April 22, 2017 | Author: shhahrukh khan | Category: N/A
1.1
- DC2: Allocate ports and resources to VDC's
In Data Center 2 (DC2), there is one Cisco Nexus 7000 switch. On this switch VDC's are pre-configured for you. During this task you will assign ports and resources to these VDC's DC2-N7K-1 is the default VDC DC2-N7K-3 and DC2-N7K-4 are non-default VDC's In DC2, allocate ports to VDC's as shown in this table:
Device Name
ID
Ports
Type
DC2-N7K-1 DC2-N7K-3 DC2-N7K-4
1 3 4
Ethernet3/1-8, Ethernet 4/1-16 Ethernet 3/17-24, Ethernet 4/17-24 Ethernet 3/25-32, Ethernet 4/25-32
Ethernet Ethernet Ethernet
In DC2, you must configure resources for the VDC's. Use resource templates to perform this task. Create and apply VDC resource templates as shown in this table:
Template Name
VDC Name
Resource
Minimum
Maximum
otv-template
DC2-N7K-1
switch-template
DC2-N7K-3 & DC2-N7K-4
VRF VLAN Port-Channel VRF VLAN Port-Channel
8 16 0 16 64 32
16 32 32 32 128 64
In DC2, make sure that these high-availability policies are applied to the VDC's: High-availability policy for DC2-N7K-1 must be RESET. High-availability policy for DC2-N7K-3 and DC2-N7K-4 must be BRINGDOWN. (2 Points)
1.2
- DC2: Implement VLANs
You must configure VLANs in Data Center 2. These VLANs will be used later in the exam. Assign the correct name and type as outlined here. Configure these VLANs on DC2-N7K-1:
Device
VLAN ID
Name
VLAN Mode
DC2-N7K-1
90 4001 4002 30 40 50 4001 4002 30 40 50 70 71 72
dci-site dci-data1 dci-data2 iscsi Esx-mgmt Dmz dci-data1 dci-data2 iscsi esx-mgmt Dmz Vm-data Vm-data-nat Ace-ft
Classic Ethernet Classic Ethernet Classic Ethernet FabricPath FabricPath FabricPath Classic Ethernet Classic Ethernet FabricPath FabricPath FabricPath Classic Ethernet Classic Ethernet Classic Ethernet (1 Point)
DC2-N7K-3 DC2-N7K-4
DC2-N5K-1 DC2-N5K-2
1.3
- DC2: Configure Layer 2 Links
In this task, you must configure Layer 2 port channels and trunk ports between Data Center 2 switches. Configure the Layer 2 port channel between DC2-N7K-3 and DC2-N7K-4. Use this information to complete this task: Use port channel number 200. Allow only VLANs 90, 4001, and 4002 on the port channel. Do not use LACP.
Port assignments are as follows:
VDC Name
Port Channel
Member Port
DC2-N7K-3 DC2-N7K-4
200 200
Ethernet 4/18-19 Ethernet 4/26-27
DC2-N7K-1 and DC2-N7K-3 are connected using a Layer2 link and a Layer 3 link. Configure the Layer 2 link between these switches as a trunk port.
Use following information to complete this task:
Use VLAN 1 as the native VLAN Allow only VLAN 90, 4001, 4002 on the port channel.
VDC Name
Trunk Port
Mode
DC2-N7K-1 DC2-N7K-3
Ethernet 4/12 Ethernet 4/20
Layer 2 Layer 2 (1 Point)
1.4
- DC2: Configure Fabric Path
In DC2, enable fabric-path isis routing between DC2-N7K-3, DC2-N7K-4, DC2-N5K-1, and DC2-N5K-2 Perform these tasks:
Assure that all of the switches that are listed use the FabricPath network for Layer 2 switching between them. The port channel between DC2-N7K-3 and DC2-N7K-4 will not participate in FabricPath. Create a port channel between DC2-N5K-1 and DC2-N5K-2, and enable FabricPath on the port channel. Use any number for the port channel. Configure switch ID 30, 40, 50, and 60 on DC2-N7K-3, DC2-N7K-4, DC2-N5K-1, and DC2N5K-2 respectively. Allow 20 seconds to detect any switch ID conflicts in the FabricPath domain. Make sure that only two equal cost paths are selected in the FabricPath domain. Make sure that DC2-N7K-3 and DC2-N7K-4 use DC2-N5K1 and DC2-N5K-2 as equal cost paths.
