IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
Transcript of IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
1/84
IPexperts Lab Preparation Workboofor the Cisco CCIE Data Center v1.0 Lab Exa
Volume
Authored by: Rick Mur - CCIE3 #21946 (R&S / SP / Storage), JNCIE-SP #851
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
2/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 1
IPexpertsLab Preparation Workbook for Ciscos CCIE
Data Center Lab
Before We Begin
This product is part of the IPexpert suite of materials that provide CCIE candidates and network
engineers with a comprehensive training program. For information about the full solution, contact an
IPexpert Training Advisor today.
Telephone: +1.810.326.1444
Email: [email protected]
Congratulations! You now possess one of the ULTIMATE CCIETM Lab preparation and network
operation resources available today! This resource was produced by senior engineers, technical
instructors, and author boasting decades of internetworking experience. Although there is no way to
100% guarantee success rate on the CCIE Data Center Lab exam, we feel VERY confident that your
chances of passing the Lab will improve dramatically after completing this industry-recognized
Workbook!
Technical Support from IPexpert, and your CCIE community!
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
3/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 2
IPexpert is proud to lead the industry with multiple support options at your disposal free of charge. Our
online communities have attracted a membership of over 20,000 of your peers from around the world!
At blog.ipexpert.com, you can keep up to date with everything IPexpert does and read the latest in
technical articles from world-renowned IPexpert instructors. At OnlineStudyList.com, you may subscribe
to multiple SPAM-free, moderated CCIE-focused email lists.
Feedback
Do you have a suggestion or other feedback regarding this book or other IPexpert products? At IPexpert,
we look to you our valued clients for the real world, frontline evaluation that we believe is necessary
so that we may always improve. Please send an email with your thoughts to [email protected] or
call 1.866.225.8064 (international callers dial +1.810.326.1444).
In addition, for those using this book as CCIETMpreparation, when you pass the CCIETM Lab exam, we
want to hear about it! Email your CCIETM number to [email protected] and let us know how
IPexpert helped you succeed. We would like to send you a gift of thanks and congratulations.
Additional CCIETMPreparation Material
IPexpert, Inc. is committed to developing the most effective Cisco CCIETM
R&S, Security, Voice, Wireless
and Data Center Lab certification preparation tools available. Our team of certified networking
professionals develops the most up-to-date and comprehensive materials for networking certification,
including self-paced workbooks, online Cisco hardware rental, classroom training, online (distance
learning) instructor-led training, audio products, and video training materials. Unlike other certification-
training providers, we employ the most experienced and accomplished teams of experts to create,
maintain, and constantly update our products. At IPexpert, we are focus on making your CCIETM Lab
preparation more effective.
Issues with this Book
This book is carefully edited to ensure the accuracy of all content. Should you find any error whatsoever,
please email a page reference and detailed comment to [email protected]. Your email will be
responded to promptly.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
4/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 3
IPEXPERT END-USER LICENSE AGREEMENT
END USER LICENSE FOR ONE (1) PERSON ONLY
IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS,
DO NOT OPEN OR USE THE TRAINING MATERIALS.
This is a legally binding agreement between you and IPEXPERT, the Licensor, from whom you have
licensed the IPEXPERT training materials (the Training Materials). By using the Training Materials, you
agree to be bound by the terms of this License, except to the extent these terms have been modified by
a written agreement (the Governing Agreement) signed by you (or the party that has licensed the
Training Materials for your use) and an executive officer of Licensor. If you do not agree to the License
terms, the Licensor is unwilling to license the Training Materials to you. In this event, you may not use
the Training Materials, and you should promptly contact the Licensor for return instructions.
The Training Materials shall be used by only ONE (1) INDIVIDUAL who shall be the sole individual
authorized to use the Training Materials throughout the term of this License.
Copyright and Proprietary Rights
The Training Materials are the property of IPEXPERT, Inc. ("IPEXPERT") and are protected by United
States and International copyright laws. All copyright, trademark, and other proprietary rights in the
Training Materials and in the Training Materials, text, graphics, design elements, audio, and all other
materials originated by IPEXPERT at its site, in its workbooks, scenarios and courses (the "IPEXPERT
Information") are reserved to IPEXPERT.
The Training Materials cannot be used by or transferred to any other person. You may not rent, lease,
loan, barter, sell or time-share the Training Materials or accompanying documentation. You may not
reverse engineer, decompile, or disassemble the Training Materials. You may not modify, or create
derivative works based upon the Training Materials in whole or in part. You may not reproduce, store,
upload, post, transmit, download or distribute in any form or by any means, electronic, mechanical,
recording or otherwise any part of the Training Materials and IPEXPERT Information other than printing
out or downloading portions of the text and images for your own personal, non-commercial use without
the prior written permission of IPEXPERT.
You shall observe copyright and other restrictions imposed by IPEXPERT. You may not use the Training
Materials or IPEXPERT Information in any manner that infringes the rights of any person or entity.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
5/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 4
Exclusions of Warranties
THE TRAINING MATERIALS AND DOCUMENTATION ARE PROVIDED AS IS. LICENSOR HEREBY DISCLAIMS
ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SOME STATES
DO NOT ALLOW THE LIMITATION OF INCIDENTAL DAMAGES OR LIMITATIONS ON HOW LONG AN
IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU. This
agreement gives you specific legal rights, and you may have other rights that vary from state to state.
Choice of Law and Jurisdiction
This Agreement shall be governed by and construed in accordance with the laws of the State of
Michigan, without reference to any conflict of law principles. You agree that any litigation or other
proceeding between you and Licensor in connection with the Training Materials shall be brought in the
Michigan state or courts located in Port Huron, Michigan, and you consent to the jurisdiction of such
courts to decide the matter. The parties agree that the United Nations Convention on Contracts for the
International Sale of Goods shall not apply to this License. If any provision of this Agreement is held
invalid, the remainder of this License shall continue in full force and effect.
Limitation of Claims and Liability
ANY ACTION ON ANY CLAIM AGAINST IPEXPERT MUST BE BROUGHT BY THE USER WITHIN ONE (1) YEAR
FOLLOWING THE DATE THE CLAIM FIRST ACCRUED, OR SHALL BE DEEMED WAIVED. IN NO EVENT WILL
THE LICENSORS LIABILITY UNDER, ARISING OUT OF, OR RELATING TO THIS AGREEMENT EXCEED THE
AMOUNT PAID TO LICENSOR FOR THE TRAINING MATERIALS. LICENSOR SHALL NOT BE LIABLE FOR ANY
SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, REGARDLESS OF WHETHER LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES. WITHOUT LIMITING THE FOREGOING, LICENSOR WILL NOT BE LIABLE FOR LOST
PROFITS, LOSS OF DATA, OR COSTS OF COVER.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
6/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 5
Entire Agreement
This is the entire agreement between the parties and may not be modified except in writing signed by
both parties.
U.S. Government - Restricted Rights
The Training Materials and accompanying documentation are commercial computer Training
Materials and commercial computer Training Materials documentation, respectively, pursuant to
DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any use, modification, reproduction
release, performance, display, or disclosure of the Training Materials and accompanying documentation
by the U.S. Government shall be governed solely by the terms of this Agreement and shall be prohibited
except to the extent expressly permitted by the terms of this Agreement.
