IPexpert-CCIE-Data-Center-Volume-1-Workbook 1 - 12.pdf

May 7, 2017 | Author: ashmit | Category: N/A
Share Embed Donate


Short Description

Download IPexpert-CCIE-Data-Center-Volume-1-Workbook 1 - 12.pdf...

Description

IPexpert’s Lab Preparation Workbook for the Cisco® CCIE™ Data Center v1.0 Lab Exam Volume 1

Authored by: Rick Mur - CCIE3 #21946 (R&S / SP / Storage), JNCIE-SP #851

CCIE Data Center Lab Preparation Workbook

 

IPexpert’s   Lab  Preparation  Workbook  for  Cisco’s  CCIE   Data  Center  Lab   Before  We  Begin   This   product   is   part   of   the   IPexpert   suite   of   materials   that   provide   CCIE   candidates   and   network   engineers   with   a   comprehensive   training   program.   For   information   about   the   full   solution,   contact   an   IPexpert  Training  Advisor  today.       Telephone:  +1.810.326.1444   Email:  [email protected]     Congratulations!   You   now   possess   one   of   the   ULTIMATE   CCIETM   Lab   preparation   and   network   operation   resources   available   today!   This   resource   was   produced   by   senior   engineers,   technical   instructors,   and   author   boasting   decades   of   internetworking   experience.   Although   there   is   no   way   to   100%   guarantee   success   rate   on   the   CCIE™   Data   Center   Lab   exam,   we   feel   VERY   confident   that   your   chances   of   passing   the   Lab   will   improve   dramatically   after   completing   this   industry-­‐recognized   Workbook!     Technical  Support  from  IPexpert,  and  your  CCIE  community!    

   

 

Copyright © by IPexpert. All rights reserved.

 

1

CCIE Data Center Lab Preparation Workbook

  IPexpert  is  proud  to  lead  the  industry  with  multiple  support  options  at  your  disposal  free  of  charge.  Our   online  communities  have  attracted  a  membership  of  over  20,000  of  your  peers  from  around  the  world!   At  blog.ipexpert.com,  you  can  keep  up  to  date  with  everything  IPexpert  does  and  read  the  latest  in   technical  articles  from  world-­‐renowned  IPexpert  instructors.  At  OnlineStudyList.com,  you  may  subscribe   to  multiple  “SPAM-­‐free,”  moderated  CCIE-­‐focused  email  lists.    

Feedback     Do  you  have  a  suggestion  or  other  feedback  regarding  this  book  or  other  IPexpert  products?  At  IPexpert,   we  look  to  you  –  our  valued  clients  –  for  the  real  world,  frontline  evaluation  that  we  believe  is  necessary   so   that   we   may   always   improve.   Please   send   an   email   with   your   thoughts   to   [email protected]   or   call  1.866.225.8064  (international  callers  dial  +1.810.326.1444).     In   addition,   for   those   using   this   book   as   CCIETM   preparation,   when   you   pass   the   CCIETM   Lab   exam,   we   want   to   hear   about   it!   Email   your   CCIETM   number   to   [email protected]   and   let   us   know   how   IPexpert  helped  you  succeed.  We  would  like  to  send  you  a  gift  of  thanks  and  congratulations.    

Additional  CCIETM  Preparation  Material     IPexpert,  Inc.  is  committed  to  developing  the  most  effective  Cisco  CCIETM  R&S,  Security,  Voice,  Wireless   and   Data   Center   Lab   certification   preparation   tools   available.   Our   team   of   certified   networking   professionals   develops   the   most   up-­‐to-­‐date   and   comprehensive   materials   for   networking   certification,   including   self-­‐paced   workbooks,   online   Cisco   hardware   rental,   classroom   training,   online   (distance   learning)  instructor-­‐led  training,  audio  products,  and   video   training   materials.   Unlike   other   certification-­‐ training   providers,   we   employ   the   most   experienced   and   accomplished   teams   of   experts   to   create,   maintain,   and   constantly   update   our   products.   At   IPexpert,   we   are   focus   on   making   your   CCIETM   Lab   preparation  more  effective.    

Issues  with  this  Book     This  book  is  carefully  edited  to  ensure  the  accuracy  of  all  content.  Should  you  find  any  error  whatsoever,   please   email   a   page   reference   and   detailed   comment   to   [email protected].   Your   email   will   be   responded  to  promptly.  

Copyright © by IPexpert. All rights reserved.

 

2

CCIE Data Center Lab Preparation Workbook

 

IPEXPERT  END-­‐USER  LICENSE  AGREEMENT   END  USER  LICENSE  FOR  ONE  (1)  PERSON  ONLY   IF  YOU  DO  NOT  AGREE  WITH  THESE  TERMS  AND  CONDITIONS,   DO  NOT  OPEN  OR  USE  THE  TRAINING  MATERIALS.    

This   is   a   legally   binding   agreement   between   you   and   IPEXPERT,   the   “Licensor,”   from   whom   you   have   licensed  the  IPEXPERT  training  materials  (the  “Training  Materials”).  By  using  the  Training  Materials,  you   agree  to  be  bound  by  the  terms  of  this  License,  except  to  the  extent  these  terms  have  been  modified  by   a   written   agreement   (the   “Governing   Agreement”)   signed   by   you   (or   the   party   that   has   licensed   the   Training  Materials  for  your  use)  and  an  executive  officer  of  Licensor.  If  you  do  not  agree  to  the  License   terms,  the  Licensor  is  unwilling  to  license  the  Training  Materials  to  you.  In  this  event,  you  may  not  use   the  Training  Materials,  and  you  should  promptly  contact  the  Licensor  for  return  instructions.     The   Training   Materials   shall   be   used   by   only   ONE   (1)   INDIVIDUAL   who   shall   be   the   sole   individual   authorized  to  use  the  Training  Materials  throughout  the  term  of  this  License.      

Copyright  and  Proprietary  Rights     The   Training   Materials   are   the   property   of   IPEXPERT,   Inc.   ("IPEXPERT")   and   are   protected   by   United   States   and   International   copyright   laws.   All   copyright,   trademark,   and   other   proprietary   rights   in   the   Training   Materials   and   in   the   Training   Materials,   text,   graphics,   design   elements,   audio,   and   all   other   materials   originated   by   IPEXPERT   at   its   site,   in   its   workbooks,   scenarios   and   courses   (the   "IPEXPERT   Information")  are  reserved  to  IPEXPERT.     The  Training  Materials  cannot  be  used  by  or  transferred  to  any  other  person.  You  may  not  rent,  lease,   loan,   barter,   sell   or   time-­‐share   the   Training   Materials   or   accompanying   documentation.   You   may   not   reverse   engineer,   decompile,   or   disassemble   the   Training   Materials.   You   may   not   modify,   or   create   derivative  works  based  upon  the  Training  Materials  in  whole  or  in  part.  You  may  not  reproduce,  store,   upload,   post,   transmit,   download   or   distribute   in   any   form   or   by   any   means,   electronic,   mechanical,   recording  or  otherwise  any  part  of  the  Training  Materials  and  IPEXPERT  Information  other  than  printing   out  or  downloading  portions  of  the  text  and  images  for  your  own  personal,  non-­‐commercial  use  without   the  prior  written  permission  of  IPEXPERT.     You  shall  observe  copyright  and  other  restrictions  imposed  by  IPEXPERT.  You  may  not  use  the  Training   Materials  or  IPEXPERT  Information  in  any  manner  that  infringes  the  rights  of  any  person  or  entity.      

Copyright © by IPexpert. All rights reserved.

 

3

CCIE Data Center Lab Preparation Workbook

 

Exclusions  of  Warranties     THE  TRAINING  MATERIALS  AND  DOCUMENTATION  ARE  PROVIDED  “AS  IS.”  LICENSOR  HEREBY  DISCLAIMS   ALL   OTHER   WARRANTIES,   EXPRESS,   IMPLIED,   OR   STATUTORY,   INCLUDING   WITHOUT   LIMITATION,   THE   IMPLIED   WARRANTIES   OF   MERCHANTABILITY   AND   FITNESS   FOR   A   PARTICULAR   PURPOSE.   SOME   STATES   DO   NOT   ALLOW   THE   LIMITATION   OF   INCIDENTAL   DAMAGES   OR   LIMITATIONS   ON   HOW   LONG   AN   IMPLIED  WARRANTY  LASTS,  SO  THE  ABOVE  LIMITATIONS  OR  EXCLUSIONS  MAY  NOT  APPLY  TO  YOU.  This   agreement  gives  you  specific  legal  rights,  and  you  may  have  other  rights  that  vary  from  state  to  state.  

  Choice  of  Law  and  Jurisdiction   This   Agreement   shall   be   governed   by   and   construed   in   accordance   with   the   laws   of   the   State   of   Michigan,   without   reference   to   any   conflict   of   law   principles.   You   agree   that   any   litigation   or   other   proceeding  between  you  and  Licensor  in  connection  with  the  Training  Materials  shall  be  brought  in  the   Michigan   state   or   courts   located   in   Port   Huron,   Michigan,   and   you   consent   to   the   jurisdiction   of   such   courts  to  decide  the  matter.  The  parties  agree  that  the  United  Nations  Convention  on  Contracts  for  the   International   Sale   of   Goods   shall   not   apply   to   this   License.   If   any   provision   of   this   Agreement   is   held   invalid,  the  remainder  of  this  License  shall  continue  in  full  force  and  effect.  

Limitation  of  Claims  and  Liability     ANY   ACTION   ON   ANY   CLAIM   AGAINST   IPEXPERT   MUST   BE   BROUGHT   BY   THE   USER   WITHIN   ONE   (1)   YEAR   FOLLOWING  THE  DATE  THE  CLAIM  FIRST  ACCRUED,  OR  SHALL  BE  DEEMED  WAIVED.  IN  NO  EVENT  WILL   THE   LICENSOR’S   LIABILITY   UNDER,   ARISING   OUT   OF,   OR   RELATING   TO   THIS   AGREEMENT   EXCEED   THE   AMOUNT  PAID  TO  LICENSOR  FOR  THE  TRAINING  MATERIALS.  LICENSOR  SHALL  NOT  BE  LIABLE  FOR  ANY   SPECIAL,   INCIDENTAL,   INDIRECT,   OR   CONSEQUENTIAL   DAMAGES,   HOWEVER   CAUSED   AND   ON   ANY   THEORY  OF  LIABILITY,  REGARDLESS  OF  WHETHER  LICENSOR  HAS  BEEN  ADVISED  OF  THE  POSSIBILITY  OF   SUCH   DAMAGES.   WITHOUT   LIMITING   THE   FOREGOING,   LICENSOR   WILL   NOT   BE   LIABLE   FOR   LOST   PROFITS,  LOSS  OF  DATA,  OR  COSTS  OF  COVER.            

Copyright © by IPexpert. All rights reserved.

 

4

CCIE Data Center Lab Preparation Workbook

 

Entire  Agreement     This  is  the  entire  agreement  between  the  parties  and  may  not  be  modified  except  in  writing  signed  by   both  parties.    