(3 points)
1.5
- DC2: Configure vPC+ to Cisco UCS
In DC2, configure vPC domain 20 between DC2-N5K-1 and DC2-N5K-2. Perform these tasks:
Make sure that N5K-1 is always the vPC primary switch. Use port channel ID 200 for the vPC peer link. Do not add any new Layer 3 interfaces. Use switch ID value 70. Use port channel ID 10 toward Fabric Interconnect A (FI-A). Use port channel ID 20 toward Fabric Interconnect B (FI-B). Port channels to Cisco UCS should be configured as IEEE 802.1Q trunk interfaces that allow only VLANs 30, 40, 70, and 71. Make sure that port channels 10 and 20 come up without waiting for the standard forward-time delay. In a few months, our server team will connect a single-leg server on VLAN 300 that is connected to N5K-2. Make sure that the interface does not go down in a dual-active scenario. Make sure that vPC peer devices are the primary devices on LACP and use priority value 2500.
(3 Points)
1.6
- DC2: Configure FEX
In Data Center 2 (DC2), configure active/active connections from DC2-N5K-1 and DC2-N5K-2 to the FEX. Use FEX 103 and 104 as indicated in this figure. Make sure both FEX instances skip any bootup tests.
(2 Points)
1.7
- DC2: Implement Cisco NX-OS Layer 3 functionality
You must now configure Layer 3 interfaces on the Cisco Nexus 7000 switches in DC2. Configure the following:
WAN Layer 3 interfaces on DC2-N7K-3 and DC2-N7K-4 Layer 3 link between DC2-N7K-3 and DC2-N7K-1 Loopback interfaces on DC2-N7K-1, DC2-N7K-3, and DC2-N7K-4
WAN interfaces connect the Cisco Nexus 7000 switch to the WAN switch. The WAN switch is preconfigured. No configuration is necessary on your part.
Configure the WAN IP addresses as shown in this table:
Device Name
Interface
IP Address
Subnet Mask
DC2-N7K-3 DC2-N7K-4
Ethernet 4/23 Ethernet 4/31
10.4.1.9 10.4.1.13
30 30
Make sure that the jumbo frame size of 9100 bytes is allowed on the WAN. DC2-N7K-1 and DC2-N7K-3 are connected with a Layer 2 link and Layer 3 link. Configure the Layer 3 link between these switches.
In DC2, configure the Layer 3 link between DC2-N7K-1 and DC2-N7K-3:
Device Name
Interface
IP Address
Subnet Mask
DC2-N7K-1 DC2-N7K-3
Ethernet 4/5 Ethernet 4/24
10.4.1.22 10.4.1.21
30 30
In DC2, configure the loopback IP addresses as shown in this table:
Device Name
Interface
IP Address
Subnet Mask
DC2-N7K-1 DC2-N7K-3 DC2-N7K-4
Loopback 0 Loopback 0 Loopback 0
10.0.2.1 10.0.2.3 10.0.2.4
32 32 32 (2 Points)
1.8
- DC2: Configure SVI and HSRP
In DC2, configure the switch virtual interfaces as shown in this table:
Device Name
Interface
IP Address
Subnet Mask
DC2-N7K-3
VLAN 40 VLAN 4001 VLAN 4002 VLAN 40 VLAN 4001 VLAN 4002
10.1.40.252 10.1.41.252 10.1.42.252 10.1.40.253 10.1.41.253 10.1.42.253
24 24 24 24 24 24
DC2-N7K-4
In DC2, configure HSRP on DC2-N7K-3 and DC2-N7K-4 as shown in this table: VLAN Virtual IP Address Group Active VLAN 40 10.1.40.254 2 ANY VLAN 4001 10.1.41.254 2 DC2-N7K-3 VLAN 4002 10.1.42.254 2 DC2-N7K-3
MD5 Key CCIEDC CCIEDC CCIEDC
Use any key chain name. Make sure that HSRP waits 3 seconds before detecting a neighbor down instance. Also make sure that DC2-N7K-3 is always the active router for VLAN 4001 and VLAN 4002. (2 Points)
1.9
- DC2: Implement Cisco NX-OS Layer 3 Routing
In DC2, set up EIGRP. Enable EIGRP within DC2 devices and on the connectivity to the WAN. Make sure that fast failure detection is enabled. The core WAN router is preconfigured with EIGRP.