IF YOU DO NOT AGREE WITH THE ABOVE TERMS AND CONDITIONS, DO NOT OPEN OR USE THE
TRAINING MATERIALS AND CONTACT LICENSOR FOR INSTRUCTIONS ON RETURN OF THE TRAINING
MATERIAL
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
7/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 6
ContentsIPexperts ...................................................................................................................................................... 1
Lab Preparation Workbook for Ciscos CCIE Data Center Lab .................................................................. 1
Before We Begin ....................................................................................................................................... 1
Feedback ................................................................................................................................................... 2
Additional CCIETM
Preparation Material ................................................................................................... 2Issues with this Book ................................................................................................................................ 2
IPEXPERT END-USER LICENSE AGREEMENT .............................................................................................. 3
Copyright and Proprietary Rights ............................................................................................................. 3
Exclusions of Warranties .......................................................................................................................... 4
Choice of Law and Jurisdiction ................................................................................................................. 4
Limitation of Claims and Liability .............................................................................................................. 4
Entire Agreement ..................................................................................................................................... 5
U.S. Government - Restricted Rights ........................................................................................................ 5
Default Lab Topology ................................................................................................................................ 9
Default passwords and IP addresses ........................................................................................................ 9
Chapter 1: Introduction to CCIE Data Center .............................................................................................. 10
Who Should Read this Book?.................................................................................................................. 11
How to Use this Book ............................................................................................................................. 11
An Introduction to CCIE Data Center ...................................................................................................... 11
Availability .............................................................................................................................................. 12
Written exam .......................................................................................................................................... 12
The current published reading list: ......................................................................................................... 12
Lab exam ................................................................................................................................................. 13
Software Versions ................................................................................................................................... 13
CCIE Storage? .......................................................................................................................................... 13
What about P and A tracks? ................................................................................................................... 13
Troubleshooting ..................................................................................................................................... 13
An Introduction to the Proctor Labs CCIE Data Center hardware rack .................................................. 14Software Versions ................................................................................................................................... 16
Chapter 2: Data Center Networking Layer 2 Infrastructure ....................................................................... 18
(NX-OS) ........................................................................................................................................................ 18
General Rules .......................................................................................................................................... 19
Pre-setup ................................................................................................................................................ 19
Topology ................................................................................................................................................. 19
Configuration tasks ................................................................................................................................. 20
Task 1: General set-up ........................................................................................................................ 20
Task 2: Implement VLANs ................................................................................................................... 20
Task 3: Implement Private-VLANs....................................................................................................... 21
Task 4: Implement Rapid Spanning-Tree protocol ............................................................................. 22Task 5: Implement Multiple Spanning-Tree protocol ......................................................................... 23
Task 6: Spanning-Tree and UDLD features ......................................................................................... 24
Task 7: Fabric Extenders ..................................................................................................................... 24
Task 8: Misc features .......................................................................................................................... 25
Chapter 3: Data Center Networking Layer 3 Infrastructure (NX-OS) .......................................................... 26
General Rules .......................................................................................................................................... 27
Pre-setup ................................................................................................................................................ 27
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
8/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 7
Drawing 1: Physical Topology Routing ................................................................................................... 28
Drawing 2: Logical Routing Topology ..................................................................................................... 28
Configuration tasks ................................................................................................................................. 29
Task 1: Layer 3 topology set-up .......................................................................................................... 29
Task 2: Static routing........................................................................................................................... 29
Task 3: EIGRP ....................................................................................................................................... 29
Task 4: OSPF ........................................................................................................................................ 30
Task 5: Redistribution, BFD and ECMP ............................................................................................... 30
Task 6: Layer 3 switching features ...................................................................................................... 31
Drawing 3: FabricPath / OTV Topology .................................................................................................. 32
Task 7: FabricPath and OTV ................................................................................................................ 32
Chapter 4: Data Center Networking High Availability (NX-OS) ................................................................... 34
General Rules .......................................................................................................................................... 35
Pre-setup ................................................................................................................................................ 35
Drawing 1: Physical Topology ................................................................................................................. 36
Drawing 2: Logical Topology ................................................................................................................... 37
Configuration tasks ................................................................................................................................. 38
Task 1: Topology set-up ...................................................................................................................... 38Task 2: Port-Channels ......................................................................................................................... 38
Task 3: Virtual Port-channels (vPCs) ................................................................................................... 39
Task 4: Graceful Restart / Non-Stop Forwarding ................................................................................ 40
Task 5: HSRP ........................................................................................................................................ 40
Task 6: VRRP ........................................................................................................................................ 41
Task 7: GLBP ........................................................................................................................................ 42
Task 8: Virtual Port-Channels (vPCs) and FabricPath .......................................................................... 43
Chapter 5: Data Center Storage Networking .............................................................................................. 44
General Rules .......................................................................................................................................... 45
Pre-setup ................................................................................................................................................ 45
Drawing 1: Physical Topology ................................................................................................................. 46Configuration tasks ................................................................................................................................. 47
Task 1: Initial set-up ............................................................................................................................ 47
Task 2: VSANs ...................................................................................................................................... 48
Task 3: Zoning ..................................................................................................................................... 49
Task 4: FC Domain ............................................................................................................................... 50
Task 5: Fibre Channel Security Features ............................................................................................. 51
Task 6: Advanced Features ................................................................................................................. 52
Chapter 6: Data Center Storage Networking Extension ............................................................................. 53
General Rules .......................................................................................................................................... 54
Pre-setup ................................................................................................................................................ 55
Drawing 1: Physical Topology ................................................................................................................. 55
Drawing 2: Logical Topology ................................................................................................................... 56
Configuration tasks ................................................................................................................................. 57
Task 1: Initial set-up ............................................................................................................................ 57
Task 2: FCIP ......................................................................................................................................... 57
Task 3: FCIP Security ........................................................................................................................... 58
Task 4: SAN Extension Tuner .............................................................................................................. 58
Task 5: iSCSI......................................................................................................................................... 58
Task 6: iSLB .......................................................................................................................................... 59
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
9/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 8
Chapter 7: Data Center Unified Fabric ........................................................................................................ 61
General Rules .......................................................................................................................................... 62
Pre-setup ............................................................................................................................................. 63
Drawing 1: Physical Topology ................................................................................................................. 63
Drawing 2: Logical Topology VSAN 20 .................................................................................................... 64
Configuration tasks ................................................................................................................................. 65
Task 1: Native Fibre Channel on Nexus ............................................................................................... 65
Task 2: Fibre Channel over Ethernet (FCoE) ....................................................................................... 65
Task 3: Multi hop FCoE ....................................................................................................................... 66
Task 4: FCoE Quality of Service (QoS) ................................................................................................. 66
Drawing 3: NPV topology ........................................................................................................................ 67
Task 5: N-Port Virtualization (NPV) and N-Port ID Virtualization (NPIV) ................................................ 67
Task 6: FCoE NPV ................................................................................................................................ 68
Chapter 8: Security Features ....................................................................................................................... 69
General Rules .......................................................................................................................................... 70
Pre-setup ................................................................................................................................................ 70
Drawing 1: Physical Topology ................................................................................................................. 70
Drawing 2: Logical Topology ................................................................................................................... 71Configuration tasks ................................................................................................................................. 72
Task 1: Port Security ........................................................................................................................... 72
Task 2: DHCP Snooping, DAI, IP Source Guard .................................................................................... 73
Task 3: Access Control Lists ................................................................................................................. 73
Task 4: AAA services............................................................................................................................ 74
Task 5: 802.1X ..................................................................................................................................... 75
Task 6: Cisco TrustSec ......................................................................................................................... 76
Chapter 9: Management Features .............................................................................................................. 77
General Rules .......................................................................................................................................... 78
Pre-setup ................................................................................................................................................ 78
Drawing 1: Physical Topology ................................................................................................................. 78Drawing 2: Logical Topology ................................................................................................................... 79
Configuration tasks ................................................................................................................................. 80
Task 1: Role Based Access Control (RBAC) .......................................................................................... 80
Task 2: Traffic monitoring ................................................................................................................... 81
Task 3: NetFlow ................................................................................................................................... 81
Task 4: Management protocols .......................................................................................................... 81
Task 5: Device management ............................................................................................................... 82
Task 6: Smart Call Home and GOLD .................................................................................................... 83
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
10/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 9
Default Lab Topology
Default passwords and IP addresses
Default management username / password: admin / IPexpert123
Other passwords: ipexpert
Management IP addressing: 172.16.100.0/24
Management Default Gateway: 172.16.100.254
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
11/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 10
Chapter 1:
Introduction to CCIE
Data Center
Chapter 1: Introduction to CCIE Data Center introduces the team of authors, consultants, and editors
that completed this book and describes the books purpose. This chapter also provides suggestions for
the usage of this written work.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
12/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 11
Who Should Read this Book?