U.S.  Government  -­‐  Restricted  Rights     The   Training   Materials   and   accompanying   documentation   are   “commercial   computer   Training   Materials”   and   “commercial   computer   Training   Materials   documentation,”   respectively,   pursuant   to   DFAR   Section   227.7202   and   FAR   Section   12.212,   as   applicable.   Any   use,   modification,   reproduction   release,   performance,   display,   or   disclosure   of   the   Training   Materials   and   accompanying   documentation   by  the  U.S.  Government  shall  be  governed  solely  by  the  terms  of  this  Agreement  and  shall  be  prohibited   except  to  the  extent  expressly  permitted  by  the  terms  of  this  Agreement.     IF   YOU   DO   NOT   AGREE   WITH   THE   ABOVE   TERMS   AND   CONDITIONS,   DO   NOT   OPEN   OR   USE   THE   TRAINING   MATERIALS   AND   CONTACT   LICENSOR   FOR   INSTRUCTIONS   ON   RETURN   OF   THE   TRAINING   MATERIAL  

 

                   

Copyright © by IPexpert. All rights reserved.

 

5

CCIE Data Center Lab Preparation Workbook

 

Contents   IPexpert’s  .....................................................................................................................................................  1   Lab  Preparation  Workbook  for  Cisco’s  CCIE  Data  Center  Lab  .................................................................  1   Before  We  Begin  ......................................................................................................................................  1   Feedback  .................................................................................................................................................  2   Additional  CCIETM  Preparation  Material  ..................................................................................................  2   Issues  with  this  Book  ...............................................................................................................................  2   IPEXPERT  END-­‐USER  LICENSE  AGREEMENT  .............................................................................................  3   Copyright  and  Proprietary  Rights  ............................................................................................................  3   Exclusions  of  Warranties  .........................................................................................................................  4   Choice  of  Law  and  Jurisdiction  ................................................................................................................  4   Limitation  of  Claims  and  Liability  ............................................................................................................  4   Entire  Agreement  ....................................................................................................................................  5   U.S.  Government  -­‐  Restricted  Rights  .......................................................................................................  5   Default  Lab  Topology  ............................................................................................................................  10   Default  passwords  and  IP  addresses  .....................................................................................................  10   Chapter  1:  Introduction  to  CCIE  Data  Center  .............................................................................................  11   Who  Should  Read  this  Book?  ................................................................................................................  12   How  to  Use  this  Book  ............................................................................................................................  12   An  Introduction  to  CCIE  Data  Center  .....................................................................................................  12   Availability  .............................................................................................................................................  13   Written  exam  ........................................................................................................................................  13   The  current  published  reading  list:  .......................................................................................................  13   Lab  exam  ...............................................................................................................................................  14   Software  Versions  .................................................................................................................................  14   CCIE  Storage?  ........................................................................................................................................  14   What  about  P  and  A  tracks?  ..................................................................................................................  14   Troubleshooting  ....................................................................................................................................  14   An  Introduction  to  the  Proctor  Labs  CCIE  Data  Center  hardware  rack  .................................................  15   Software  Versions  .................................................................................................................................  17   Chapter  2:  Data  Center  Networking  Layer  2  Infrastructure  ......................................................................  19   (NX-­‐OS)  ......................................................................................................................................................  19   General  Rules  ........................................................................................................................................  20   Pre-­‐setup  ...............................................................................................................................................  20   Topology  ................................................................................................................................................  20   Configuration  tasks  ................................................................................................................................  21   Task  1:  General  set-­‐up  .......................................................................................................................  21   Task  2:  Implement  VLANs  ..................................................................................................................  21   Task  3:  Implement  Private-­‐VLANs  .....................................................................................................  22   Task  4:  Implement  Rapid  Spanning-­‐Tree  protocol  ............................................................................  23   Task  5:  Implement  Multiple  Spanning-­‐Tree  protocol  ........................................................................  24   Task  6:  Spanning-­‐Tree  and  UDLD  features  ........................................................................................  25   Task  7:  Fabric  Extenders  ....................................................................................................................  25   Task  8:  Misc  features  .........................................................................................................................  26   Chapter  3:  Data  Center  Networking  Layer  3  Infrastructure  (NX-­‐OS)  .........................................................  27   General  Rules  ........................................................................................................................................  28   Pre-­‐setup  ...............................................................................................................................................  28   Copyright © by IPexpert. All rights reserved.

 

6

CCIE Data Center Lab Preparation Workbook

  Drawing  1:  Physical  Topology  Routing  ..................................................................................................  29   Drawing  2:  Logical  Routing  Topology  ....................................................................................................  29    ...............................................................................................................................................................  29   Configuration  tasks  ................................................................................................................................  30   Task  1:  Layer  3  topology  set-­‐up  .........................................................................................................  30   Task  2:  Static  routing  .........................................................................................................................  30   Task  3:  EIGRP  .....................................................................................................................................  30   Task  4:  OSPF  .......................................................................................................................................  31   Task  5:  Redistribution,  BFD  and  ECMP  ..............................................................................................  32   Task  6:  Layer  3  switching  features  .....................................................................................................  32   Drawing  3:  FabricPath  /  OTV  Topology  .................................................................................................  33   Task  7:  FabricPath  and  OTV  ...............................................................................................................  33   Chapter  4:  Data  Center  Networking  High  Availability  (NX-­‐OS)  ..................................................................  35   General  Rules  ........................................................................................................................................  36   Pre-­‐setup  ...............................................................................................................................................  36   Drawing  1:  Physical  Topology  ................................................................................................................  37   Drawing  2:  Logical  Topology  ..................................................................................................................  38   Configuration  tasks  ................................................................................................................................  39   Task  1:  Topology  set-­‐up  .....................................................................................................................  39   Task  2:  Port-­‐Channels  ........................................................................................................................  39   Task  3:  Virtual  Port-­‐channels  (vPCs)  ..................................................................................................  40   Task  4:  Graceful  Restart  /  Non-­‐Stop  Forwarding  ...............................................................................  41   Task  5:  HSRP  ......................................................................................................................................  41   Task  6:  VRRP  ......................................................................................................................................  42   Task  7:  GLBP  ......................................................................................................................................  43    ...........................................................................................................................................................  44   Task  8:  Virtual  Port-­‐Channels  (vPCs)  and  FabricPath  .........................................................................  44   Chapter  5:  Data  Center  Storage  Networking  .............................................................................................  45   General  Rules  ........................................................................................................................................  46   Pre-­‐setup  ...............................................................................................................................................  46   Drawing  1:  Physical  Topology  ................................................................................................................  47    ...............................................................................................................................................................  47   Configuration  tasks  ................................................................................................................................  48   Task  1:  Initial  set-­‐up  ...........................................................................................................................  48   Task  2:  VSANs  ....................................................................................................................................  49   Task  3:  Zoning  ....................................................................................................................................  50   Task  4:  FC  Domain  .............................................................................................................................  51   Task  5:  Fibre  Channel  Security  Features  ............................................................................................  52   Task  6:  Advanced  Features  ................................................................................................................  53   Chapter  6:  Data  Center  Storage  Networking  Extension  ............................................................................  54   General  Rules  ........................................................................................................................................  55   Pre-­‐setup  ...............................................................................................................................................  56   Drawing  1:  Physical  Topology  ................................................................................................................  56   Drawing  2:  Logical  Topology  ..................................................................................................................  57    ...............................................................................................................................................................  57   Configuration  tasks  ................................................................................................................................  58   Task  1:  Initial  set-­‐up  ...........................................................................................................................  58   Task  2:  FCIP  ........................................................................................................................................  58   Copyright © by IPexpert. All rights reserved.

 

7

CCIE Data Center Lab Preparation Workbook

  Task  3:  FCIP  Security  ..........................................................................................................................  59   Task  4:  SAN  Extension  Tuner  .............................................................................................................  59   Task  5:  iSCSI  .......................................................................................................................................  59   Task  6:  iSLB  ........................................................................................................................................  60   Chapter  7:  Data  Center  Unified  Fabric  .......................................................................................................  62   General  Rules  ........................................................................................................................................  63   Pre-­‐setup  ...........................................................................................................................................  64   Drawing  1:  Physical  Topology  ................................................................................................................  64   Drawing  2:  Logical  Topology  VSAN  20  ...................................................................................................  65   Configuration  tasks  ................................................................................................................................  66   Task  1:  Native  Fibre  Channel  on  Nexus  .............................................................................................  66   Task  2:  Fibre  Channel  over  Ethernet  (FCoE)  ......................................................................................  66   Task  3:  Multi  hop  FCoE  ......................................................................................................................  67   Task  4:  FCoE  Quality  of  Service  (QoS)  ................................................................................................  67   Drawing  3:  NPV  topology  ......................................................................................................................  68   Task  5:  N-­‐Port  Virtualization  (NPV)  and  N-­‐Port  ID  Virtualization  (NPIV)  ...............................................  68   Task  6:  FCoE  NPV  ...............................................................................................................................  69   Chapter  8:  Security  Features  .....................................................................................................................  70   General  Rules  ........................................................................................................................................  71   Pre-­‐setup  ...............................................................................................................................................  71   Drawing  1:  Physical  Topology  ................................................................................................................  71   Drawing  2:  Logical  Topology  ..................................................................................................................  72    ...............................................................................................................................................................  72   Configuration  tasks  ................................................................................................................................  73   Task  1:  Port  Security  ..........................................................................................................................  73   Task  2:  DHCP  Snooping,  DAI,  IP  Source  Guard  ...................................................................................  74   Task  3:  Access  Control  Lists  ...............................................................................................................  74   Task  4:  AAA  services  ..........................................................................................................................  75   Task  5:  802.1X  ....................................................................................................................................  76   Task  6:  Cisco  TrustSec  ........................................................................................................................  77   Chapter  9:  Management  Features  .............................................................................................................  78   General  Rules  ........................................................................................................................................  79   Pre-­‐setup  ...............................................................................................................................................  79   Drawing  1:  Physical  Topology  ................................................................................................................  79   Drawing  2:  Logical  Topology  ..................................................................................................................  80    ...............................................................................................................................................................  80   Configuration  tasks  ................................................................................................................................  81   Task  1:  Role  Based  Access  Control  (RBAC)  .........................................................................................  81   Task  2:  Traffic  monitoring  ..................................................................................................................  82   Task  3:  NetFlow  .................................................................................................................................  82   Task  4:  Management  protocols  .........................................................................................................  82   Task  5:  Device  management  ..............................................................................................................  83   Task  6:  Smart  Call  Home  and  GOLD  ...................................................................................................  84   Chapter  10:  Data  Center  Unified  Computing  Networking  .........................................................................  85   General  Rules  ........................................................................................................................................  86   Pre-­‐setup  ...............................................................................................................................................  87   Drawing  1:  Physical  Topology  ................................................................................................................  87   Configuration  tasks  ................................................................................................................................  88   Copyright © by IPexpert. All rights reserved.