Perform these tasks on DC2-N7K-1: Configure EIGRP with AS number 1. Use the loopback 0 address as the router ID. Configure interfaces E4/5 in EIGRP. You are not permitted to use static routes. Perform these tasks on DC2-N7K-3: Configure EIGRP with AS number 1. Use the loopback 0 address as the router ID. Configure interface E4/23 and E4/24 in EIGRP. Advertise these SVIs into EIGRP o VLAN 40 o VLAN 4001 o VLAN 4002 You are not permitted to use static routes. You are not permitted to configure EIGRP on the VLAN interface. Make sure that a summary route is sent for VLAN 40, VLAN 4001, and VLAN 4002. Perform these tasks on DC2-N7K-4: Configure EIGRP with AS number 1. Use the loopback 0 address as the router ID. Configure interface E4/31 in EIGRP. Advertise these SVIs into EIGRP o VLAN 40 o VLAN 4001
o VLAN 4002 You are not permitted to use static routes. You are not permitted to configure EIGRP on the VLAN interface. Make sure that a summary route is sent for VLAN 40, VLAN 4001, and VLAN 4002. ( 3 Points)
1.10 - DC2: Configure ACL In this task, you will configure an IP access list on the WAN interface on DC2 switches. Allow traffic to VLAN 40, VLAN 4001, and VLAN 4002 via the WAN interface according to this table: Switch Name DC2-N7K-3
WAN Interface Ethernet 4/23
Destination VLAN 40: 10.1.40.0/24 VLAN 4001: 10.1.41.0/24
VLAN 4002: 10.1.42.0/24
DC2-N7K-4
Ethernet 4/31
VLAN 40: 10.1.40.0/24 VLAN 4001: 10.1.41.0/24
VLAN 4002: 10.1.42.0/24
Traffic Allowed Any Traffic to this Network World Wide Web Secure Socket Layer Telnet World Wide Web Secure Socket Layer Telnet Any Traffic to this Network World Wide Web Secure Socket Layer Telnet World Wide Web Secure Socket Layer Telnet (4 Points)
1.11 - DC2: Configure syslog and NTP In DC2, make sure that DC2-N7K-3 receives the time from the NTP server 20.0.0.1. There is a syslog server on a remote sire that is accessible from the WAN network. Configure DC2-N7K-3 to send logs to syslog. The IP address of the syslog server is 10.0.0.1. (1 Point)
1.12 - DC2: Configure STP In this task, you will configure Spanning Tree Protocol in Data Center 2. Complete these tasks on DC2-N7K-1, DC2-N7K-3, and DC2-N7K-4:
Configure Multiple Spanning Tree for VLAN 4001 and VLAN 4002. Make sure that DC2-N7K-3 is the root for VLAN 4001 and VLAN 4002. Use this information to configure MST: o MST region = 1 o Name = ccie o MST revision number = 5 Enable Bridge Assurance on the appropriate ports.