This workbooks primary audience is for those CCIE candidates that are searching for the most
comprehensive and error-free materials available covering the CCIE Data Center practical lab exam.
These students should possess a home rack of equipment for CCIE-level command-line practice, they
should possess an equipment emulator (for certain parts of the topology), or they should rent
equipment from a company likewww.proctorlabs.com.The authors and technical editors exhaustively
tested all of the demonstrations found throughout the technology tasks, troubleshooting- and full-scale
lab exercises against all practice rack options described earlier. Where issues arise with popular
equipment emulators, the text makes note. This book is the most remarkably thorough and technically
accurate book written on the CCIE Data Center lab exam to date.
How to Use this Book
This book breaks all specific CCIE Data Center technologies down on a chapter-by-chapter basis for a
complete and thorough review of this broad set of topics. Each chapter is broken down is various tasksregarding the subject. Following this, the Detailed Solutions Guide provided with this workbook provides
an intense examination of the operation of the tasks, including key aspects of troubleshooting for the
specific technology. After this, the book presents some of the most common issues that can result with a
particular technology-set, and most importantly, details the simple troubleshooting tools and steps that
succeed for remediation.
The final chapters conclude the book with sample lab scenarios that provide a full scale lab exam as you
will see it when you take the actual test. The Detailed Solutions Guide then provides a well-designed
approach for troubleshooting each major task and offers detailed explanations. The text provides
reference guides for the most popular and powerful showand debugcommands for a specific
technology.
Each chapter uses specific initial configurations on the specific chapter. Readers may download initial
configurations, or install them in a simple Graphical User Interface (GUI) onwww.proctorlabs.com.
Students are encouraged to follow along on a rack of equipment for every section of every chapter. This
really enhances and strengthens the learning process.
An Introduction to CCIE Data Center
Since the release of the Nexus platform there has been talk about when these platforms were to be
introduced in a CCIE track. With the introduction of UCS in 2009 this became an even higher request
especially since UCS really took off in sales.
http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/ -
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
13/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 12
The scope of the exam is pretty much based on the usual suspects, so in summary you should be aware
of the:
UCS B-series blade systems
UCS C-series rackmount systems connected to UCS Manager via FEX
Virtual Interface Cards (virtualized NICs and HBAs) in all servers Nexus 7000 with all features like VDC, OTV, FabricPath, etc.
Nexus 5500 with all features like FCoE, FEX
Nexus 2000 connected to either the 5k or the 7k
Nexus 1000V distributed virtual switch in ESX
o There is no mention of any VMware product in the blueprint, so expect ESX and vCenter
to be pre-installed on the UCS blades and FC boot to pre-configured disks
MDS 9222i for connecting FC storage to UCS
ACE appliance
DCNM management software
Availability
The live exam is available from September 1st
.
Currently there are no dates when the lab is available.
Written exam
The written exam has an extensive blueprint published to Cisco Learning Network (CLN) including a
reading list.
The current published reading list:
Data Center Fundamentals (ISBN-10: 1-58705-023-4)
NX-OS and Cisco Nexus Switching (ISBN-10: 1-58705-892-8)
Cisco Unified Computing System (UCS) (ISBN-10: 1-58714-193-0)
I/O Consolidation in the Data Center (ISBN-10: 1-58705-888-X)
Storage Networking Fundamentals (ISBN-10: 1-58705-162-1)
http://www.ciscopress.com/bookstore/product.asp?isbn=1587050234http://www.ciscopress.com/bookstore/product.asp?isbn=1587050234http://www.ciscopress.com/bookstore/product.asp?isbn=1587058928http://www.ciscopress.com/bookstore/product.asp?isbn=1587058928http://www.ciscopress.com/bookstore/product.asp?isbn=1587141930http://www.ciscopress.com/bookstore/product.asp?isbn=1587141930http://www.ciscopress.com/bookstore/product.asp?isbn=158705888Xhttp://www.ciscopress.com/bookstore/product.asp?isbn=158705888Xhttp://www.ciscopress.com/bookstore/product.asp?isbn=1587051621http://www.ciscopress.com/bookstore/product.asp?isbn=1587051621http://www.ciscopress.com/bookstore/product.asp?isbn=1587051621http://www.ciscopress.com/bookstore/product.asp?isbn=158705888Xhttp://www.ciscopress.com/bookstore/product.asp?isbn=1587141930http://www.ciscopress.com/bookstore/product.asp?isbn=1587058928http://www.ciscopress.com/bookstore/product.asp?isbn=1587050234 -
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
14/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 13
Please find the extensive blueprint published by Cisco on the bottom of this blog post.
Lab examThere is not much information available regarding the lab exam. Availability is not mentioned. There is
however information regarding the hardware list and this is an immense list of expensive hardware you
require:
Software Versions
NXOS v6.0(2) on Nexus 7000 Switches
NXOS v5.1(3) on Nexus 5000 Switches
NXOS v4.2(1) on Nexus 1000V
NXOS v5.2(2) on MDS 9222i Switches
UCS Software release 2.0(1x) for UCS-6248 Fabric Interconnect and all UCS systems
Software Release A5(1.0) on ACE4710
Cisco Data Center Manager software v5.2(2)
CCIE Storage?
There are currently no plans for replacing CCIE Storage for CCIE Datacenter. Because of this, there will
not be a large focus on MDS/FC configuration as there is another track for that.
What about P and A tracks?
A CCNA Data Center and CCNP Data Center will be released soon!
Troubleshooting
Troubleshooting will be a big part of the exam, which is also pretty clear in the blueprint. There is no
confirmation yet how this will be introduced, either using tickets in the CCIE R&S or just by pre-
configuration on the lab. I can imagine that they pre-configured a broken Nexus 1000V on an ESX
installation on one of the JBODs. More information on how this troubleshooting is done will be available
during other Q&A sessions. The implication is that it might be trouble tickets like the CCIE R&S.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
15/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 14
An Introduction to the Proctor Labs CCIE Data Center hardware rack
The IPexpert CCIE Data Center rack will support 100% of the features that are tested on the lab! We
have based the topology to be close as possible on the CCIE Data Center rack layout, but have ensured
that all features and functionality is there.
Our CCIE Data Center rack layout is based on the very limited information that has been made availableby Cisco. IPexpert has been in close contact with the people involved in creating this lab exam, and
therefore the layout of the rack is based on some early examples and the published components and
software version blueprint.
As you will see the topology is very much based on a common datacenter design and has more 'static'
layout than other CCIE tracks.