 

8

CCIE Data Center Lab Preparation Workbook

  Task  1:  Initial  set-­‐up  ...........................................................................................................................  88   Task  2:  VLANs  .....................................................................................................................................  88   Task  3:  vNIC  templates  ......................................................................................................................  88   Task  4:  Policies  and  pin  groups  ..........................................................................................................  89   Task  5:  Quality  of  Service  ...................................................................................................................  89   Task  6:  Disjoint  Layer  2  ......................................................................................................................  90   Task  7:  Switch  mode  ..........................................................................................................................  90   Chapter  11:  Data  Center  Unified  Computing  Storage  ...............................................................................  91   General  Rules  .....................................................................................................................................  92   Pre-­‐setup  ...........................................................................................................................................  93   Drawing  1:  Physical  Topology  ............................................................................................................  93   Configuration  tasks  ............................................................................................................................  94   Task  1:  Initial  set-­‐up  ..............................................................................................................................  94   Task  2:  VSANs  ........................................................................................................................................  94   Task  3:  Fibre  Channel  Trunks  and  Port  Channels  ..................................................................................  95   Task  4:  Pools  ..........................................................................................................................................  95   Task  5:  vHBA  templates  .........................................................................................................................  95   Task  6:  SAN  Pinning  and  Storage  Policies  ..............................................................................................  96   Task  7:  Fibre  Channel  Boot  policies  .......................................................................................................  96   Task  8:  iSCSI  Boot  policies  .....................................................................................................................  97   Task  9:  Local  Disk  policies  ......................................................................................................................  97   Chapter  12:  Data  Center  Unified  Computing  Servers  and  Blades  ..............................................................  98   General  Rules  .....................................................................................................................................  99   Pre-­‐setup  .........................................................................................................................................  100   Drawing  1:  Physical  Topology  ..........................................................................................................  100   Configuration  tasks  ..............................................................................................................................  101   Task  1:  Server  pools  .............................................................................................................................  101   Task  2:  UUID  pools  ..............................................................................................................................  101   Task  3:  Management  IP  addresses  ......................................................................................................  101   Task  4:  Server  policies  .........................................................................................................................  102   Task  5:  Service  Profile  Templates  ........................................................................................................  102   Task  6:  Service  Profiles  ........................................................................................................................  103  

Copyright © by IPexpert. All rights reserved.

 

9

CCIE Data Center Lab Preparation Workbook

 

Default  Lab  Topology  

   

Default  passwords  and  IP  addresses   •

• • •

Default  management  username  /  password:  admin  /  IPexpert123   Other  passwords:  ipexpert  

Management  IP  addressing:  172.16.100.0/24   Management  Default  Gateway:  172.16.100.254

Copyright © by IPexpert. All rights reserved.

 

10

CCIE Data Center Lab Preparation Workbook

 

  Chapter  1:   Introduction  to  CCIE   Data  Center               Chapter  1:  Introduction  to  CCIE  Data  Center  introduces  the  team  of  authors,  consultants,  and  editors   that  completed  this  book  and  describes  the  book’s  purpose.  This  chapter  also  provides  suggestions  for   the  usage  of  this  written  work.    

Copyright © by IPexpert. All rights reserved.

 

11

CCIE Data Center Lab Preparation Workbook

 

Who  Should  Read  this  Book?   This  workbooks  primary  audience  is  for  those  CCIE  candidates  that  are  searching  for  the  most   comprehensive  and  error-­‐free  materials  available  covering  the  CCIE  Data  Center  practical  lab  exam.   These  students  should  possess  a  home  rack  of  equipment  for  CCIE-­‐level  command-­‐line  practice,  they   should  possess  an  equipment  emulator  (for  certain  parts  of  the  topology),  or  they  should  rent   equipment  from  a  company  like  www.proctorlabs.com.  The  authors  and  technical  editors  exhaustively   tested  all  of  the  demonstrations  found  throughout  the  technology  tasks,  troubleshooting-­‐  and  full-­‐scale   lab  exercises  against  all  practice  rack  options  described  earlier.  Where  issues  arise  with  popular   equipment  emulators,  the  text  makes  note.  This  book  is  the  most  remarkably  thorough  and  technically   accurate  book  written  on  the  CCIE  Data  Center  lab  exam  to  date.        

How  to  Use  this  Book   This  book  breaks  all  specific  CCIE  Data  Center  technologies  down  on  a  chapter-­‐by-­‐chapter  basis  for  a   complete  and  thorough  review  of  this  broad  set  of  topics.  Each  chapter  is  broken  down  is  various  tasks   regarding  the  subject.  Following  this,  the  Detailed  Solutions  Guide  provided  with  this  workbook  provides   an  intense  examination  of  the  operation  of  the  tasks,  including  key  aspects  of  troubleshooting  for  the   specific  technology.  After  this,  the  book  presents  some  of  the  most  common  issues  that  can  result  with  a   particular  technology-­‐set,  and  most  importantly,  details  the  simple  troubleshooting  tools  and  steps  that   succeed  for  remediation.   The  final  chapters  conclude  the  book  with  sample  lab  scenarios  that  provide  a  full  scale  lab  exam  as  you   will  see  it  when  you  take  the  actual  test.  The  Detailed  Solutions  Guide  then  provides  a  well-­‐designed   approach  for  troubleshooting  each  major  task  and  offers  detailed  explanations.  The  text  provides   reference  guides  for  the  most  popular  and  powerful  show  and  debug  commands  for  a  specific   technology.   Each  chapter  uses  specific  initial  configurations  on  the  specific  chapter.  Readers  may  download  initial   configurations,  or  install  them  in  a  simple  Graphical  User  Interface  (GUI)  on  www.proctorlabs.com.     Students  are  encouraged  to  follow  along  on  a  rack  of  equipment  for  every  section  of  every  chapter.  This   really  enhances  and  strengthens  the  learning  process.    

An  Introduction  to  CCIE  Data  Center   Since  the  release  of  the  Nexus  platform  there  has  been  talk  about  when  these  platforms  were  to  be   introduced  in  a  CCIE  track.  With  the  introduction  of  UCS  in  2009  this  became  an  even  higher  request   especially  since  UCS  really  took  off  in  sales.    

Copyright © by IPexpert. All rights reserved.

 

12

CCIE Data Center Lab Preparation Workbook

  The  scope  of  the  exam  is  pretty  much  based  on  the  usual  suspects,  so  in  summary  you  should  be  aware   of  the:   • • • • • • •

• • •

UCS  B-­‐series  blade  systems   UCS  C-­‐series  rackmount  systems  connected  to  UCS  Manager  via  FEX   Virtual  Interface  Cards  (virtualized  NICs  and  HBAs)  in  all  servers   Nexus  7000  with  all  features  like  VDC,  OTV,  FabricPath,  etc.   Nexus  5500  with  all  features  like  FCoE,  FEX   Nexus  2000  connected  to  either  the  5k  or  the  7k   Nexus  1000V  distributed  virtual  switch  in  ESX   o There  is  no  mention  of  any  VMware  product  in  the  blueprint,  so  expect  ESX  and  vCenter   to  be  pre-­‐installed  on  the  UCS  blades  and  FC  boot  to  pre-­‐configured  disks   MDS  9222i  for  connecting  FC  storage  to  UCS   ACE  appliance   DCNM  management  software    

Availability   The  live  exam  is  available  from  September  1st.   Currently  there  are  no  dates  when  the  lab  is  available.    

Written  exam   The  written  exam  has  an  extensive  blueprint  published  to  Cisco  Learning  Network  (CLN)  including  a   reading  list.      

The  current  published  reading  list:   Data Center Fundamentals (ISBN-10: 1-58705-023-4)  

NX-OS and Cisco Nexus Switching (ISBN-10: 1-58705-892-8)  

Cisco Unified Computing System (UCS) (ISBN-10: 1-58714-193-0)  

I/O Consolidation in the Data Center (ISBN-10: 1-58705-888-X)  

Storage Networking Fundamentals (ISBN-10: 1-58705-162-1)   Copyright © by IPexpert. All rights reserved.

 

13

CCIE Data Center Lab Preparation Workbook

 

Please find the extensive blueprint published by Cisco on the bottom of this blog post.

Lab  exam   There  is  not  much  information  available  regarding  the  lab  exam.  Availability  is  not  mentioned.  There  is   however  information  regarding  the  hardware  list  and  this  is  an  immense  list  of  expensive  hardware  you   require:    

Software  Versions    

 

• • • • • • •

NXOS  v6.0(2)  on  Nexus  7000  Switches   NXOS  v5.1(3)  on  Nexus  5000  Switches   NXOS  v4.2(1)  on  Nexus  1000V   NXOS  v5.2(2)  on  MDS  9222i  Switches   UCS  Software  release  2.0(1x)  for  UCS-­‐6248  Fabric  Interconnect  and  all  UCS  systems   Software  Release  A5(1.0)  on  ACE4710   Cisco  Data  Center  Manager  software  v5.2(2)  

CCIE  Storage?   There  are  currently  no  plans  for  replacing  CCIE  Storage  for  CCIE  Datacenter.  Because  of  this,  there  will   not  be  a  large  focus  on  MDS/FC  configuration  as  there  is  another  track  for  that.    

What  about  P  and  A  tracks?   A  CCNA  Data  Center  and  CCNP  Data  Center  will  be  released  soon!    

Troubleshooting   Troubleshooting  will  be  a  big  part  of  the  exam,  which  is  also  pretty  clear  in  the  blueprint.  There  is  no   confirmation  yet  how  this  will  be  introduced,  either  using  tickets  in  the  CCIE  R&S  or  just  by  pre-­‐ configuration  on  the  lab.  I  can  imagine  that  they  pre-­‐configured  a  broken  Nexus  1000V  on  an  ESX   installation  on  one  of  the  JBODs.  More  information  on  how  this  troubleshooting  is  done  will  be  available   during  other  Q&A  sessions.  The  implication  is  that  it  might  be  trouble  tickets  like  the  CCIE  R&S.  

Copyright © by IPexpert. All rights reserved.

