port | Expansion Port - ISL - port connecting 2 switches together - aka dot1q - must hardset it (1) (config)# fc2/13 (2) (config-if)# switchport mode e - some autonegotiate this - only goes E to E or switches |
| NP Port | an N Port in NPV mode connected to a switch via and F_Port (has multiple logins is a "hidden switch") |
| TE Port | trunking extension port - create EISL between switches - multiple VSANs |
| TF Port | trunking f port expands functionality of F ports to support VSAN trunking - connects to TNP |
| TNP Port | connects to a Trunked F port or TF port |
| SD Port | Spanned Destination Port |
| VSAN trunking configuration | (1)int fc2/2(2)switchport mode e(3)switchport trunk mode on(4)switchport speed 4000(5)switchport trunk allowed vsan 1-10 |
| VSAN numbering | (1)VSAN 1 - default (2) VSAN 2 - 4093 - user configurable (3) 4094 - isolated vsan |
| VSAN traits | (1)VSAN separate routing and namespance(2)limit uni,multi,broadcast traffic(3)members - physical port or pWWN(4)endpoint - HBA(5)member enforcement-at each E port,source and dest port(6)scope-large(7)config changes-only when ports needed(8)use-per app or dept |
| Zone traits | (1)zone in same vsan same routing(2)limit unicast traffic(3)members - pWWN(4)endpoint - HBA can be in multiple(5)member enforcement-source and dest port(6)scope-initiator and target not outside zone(7)config changes-frequent(8)use-single initiator |
| NPV | node port virtualization-extension to NPIV- allows blade switch or ToR fabric device to behave as an NPIV based HBA to the core Fibre Channel Switch-aggregates host ports(N ports) into one or more uplinks (psuedo-interswitch links)to core switches - allows to save domain IDs |
| NPV explained parts | (1)FC services-most switched off(2)switching operation-acts as proxy - subordinate to FC switch(3)does not use Domain ID - no domain ID limitation(4)scalability and manageability-eliminates need for server adminstrators to manage SAN-3rd party integration VSAN scalable(5)no QoS |
| NPV Mode | (1)NPV edge switch aggregates locally connected host ports (N Ports) into one or more uplinks to the core switches (2)allows blade and TOR switches to behave as NPIV-based HBA to core Fibre Channel Switch |
| NPV config | (1)feature NPV(2)vsan database(3)vsan 3 int fc2/1,fc7-8(4)vsan 3 interface fc2/2, fc9(5)int fc2/1(6)switchport mode F(6)int fc2/8(7)switchport mode NP(goes to NPIV switch)(8)npv traffic-map server-int fc 2/1 external-interface fc2/7 (manually pinning) |
| verifying NPV | (1)show npv status (2)show npv traffic-map |
| FCoE for NPV license | (1)Storage Protocols Services Package is needed - if do feature fcoe and feature npv- do wr erase and reboot switch (2) if do feature fcoe - npv does not do write-erase requires fcoe_npv_pkg |
| fcoe NPV config | (1)feature fcoe-npv(2)feature lacp(3)qos (optional)(4)vsan database(5)vsan 5(6)vlan 50(7)fcoe vsan 50(8)int vfc 1(9)bind int e2/1(10)switchport mode F(11)int vfc 130(12)bind int po13(13)switchport mode NP |
| verification fcoe npv | show int vfc 1 - show int vfc 130 - show vlan fcoe - show npv status - |
| NPIV | node port ID virtualization - (1)provides a means to assign multiple FCIDs to a single N port(2)multiple applications can use same HBA(3)use of different pWWNs(4)usage applies to virtual servers-VMWare,HyperV,Xenserver |
| NPV and NPIV support Core/Edge Models | Edge -NPV&NPIV (1)MDS 9124,9134,9148(2)Fibre Channel Blade switches IBM and HP(3)Nexus 5K and 5500(4)UCS 6100 and 6200 -Core-NPIV-(1)MDS 9500 Series MultiLayer Directions(2)MDS 9216 multilayer and 9222i(3)MDS 9124,9134,9148(4)3rd party switches |
| NPIV config | (1)feature NPIV(2)int fc1/1(3)switchport mode F(4)switchport mode F(5)switchport mode trunk - NPIV F port prepped for multiple requests |