(2 Points)
1.13 - DC1: Allocate ports to VDCs and implement Vlans In DC1, allocate ports to VDCs as shown in this table:
Device Name
ID
Ports
Type
DC1-N7K-1
1
Ethernet
DC1-N7K-2
2
DC1-N7K-3 DC1-N7K-4
3 4
Ethernet3/1-8,Ethernet4/1-8,Ethernet4/10, Ethernet 4/12,Ethernet 4/14, Ethernet 4/16 Ethernet3/9-16,Ethernet4/9,Ethernet 4/11, Ethernet 4/13, Ethernet 4/15 Ethernet 3/17-24, Ethernet 4/17-24 Ethernet 3/25-32, Ethernet 4/25-32
Ethernet Ethernet Ethernet
You must configure VLANs in Data Center 1. These VLANs will be used later in the exam. Assign the correct name and type as outlined here. Configure these VLANs on DC1-N7K-1, DC1-N7K-2, DC1-N7K-3, and DC1-N7K-4:
Device Name
Vlan ID
VLAN Name
VLAN Mode
DC1-N7K-1 DC1-N7K-2 DC1-N7K-3 DC1-N7K-4
90 4001 4002
dci-site dci-data1 dci-data2
Classic Ethernet Classic Ethernet Classic Ethernet
(2 Points)
1.14 - DC1: Configure Layer 2 links In this task, you must configure Layer 2 port channels and trunk ports between Data Center 1 switches. Configure the Layer 2 port channel between DC1-N7K-3 and DC1-N7K-4. Use this information to complete this task: Use port channel number 200. Allow only VLANs 90, 4001, and 4002 on the port channel. Use LACP. Use VLAN 90 as the native VLAN. Make sure that the native VLAN is tagged.
Here are the port assignments: Device Name DC1-N7K-3 DC1-N7K-4
Port Channel 200 200
Member Port Ethernet 4/18-19 Ethernet 4/26-27
DC1-N7K-1 and DC1-N7K-3 are connected using a Layer 2 link and a Layer 3 link. In this task, you will configure the Layer 2 link between these switches as a trunk port. Use this information to complete this task: Allow only VLANs 90, 4001, and 4002. Use VLAN 90 as the native VLAN. Device Name Trunk Port Mode DC1-N7K-1 Ethernet 4/12 Layer 2 DC1-N7K-3 Ethernet 4/20 Layer 2
DC1-N7K-2 and DC1-N7K-4 are connected using a Layer 2 and a Layer 3 link. In this task, you will configure the Layer 2 link between these switches as a trunk port. Use this information to complete this task: Allow only VLANs 90, 4001, and 4002. Use VLAN 90 as the native VLAN. Device Name DC1-N7K-2 DC1-N7K-4
Trunk Port Ethernet 4/13 Ethernet 4/28
Mode Layer 2 Layer 2
(2 Points)
1.15 - DC1: Implement Cisco NX-OS Layer 3 functionality You must now configure Layer 3 interfaces on the Cisco Nexus 7000 switches in DC1. Configure the following: WAN Layer 3 interfaces on DC1-N7K-3 and DC1-N7K-4 Layer 3 link between DC1-N7K-3 and DC1-N7K-1 Layer 3 link between DC1-N7K-4 and DC1-N7K-2 Loopback interfaces on DC1-N7K-1, DC1-N7K-2, DC1-N7K-3, and DC1-N7K-4 WAN interfaces connect the Cisco Nexus 7000 switch to the WAN switch. The WAN switch is preconfigured. No configuration is necessary on your part.