 

14

CCIE Data Center Lab Preparation Workbook

 

An  Introduction  to  the  Proctor  Labs  CCIE  Data  Center  hardware  rack     The  IPexpert  CCIE  Data  Center  rack  will  support  100%  of  the  features  that  are  tested  on  the  lab!  We   have  based  the  topology  to  be  close  as  possible  on  the  CCIE  Data  Center  rack  layout,  but  have  ensured   that  all  features  and  functionality  is  there.   Our  CCIE  Data  Center  rack  layout  is  based  on  the  very  limited  information  that  has  been  made  available   by  Cisco.  IPexpert  has  been  in  close  contact  with  the  people  involved  in  creating  this  lab  exam,  and   therefore  the  layout  of  the  rack  is  based  on  some  early  examples  and  the  published  components  and   software  version  blueprint.   As  you  will  see  the  topology  is  very  much  based  on  a  common  datacenter  design  and  has  more  'static'   layout  than  other  CCIE  tracks.   The  blueprint  specified  the  following  components  to  be  in  the  lab:   First  is  the  NX-­‐OS  Networking  equipment.   •

• •

Nexus7009  (with  licensing)   o (1)  Sup   o (1)  32  Port  10Gb  (F1  Module)   o (1)  32  Port  10Gb  (M1  Module)   Nexus5548   Nexus2232  

  The  Nexus  7000  will  be  configured  with  VDC's  to  simulate  various  different  topologies  and  create   multiple  'core  switch'  layers  within  the  network.   Nexus  5548  will  be  used  as  a  'distribution'  layer  within  the  datacenter  network.  The  Nexus  2k's  can  be   configured  as  FEX  for  the  Nexus  7000;  Nexus  5000  and  the  Fabric  Interconnects  of  the  UCS  system  to   connect  the  UCS  C-­‐series  rack  mount  servers.  The  VDC's  are  a  major  component  in  the  network  as  the   number  of  devices  is  limited  and  the  connectivity  is  very  much  based  on  a  best  practice  design.   The  below  drawing  illustrates  an  example  topology  from  our  new  CCIE  Data  Center  lab  preparation   workbook  which  is  currently  under  development.   All  these  interconnections  and  switches  are  based  within  a  single  physical  chassis  with  complete   separation  of  the  control  and  data  plane  protocols!    

Copyright © by IPexpert. All rights reserved.

 

15

CCIE Data Center Lab Preparation Workbook

 

Second  is  the  storage  networking  (SAN)  equipment:  

 

• •

Dual  attached  JBODs  =  Fibre  Channel  disks   MDS  9222i  (dual  fabric)  

The  MDS  switches  used  in  the  lab  are  capable  of  a  ton  of  features.  The  blueprint  however  only  describes   certain  fibre-­‐channel  features  which  are  considered  'basic'  features  like  zoning,  VSANs,  oversubscription   and  ISLs.  The  other  major  topic  on  the  blueprint  is  Fibre  Channel  Expansion  over  FCIP  and  iSCSI.  These   features  are  the  IP  features  supported  by  the  MDS  platform.  The  1G  Ethernet  connections  are   connected  to  the  Nexus  switches  for  testing  the  expansion  features.  Through  that  connection  it's   possible  to  connect  the  MDS  switches  across  another  connection  than  Fibre  Channel.  As  the  CCIE   Storage  track  is  not  being  replaced  by  the  CCIE  Data  Center  the  focus  on  Storage  Networking  (SAN)   features  is  not  that  big.  The  major  topics  are  more  in  the  features  that  aren't  tested  in  any  other  CCIE   track.   The  JBODs  mentioned  in  this  list  represent  just  plain  simple  hard-­‐disks  that  are  connected  via  Fibre   Channel.  They  are  used  later  as  shared  storage  for  the  UCS  system.   The  third  major  component  within  the  hardware  blueprint  is  the  Unified  Computing  System  (UCS).       • •



UCS-­‐6248  Fabric  Interconnects   UCS-­‐5108  Blade  Chassis   o B200  M2  Blade  Servers   o Palo/VIC  mezzanine  card   o Menlo/Emulex  mezzanine  card   UCS  C200  Series  Server  =  Connected  to  Fabric  Interconnects   o VIC  card  for  C-­‐series  

Copyright © by IPexpert. All rights reserved.

 

16

CCIE Data Center Lab Preparation Workbook

    This  is  based  on  the  C-­‐series  rackmount  servers,  connected  to  the  Fabric  Interconnects  so  the  C-­‐series   can  also  be  managed  from  the  central  UCS  manager  the  same  as  the  Blade  chassis  is  managed.   The  blades  are  equipped  with  different  NICs.  This  also  means  a  little  different  configuration.  The  VIC   cards  are  the  most  interesting  ones  as  they  can  virtualize  NICs  to  present  to  the  OS.       Ones  inside  the  blades  there  is  a  pre-­‐installed  VMware  ESX(i)  environment  with  a  Nexus  1000v   distributed  virtual  switch.  As  this  is  a  Cisco  lab  exam,  you  are  not  required  to  know  anything  about   VMware.  Of  course  you  will  need  to  be  able  to  install  this  environment  in  your  possible  own  lab,  but   when  you  step  into  the  lab  you  will  face  a  pre-­‐installed  VMware  and  1000V.  After  that,  the  switch  is  not   configured  and  you  are  required  to  configure  it.     The  final  topic  on  the  blueprint  is  called  ANS  (Application  Networking  Services).  This  means  an  ACE   appliance  is  in  your  lab  that  you  will  need  to  configure.  There  is  not  much  very  interesting  going  on  there   and  you  will  not  see  a  lot  of  points  on  that  appliance.  You  will  need  to  know  the  topics  as  described  on   the  lab  blueprint  and  our  workbook  will  focus  a  whole  section  on  these  specific  topics.     The  last  components  are  used  for  management.  You  will  not  be  configuring  these  devices,  but  just  using   them  from  your  student  workstation  to  access  the  network.   • •

Cisco  Catalyst  Switch  3750  =  management  ethernet  connections   Cisco  2511  Terminal  Server  =  console  lines  

 

What  is  not  mentioned  on  the  hardware  blueprint  list  is  that  you  will  also  need  to  be  able  to  configure   (or  set-­‐up)  the  DCNM  software  as  is  being  given  by  Cisco  when  you  purchase  enough  Nexus  equipment.   Again  this  is  not  extremely  difficult,  but  you  need  to  be  aware  of  the  basic  configuration  items  related  to   this  software.    

Software  Versions   • • • • •

NXOS  v6.0(2)  on  Nexus  7000  Switches   NXOS  v5.1(3)  on  Nexus  5000  Switches   NXOS  v4.2(1)  on  Nexus  1000v   NXOS  v5.2(2)  on  MDS  9222i  Switches   UCS  Software  release  2.0(1x)  for  UCS-­‐6248  Fabric  Interconnect  and  UCS  system  

Copyright © by IPexpert. All rights reserved.

 

17

CCIE Data Center Lab Preparation Workbook

  • •

Software  Release  A5(1.0)  for  ACE  4710   Cisco  Data  Center  Manager  software  v5.2(2)  

 

Above  you'll  find  a  reference  overview  of  the  used  software  versions.  The  exact  versions  are  still   unknown  where  we  might  be  using  newer  software  versions  as  our  IPexpert  lab  will  be  using  quite  new   hardware  for  virtualization  purposes.  Within  the  Nexus  7000  we  will  be  using  the  new  Supervisor  2E,   meaning  that  we  are  able  to  build  8  VDC's  and  1  management  VDC  meaning  we  have  enough  flexibility   for  some  challenging  topologies!      

The  next  chapter  of  this  workbook,  Chapter  2:  Data  Center  Networking  Layer  2  Infrastructure  (NX-­‐OS)   begins  with  the  initial  topic  on  the  CCIE  Data  Center  Blueprint  regarding  layer  2  switching,  VLANs,   Private-­‐VLANs,  Spanning-­‐Tree  and  other  layer  2  features  on  the  NX-­‐OS  platform.  

Copyright © by IPexpert. All rights reserved.

 

18

CCIE Data Center Lab Preparation Workbook

 

 

Chapter  2:  Data   Center  Networking   Layer  2   Infrastructure     (NX-­‐OS)         Chapter  2:  Data  Center  Networking  Layer  2  Infrastructure  (NX-­‐OS)  is  intended  to  let  you  be  familiar   with  the  NX-­‐OS  CLI  on  the  Nexus  switches  and  afterwards  configure  Layer  2  Ethernet  features  on  the   physical  Nexus  switches  within  the  topology  as  shown  at  the  beginning  of  this  workbook.  We  highly   recommend  to  create  your  own  diagram  at  the  beginning  of  each  lab  so  you  are  able  to  draw  on  your   own  diagram,  making  it  much  easier  when  you  step  into  the  real  lab.  Our  devices  start  with  a  blank   configuration,  which  will  not  be  the  case  when  you  are  in  the  real  lab.  Then  devices  are  staged  with   configuration  containing  usernames/passwords,  management  IP  addressing,  core  IP  addressing  and   (possible)  errors.  

Copyright © by IPexpert. All rights reserved.

 

19

CCIE Data Center Lab Preparation Workbook

 

General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     3  hours  

 

Pre-­‐setup   •

Connect  to  the  Nexus  7000  switch  and  Nexus  5000  switches  within  the  topology  



Use  the  central  topology  drawing  at  the  start  of  this  workbook  



This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctorlabs   (www.proctorlabs.com).  Connect  to  the  terminal  server  and  complete  the  configuration  tasks  as   detailed  below.  

 

Topology  

 

Copyright © by IPexpert. All rights reserved.

 

20

CCIE Data Center Lab Preparation Workbook

 

Configuration  tasks   Task  1:  General  set-­‐up   1. Erase  the  configuration  from  all  3  switches  and  reboot  and     2. Configure  the  default  parameters  as  mentioned  in  in  the  Generic  Lab  Topology     3. Configure  the  Nexus  7000  switch  with  a  hostname  of  “SW1-­‐1”  and  the  Nexus  5500  switches  with   hostnames  of  “SW2”  and  “SW3”   4. Ensure  the  switches  will  not  perform  any  DNS  lookups   5. Configure  “ipexpert.com”  as  the  DNS  domain  name   6. Ensure  that  both  encrypted  and  unencrypted  management  connections  are  allowed   7. Save  the  configuration  using  the  wr  command   8. On  SW1-­‐1  configure  a  message,  containing  the  hostname  and  warning  unauthorized  users,  that   is  shown  each  time  a  user  logs  in   9. Use  the  serial  number  of  “SW1-­‐1”  as  the  ID  which  is  used  to  advertise  the  switch  using  CDP   10. Ensure  only  CDP  version  2  packets  are  sent  from  “SW1-­‐1”   11. Disable  CDP  on  the  management  ethernet  interface   12. Ensure  a  log  message  is  generated  when  more  than  999  packets  per  second  are  sent  or  received   on  the  management  ethernet  interface  

  Task  2:  Implement  VLANs   1. Configure  all  inter-­‐switch  links  as  described  by  the  topology  drawing  at  the  beginning  of  this   chapter  to  be  in  layer  2  trunk  mode  allowing  VLANs  100  up  to  499   2. After  specifying  the  allowed  range,  remove  VLAN  333  from  this  range  with  a  single  command,   without  specifying  the  previous  range  (or  parts  of  it)  again   3. Configure  all  switches  to  be  in  VTP  domain  “IPexpert”   4. Ensure  VLANs  are  removed  from  switches  that  have  no  active  hosts  in  that  VLAN,  except  for   VLAN  101.  This  VLAN  101  should  always  be  active  on  the  switch  not  depending  on  this   configuration  task   5. Enable  the  latest  version  of  VTP   6. Store  the  VTP  database  configuration  with  filename  ‘ipexpert.dat’   Copyright © by IPexpert. All rights reserved.