| verification npv & npiv | show [npv|npiv] database |
| Class-map & policy-map object types | (1)network qos-defines CoS properties across switches and vdcs-IS A VDC POLICY(2)qos-used for marking,mutation,ingress port trust state and policing(3)queuing-MQC objects used for marking,queuing and shaping - CAN APPLY ONE POLICY MAPS OF EACH TYPE in each direction |
| ways to mark | (1)set precedence 5(2)set dscp af31-most common(3)set qos-group 5(4)set discard-class 5(5)set cos 4(6)set cos cos-dscp-map |
| QoS Categories | (1)classification put in different classes(2)marking-"coloring" packets based on classify:CoS,DSCP,QoS group(3)mutation-change header QoS all in/out packets(4)policing-used to enforce rate-limit by drop or mark down packets(5)queuing & scheduling control BW allocated |
| QoS actions In | (1)queuing and scheduling(2)mutation(3)classification(4)marking(5)policing |
| QoS actions out | (1)classification(2)marking(3)policing(4)mutation(5)queuing and scheduling |
| MQC | (1)define traffic classes using CLASS MAPS (2) define policies for traffic classes using policy maps (3)apply service policy on interface (in or out) using SERVICE-POLICY command |
| configuring FEX 7K | (1) install feature-set fex - (admin vdc) (2)feature-set fex - 802.1BR bridge port extension aka fex - configure downstream ports (3) (config-if)# switchport mode fex-fabric (turns on VN-Tag) (4) (config-if)# fex associate 101 (line card in master (is master specific)) |
| active-active fex | (1)(config)#feature fex (2)(config)# fex 131 (3)(config-fex)# pinning max-links(4)(config)#int e1/1-5(5)(config-if-range)#switchport mode fex-fabric |
| configuration VDC | (1) (config)# vdc 7k1 (2) (config)# vdc 7k1 (3) (config-vdc)# allocate interface e1/1 - NOTE gen 1 are port groups - F2e and above are all non-blocking (4) (config)# switchto vdc NK7K1 (5) (config)# username brian password cisco role vdc-admin(6)switchback |
| RBAC | role based access control - Network Admin -full control - Network-Operator - read-only rights - VDC Admin - full control VDC-Operator -read only in VDC |
| VDC resource types | (1)Global - allocated to all VDCs-boot image,switch name, NTP servers, CoPP config, in-band SPAN sessions(2)shared resources: OOB ethernet management port(3)dedicated resources-allocated to a VDC -physical switch ports, VLAN/VRF limits |
| port channel load-balance ethernet | allows you to configure load balance based on (1) destination ip, mac and port (UDP or TCP) (2) source ip, mac and port (3) source-dest ip, mac, port |
| FCoE | (1)standard fiber channel frame size max 2148 DF bit set (2)ethertype 0x8906(3)class-fcoe enables MTU of 2240 |
| FCF | Fibre Channel Forwarder - FCoE switch - connects to VF Port or F port also connects to VE Port - logins occur here |
| 5K config of FCoE 11 | (1)feature fcoe(2)int e1/1-2(3)switchport mode trunk(4)spanning-tree type edge trunk(5)switchport trunk native vlan 5(6)switchport trunk allowed vlan 5,2(6)priority-flow-control mode on(7)int e1/2(8)shutdown lan(9)fcoe fcmap 0e.fc.2a(10)fcoe fcf-priority 40(11)fcoe fka-adv-period 10 |
| 7K configuration of FCoE | (config)#license fcoe module 2(config)#install feature-set fcoe(config)#feature lldp(config)#system qos(config-sys-qos)#service-policy type network-qos default-nq-7e-policy(default)(config)#int e2/7-8(config-if)#switchport mode trunk(config-if)#spanning-tree port type edge trunk |
| Single Hop FCoE | (1)direct attached(2)attached to 2232-must be single homed and attached to 5k-FIP gen 2 CNA(3)remote attached-transport frames-need Jumbo Frames(4)FIP snooping(5)vPC-FCoE cannot travel over peer link(6)FCoE NPV-no domain ID consumption |