Configure the WAN IP addresses as shown in this table:
Device Name
Interface
IP Address
Subnet Mask
DC1-N7K-3
Ethernet 4/23
10.4.1.1
30
DC1-N7K-4
Ethernet 4/31
10.4.1.5
30
Make sure that the jumbo frame size of 9100 bytes is allowed on the WAN. DC1-N7K-1 and DC1-N7K-3 are connected with a Layer 2 link and Layer 3 link. Configure the Layer 3 link between these switches. In DC1, configure the Layer 3 link between DC1-N7K-1 and DC1-N7K-3:
Device Name
Interface
IP Address
Subnet Mask
DC1-N7K-1 DC1-N7K-3
Ethernet 4/5 Ethernet 4/24
10.4.1.17 10.4.1.18
30 30
DC1-N7K-2 and DC1-N7K-4 are connected with a Layer 2 link and Layer 3 link. Configure the Layer 3 link between these switches. In DC1, configure the Layer 3 link between DC1-N7K-2 and DC1-N7K-4:
Device Name
Interface
IP Address
Subnet Mask
DC1-N7K-2 DC1-N7K-4
Ethernet 4/9 Ethernet 4/25
10.4.1.26 10.4.1.25
30 30
In DC1, configure the loopback IP addresses as shown in this table:
Device Name
Interface
IP Address
Subnet Mask
DC1-N7K-1 DC1-N7K-2
Loopback0 Loopback0
10.0.1.1 10.0.1.2
32 32
DC1-N7K-3 DC1-N7K-4
Loopback0 Loopback0
10.0.1.3 10.0.1.4
32 32 (2 Points)
1.16 - DC1: Configure SVI and HSRP In DC1, configure SVI 4001 and 4002 on DC1-N7K-3 and DC1-N7K-4:
Device Name
Interface
IP Address
Subnet Mask
DC1-N7K-3
VLAN 4001 VLAN 4002 VLAN 4001 VLAN 4002
10.1.41.250 10.1.42.250 10.1.41.251 10.1.42.251
24 24 24 24
DC1-N7K-4
Configure HSRP on DC1-N7K-3 and DC1-N7K-4 as shown in this table:
VLAN
Virtual IP
Group
Active
MD5 Key
VLAN 4001 10.1.41.254 2 DC1-N7K-3 CCIEDC VLAN 4002 10.1.42.254 2 DC1-N7K-3 CCIEDC Use any key chain name. Make sure that HSRP waits 3 seconds before detecting a neighbor down instance. Also make sure that DC1-N7K-3 is always the active router for VLAN 4001 and VLAN 4002. (2 Points)
1.17 - DC1: Implement Cisco NX-OS Layer 3 Routing In DC1, set up EIGRP. Enable EIGRP within DC1 and also on the connectivity to the WAN. Make sure that fast failure detection is enabled. The core WAN router is preconfigured with EIGRP. You are not permitted to use static routes.
Perform these tasks on DC1-N7K-1: Configure EIGRP with AS number 1.
Use the loopback 0 address as the router ID. Configure interfaces E4/5 in EIGRP.
Perform these tasks on DC1-N7K-2: Configure EIGRP with AS number 1. Use the loopback 0 address as the router ID. Configure interfaces E4/9 in EIGRP. Perform these tasks on DC1-N7K-3: Configure EIGRP with AS number 1. Use the loopback 0 address as the router ID. Configure interface E4/23 and E4/24 in EIGRP. Perform these tasks on DC1-N7K-4: Configure EIGRP with AS number 1. Use the loopback 0 address as the router ID. Configure interface E4/25 and E4/31 in EIGRP. (3 Points)
1.18 - DC1 and DC2: Configure OTV You must now perform Cisco Data Center Interconnect (DCI) between DC1 and DC2. The WAN core is enabled for multicast. During this task, you will make sure that DC1-N7K-1, DC1-N7K-2, DC1-N7K-3, and DC1-N7K-4 are configured appropriately to support OTV within DC1. Similarly, make sure that DC2-N7K-1, DC2-N7K-3, and DC2-N7K-4 are configured appropriately to support OTV in DC2. VLAN 4001 and VLAN 4002 must be extended between DC1 and DC2. All other VLANs will stay local to the data center. Do not create additional VLANs for this task. You are allowed to use a multicast address range to achieve the task. The RP address is 20.0.0.1. PIM sparse mode is running in the WAN core.