 

21

CCIE Data Center Lab Preparation Workbook

  7. Ensure  SW2  and  SW3  will  have  new  VLANs  being  pushed  by  SW1-­‐1  and  are  not  able  to  create   new  VLANs  by  themselves     8. Secure  the  VTP  protocol  with  a  password  of  ‘ipexpert’   9. Create  VLANs  101,  102,  103  and  104  and  ensure  they  are  visible  on  all  switches   10. Assign  names  to  all  VLANs  by  format  of  “IPexpertVLAN#”  where  #  is  the  VLAN  number   11. Configure  SW1-­‐1  so  the  following  output  is  matched     12. (Ports  section  should  show  all  active  trunks):   SW1-1(config)# sh ip igmp snooping IGMP Snooping information for vlan IGMP Snooping information for vlan IGMP Snooping information for vlan IGMP Snooping information for vlan IGMP Snooping information for vlan IGMP Snooping information for vlan IGMP Snooping information for vlan IGMP Snooping information for vlan IGMP Snooping information for vlan IGMP Snooping information for vlan SW1-1(config)# sh vlan brief

| in vlan 1 101 102 103 104 105 1002 1003 1004 1005

VLAN Name ---- -----------------------------------1 default 101 VLAN0101 102 VLAN0102 103 VLAN0103 104 VLAN0104 1002 fddi-default 1003 token-ring-default 1004 fddinet-default 1005 trnet-default

Status Ports --------- -------------------------active active active active active suspended suspended suspended suspended

SW1-1(config)#

Task  3:  Implement  Private-­‐VLANs   Note:  This  lab  will  be  using  unused  ports  in  the  topology  to  simulate  hosts  being  connected.  For   clarification  of  the  tasks  it’s  advisable  to  read  the  entire  task  before  starting  your  configuration.   1. A  firewall  is  connected  to  Ethernet3/19  on  SW1-­‐1  which  should  receive  all  traffic  from  DMZ   hosts.  This  port  should  be  in  VLAN  200.  You  are  allowed  to  change  configuration  from  the   previous  task  to  accomplish  this.  

Copyright © by IPexpert. All rights reserved.

 

22

CCIE Data Center Lab Preparation Workbook

  2. Ensure  that  hosts  in  VLAN  201  are  not  able  to  communicate  with  each  other,  but  only  to  the   firewall  connected  to  Ethernet3/19   3. Configure  ports  Ethernet3/20  and  Ethernet3/21  in  VLAN  201   4. Hosts  in  VLAN  202  and  203  are  able  to  communicate  to  each  other  in  the  VLAN  and  to  the   firewall,  but  not  to  hosts  in  the  other  VLAN  (202  can’t  communicate  with  203  and  vice  versa)   5. Configure  ports  Ethernet3/22  and  Ethernet3/23  in  VLAN202.  Configure  ports  Ethernet3/24  and   Ethernet3/25  in  VLAN203   6. DMZ  servers  in  VLAN  204  need  to  be  secured.  They  are  not  allowed  to  communicate  to  each   other,  but  they  can  communicate  with  the  rest  of  the  IP  network  by  reaching  a  default  gateway   configured  on  SW1-­‐1  with  IP  address  10.1.10.254/24 7. Hosts  connected  in  VLAN  204  are  connected  on  SW2.  Configure  the  first  trunk  connection  for   this  use.  Configure  Ethernet  1/21,  1/22  and  1/23  in  VLAN205  on  SW2  and  ensure  they  are  able   to  reach  the  default  gateway  to  the  network.  Hosts  are  not  allowed  to  communicate  to  each   other.   8. Other  hosts  of  VLAN  201  and  202  are  also  connected  to  SW2.  Use  the  second  trunk  connection   between  SW1  and  SW2  for  this  use.  The  hosts  of  VLAN201  are  connected  to  ports  Ethernet  1/24   and  1/25.  The  host  of  VLAN  202  is  connected  to  Ethernet  1/26     Task  4:  Implement  Rapid  Spanning-­‐Tree  protocol   1. Ensure  non-­‐core-­‐facing  interfaces  on  SW2  and  SW3  are  not  generating  any  spanning-­‐tree   topology  changes   2. Configure  SW2  to  be  the  root  bridge  for  VLAN  101  and  SW3  to  be  the  backup  root  bridge   3. Ensure  all  switches  are  using  optimal  spanning-­‐tree  timers  for  the  size  of  the  layer  2  network  to   optimize  network  convergence.  Do  not  configure  timer  values  to  complete  this  task.   4. Configure  SW1  to  be  the  root  bridge  for  VLAN  102     5. Ensure  that  new  bridges  with  a  default  spanning-­‐tree  configuration  will  never  be  elected  as  a   root  bridge  in  VLAN  102  when  SW1  fails   6. When  traffic  steering  is  necessary,  you  are  required  to  use  values  higher  than  100,000   7. Configure  the  network  in  such  a  way  that  SW1  is  using  SW3  as  the  best  path  towards  the  root   bridge  of  the  network  in  VLAN  101   8. Ensure  that  the  last  interface  (fourth  link)  between  all  switches  is  used  as  primary  

Copyright © by IPexpert. All rights reserved.

 

23

CCIE Data Center Lab Preparation Workbook

  9. Configure  spanning-­‐tree  of  VLAN  103  to  converge  in  the  shortest  time  possible   10. Configure  all  inter-­‐switch-­‐links  to  utilize  IEEE  802.1w  ‘Rapid  Connectivity’   11. Remove  all  spanning-­‐tree  related  configuration  from  interfaces  and  global  configuration  on  all   switches  before  continuing  with  the  next  task     Task  5:  Implement  Multiple  Spanning-­‐Tree  protocol   1. Configure  SW1,  SW2  and  SW3  to  run  the  IEEE  802.1s  protocol   2. Configure  the  following  parameters  on  SW1     3. MST  name  of  IPexpert     4. MST  configuration  number  of  5 5. Map  VLAN  10  through  99  to  instance  1   6. Map  VLAN  100  through  199  to  instance  2   7. Map  VLAN  800  through  1299  to  instance  3   8. Ensure  MST  is  functioning  properly  on  all  switches   9. Assume  Private  VLANs  are  in  use.  Ensure  that  all  secondary  VLANs  are  in  the  same  MSTI  as  their   associated  primary  VLAN   10. Configure  SW2  to  be  the  root  bridge  for  instance  1  by  configuring  the  lowest  possible  value   11. Try  making  SW3  the  primary  root  bridge  for  instance  1  using  the  dedicated  command  for  this.   What  happens?   12. Make  SW3  the  backup  root  bridge  for  instance  1.  You  are  allowed  to  configure  other  switches,   but  not  SW3.   13. Ensure  all  switches  are  using  optimal  spanning-­‐tree  timers  for  the  size  of  the  layer  2  network  to   optimize  network  convergence.   14. When  traffic  steering  is  necessary,  you  are  required  to  use  values  higher  than  100,000   15. Configure  the  network  in  such  a  way  that  SW1  is  using  SW3  as  the  best  path  towards  the  root   bridge  of  the  network  in  instance  2   16. Ensure  that  all  instances  use  a  different  interface  between  the  switches  to  ensure  load  balancing   between  instances.  Meaning  instance  0  uses  interface  1,  etc.    

Copyright © by IPexpert. All rights reserved.

 

24

CCIE Data Center Lab Preparation Workbook

  17. Ensure  BPDUs  are  discarded  when  the  network  is  larger  than  10  hops   18. Assume  a  switch  with  an  old  version  of  software  is  connected  to  Ethernet  1/16  on  SW2.   Configure  this  interface  to  pro-­‐actively  send  pre-­‐standard  MST  messages    

  Task  6:  Spanning-­‐Tree  and  UDLD  features   1. Configure  SW3  so  that  all  ports,  when  not  configured  individually,  are  seen  as  network  edge   ports   2. Configure  Ethernet  1/10  on  SW3  so  the  port  is  put  in  error-­‐disabled  state  when  spanning-­‐tree   packets  are  received   3. Configure  Ethernet1/11  on  SW3  so  the  port  will  never  process  spanning-­‐tree  protocol  data   units,  but  will  allow  other  layer  2  frames   4. Ensure  that  Ethernet  1/10  on  SW2  will  also  never  process  spanning-­‐tree  protocol  packets,  but   you  are  not  allowed  to  configure  the  command  required  for  this  directly  under  the  interface   5. Ensure  Ethernet  1/11  on  SW2  will  never  become  a  root  port  on  the  switch   6. Ethernet1/12  on  SW2  should  never  become  the  designated  port  of  the  LAN  segment   7. Assume  the  network  is  running  MST  and  Ethernet  1/13  on  SW3  is  connected  to  a  Rapid-­‐PVST+   network.  Ensure  that  this  port  will  fail  to  interoperate  with  this  other  kind  spanning-­‐tree   protocol  for  security  reasons.   8. Use  a  Cisco-­‐proprietary  protocol  which  allows  devices  that  are  connected  through  fiber  or   copper  cables  to  monitor  the  physical  configuration  of  the  cables  and  detect  when  a   unidirectional  link  exists  on  Ethernet  1/12  on  SW3   9. Use  a  method  on  Ethernet  1/12  on  SW3  which  disables  one  of  the  ports  on  the  link,  which   prevents  traffic  from  being  discarded.  

  Task  7:  Fabric  Extenders   1. Use  SW2  and  FEX1  for  these  tasks   2. Name  the  fabric  extender  as  “IPexpert Fabric Extender 1”   3. Ensure  the  LED  on  the  FEX  starts  blinking  for  easier  locating  the  FEX  in  a  rack   4. Ensure  the  output  of  the  following  show  command  is  matched  on  SW2:     Copyright © by IPexpert. All rights reserved.

 

25

CCIE Data Center Lab Preparation Workbook

  SW2# show interface port-channel 4 fex-intf Fabric FEX Interface Interfaces --------------------------------------------------Po4 Eth101/1/48 Eth101/1/47 Eth101/1/46 Eth101/1/44 Eth101/1/43 Eth101/1/42 Eth101/1/40 Eth101/1/39 Eth101/1/38 Eth101/1/36 Eth101/1/35 Eth101/1/34 Eth101/1/32 Eth101/1/31 Eth101/1/30 Eth101/1/28 Eth101/1/27 Eth101/1/26 Eth101/1/24 Eth101/1/23 Eth101/1/22 Eth101/1/20 Eth101/1/19 Eth101/1/18 Eth101/1/16 Eth101/1/15 Eth101/1/14 Eth101/1/12 Eth101/1/11 Eth101/1/10 Eth101/1/8 Eth101/1/7 Eth101/1/6 Eth101/1/4 Eth101/1/3 Eth101/1/2

Eth101/1/45 Eth101/1/41 Eth101/1/37 Eth101/1/33 Eth101/1/29 Eth101/1/25 Eth101/1/21 Eth101/1/17 Eth101/1/13 Eth101/1/9 Eth101/1/5 Eth101/1/1

Task  8:  Misc  features   1. Read  this  whole  section  first,  before  starting  your  configuration!   2. Configure  Ethernet  5/16,  5/17  and  5/18  on  SW1-­‐1  with  the  settings  from  the  following  bullets  (3   through  6).     3. Layer  2  trunk  port  with  VLAN  101  through  104  allowed   4. Rx  flowcontrol  should  be  enabled   5. Disable  the  automatic  cross/straight  cable  detection   6. ‘show  interface’  should  show  usage  statistics  using  sampling  intervals  of  30,  60  and  120  seconds   7. You  are  only  allowed  to  have  the  settings  for  these  interfaces  showing  up  once  in  the   configuration  

Copyright © by IPexpert. All rights reserved.