| FIP Process | (1)Host solicitation(2)switch provides the Fabric-unique FC-MAP(3)host performs FLOGI(4)FCF provides FCID(5)Host uses FPMA for subsequent transmissions - Fabric Provided MAC Address - is how communication occurs |
| OTV | L2 traffic over layer 3 transport - connects 2 Data Centers - used for vMOTION feature as they must be in the same VLAN - OTV can use any L2 or L3 transport - only support on 7K - overlay transport virtualization |
| Issues with Traditional Solutions | EoMPLS (Ethernet over MPLS) Virtual Private LAN Services (VPLS) or Dark Fiber - (1)complex deployment and management (2)transport dependent(3)ineffecient use of bandwidth(4)Failure from one DC can affect the other |
| AED | forwards layer 2 traffic (unicast, multicast and broadcast) between site and overlay and advertises reachabililty to remote edge device - acts like a root and prevents a loop from occurring |
| benefits of OTV | (1)dynamic encapsulation-no psuedo-wire maintenance-optimal multicast replication-multi-point connectivity-point-to-cloud model(2)protocol learning-preserved failure boundry-built-in loop prevention-automated multihoming-site independence |
| configuration OTV basic | (1) feature OTV (2) (config-if-range)# no switchport (3)(config-if-range)#channel-group 10 mode active(4)(config)# int po10(5)(config-if)# ip address 10.1.1.1 255.255.255.0 (6) (config-if)#ip igmp version 3(7)(config-if)# vlan 10(8)(config-vlan)# otv site-vlan 78 |
| Edge Device | encapsulates and decapsulates between L2 and OTV and all Cisco OTV functions - when arrives 2 options (1) frame destined for somewhere within internal interface (2) frame destinated to MAC learned over overlay interface (42 byte tag added set DF bit and increase MTU) |
| internal interface | connects to the VLANs that are to be extended |
| Join Interface | joins the overlay network |
| overlay interface | encapsulates L2 frames in IP packets |
| site vlan | synchronizes control plane between devices at the same site - must be same on each device at site |
| site identifier | identifies site - must be same for every device at site |
| configuration of overlay | (1) interface overlay 1 (2)(config-if)# otv control-group 239.1.1.1(3)(config-if)#otv data-group 232.1.1.0/28(4)(config-if)#otv join-interface e2/1(5)(config-if)# otv extend-vlan 5-10 - advertises MAC address over the overlay |
| Traits of FabricPath | (1)up to 256 links (2)ECMP(3)shortest path(4)single ingress lookup(5)enhanced L2 only works on F1 and F2 mods and 5500 NOTE: need enhanced L2 license |
| FabricPath topology | FabricPath - Spine & FabricPath Leaf - uses SPF (shortest path tree) between switches - each switch is given a FabricPath ID - runs CLNS - does not run on IP |
| FabricPath How it works | (1) ARP Req (2) Encapsulated in IP (3) Encapsulated in Ethernet (4) Encapsulated in FabricPath - floods this information everywhere much like spanning-tree - then ARP reply comes back - within FabricPath header is Src Switch ID and Dst Switch ID though |
| FabricPath routing | routes based on Switch ID - Spine does not learn MAC address table only Switch ID table (aka Outer Destination Addresss 48 bits - Outer Source Address 48 bits) - otherwise known as TRILL - can have L2 or L3 FabricPath in the core |
| parts to Classic FabricPath Pod | (1)simple configuration - no peer link - no switch pairs - no port channels (2)design flexibility - easily extensible (3) No STP - no traditional bridging - no topology changes - no loops |
| parts configuring FabricPath | (1) admin VDC install feature-set fabricpath(2)w/i VDC turn on feature-feature-set fabricpath(3)fabricpath switch-id 10(4)spanning-tree vlan 6-20 priority 8192(5)add FP interfaces(config-if)# switchport mode fabricpath(6)add FP vlans(config-vlan)# mode fabricpath |