The blueprint specified the following components to be in the lab:
First is the NX-OS Networking equipment.
Nexus7009 (with licensing)
o (1) Sup
o (1) 32 Port 10Gb (F1 Module)
o (1) 32 Port 10Gb (M1 Module)
Nexus5548
Nexus2232
The Nexus 7000 will be configured with VDC's to simulate various different topologies and create
multiple 'core switch' layers within the network.
Nexus 5548 will be used as a 'distribution' layer within the datacenter network. The Nexus 2k's can be
configured as FEX for the Nexus 7000; Nexus 5000 and the Fabric Interconnects of the UCS system to
connect the UCS C-series rack mount servers. The VDC's are a major component in the network as the
number of devices is limited and the connectivity is very much based on a best practice design.
The below drawing illustrates an example topology from our new CCIE Data Center lab preparation
workbook which is currently under development.
All these interconnections and switches are based within a single physical chassis with complete
separation of the control and data plane protocols!
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
16/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 15
Second is the storage networking (SAN) equipment:
Dual attached JBODs = Fibre Channel disks MDS 9222i (dual fabric)
The MDS switches used in the lab are capable of a ton of features. The blueprint however only describes
certain fibre-channel features which are considered 'basic' features like zoning, VSANs, oversubscription
and ISLs. The other major topic on the blueprint is Fibre Channel Expansion over FCIP and iSCSI. These
features are the IP features supported by the MDS platform. The 1G Ethernet connections are connected
to the Nexus switches for testing the expansion features. Through that connection it's possible to
connect the MDS switches across another connection than Fibre Channel. As the CCIE Storage track is
not being replaced by the CCIE Data Center the focus on Storage Networking (SAN) features is not that
big. The major topics are more in the features that aren't tested in any other CCIE track.
The JBODs mentioned in this list represent just plain simple hard-disks that are connected via F ibre
Channel. They are used later as shared storage for the UCS system.
The third major component within the hardware blueprint is the Unified Computing System (UCS).
UCS-6248 Fabric Interconnects
UCS-5108 Blade Chassis
o B200 M2 Blade Servers
o Palo/VIC mezzanine card
o Menlo/Emulex mezzanine card
UCS C200 Series Server = Connected to Fabric Interconnects
o VIC card for C-series
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
17/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 16
This is based on the C-series rackmount servers, connected to the Fabric Interconnects so the C-series
can also be managed from the central UCS manager the same as the Blade chassis is managed.
The blades are equipped with different NICs. This also means a little different configuration. The VIC
cards are the most interesting ones as they can virtualize NICs to present to the OS.
Ones inside the blades there is a pre-installed VMware ESX(i) environment with a Nexus 1000v
distributed virtual switch. As this is a Cisco lab exam, you are not required to know anything about
VMware. Of course you will need to be able to install this environment in your possible own lab, but
when you step into the lab you will face a pre-installed VMware and 1000V. After that, the switch is not
configured and you are required to configure it.
The final topic on the blueprint is called ANS (Application Networking Services). This means an ACE
appliance is in your lab that you will need to configure. There is not much very interesting going on there
and you will not see a lot of points on that appliance. You will need to know the topics as described on
the lab blueprint and our workbook will focus a whole section on these specific topics.
The last components are used for management. You will not be configuring these devices, but just using
them from your student workstation to access the network.
Cisco Catalyst Switch 3750 = management ethernet connections
Cisco 2511 Terminal Server = console lines
What is not mentioned on the hardware blueprint list is that you will also need to be able to configure
(or set-up) the DCNM software as is being given by Cisco when you purchase enough Nexus equipment.
Again this is not extremely difficult, but you need to be aware of the basic configuration items related to
this software.
Software Versions
NXOS v6.0(2) on Nexus 7000 Switches
NXOS v5.1(3) on Nexus 5000 Switches
NXOS v4.2(1) on Nexus 1000v
NXOS v5.2(2) on MDS 9222i Switches
UCS Software release 2.0(1x) for UCS-6248 Fabric Interconnect and UCS system
Software Release A5(1.0) for ACE 4710
Cisco Data Center Manager software v5.2(2)
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
18/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 17
Above you'll find a reference overview of the used software versions. The exact versions are still
unknown where we might be using newer software versions as our IPexpert lab will be using quite new
hardware for virtualization purposes. Within the Nexus 7000 we will be using the new Supervisor 2E,
meaning that we are able to build 8 VDC's and 1 management VDC meaning we have enough flexibilityfor some challenging topologies!
The next chapter of this workbook, Chapter 2: Data Center Networking Layer 2 Infrastructure (NX-OS)
begins with the initial topic on the CCIE Data Center Blueprint regarding layer 2 switching, VLANs,
Private-VLANs, Spanning-Tree and other layer 2 features on the NX-OS platform.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
19/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 18
Chapter 2: Data
Center Networking
Layer 2Infrastructure
(NX-OS)
Chapter 2: Data Center Networking Layer 2 Infrastructure (NX-OS)is intended to let you be familiar
with the NX-OS CLI on the Nexus switches and afterwards configure Layer 2 Ethernet features on the
physical Nexus switches within the topology as shown at the beginning of this workbook. We highly
recommend to create your own diagram at the beginning of each lab so you are able to draw on your
own diagram, making it much easier when you step into the real lab. Our devices start with a blank
configuration, which will not be the case when you are in the real lab. Then devices are staged with
configuration containing usernames/passwords, management IP addressing, core IP addressing and
(possible) errors.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
20/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 19
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Create a checklist to aid as you work thru the lab
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take your time. This is not a Mock Lab, so no time constraints are in place for finishing this
particular chapter
Estimated Time to Complete: 3 hours
Pre-setup
Connect to the Nexus 7000 switch and Nexus 5000 switches within the topology
Use the central topology drawing at the start of this workbook
This lab is intended to be used with online rack access provided by our partner Proctorlabs
(www.proctorlabs.com). Connect to the terminal server and complete the configuration tasks as
detailed below.
Topology
http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/ -
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
21/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 20
Configuration tasks
Task 1: General set-up
1. Erase the configuration from all 3 switches and reboot and
2. Configure the default parameters as mentioned in in the Generic Lab Topology
3. Configure the Nexus 7000 switch with a hostname of SW1-1 and the Nexus 5500 switches with
hostnames of SW2 and SW3
4. Ensure the switches will not perform any DNS lookups
5. Configure ipexpert.com as the DNS domain name
6. Ensure that both encrypted and unencrypted management connections are allowed
7. Save the configuration using the wrcommand
8. On SW1-1 configure a message, containing the hostname and warning unauthorized users, that
is shown each time a user logs in
9. Use the serial number of SW1-1 as the ID which is used to advertise the switch using CDP
10.Ensure only CDP version 2 packets are sent from SW1-1
11.Disable CDP on the management ethernet interface
12.Ensure a log message is generated when more than 999 packets per second are sent or received
on the management ethernet interface
Task 2: Implement VLANs
1. Configure all inter-switch links as described by the topology drawing at the beginning of this
chapter to be in layer 2 trunk mode allowing VLANs 100 up to 499
2. After specifying the allowed range, remove VLAN 333 from this range with a single command,
without specifying the previous range (or parts of it) again
3. Configure all switches to be in VTP domain IPexpert
4. Ensure VLANs are removed from switches that have no active hosts in that VLAN, except for
VLAN 101. This VLAN 101 should always be active on the switch not depending on this
configuration task
5. Enable the latest version of VTP
6. Store the VTP database configuration with filename ipexpert.dat
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
22/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 21
7. Ensure SW2 and SW3 will have new VLANs being pushed by SW1-1 and are not able to create
new VLANs by themselves
8. Secure the VTP protocol with a password of ipexpert
9. Create VLANs 101, 102, 103 and 104 and ensure they are visible on all switches
10.Assign names to all VLANs by format of IPexpertVLAN# where # is the VLAN number
11.Configure SW1-1 so the following output is matched
12.(Ports section should show all active trunks):
SW1-1(config)# sh ip igmp snooping | in vlanIGMP Snooping information for vlan 1
IGMP Snooping information for vlan 101
IGMP Snooping information for vlan 102IGMP Snooping information for vlan 103
IGMP Snooping information for vlan 104IGMP Snooping information for vlan 105IGMP Snooping information for vlan 1002
IGMP Snooping information for vlan 1003IGMP Snooping information for vlan 1004
IGMP Snooping information for vlan 1005
SW1-1(config)# sh vlan brief
VLAN Name Status Ports---- -------------------------------- --------- --------------------------
-----1 default active101 VLAN0101 active
102 VLAN0102 active
103 VLAN0103 active104 VLAN0104 active1002 fddi-default suspended1003 token-ring-default suspended
1004 fddinet-default suspended1005 trnet-default suspended
SW1-1(config)#
Task 3: Implement Private-VLANs
Note: This lab will be using unused ports in the topology to simulate hosts being connected. Forclarification of the tasks its advisable to read the entire task before starting your configuration.