 

26

CCIE Data Center Lab Preparation Workbook

 

  Chapter  3:  Data   Center  Networking   Layer  3   Infrastructure  (NX-­‐ OS)       Chapter  3:  Data  Center  Networking  Layer  3  Infrastructure  is  intended  to  let  you  be  familiar  with  the   NX-­‐OS  Layer  3  features  on  the  Nexus  platforms  to  create  a  basic  routed  network.  The  second  part  of  this   chapter  consists  of  Data  Center  extension  and  Layer  2  routing  features.  We  highly  recommend  to  create   your  own  diagram  at  the  beginning  of  each  lab  so  you  are  able  to  draw  on  your  own  diagram,  making  it   much  easier  when  you  step  into  the  real  lab.  The  lab  is  divided  in  two  pieces.  During  the  first  tasks  you   will  be  configuring  a  dynamically  routed  layer  3  network  using  EIGRP  and  OSPF  protocols.  The  second   part  of  this  chapter  is  based  on  the  Cisco  proprietary  technologies  FabricPath  and  OTV.  Multiple   topology  drawings  are  available  for  this  chapter.  

    Copyright © by IPexpert. All rights reserved.

 

27

CCIE Data Center Lab Preparation Workbook

 

General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     3  hours  

 

Pre-­‐setup   •

Connect  to  the  Nexus  7000  switch  and  Nexus  5000  switches  within  the  topology  



Use  the  central  topology  drawing  at  the  start  of  this  workbook  



Load  the  initial  configuration  of  Chapter  2  on  the  Nexus  7000  switch  to  stage  the  Virtual  Device   Contexts  needed  for  this  lab  



When  starting  the  second  part  of  this  lab  for  configuring  Fabric  Path  and  OTV  the  second  set  of   initial  configuration  should  be  loaded  on  the  Nexus  7000  to  create  a  different  topology  with   Virtual  Device  Contexts  



This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor  Labs   (www.proctorlabs.com).  Connect  to  the  terminal  server  and  complete  the  configuration  tasks  as   detailed  below  

Copyright © by IPexpert. All rights reserved.

 

28

CCIE Data Center Lab Preparation Workbook

 

Drawing  1:  Physical  Topology  Routing  

 

Drawing  2:  Logical  Routing  Topology  

Copyright © by IPexpert. All rights reserved.

 

29

CCIE Data Center Lab Preparation Workbook

 

Configuration  tasks   Task  1:  Layer  3  topology  set-­‐up   •

Configure  the  Nexus  5500  switches  with  hostnames  of  “SW2”  and  “SW3”.  The  Nexus  7000  VDC’s   should  already  have  hostnames  through  the  loading  of  the  initial  configuration.  Use  switchto vdc  and  switchback  to  move  between  different  switches  on  the  Nexus  7000.  



Configure  all  switches  so  they  can  all  carry  the  layer  2  VLANs  as  described  in  drawing 1  



Configure  sufficient  inter-­‐switch-­‐links  to  carry  the  VLANs  between  the  switches  



Configure  IP  addressing  on  SVI  and  physical  interfaces  according  to  drawing 1



Configure  all  switches  to  have  a  Loopback0  interface  with  an  IP  address  of  198.18.0.Z/32   where  Z  is  the  router  number  /  host  address  as  specified  in  drawing 1  

Task  2:  Static  routing   •

Ensure  SW1-­‐3  can  ping  the  loopback  address  of  SW1-­‐4  from  its  own  loopback  address  



SW1-­‐1  should  be  able  to  ping  the  loopback  address  of  SW1-­‐2  and  vice  versa  without  using  the   directly  connected  link  between  those  switches,  but  should  use  the  path  over  SW1-­‐3  and  SW1-­‐4   for  this  



Configure  SW1-­‐2  to  be  a  blackhole  for  the  192.0.1.0/24  prefix.  Give  this  entry  a  tag  of  666 and   an  increased  preference  of +1



Ensure  that  all  layer  3  interfaces  on  SW1-­‐2  do  not  send  out  any  unreachable  messages  



Remove  all  static  routes  before  continuing  with  the  next  tasks    

Task  3:  EIGRP   •

Configure  a  secure  EIGRP  adjacency  between  SW1-­‐2  and  SW1-­‐4  



Ensure  Loopbacks  are  reachable  and  dynamically  advertised.  Ensure  that  there  are  no  attempts   to  make  adjacencies  on  the  Loopback  interfaces.  



Use  64999  as  autonomous  system  number  and  IPEXPERT  as  the  EIGRP  process  name  

Copyright © by IPexpert. All rights reserved.

 

30

CCIE Data Center Lab Preparation Workbook

  •

Configure  4  static  routes  for  198.18.4.0/24 through 198.18.7.0/24 on  SW1-­‐4  and   ensure  they  are  reachable  through  a  single  EIGRP  routing  entry  on  SW1-­‐2.  Besides  the  single   entry  the  198.18.5.0/24  network  should  also  be  seen  in  the  routing  table  of  SW1-­‐2.    



Use  wide  metrics  with  a  scaling  factor  of  64  



Change  the  bandwidth  that  EIGRP  may  use  on  an  interface  10%  lower  than  default  



Update  the  link  between  SW1-­‐2  and  SW1-­‐4  so  the  EIGRP  neighbor  is  declared  down  after  4  hello   packets.  You  are  only  allowed  to  change  configuration  on  SW1-­‐2  to  accomplish  this  



Routes  which  are  declared  active  should  become  Stuck in Active  after  5  minutes  



Routes  should  be  advertised  as  unreachable  when  there  are  more  than  50  hops  in  the  network  



Update  the  K3  value  on  the  SW1-­‐2  to  SW1-­‐4  interfaces  to  500  

Task  4:  OSPF   •

Configure  the  OSPF  network  as  shown  in  drawing 2.  Use  the  dotted  decimal  notation  to   configure  area 264  



Ensure  that  all  OSPF  routers  can  reach  each  other’s  Loopback  addresses  



Ignore  the  MTU  size  between  SW1-­‐1  and  SW1-­‐3  when  forming  an  adjacency  



Ensure  that  SW2  will  never  become  a  designated  router  on  any  OSPF  interface  



Ensure  that  SW3  will  never  become  a  designated  router  on  any  OSPF  interface  



Ensure  all  adjacencies  in  area  0  are  secured  using  a  hashed  version  of  “IPexpertSecure”  



Ensure  area  1  is  secure  using  a  simple-­‐text-­‐password  of  “IPexpert”



Configure  4  additional  Loopback  interfaces  on  SW2  with  IP  addresses  of  198.18.128.1/24 through  198.18.131.1/24  and  ensure  they  are  seen  as  a  single  entry  in  the  backbone  area   and  other  areas  without  overlapping  other  IP  space  



Configure  a  Loopback1  interface  on  SW1-­‐3  with  an  IP  address  of  198.18.13.1/24  and   ensure  this  whole  subnet  is  seen  throughout  the  layer  3  network  



Type  3,  4  and  5  LSA’s  are  not  allowed  in  area  1  



Ensure  that  routers  do  not  attract  traffic  for  2  minutes  after  booting  up  

Copyright © by IPexpert. All rights reserved.

 

31

CCIE Data Center Lab Preparation Workbook

 

Task  5:  Redistribution,  BFD  and  ECMP   •

Configure  redistribution  between  EIGRP  and  OSPF  on  SW1-­‐4  and  SW1-­‐2  



Ensure  full  reachability  is  achieved  while  maintaining  all  requirements  from  previous  tasks  



Ensure  all  links  towards  area  0  are  used  when  traffic  is  exiting  area  1  



Ensure  that  all  Dynamic  Routing  adjacencies  on  SW1-­‐2  towards  adjacent  devices  are  terminated   using  a  dedicated  detection  protocol  



BFD  sessions  between  SW1-­‐2  and  SW3  should  be  secured  using  a  hashed  key  of   “IPexpertSecure”  



Ensure  neighbor  failures  on  SW1-­‐2  are  detected  within  300ms  



Configure  OSPF  and  EIGRP  so  they  use  the  dedicated  fast-­‐hello  failure  detection  mechanism  

Task  6:  Layer  3  switching  features   •

Ensure  a  static  layer  2  to  layer  3  mapping  is  created  on  VLAN  112  on  SW1-­‐1  for   198.18.112.24  to  mac  address  abcd.1234.5678  



Configure  SW2  so  that  it  detects  duplicate  IP  addresses  and  updates  it’s  cache  on   Ethernet1/5  



Ensure  that  SW1-­‐1  reserves  space  for  2750  outstanding  ARP  entries  in  the  ASIC  to  prevent  the   ARP  replies  are  dropped  when  returned  and  attempted  to  install  in  the  ASIC  hardware  



Configure  all  switches  so  they  use  RFC 1191  

Copyright © by IPexpert. All rights reserved.

 

32

CCIE Data Center Lab Preparation Workbook

 

Drawing  3:  FabricPath  /  OTV  Topology    

    Task  7:  FabricPath  and  OTV   •

Load  the  initial  configuration  file  for  part 2 of chapter 2,  which  will  create  a  topology   according  to  drawing 3  



Create  VLAN  666  on  all  relevant  switches  in  the  topology  



Ensure  hosts  on  VLAN  666  can  communicate  via  layer  2  on  all  4  edge  switches  using  the   technologies  as  mentioned  in  drawing 3



Use  the  198.18.10.0/24  subnet  when  a  layer  3  link  is  required  in  the  topology  



Configure  VLAN  interfaces  (SVIs)  with  the  following  IP  addresses:   SW2:  198.18.66.1/24   SW3:  198.18.66.2/24   SW1-­‐3:  198.18.66.3/24   SW1-­‐4:  198.18.66.4/24



Ensure  traffic  is  using  all  links  between  the  switches  to  reach  from  SW2  and  SW3  to  SW1-­‐3  and   SW1-­‐4  

Copyright © by IPexpert. All rights reserved.

 

33

CCIE Data Center Lab Preparation Workbook

  •

Verify  this  task  is  completed  successfully  by  being  able  to  ping  all  198.18.66.x  interfaces  of   all  edge  switches  

                                             

Copyright © by IPexpert. All rights reserved.