| parts to add vPC+ configuration | (7)config-vpc domain 1(8)(config-vpc-domain)#fabricpath switch-id 1000 |
| 7K Enterprise License | (1) OSPF(2)BGP(3)EIGRP(4)IS-IS(5)PIM and SSM(6)MSDP(7)policy based routing(8)GRE |
| 7K Advanced Service Package | (1) VDC (2) Cisco Trustsec Solution |
| 7K Scalable Feature Package | provides chassis license for XL feature modules(one per chassis) different license for each chassis model |
| 7K Enhanced L2 Package | Cisco fabricpath support on F module |
| 7K MPLS Services Package | MPLS |
| 7K Storage Enterprise Package | (1)IVR over Fiber Channel and FCoE(2)IVR NAT over FC(3)VSAN-based ACL(4)Fabric bindings for open systems |
| 5K FabricPath Services Package | FabricPath |
| 5K FCoE NPV Package | FCoE NPV |
| 5K L3 BaSe Services Package | (1)Static Routing(2)RIPv2(3)OSPF2(256 routes only)(4)EIGRP stub(5)HSRP/VRRP(6)IGMP v2 and 3, PIM 2 (Sparse Mode)(7)Routed ACL(8)uRPF |
| 5K L3 Enterprise Services Package | (1) Full EIGRP(2)OSPF with scalability up to 8000 routes(3)BGP and VRF-lite (IP-VPN)(4)Max routes supported by L3 Hardware 8000 |
| 5K Storage Protocols Services Package | (1) Native Fibre Channel(2)FCoE(3)NPV(4)Fibre Channel Port Security(5)Fabric Binding |
| 5K VM-Fex Package | VM-FEX |
| HSRP RFC | 2281 |
| FIPS mode MDS | (1)passwords min 8 characters(2)Disable Telnet only SSH(3)Disable remote auth RADIUS/TACACS+.(4)Disable SNMPv1&2-SNMPv3 configured only SHA & AES/3DES for privacy.(5)Disable VRRP.(6)Delete IKE policies MD5 for auth or DES(7)Delete all SSH Server RSA1 keypairs. |
| Reserved VLANs and NX-OS | (1)must save run to start(2)reload is needed(3)must be 128(4)default vdc(5)to restore no system reserve vlan |
| OSPFv2 NX-OS RF | 1583 and 2328 |
| cfs configuration 9 (3 x 3) | (1)cfs distribute (2)ntp distribute (3)ntp server 10.0.1.254(4)ntp commit OR (1)cfs distribute(2)cfs ipv6 distribute(3)cfs ipv4 mcast-address 239.255.1.1(4)cfs region 1 (5)ntp (6)call home |
| cfs application | (1)call home(2)device alias(3)DVPM(4)IVR(both)(5)iSNS(uncoord)(6)NTP(7)port security(8)Radius&TACACS+(9)RBAC(10)Syslog(11)VSAN fctime(12)fcdomain allowed list(13)RCSN event timer(14)SCSI flow services(15)iSCSI load balance(16)Fabric Startup config manager(17)Flexattach virtual pWWN |
| PIM hello encryption | 0 - cleartext 3 - 3DES 7 - type 7 |
| VN-Link | create a logical link between vNIC on a virtual machine and a Cisco UCS Fabric Interconnect - virtual machine aware networking |
| UCS Manager VN-Link Hierarchy | (1)vCenter(2)Folder (optional)(3)Datacenter(4)Folder (required)(5)DVS |
| Default VDC High-Availability | (1)bringdown - puts VDC in failed state - you must reload the physical device (default VDC failure) - non-default no need to reload the device |
| dynamic vNIC protection | are always protected but can choose a preferred fabric - protected pref A or protected pref B or protected (whichever) |
| UCS Profile Client Configuration | (1)Name (2)Description field(3)Datacenter field(4)Folder field(5)Distributed Virtual Switch field |
| FEX reconnect after master failure | (conifg)#vpc domain 10(config-vpc-domain)#auto-recovery reload-delay 240 - or - older depricated reload restore |
| Enhanced Zoning Features | (1)IVR compatible(2)Provides session locking(3)Provides implicit full zone set distribution(4)Allows full zone set changes be distributed w/o having to activate a zone set (5)Stages modifications until are explicitly committed or aborted(6)Can control how a zone merge is done. |
| MDS 9000 SME Support | (1)Cisco MDS 9222i Multiservice Modular Switch (MMS)(2)Cisco MDS 9000 18/4-Port Multiservice Module (MSM)(3)Cisco MDS 9000 16-Port Storage Services Node (SSN) |