1. A firewall is connected to Ethernet3/19 on SW1-1 which should receive all traffic from DMZ
hosts. This port should be in VLAN 200. You are allowed to change configuration from the
previous task to accomplish this.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
23/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 22
2. Ensure that hosts in VLAN 201 are not able to communicate with each other, but only to the
firewall connected to Ethernet3/19
3. Configure ports Ethernet3/20 and Ethernet3/21 in VLAN 201
4. Hosts in VLAN 202 and 203 are able to communicate to each other in the VLAN and to the
firewall, but not to hosts in the other VLAN (202 cant communicate with 203 and vice versa)
5. Configure ports Ethernet3/22 and Ethernet3/23 in VLAN202. Configure ports Ethernet3/24 and
Ethernet3/25 in VLAN203
6. DMZ servers in VLAN 204 need to be secured. They are not allowed to communicate to each
other, but they can communicate with the rest of the IP network by reaching a default gateway
configured on SW1-1 with IP address 10.1.10.254/24
7. Hosts connected in VLAN 204 are connected on SW2. Configure the first trunk connection for
this use. Configure Ethernet 1/21, 1/22 and 1/23 in VLAN205 on SW2 and ensure they are able
to reach the default gateway to the network. Hosts are not allowed to communicate to each
other.
8. Other hosts of VLAN 201 and 202 are also connected to SW2. Use the second trunk connection
between SW1 and SW2 for this use. The hosts of VLAN201 are connected to ports Ethernet 1/24
and 1/25. The host of VLAN 202 is connected to Ethernet 1/26
Task 4: Implement Rapid Spanning-Tree protocol
1. Ensure non-core-facing interfaces on SW2 and SW3 are not generating any spanning-treetopology changes
2. Configure SW2 to be the root bridge for VLAN 101 and SW3 to be the backup root bridge
3. Ensure all switches are using optimal spanning-tree timers for the size of the layer 2 network to
optimize network convergence. Do not configure timer values to complete this task.
4. Configure SW1 to be the root bridge for VLAN 102
5. Ensure that new bridges with a default spanning-tree configuration will never be elected as a
root bridge in VLAN 102 when SW1 fails
6. When traffic steering is necessary, you are required to use values higher than100,000
7. Configure the network in such a way that SW1 is using SW3 as the best path towards the root
bridge of the network in VLAN 101
8. Ensure that the last interface (fourth link) between all switches is used as primary
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
24/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 23
9. Configure spanning-tree of VLAN 103 to converge in the shortest time possible
10.Configure all inter-switch-links to utilize IEEE 802.1w Rapid Connectivity
11.Remove all spanning-tree related configuration from interfaces and global configuration on all
switches before continuing with the next task
Task 5: Implement Multiple Spanning-Tree protocol
1. Configure SW1, SW2 and SW3 to run the IEEE 802.1s protocol
2. Configure the following parameters on SW1
3. MST name of IPexpert
4. MST configuration number of 5
5. Map VLAN 10 through 99 to instance 1
6. Map VLAN 100 through 199 to instance 2
7. Map VLAN 800 through 1299 to instance 3
8. Ensure MST is functioning properly on all switches
9. Assume Private VLANs are in use. Ensure that all secondary VLANs are in the same MSTI as their
associated primary VLAN
10.Configure SW2 to be the root bridge for instance 1 by configuring the lowest possible value
11.Try making SW3 the primary root bridge for instance 1 using the dedicated command for this.
What happens?
12.Make SW3 the backup root bridge for instance 1. You are allowed to configure other switches,
but not SW3.
13.Ensure all switches are using optimal spanning-tree timers for the size of the layer 2 network to
optimize network convergence.
14.When traffic steering is necessary, you are required to use values higher than100,000
15.Configure the network in such a way that SW1 is using SW3 as the best path towards the root
bridge of the network in instance 2
16.Ensure that all instances use a different interface between the switches to ensure load balancing
between instances. Meaning instance 0 uses interface 1, etc.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
25/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 24
17.Ensure BPDUs are discarded when the network is larger than 10 hops
18.Assume a switch with an old version of software is connected to Ethernet 1/16 on SW2.
Configure this interface to pro-actively send pre-standard MST messages
Task 6: Spanning-Tree and UDLD features
1. Configure SW3 so that all ports, when not configured individually, are seen as network edge
ports
2. Configure Ethernet 1/10 on SW3 so the port is put in error-disabled state when spanning-tree
packets are received
3. Configure Ethernet1/11 on SW3 so the port will never process spanning-tree protocol data
units, but will allow other layer 2 frames
4. Ensure that Ethernet 1/10 on SW2 will also never process spanning-tree protocol packets, but
you are not allowed to configure the command required for this directly under the interface
5. Ensure Ethernet 1/11 on SW2 will never become a root port on the switch
6. Ethernet1/12 on SW2 should never become the designated port of the LAN segment
7. Assume the network is running MST and Ethernet 1/13 on SW3 is connected to a Rapid-PVST+
network. Ensure that this port will fail to interoperate with this other kind spanning-tree
protocol for security reasons.
8. Use a Cisco-proprietary protocol which allows devices that are connected through fiber orcopper cables to monitor the physical configuration of the cables and detect when a
unidirectional link exists on Ethernet 1/12 on SW3
9. Use a method on Ethernet 1/12 on SW3 which disables one of the ports on the link, which
prevents traffic from being discarded.