In Data Center 1, perform these tasks: On the Layer 2 trunk port between DC1-N7K-1 and DC1-N7K-3, only allow VLANs that must be extended. On the Layer 2 trunk port between DC1-N7K-2 and DC1-N7K-4, only allow VLANs that must be extended. Use the loopback 0 address as the router ID. Use VLAN 90 as the site VLAN. In Data Center 2, perform these tasks:
On the Layer 2 trunk port between DC2-N7K-1 and DC2-N7K-3. Only allow VLANs that must be extended. Use VLAN 90 as the site VLAN.
After completing these infrastructure tasks, configure the necessary DCI tasks as specified in the question. Then verify that DCI was successful by pinging SVIs 4001 and 4002 from DC1-N7K-3 and DC2N7K-3. Make sure that HSRP is localized within each data center. (3 Points)
2.1
- Fibre Channel port channel, ISL, and trunking
Refer to this figure:
You have been asked to help resolve a non-optimal Fibre Channel port channel between DC2-MDS-1 and DC2-N5K-2. The desired result is that port channel ID 22 is up at 8 Gb/s between the two devices and that only VSANs 1 and 200 are able to traverse it. (3 Point)
2.2
- Implement Fibre Channel NPV and NPIV features
Configure the two Fibre Channel links between DC2-N5K-1 and DC2-MDS-1 to be two parallel, nontrunking, NPV-NPIV links for VSAN 100. The customer demands that servers in VSAN 100 that use these links be distributed equally at all times, even in the event that one of the links goes down and comes back up.
2.3
- Implement FCoE NPV features
Create a logical device within DC2-N7K-1 that is capable on FCoE functionality. Use the following parameters:
Device Name
ID
Port Allocation
DC2-N7K-2
2
Ethernet 3/9-16
Initialize this logical device with the following parameters: Password Mgmt IP Mgmt Netmask Mgmt Gateway Telnet
: cisco : 10.1.1.27 : 255.255.255.0 : 10.1.1.254 : Enabled
Configure a FCoE NPV-NPIV F-Port trunking and port-channeling link between the DC2-N7K-2 and DC2N5K-1 switches. Create VSAN 100 and allow only this VSAN across this link. This link should be configured to use LACP. Make sure that SID/DID/OXID load-balancing is used across this link. Use port channel ID 11. (4 points)
2.4
- Troubleshoot multihop FCoE
The customer reports that the FCoE VE Port channel between the DC2-N7K-2 and DC2-N5K-2 switches is no working. You have been asked to resolve the issue and get the FCoE VE Port channel working. Once it is up, it should transport VSAN 200 only. The link should be formed with LACP and use port channel ID 12. Traffic form the N5K to the N7K must load-balance with SID/DID. The resolution must not impact port channel 11. (3 points)
2.5
- Implement IP Storage Based Solution
Configure two FCIP links between the DC1-MDS-1 and DC2-MDS-1 switches. Allow VSANs 1, 200 and 100 across both links. The customer has a firewall between the date centers that only permits connections for each FCIP tunnel with port 3005. The connections must only be initialized from the DC2-MDS-1 side. Link MTU should be able to accommodate a complete Fibre Channel frame. Use FCIP profiles 10 and 20, and interfaces FCIP 10 and 20.
Device Name
Primary Link Address
Secondary Link Address
DC1-MDS-1 DC2-MDS-1
10.3.1.1/30 10.3.1.2/30
10.3.1.5/30 10.3.1.6/30
(2 points)
2.6
- Implement FCoE Host Configuration
Configure FCoE connections for DC2-SRV-3 and DC2-SRV-4.
DC2-SRV-3 port 1 should be in VSAN/VLAN 200. Use vfc 311 for this interface. DC2-SRV-3 port 0 should be in VSAN/VLAN 100. Use vfc 20 for this interface. Interface vfc20 must always use DC2-N5K-1 uplink FC 1/32. DC2-SRV-4 port 0 should be in VSAN/VLAN 100. Use vfc 320 for this interface. DC2-SRV-4 port 1 should be in VSAN/VLAN 200. Use vfc 420 for this interface. All required configurations on the host side are preconfigured. You are only required to configure the N5K and N7K sides. You have access to both servers' Cisco Integrated Management Controllers in case you need to verify and troubleshoot from the host side.