 

34

CCIE Data Center Lab Preparation Workbook

 

  Chapter  4:  Data   Center  Networking   High  Availability   (NX-­‐OS)     Chapter  4:  Data  Center  Networking  High  Availability  (NX-­‐OS)  is  intended  to  let  you  be  familiar  with  the   NX-­‐OS  High  Availability  features  on  the  Nexus  platforms  to  create  a  high  available  network.  Various   types  of  deployments  of  Port-­‐channels  and  Virtual  Port-­‐channels  are  discussed  in  this  chapter.  The   second  part  of  this  chapter  focuses  on  First  Hop  Redundancy  Protocols  (FHRPs)  and  High  Available   features  of  dynamic  routing  protocols.  The  third  part  focuses  on  a  special  implementation  of  virtual   port-­‐channels  in  FabricPath  networks.   We  highly  recommend  creating  your  own  diagram  at  the  beginning  of  each  lab  so  you  are  able  to  draw   on  your  own  diagram,  making  it  much  easier  when  you  step  into  the  real  lab.   Multiple  topology  drawings  are  available  for  this  chapter.    

Copyright © by IPexpert. All rights reserved.

 

35

CCIE Data Center Lab Preparation Workbook

 

General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     3  hours  

 

Pre-­‐setup   •

Connect  to  the  Nexus  7000  switch  and  Nexus  5000  switches  within  the  topology  



Use  the  central  topology  drawing  at  the  start  of  this  workbook  



Load  the  initial  configuration  of  Chapter  4  on  the  Nexus  7000  switch  to  stage  the  Virtual  Device   Contexts  needed  for  this  lab  



When  starting  the  third  part  of  this  lab  regarding  virtual  Port-­‐Channels  within  FabricPath   networks  the  second  set  of  initial  configuration  should  be  loaded  on  the  Nexus  7000  to  create  a   different  topology  with  Virtual  Device  Contexts  



This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor  Labs   (www.proctorlabs.com).  Connect  to  the  terminal  server  and  complete  the  configuration  tasks  as   detailed  below  

Copyright © by IPexpert. All rights reserved.

 

36

CCIE Data Center Lab Preparation Workbook

 

Drawing  1:  Physical  Topology  

 

                     

Copyright © by IPexpert. All rights reserved.

 

37

CCIE Data Center Lab Preparation Workbook

 

Drawing  2:  Logical  Topology    

 

Copyright © by IPexpert. All rights reserved.

 

38

CCIE Data Center Lab Preparation Workbook

 

Configuration  tasks   Task  1:  Topology  set-­‐up   1. Configure  the  Nexus  5500  switches  with  hostnames  of  “SW2”  and  “SW3”.  The  Nexus  7000  VDC’s   should  already  have  hostnames  through  the  loading  of  the  initial  configuration.  Use  switchto vdc  and  switchback  to  move  between  different  switches  on  the  Nexus  7000.   2. Create  the  VLANs  as  are  required  on  the  switches  as  shown  in  drawing 2   3. Configure  IP  addressing  on  SVI  and  interfaces  according  to  drawing 2 4. Configure  all  switches  to  have  a  Loopback0  interface  with  an  IP  address  of  198.18.0.Z/32   where  Z  is  the  router  number  /  host  address  as  specified  in  drawing 2   Task  2:  Port-­‐Channels   1. Configure  Ethernet3/1  and  Ethernet3/2  on  SW1-1  and  Ethernet1/1  and  Ethernet 1/2  on  SW2  to  be  a  single  logical  connection  to  carry  the  VLAN  required  as  stated  in  drawing 2.  Use  number 1  for  this  connection.   2. Configure  Ethernet3/5  and  Ethernet3/6  on  SW1-2  and  Ethernet1/1  and   Ethernet1/2  on  SW3  to  be  a  single  logical  connection  to  carry  the  VLAN  required  as  stated  in   drawing 2.  Use  number 2 for  this  connection.   3. Configure  logical interface 1  to  negotiate  it’s  bundling  capabilities  between  the   switches   4. SW2  should  never  actively  start  negotiating  link  bundling   5. Logical interface 1  is  used  for  bandwidth  reasons  and  should  therefore  shutdown   when  there  is  less  than  20Gbps  capacity  available  in  the  bundle   6. Logical interface 1  should  mark  interfaces  as  hot-­‐standby  when  additional  interfaces   are  added  to  the  bundle   7. Configure  Ethernet1/5  and  Ethernet1/6  on  SW2  and  SW3  to  negotiate  a  link  bundle.  Use   number 3  for  this  interface.   8. Configure  logical interface 3  with  IP  addressing  in  the  198.18.23.0/24  subnet.   Use  host  IP  addresses  as  previously  used  for  these  switches.   9. Ensure  that  when  no  dynamic  link  bundling  advertisements  are  received  on  an  interface  on   logical interface 3.  The  physical  interface  is  brought  up  in  an  Individual  state.  

Copyright © by IPexpert. All rights reserved.

 

39

CCIE Data Center Lab Preparation Workbook

  10. There  are  plans  to  increase  the  capacity  between  SW2  and  SW3  to  80Gbps  with  additional   interfaces  for  resiliency  purposes.  Ensure  that  Ethernet1/5 is  always  chosen  to  participate   in  the  bundle  and  Ethernet1/6  should  be  selected  as  a  hot-­‐standby  link  when  additional   interfaces  are  added  to  the  bundle.   11. Logical interface 3  should  use  a  very  fast  detection  mechanism  to  signal  the  removal  of   an  interface  in  the  bundle   12. Configure  SW2  and  SW3  to  load-­‐balance  between  the  interfaces  in  link-­‐bundles  using  the  most   packet  header  information  as  possible.   13. Remove  any  configuration  related  to  interface  bundle 1  and  2  from  the  switches  before   continuing  with  the  next  task  

  Task  3:  Virtual  Port-­‐channels  (vPCs)   1. Ensure  it’s  possible  to  create  Multi-­‐Chassis  Link  Aggregation  Groups  (link  bundles)  on  SW1-1 and  SW1-2.  Use  ID 100  for  this.   2. SW1-2  should  be  the  primary  device   3. Ensure  it’s  possible  to  create  Multi-­‐Chassis  Link  Aggregation  Groups  (link  bundles)  on  SW2  and   SW3.  Use  ID 200  for  this.   4. Send  keep  alive  messages  across  the  mgmt0  interfaces  of  domain 200  switches   5. Use  a  dedicated  SVI  with  IP  addressing  in  the  subnet  of  198.18.5.0/24  to  send  keep  alive   messages  between  switches  in  domain 100.  Ensure  that  the  keep  alive  messages  are  not   using  the  global  IP  routing  table.  Use  Ethernet3/10  on  SW1-1  and  Ethernet 3/12  on   SW1-2  for  this.   6. Configure  Ethernet3/9    on  SW1-1  and  Ethernet3/11 on  SW1-2  as  peer-­‐link   7. Bundle  Ethernet1/7  and  Ethernet1/8  on  SW2  and  SW3  and  configure  this  as  the  peer-­‐ link   8. Ensure  domain 100  brings  up  its  vPCs  once  a  peer  fails  or  reboots.  Delay  this  process  for  5 minutes.   9. SW2  and  SW3  should  be  seen  as  a  single  Spanning-­‐Tree  root  with  a  priority  of  8192   10. Configure  an  MC-­‐LAG  connection  between  SW1-1, SW1-2 and  SW2.  Use  Ethernet3/1  on   SW1-1.  Ethernet3/3  on  SW1-2  and  Ethernet1/1  and  Ethernet 1/2  on  SW2.  Use   number  101  for  this  connection  

Copyright © by IPexpert. All rights reserved.

 

40

CCIE Data Center Lab Preparation Workbook

  11. Configure  a  vPC  connection  between  SW2,  SW3  and  SW1-2.  Use  Ethernet3/5  and   Ethernet3/7  on  SW1-2,  Ethernet1/3  on  SW2  and  Ethernet1/3 on  SW3.  Use  number   102  for  this  connection.   12. Use  the  remaining  connections  between  SW1-1, SW1-2, SW2 and  SW3  and  bundle  them  in   a  single  logical  interface  with  number  103.     13. Ensure  all  VLANs  required  for  Drawing 2  are  allowed  on  the  vPC  links   14. Use  1234.5678.90ab  as  the  single  MAC  address  that  is  used  for  the  identification  of  domain   100 LACP  packets       Task  4:  Graceful  Restart  /  Non-­‐Stop  Forwarding   1. Configure  dynamic  routing  protocols  according  to  drawing 2.  Ensure  Loopback  interfaces  of   SW2  and  SW1-1  can  ping  each  other  and  SW1-2  and  SW3  can  ping  each  other   2. Ensure  that  the  routers  running  OSPF  keep  their  routing  information  and  keep  forwarding  traffic   to  neighbors  when  they  are  rebooting   3. An  older  router  that  will  take  a  little  over  2 minutes  to  reboot  will  be  connected  to  SW2.   Ensure  that  your  configuration  supports  this   4. Ensure  that  SW3  supports  ISSU   5. SW3  should  keep  routes  from  restarting  neighbors  for 5 minutes     6. Signal  a  restart  as  fast  as  possible  on  SW3   Task  5:  HSRP   1. Ensure  that  hosts  on  VLAN 111  are  always  able  to  reach  their  default  gateway,  when  one  of   the  2  switches  fails   2. Use  a  Cisco  proprietary  protocol  for  this  use,  which  uses  a  single  active  default  gateway   3. Use  the  .1  host  IP  address  as  the  default  gateway  for  this  network  segment   4. Make  the  switches  primary  and  backup  according  to  the  best  practice   5. Use  a  hashed  key  of  “IPexpertYEAR1”  to  secure  this  protocol  from  now  until  December  31st   the  same  year.  At  January  1st  one  year  later  the  key  should  change  to  “IPexpertYEAR2”.   Ensure  that  switches  keep  accepting  the  old  key  for  at  least  2  more  hours  

Copyright © by IPexpert. All rights reserved.

 

41

CCIE Data Center Lab Preparation Workbook

  6. When  the  backup  switch  is  active  and  the  primary  switch  comes  back  online  after  a  reboot.   Ensure  that  it  will  take  back  the  active  role  after  the  switch  is  up  for  3 minutes   7. Give  this  process  a  name  of  “IPexpertVLAN111”   8. A  switch  should  declare  it’s  neighbor  down  within  1 second   9. When  one  of  the  Ethernet  uplinks  fails  the  priority  should  be  lowered  with  1/10th of  the   configured  priority  value   10. When  a  second  Ethernet  uplink  fails  the  switch  should  stop  forwarding  Layer  3  traffic  and  send   traffic  across  the  vPC  peer-­‐link   11. The  default  gateway  MAC  address  should  be  the  MAC  address  of  one  of  the  physical  Ethernet   interfaces     Task  6:  VRRP   1. Ensure  that  hosts  on  VLAN 121  are  always  able  to  reach  their  default  gateway,  when  one  of   the  2  switches  fails   2. Use  a  standards  based  protocol  for  this  use,  which  uses  a  single  active  default  gateway   3. When  clients  on  VLAN 121  issue  an  ARP  request  for  the  Default  Gateway  it  should  respond   with  MAC  address  0000.5E00.0174 without  configuring  this  MAC  address  in  the   configuration   4. Use  the  .254  host  IP  address  as  the  default  gateway  for  this  network  segment   5. Configure  SW1-2  as  the  primary  switch  using  a  value  of  200   6. Use  a  clear  text  password  of  “IPexpert”  to  secure  the  protocol   7. Ensure  a  higher  priority  backup  router  does  not  take  over  the  role  of  a  lower  priority  active   router.  Configure  this  only  on  the  current  primary  switch.   8. Ensure  that  SW1-2  becomes  the  standby  router  after  30  seconds,  when  the  Loopback  address   of  SW3  disappears  from  the  routing-­‐table   9. Switches  should  declare  their  neighbors  down  in  10 seconds      

Copyright © by IPexpert. All rights reserved.