Task 7: Fabric Extenders
1. Use SW2 and FEX1 for these tasks
2. Name the fabric extender as IPexpert Fabric Extender 1
3. Ensure the LED on the FEX starts blinking for easier locating the FEX in a rack
4. Ensure the output of the following show command is matched on SW2:
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
26/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 25
SW2# show interface port-channel 4 fex-intfFabric FEX
Interface Interfaces---------------------------------------------------
Po4 Eth101/1/48 Eth101/1/47 Eth101/1/46 Eth101/1/45
Eth101/1/44 Eth101/1/43 Eth101/1/42 Eth101/1/41Eth101/1/40 Eth101/1/39 Eth101/1/38 Eth101/1/37
Eth101/1/36 Eth101/1/35 Eth101/1/34 Eth101/1/33Eth101/1/32 Eth101/1/31 Eth101/1/30 Eth101/1/29
Eth101/1/28 Eth101/1/27 Eth101/1/26 Eth101/1/25Eth101/1/24 Eth101/1/23 Eth101/1/22 Eth101/1/21Eth101/1/20 Eth101/1/19 Eth101/1/18 Eth101/1/17
Eth101/1/16 Eth101/1/15 Eth101/1/14 Eth101/1/13
Eth101/1/12 Eth101/1/11 Eth101/1/10 Eth101/1/9
Eth101/1/8 Eth101/1/7 Eth101/1/6 Eth101/1/5Eth101/1/4 Eth101/1/3 Eth101/1/2 Eth101/1/1
Task 8: Misc features
1. Read this whole section first, before starting your configuration!
2. Configure Ethernet 5/16, 5/17 and 5/18 on SW1-1 with the settings from the following bullets (3
through 6).
3. Layer 2 trunk port with VLAN 101 through 104 allowed
4. Rx flowcontrol should be enabled
5. Disable the automatic cross/straight cable detection
6. show interface should show usage statistics using sampling intervals of 30, 60 and 120 seconds
7. You are only allowed to have the settings for these interfaces showing up oncein the
configuration
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
27/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 26
Chapter 3: Data
Center Networking
Layer 3
Infrastructure (NX-
OS)
Chapter 3: Data Center Networking Layer 3 Infrastructureis intended to let you be familiar with the
NX-OS Layer 3 features on the Nexus platforms to create a basic routed network. The second part of this
chapter consists of Data Center extension and Layer 2 routing features. We highly recommend to create
your own diagram at the beginning of each lab so you are able to draw on your own diagram, making it
much easier when you step into the real lab. The lab is divided in two pieces. During the first tasks you
will be configuring a dynamically routed layer 3 network using EIGRP and OSPF protocols. The second
part of this chapter is based on the Cisco proprietary technologies FabricPath and OTV. Multiple
topology drawings are available for this chapter.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
28/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 27
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Create a checklist to aid as you work thru the lab
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take your time. This is not a Mock Lab, so no time constraints are in place for finishing this
particular chapter
Estimated Time to Complete: 3 hours
Pre-setup
Connect to the Nexus 7000 switch and Nexus 5000 switches within the topology
Use the central topology drawing at the start of this workbook
Load the initial configuration of Chapter 2 on the Nexus 7000 switch to stage the Virtual Device
Contexts needed for this lab
When starting the second part of this lab for configuring Fabric Path and OTV the second set of
initial configuration should be loaded on the Nexus 7000 to create a different topology with
Virtual Device Contexts
This lab is intended to be used with online rack access provided by our partner Proctor Labs
(www.proctorlabs.com). Connect to the terminal server and complete the configuration tasks as
detailed below
http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/ -
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
29/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 28
Drawing 1: Physical Topology Routing
Drawing 2: Logical Routing Topology
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
30/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 29
Configuration tasks
Task 1: Layer 3 topology set-up
Configure the Nexus 5500 switches with hostnames of SW2 and SW3. The Nexus 7000 VDCs
should already have hostnames through the loading of the initial configuration. Use switchto
vdcand switchbackto move between different switches on the Nexus 7000.
Configure all switches so they can all carry the layer 2 VLANs as described indrawing 1
Configure sufficient inter-switch-links to carry the VLANs between the switches
Configure IP addressing on SVI and physical interfaces according todrawing 1
Configure all switches to have a Loopback0 interface with an IP address of 198.18.0.Z/32
where Zis the router number / host address as specified in drawing 1
Task 2: Static routing
Ensure SW1-3 can ping the loopback address of SW1-4 from its own loopback address
SW1-1 should be able to ping the loopback address of SW1-2 and vice versa without using the
directly connected link between those switches, but should use the path over SW1-3 and SW1-4
for this
Configure SW1-2 to be a blackhole for the 192.0.1.0/24 prefix. Give this entry a tag of666 and
an increased preference of+1
Ensure that all layer 3 interfaces on SW1-2 do not send outanyunreachablemessages
Remove all static routes before continuing with the next tasks
Task 3: EIGRP
Configure a secure EIGRP adjacency between SW1-2 and SW1-4
Ensure Loopbacks are reachable and dynamically advertised. Ensure that there are no attempts
to make adjacencies on the Loopback interfaces.
Use 64999as autonomous system number and IPEXPERTas the EIGRP process name
Configure 4 static routes for 198.18.4.0/24 through198.18.7.0/24 on SW1-4 and
ensure they are reachable through a single EIGRP routing entry on SW1-2. Besides the single
entry the 198.18.5.0/24network should also be seen in the routing table of SW1-2.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
31/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 30
Use wide metrics with a scaling factor of 64
Change the bandwidth that EIGRP may use on an interface 10% lower than default
Update the link between SW1-2 and SW1-4 so the EIGRP neighbor is declared down after 4 hello
packets. You are only allowed to change configuration on SW1-2 to accomplish this
Routes which are declared active should becomeStuck in Activeafter 5 minutes
Routes should be advertised as unreachable when there are more than 50 hops in the network
Update the K3 value on the SW1-2 to SW1-4 interfaces to 500
Task 4: OSPF
Configure the OSPF network as shown in drawing 2. Use the dotted decimal notation to
configure area 264
Ensure that all OSPF routers can reach each others Loopback addresses
Ignore the MTU size between SW1-1 and SW1-3 when forming an adjacency
Ensure that SW2 will never become a designated router on any OSPF interface
Ensure that SW3 will never become a designated router on any OSPF interface
Ensure all adjacencies in area 0 are secured using a hashed version of IPexpertSecure
Ensure area 1 is secure using a simple-text-password of IPexpert
Configure 4 additional Loopback interfaces on SW2 with IP addresses of198.18.128.1/24
through 198.18.131.1/24and ensure they are seen as a single entry in the backbone area
and other areas without overlapping other IP space
Configure a Loopback1 interface on SW1-3 with an IP address of 198.18.13.1/24and
ensure this whole subnet is seen throughout the layer 3 network
Type 3, 4 and 5 LSAs are not allowed in area 1
Ensure that routers do not attract traffic for 2 minutes after booting up
Task 5: Redistribution, BFD and ECMP
Configure redistribution between EIGRP and OSPF on SW1-4 and SW1-2
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
32/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 31
Ensure full reachability is achieved while maintaining all requirements from previous tasks
Ensure all links towards area 0 are used when traffic is exiting area 1
Ensure that all Dynamic Routing adjacencies on SW1-2 towards adjacent devices are terminated
using a dedicated detection protocol
BFD sessions between SW1-2 and SW3 should be secured using a hashed key of
IPexpertSecure
Ensure neighbor failures on SW1-2 are detected within 300ms
Configure OSPF and EIGRP so they use the dedicated fast-hello failure detection mechanism
Task 6: Layer 3 switching features
Ensure a static layer 2 to layer 3 mapping is created on VLAN 112 on SW1-1 for
198.18.112.24to mac address abcd.1234.5678
Configure SW2 so that it detects duplicate IP addresses and updates its cache on
Ethernet1/5
Ensure that SW1-1 reserves space for 2750outstanding ARP entries in the ASIC to prevent the
ARP replies are dropped when returned and attempted to install in the ASIC hardware
Configure all switches so they use RFC 1191
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
33/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 32
Drawing 3: FabricPath / OTV Topology
Task 7: FabricPath and OTV
Load the initial configuration file forpart 2 of chapter 2, which will create a topology
according to drawing 3
Create VLAN 666 on all relevant switches in the topology
Ensure hosts on VLAN 666 can communicate via layer 2 on all 4 edge switches using the
technologies as mentioned in drawing 3
Use the 198.18.10.0/24subnet when a layer 3 link is required in the topology
Configure VLAN interfaces (SVIs) with the following IP addresses:
SW2: 198.18.66.1/24
SW3: 198.18.66.2/24
SW1-3: 198.18.66.3/24
SW1-4: 198.18.66.4/24
Ensure traffic is using all links between the switches to reach from SW2 and SW3 to SW1-3 and
SW1-4
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
34/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 33
Verify this task is completed successfully by being able to ping all198.18.66.xinterfaces of
all edge switches
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
35/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 34
Chapter 4: Data
Center Networking
High Availability
(NX-OS)
Chapter 4: Data Center Networking High Availability (NX-OS)is intended to let you be familiar with the
NX-OS High Availability features on the Nexus platforms to create a high available network. Various
types of deployments of Port-channels and Virtual Port-channels are discussed in this chapter. The
second part of this chapter focuses on First Hop Redundancy Protocols (FHRPs) and High Available
features of dynamic routing protocols. The third part focuses on a special implementation of virtual
port-channels in FabricPath networks.