Section 3 - Unified Computing You have been tasked to configure and troubleshoot an existing computing solution based on Cisco UCS. DC2 will be hosting your primary computing cluster. Your primary storage array resides in DC1 and is reachable via the FCIP link that was already configured. You must configure all Cisco UCS endpoints as well as SAN and LAN devices as instructed. No access is required to the storage array. Please review this topology subset, which shows the relevant devices for this section. Reference Topology:
Note: The port numbers on the topology diagram are the physical port numbers.
3.1
- Troubleshoot Cisco UCS domain infrastructure
You have been tasked to reconfigure the uplink connectivity for your Cisco UCS domain. Configure the uplinks as shown in the diagram. Port channel IDs and VPC IDs should match each side of the links where applicable. The network administrator previously implemented a disjoint Layer 2 network design. This is no longer required. Remove all disjoint Layer 2 configurations from Cisco UCS and disable any uplinks that are not listed in this reference diagram. (5 points)
3.2
- Modify CoS for iSCSI
Some of your blades will use iSCSI. To accommodate this, perform these configurations: Configure the Silver CoS queue to accommodate 9000-byte frames Create a QoS policy named ccie-dc-qos and assign the Silver priority. Allow full host control. Assign the QOS policy to the two existing vNIC templates. (3 Points)
3.3
- Create FCoE boot policy
Create a boot policy that meets these criteria: Name of policy: fcoe-boot-pol. The CD-ROM should be the first boot device. The second boot device should be the SAN Boot Primary, using LUN ID 0 on Fabric B. Obtain target WWN information from the resources that are at your disposal. (3 Points)
3.4
- Create WWxN pool
Create these resource pools or policies: Sequentially allocated WWxN pool called ccie-dc-wwxn. Add a WWN block starting with 20:00:00:25:B5:C0:FF:EE of the minimum size. (2 points)
3.5
- Create I/O connectivity policies
Create a LAN connectivity policy that meets these requirements: Name: ccie-lan-con-pol Create two vNICs named eth0 and eth1 and bind each vNIC to a unique existing vNIC template. Adapter settings should be optimized for VMware Create a SAN connectivity policy that meets these requirements: Name: ccie-san-con-pol Create a single vHBA named fc0 and assign it to VSAN 200 Use existing WWxN pool that was previously created. (4 points)
3.6
- Cisco UCS Initiator Zoning
Now that you have created your connectivity policies, you must add your initiators to the correct MDS zones. Ensure that the existing MDS zones are correctly configured to ensure that your Cisco UCS
initiators and targets can communicate. Add initiator WWNs as required, using the resources that are at your disposal. (3 points)
3.7
- Remote boot host over FCoE multihop
As part of this questions and the next one, you must create a service profile. Detailed requirements for the service profile are provided here. Part of your objective is to ensure that the previously installed operating system successfully boots with your configured service profile. Note: If object names are not explicitly provided, you can use your own naming convention. If policies or settings are not explicitly provided, use the default values.
3.8
Perform the following configurations: Create a service profile named fcoe-boot in the root organization. This profile should be restricted to blades that have no local disks installed. Assign the LAN and SAN connectivity policies that were created in the previous section. The service profile should use the previously created ccie-xxxx resource pools. Assign the boot policy that you created in the previous section. Associate the service profile with Server 1/1 and ensure that the ESX host boots up. (4 Points)
- Configure Cisco UCS authentication
LDAP authentication had been configured by one of your colleagues, but they are unable to perform a successful test authentication. Your task is to troubleshoot and resolve the issue. The LDAP administrator has confirmed that these details are correct. No access to the Microsoft Active Directory server is required.