We highly recommend creating your own diagram at the beginning of each lab so you are able to draw
on your own diagram, making it much easier when you step into the real lab.
Multiple topology drawings are available for this chapter.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
36/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 35
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Create a checklist to aid as you work thru the lab
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take your time. This is not a Mock Lab, so no time constraints are in place for finishing this
particular chapter
Estimated Time to Complete: 3 hours
Pre-setup
Connect to the Nexus 7000 switch and Nexus 5000 switches within the topology
Use the central topology drawing at the start of this workbook
Load the initial configuration of Chapter 4 on the Nexus 7000 switch to stage the Virtual Device
Contexts needed for this lab
When starting the third part of this lab regarding virtual Port-Channels within FabricPath
networks the second set of initial configuration should be loaded on the Nexus 7000 to create a
different topology with Virtual Device Contexts
This lab is intended to be used with online rack access provided by our partner Proctor Labs
(www.proctorlabs.com). Connect to the terminal server and complete the configuration tasks as
detailed below
http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/ -
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
37/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 36
Drawing 1: Physical Topology
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
38/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 37
Drawing 2: Logical Topology
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
39/84
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
40/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 39
10.There are plans to increase the capacity betweenSW2and SW3to 80Gbps with additional
interfaces for resiliency purposes. Ensure that Ethernet1/5 is always chosen to participate
in the bundle and Ethernet1/6should be selected as a hot-standby link when additional
interfaces are added to the bundle.
11.Logical interface 3should use a very fast detection mechanism to signal the removal ofan interface in the bundle
12.Configure SW2and SW3to load-balance between the interfaces in link-bundles using the most
packet header information as possible.
13.Remove any configuration related to interface bundle 1and 2from the switches before
continuing with the next task
Task 3: Virtual Port-channels (vPCs)1. Ensure its possible to create Multi-Chassis Link Aggregation Groups (link bundles) on SW1-1
and SW1-2. Use ID 100for this.
2. SW1-2should be the primary device
3. Ensure its possible to create Multi-Chassis Link Aggregation Groups (link bundles) on SW2and
SW3. Use ID 200for this.
4. Send keep alive messages across themgmt0interfaces of domain 200switches
5. Use a dedicated SVI with IP addressing in the subnet of 198.18.5.0/24to send keep alivemessages between switches indomain 100. Ensure that the keep alive messages are not
using the global IP routing table. Use Ethernet3/10on SW1-1and Ethernet 3/12on
SW1-2for this.
6. Configure Ethernet3/9 on SW1-1and Ethernet3/11 on SW1-2as peer-link
7. Bundle Ethernet1/7and Ethernet1/8on SW2and SW3and configure this as the peer-
link
8. Ensure domain 100brings up its vPCs once a peer fails or reboots. Delay this process for 5
minutes.
9. SW2and SW3should be seen as a single Spanning-Tree root with a priority of 8192
10.Configure an MC-LAG connection between SW1-1, SW1-2 and SW2. Use Ethernet3/1on
SW1-1. Ethernet3/3on SW1-2and Ethernet1/1and Ethernet 1/2on SW2. Use
number 101for this connection
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
41/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 40
11.Configure a vPC connection betweenSW2, SW3and SW1-2. Use Ethernet3/5and
Ethernet3/7on SW1-2, Ethernet1/3on SW2and Ethernet1/3 on SW3. Use number
102for this connection.
12.Use the remaining connections between SW1-1, SW1-2, SW2 and SW3and bundle them in
a single logical interface with number 103.
13.Ensure all VLANs required for Drawing 2are allowed on the vPC links
14.Use 1234.5678.90abas the single MAC address that is used for the identification of domain
100 LACP packets
Task 4: Graceful Restart / Non-Stop Forwarding
1. Configure dynamic routing protocols according to drawing 2. Ensure Loopback interfaces of
SW2and SW1-1can ping each other and SW1-2and SW3can ping each other
2. Ensure that the routers running OSPF keep their routing information and keep forwarding traffic
to neighbors when they are rebooting
3. An older router that will take a little over2 minutesto reboot will be connected to SW2.
Ensure that your configuration supports this
4. Ensure that SW3supports ISSU
5. SW3should keep routes from restarting neighbors for5 minutes
6. Signal a restart as fast as possible on SW3
Task 5: HSRP
1. Ensure that hosts on VLAN 111are always able to reach their default gateway, when one of
the 2 switches fails
2. Use a Cisco proprietary protocol for this use, which uses a single active default gateway
3. Use the .1host IP address as the default gateway for this network segment
4. Make the switches primary and backup according to the best practice
5. Use a hashed key of IPexpertYEAR1 to secure this protocol from now until December 31st
the same year. At January 1stone year later the key should change to IPexpertYEAR2.
Ensure that switches keep accepting the old key for at least 2 more hours
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
42/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 41
6. When the backup switch is active and the primary switch comes back online after a reboot.
Ensure that it will take back the active role after the switch is up for3 minutes
7. Give this process a name of IPexpertVLAN111
8. A switch should declare its neighbor down within 1 second
9. When one of the Ethernet uplinks fails the priority should be lowered with1/10th of the
configured priority value
10.When a second Ethernet uplink fails the switch should stop forwarding Layer 3 traffic and send
traffic across the vPC peer-link
11.The default gateway MAC address should be the MAC address of one of the physical Ethernet
interfaces
Task 6: VRRP
1. Ensure that hosts on VLAN 121are always able to reach their default gateway, when one of
the 2 switches fails
2. Use a standards based protocol for this use, which uses a single active default gateway
3. When clients on VLAN 121issue an ARP request for the Default Gateway it should respond
with MAC address 0000.5E00.0174 without configuring this MAC address in the
configuration
4. Use the .254host IP address as the default gateway for this network segment
5. Configure SW1-2as the primary switch using a value of 200
6. Use a clear text password of IPexpert to secure the protocol
7. Ensure a higher priority backup router does not take over the role of a lower priority active
router. Configure this only on the current primary switch.