Active Directory Object
Value
Domain Controller Bind User Bind User Password Base DN Port Filter Group Authorization Authentication Domain Name Group Recursion TargetAttribute Ldap provider group Name
10.1.1.214 CN=ucs binduser, OU=CiscoUCS, DC=cciedc, DC=lab Cisco DC=cciedc, DC=lab 389 $AMAccountName=$userid Enable Ldap-domain Recursive Memberof Ldap-group
Active Directory Group Ucsaaa Ucsnetwork Active Directory Test User John.smith
Mapped Cisco UCS Role Aaa Network Expected Role aaa
(5 Points)
3.9
- Configure Call Home monitoring
Your manager has instructed you to configure Call Home for Cisco UCS. Call Home should be configured to only send notifications regarding association failures. Use these details for configure Call Home: No need to test Call Home or send inventory Contact: John Smith Phone: +1555-555-5555 Email:
[email protected] Address: 555 Tasman Contract ID: 555 From Email:
[email protected] Reply To:
[email protected] SMTP Server: 10.1.1.201 (2 Points)
Section 4 - Data Center Virtualization with Cisco Nexus 1000V The Cisco Nexus 1000V Switch has been previously installed. All VMware configurations have been completed. No access to VMware vCenter or the host is required. The Cisco VSM contains a basic configuration. After a review of these directives, make any necessary changes.
4.1
- Implement Virtual Switch Module
Assuming that your Cisco UCS blade booted successfully in the previous section, there should be two modules inserted and online on Cisco VSM. Modify the uplink port profile to use manual subgroup IDs. The manual subgroup ID for each uplink interface should match with the vmnic numbering of the host. Example: vmnic1 = subgroup ID 1, vmnic2 = subgroup ID 2, and so on. (3 Points)
4.2
- Troubleshoot: Basic port profile configuration
A colleague mistakenly configured the name of the vlan50 port profile. This port profile is already in use and must not be deleted. Your task is to change the port profile name that is presented to VMware vCenter to dmz. (2 Points)
4.3
- Advanced port profile configuration, part 1
You have been tasked to configure the Cisco Nexus 1000V Switch to support iSCSI traffic for IP storage. One of your colleagues has created a port profile called iscsi. The configuration is no complete. Your job is to modify the port profile and any other configuration to support IP- based storage. (3 points)
4.4
- Advanced port profile configuration, part 2
To ensure that proper QoS is applied to your IP storage traffic, configure the iscsi port profile to assign a CoS value of 2 to all traffic. This will align with the CoS that was previously configured in the Cisco UCS section. You may use any names you want for policy names.
(2 points)
UCS / N1K Reference Section Device UCS-Cluster-IP DC-FI-A DC-FI-B DC1-MDS-1 DC2-N7K-3 DC2-N7K-4 DC2-N1K (VSM)
IP 10.1.1.50 10.1.1.51 10.1.1.52 10.1.1.61 10.1.1.24 10.1.1.25 10.1.1.212
Username admin admin admin admin admin admin admin
Password cisco cisco cisco cisco cisco cisco cisco
UCS Pools / Resources UUID suffix WWPN (Fabric A) WWPN (Fabric B) WWNN MACs Managements IPs (KVM) Management Gateway
Pool Name ccie-dc-uuid ccie-dc-wwpn-a ccie-dc-wwpn-b ccie-dc-wwnn ccie-dc-mac
Starting Value 1111-000000000001 20:00:00:25:B5:10:10:01 20:00:00:25:B5:10:10:0A 20:00:00:25:B5:11:10:01 00:25:B5:00:00:01 10.1.1.53/24
Qty (if applicable) 10 4 4 4 32 7
Storage Objects Fiber Channel SAN Boot LUN ID SAN Boot Policy Fabric A zone name Fabric B zone name Zone set name Zone names
10.1.1.254
Value 0 san-boot-dual zone_ucs_van100 zone_ucs_vlan200 zs_vsan100, zs_vsan200 zone_ucs_vsan100, zone_ucs_vsan200