8. Ensure that SW1-2becomes the standby router after 30 seconds, when the Loopback address
of SW3disappears from the routing-table
9. Switches should declare their neighbors down in 10 seconds
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
43/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 42
Task 7: GLBP
1. Ensure that hosts on VLAN 222are always able to reach their default gateway, when one of
the 2 switches fails
2. Use a load balancing Cisco proprietary protocol
3. Use the .55host IP address as the default gateway for this network segment
4. Both routers should be capable of forwarding traffic.
5. SW1-1should be answering all ARP requests
6. When the Loopback address of one of the upstream switches disappears from the routing table
the switches should no longer beAVF
7. Delay the take over of theAVFrole for a standby switch for 3 minutesif any currentAVF
fails
8. The router should become theAVGafter 30 secondsif it has a higher priority than the
currentAVG
9. Ensure the routers support In-Service-Software-Upgrades
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
44/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 43
Task 8: Virtual Port-Channels (vPCs) and FabricPath
1. Load the initial configuration of Chapter 4 Task 8on the Nexus 7000 switch to stage the
Virtual Device Contexts needed for this lab
2. Configure the FabricPathnetwork to stretch VLAN 666 between all Leafswitches
3. Ensure the PC connected to SW2and SW3is able to connect using a virtual Port-Channel with
number 100on all places where necessary to configure a number
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
45/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 44
Chapter 5: Data
Center Storage
Networking
Chapter 5: Data Center Storage networkingis intended to let you be familiar with the Storage
Networking features on the Cisco MDS switches. Configuring traditional Fibre Channel networks and
basic Fibre Channel features.
We highly recommend creating your own diagram at the beginning of each lab so you are able to draw
on your own diagram, making it much easier when you step into the real lab.
Multiple topology drawings are available for this chapter.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
46/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 45
General Rules
Try to diagram out the task. Draw your own connections the way you like it
Create a checklist to aid as you work thru the lab
Take a very close read of the tasks to ensure you dont miss any points during grading!
Take your time. This is not a Mock Lab, so no time constraints are in place for finishing this
particular chapter
Estimated Time to Complete: 5 hours
Pre-setup
Connect to the MDS switches within the topology
Use the central topology drawing at the start of this workbook
The switches start with a blank configuration. You will be creating parts of your own Initial
Configuration for later labs.
This lab is intended to be used with online rack access provided by our partner Proctor Labs
(www.proctorlabs.com). Connect to the terminal server and complete the configuration tasks as
detailed below
http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/http://www.proctorlabs.com/ -
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
47/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 46
Drawing 1: Physical Topology
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
48/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 47
Configuration tasks
Task 1: Initial set-up
1. Give the MDS switches in the topology the following hostnames:MDS1,MDS2. Configure the
default username and password according to the generic lab topology
2. Ensure that they can be reached through the management network using IP addresses in the
range as stated in the initial set-up information at the beginning of the workbook. Use Host IP
addresses of .10and .11
3. Use the default gateway of the management subnet as Time Synchronization server
4. Do notuse any automatic selection of interface type for this lab, unless specifically stated
5. Do notuse any automatic speed selected for interfaces
6. Use 200MBpsconnections towards the JBODs
7. JBODsonMDS2should automatically detect the interface speeds
8. Ensure Fabric Loginsare done by the connectedJBODs
9. Enable the links between theMDSswitches as standard based ISLs
10.Configure a descriptive name on all interfaces consisting of the name and port of the device
which is connected. You are prohibited to use the description command.
11.Ensure the connection towards JBOD1is easily physically located onMDS1
12.The fiber connected to fc1/10is of low quality causing errors on the interface. Ensure the
switch does not go into err-disablestate, because of this reason.
13.Ensure that interfaces on the MDS switches are shutdown when no configuration is applied to
them
14.All disks inside of the JBODs should be identified on the MDS switches with a simple name in the
form of JxDywhere Xis the JBOD number and Yis the disk number.
15.The simple device names should be seen on both MDS switches, by only configuring one of theswitches. The names should notbe VSAN dependent.
16.Ensure applications that use the simple names will follow changes to the database
17. Interfacefc1/1onMDS1will be used for a long reach link. Enable the most credit
buffers as possible and enable recovery of credits
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
49/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 48
18.JBOD1onMDS1is only allowed to send packets with a maximum size of 2000 bytes
19.Enable B2Bcredit state change numbers on all JBOD interfaces
Task 2: VSANs
1. Create VSAN 10, 20, 30 and 40 with names of IPX_VSAN_#, where #is the VSANnumber
2. Configure fc1/5onMDS1in VSAN 10and fc1/6onMDS2
3. Configure fc1/5onMDS2and fc1/6onMDS1in VSAN 20
4. Ensure that when WWPN 20:11:00:0a:31:00:aa:deis automatically placed in VSAN 30
when it comes online anywhere in the Fibre Channel fabric
5. Ensure that J1D1is automatically placed in VSAN 40when it comes online in the fabric
6.MDS1should use the Source and Destination FCID for load balancing across equal cost paths in
VSAN 10
7.MDS2should use Exchange based load balancing across different interfaces in a port-channel in
VSAN 20
8. Ensure that all ISLs of theMDSswitches are capable of transferring multipleVSANsacross the
same interface
9. Configure fc1/1and fc1/3on bothMDSswitches as a single logical connection using number
101
10. Interfaces fc1/1and fc1/3should negotiate their bundling capabilities
11.Create a single logical connection consisting of fc1/2and fc1/4on bothMDS1 andMDS2
switches with number 127
12.VSAN 30should only use the logical interface 127
13.VSAN 40should only use logical interface 101
14.VSAN 10and VSAN 20should be able to cross both ISL bundles between theMDSswitches
15.VSAN 10should always use bundle101as its primary connection to the otherMDS
16.VSAN 20should always use the bundle 127 as its primary connection to the otherMDS
17.Packets traversing VSAN 30should be guaranteed to reach their destination in the same order
as they have left the source.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
50/84
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
51/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 50
9. Ensure that all changes to all zonesetsare replicated between all switches inVSAN 10every
time a zonesetis activated
10.Use zoning compliant with FC-GS-4and FC-SW-3in VSAN 20
11.Use inline zone creation for VSAN 20
12.Zoning in VSAN 20should ensure that the following disks are able toreaddata from each
other, but never write:
a. J2D1
b. J2D2
c. J2D3
13.Create a zone in VSAN 20that ensures the following disks are prioritized over other disks when
ISLs are congested. Use the FWWNof the disks:
a. J2D4
b. J2D5
14.When devices are not specified in zones inVSAN 20, they should be allowed to readdata
from each other
15.J2D5LUN 19and J1D6LUN 116should be able to communicate to each other in VSAN
20. No other LUNson those disks can communicate
16.Activate zoning in VSAN 20 and ensure its seen on bothMDS1 andMDS2
Task 4: FC Domain
1. Configure FC Domain IDs in VSAN 10.MDS1should be using a static ID of 34 andMDS2should
prefer to use an ID of 0x34, but can use a different one when this is already taken
2. EnsureMDS1is the principal switch in VSAN 10
3. Domain IDs for new switches should be handed out in a sequential order
4. Disruptive restarts from other switches should not affectMDS1
5. Ensure the J1D1disk in VSAN 10gets assigned an FCID in the range of 0x222200to
0x2222FF
6.MDS2should be assigning Domain IDs to other switches in the fabric for VSAN 20.MDS2
should use a range of 0xB0to 0xCE.
-
8/9/2019 IPexpert-CCIE-Data-Center-Volume-1 1-9.pdf
52/84
CCIE Data Center Lab Preparation Workbook
Copyright by IPexpert. All rights reserved. 51
7.MDS1should prefer a Domain ID of 214 in VSAN 20
8. Ensure that VSAN 30is prepared for fast-restart
Task 5: Fibre Channel Securit