 

42

CCIE Data Center Lab Preparation Workbook

  Task  7:  GLBP   1. Ensure  that  hosts  on  VLAN 222  are  always  able  to  reach  their  default  gateway,  when  one  of   the  2  switches  fails   2. Use  a  load  balancing  Cisco  proprietary  protocol   3. Use  the  .55  host  IP  address  as  the  default  gateway  for  this  network  segment   4. Both  routers  should  be  capable  of  forwarding  traffic.     5. SW1-1  should  be  answering  all  ARP  requests   6. When  the  Loopback  address  of  one  of  the  upstream  switches  disappears  from  the  routing  table   the  switches  should  no  longer  be  AVF   7. Delay  the  take  over  of  the  AVF  role  for  a  standby  switch  for  3 minutes  if  any  current  AVF   fails   8. The  router  should  become  the  AVG  after  30 seconds  if  it  has  a  higher  priority  than  the   current  AVG   9. Ensure  the  routers  support  In-­‐Service-­‐Software-­‐Upgrades  

Copyright © by IPexpert. All rights reserved.

 

43

CCIE Data Center Lab Preparation Workbook

 

 

  Task  8:  Virtual  Port-­‐Channels  (vPCs)  and  FabricPath   1. Load  the  initial  configuration  of  Chapter 4 Task 8  on  the  Nexus  7000  switch  to  stage  the   Virtual  Device  Contexts  needed  for  this  lab   2. Configure  the  FabricPath  network  to  stretch  VLAN  666  between  all  Leaf  switches   3. Ensure  the  PC  connected  to  SW2  and  SW3  is  able  to  connect  using  a  virtual  Port-­‐Channel  with   number 100  on  all  places  where  necessary  to  configure  a  number  

                Copyright © by IPexpert. All rights reserved.

 

44

CCIE Data Center Lab Preparation Workbook

 

  Chapter  5:  Data   Center  Storage   Networking     Chapter  5:  Data  Center  Storage  networking  is  intended  to  let  you  be  familiar  with  the  Storage   Networking  features  on  the  Cisco  MDS  switches.  Configuring  traditional  Fibre  Channel  networks  and   basic  Fibre  Channel  features.     We  highly  recommend  creating  your  own  diagram  at  the  beginning  of  each  lab  so  you  are  able  to  draw   on  your  own  diagram,  making  it  much  easier  when  you  step  into  the  real  lab.   Multiple  topology  drawings  are  available  for  this  chapter.              

Copyright © by IPexpert. All rights reserved.

 

45

CCIE Data Center Lab Preparation Workbook

 

General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     5  hours  

 

Pre-­‐setup   •

Connect  to  the  MDS  switches  within  the  topology  



Use  the  central  topology  drawing  at  the  start  of  this  workbook  



The  switches  start  with  a  blank  configuration.  You  will  be  creating  parts  of  your  own  Initial   Configuration  for  later  labs.  



This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor  Labs   (www.proctorlabs.com).  Connect  to  the  terminal  server  and  complete  the  configuration  tasks  as   detailed  below  

 

Copyright © by IPexpert. All rights reserved.

 

46

CCIE Data Center Lab Preparation Workbook

 

Drawing  1:  Physical  Topology  

 

Copyright © by IPexpert. All rights reserved.

 

47

CCIE Data Center Lab Preparation Workbook

 

Configuration  tasks   Task  1:  Initial  set-­‐up   1. Give  the  MDS  switches  in  the  topology  the  following  hostnames:  MDS1,  MDS2.  Configure  the   default  username  and  password  according  to  the  generic  lab  topology   2. Ensure  that  they  can  be  reached  through  the  management  network  using  IP  addresses  in  the   range  as  stated  in  the  initial  set-­‐up  information  at  the  beginning  of  the  workbook.  Use  Host  IP   addresses  of  .10  and  .11 3. Use  the  default  gateway  of  the  management  subnet  as  Time  Synchronization  server   4. Do  not  use  any  automatic  selection  of  interface  type  for  this  lab,  unless  specifically  stated   5. Do  not  use  any  automatic  speed  selected  for  interfaces   6. Use  200MBps  connections  towards  the  JBODs 7. JBODs  on  MDS2  should  automatically  detect  the  interface  speeds   8. Ensure  Fabric Logins  are  done  by  the  connected  JBODs   9. Enable  the  links  between  the  MDS  switches  as  standard  based  ISLs   10. Configure  a  descriptive  name  on  all  interfaces  consisting  of  the  name  and  port  of  the  device   which  is  connected.  You  are  prohibited  to  use  the  ‘description’  command.   11. Ensure  the  connection  towards  JBOD1  is  easily  physically  located  on  MDS1   12. The  fiber  connected  to  fc1/10  is  of  low  quality  causing  errors  on  the  interface.  Ensure  the   switch  does  not  go  into  err-disable  state,  because  of  this  reason.   13. Ensure  that  interfaces  on  the  MDS  switches  are  shutdown  when  no  configuration  is  applied  to   them   14. All  disks  inside  of  the  JBODs  should  be  identified  on  the  MDS  switches  with  a  simple  name  in  the   form  of  JxDy  where  X  is  the  JBOD  number  and  Y  is  the  disk  number.     15. The  simple  device  names  should  be  seen  on  both  MDS  switches,  by  only  configuring  one  of  the   switches.  The  names  should  not  be  VSAN  dependent.   16. Ensure  applications  that  use  the  simple  names  will  follow  changes  to  the  database   17. Interface fc1/1  on  MDS1  will  be  used  for  a  long  reach  link.  Enable  the  most  credit   buffers  as  possible  and  enable  recovery  of  credits

Copyright © by IPexpert. All rights reserved.

 

48

CCIE Data Center Lab Preparation Workbook

  18. JBOD1  on  MDS1  is  only  allowed  to  send  packets  with  a  maximum  size  of  2000  bytes   19. Enable  B2B  credit  state  change  numbers  on  all  JBOD  interfaces     Task  2:  VSANs   1. Create  VSAN  10,  20,  30  and  40  with  names  of  “IPX_VSAN_#”,  where  #  is  the  VSAN  number   2. Configure  fc1/5  on  MDS1  in  VSAN 10  and  fc1/6  on  MDS2   3. Configure  fc1/5  on  MDS2  and  fc1/6  on  MDS1  in  VSAN 20   4. Ensure  that  when  WWPN  20:11:00:0a:31:00:aa:de  is  automatically  placed  in  VSAN 30   when  it  comes  online  anywhere  in  the  Fibre  Channel  fabric   5. Ensure  that  J1D1  is  automatically  placed  in  VSAN 40  when  it  comes  online  in  the  fabric   6. MDS1  should  use  the  Source  and  Destination  FCID  for  load  balancing  across  equal  cost  paths  in   VSAN 10   7. MDS2  should  use  Exchange  based  load  balancing  across  different  interfaces  in  a  port-­‐channel  in   VSAN 20 8. Ensure  that  all  ISLs  of  the  MDS  switches  are  capable  of  transferring  multiple  VSANs  across  the   same  interface   9. Configure  fc1/1  and  fc1/3  on  both  MDS  switches  as  a  single  logical  connection  using  number   101 10. Interfaces  fc1/1  and  fc1/3  should  negotiate  their  bundling  capabilities   11. Create  a  single  logical  connection  consisting  of  fc1/2  and  fc1/4  on  both  MDS1 and MDS2   switches  with  number  127   12. VSAN 30  should  only  use  the  logical  interface  127   13. VSAN 40  should  only  use  logical  interface  101   14. VSAN 10  and  VSAN 20  should  be  able  to  cross  both  ISL  bundles  between  the  MDS  switches   15. VSAN 10  should  always  use  bundle  101  as  it’s  primary  connection  to  the  other  MDS   16. VSAN 20  should  always  use  the  bundle 127  as  it’s  primary  connection  to  the  other  MDS     17. Packets  traversing  VSAN 30  should  be  guaranteed  to  reach  their  destination  in  the  same  order   as  they  have  left  the  source.  

Copyright © by IPexpert. All rights reserved.

 

49

CCIE Data Center Lab Preparation Workbook

  18. Traffic  between  J1D1  and  J2D2  in  VSAN 10  should  always  use  the  bundle 127 as  long  as   the  interface  is  up   19. The  Lowest  domain ID  in  VSAN 20  should  be  the  Multicast  root  switch   20. Use  incremental  Dijkstra  algorithm  calculations  in  VSAN 30   21.

Prevent  unused  ports  from  using  the  Default  VSAN

22. Configure  an  IP  connection  between  the  MDS  switches  across  the  ISL  links.  Use  VSAN 50 for   this  use,  which  can  flow  across  all  ISLs.  Use  an  IP  subnet  of  198.18.50.x/24  with  .1  and   .2  as  host  IP  addresses  

  Task  3:  Zoning   1. Configure  zoning  in  VSAN 10  so  the  following  disks  are  able  to  communicate,  ensure  that  the   simple  names  are  kept  in  the  configuration:   a. J1D2   b. J1D3   c. J1D4   2. Configure  zoning  for  VSAN 10  so  the  following  disks  can  see  each  other,  use  the  WWPN  of  the   disks:   a. J1D5   b. J1D6   3. Ensure  all  disks  of  interface  fc1/6  on  MDS2  are  able  to  see  each  other  in  VSAN 10.  Perform   the  configuration  on  MDS1.   4. FC  frames  sent  to  a  destination  FCID  of  0xFFFFFF  should  only  arrive  at  disk  J1D5  and  J1D6   5. Activate  the  zoning  in  VSAN 10 6. Copy  the  current  zoneset  of  VSAN 10.     7. Remove  the  zone  created  in  question 3  from  the  just  copied  zoneset  and  add  another   zone  that  adds  all  disks  of  JBOD2  using  their  FCIDs   8. Ensure  that  this  second  zoneset  is  not  activated,  but  it  seen  on  both  MDS  switches.  You  are   not  allowed  to  change  any  configuration  on  MDS1  

Copyright © by IPexpert. All rights reserved.

 

50

CCIE Data Center Lab Preparation Workbook

  9. Ensure  that  all  changes  to  all  zonesets  are  replicated  between  all  switches  in  VSAN 10  every   time  a  zoneset  is  activated   10. Use  zoning  compliant  with  FC-GS-4  and  FC-SW-3  in  VSAN 20   11. Use  inline  zone  creation  for  VSAN 20   12. Zoning  in  VSAN 20  should  ensure  that  the  following  disks  are  able  to  read  data  from  each   other,  but  never  write:   a. J2D1   b. J2D2   c. J2D3   13. Create  a  zone  in  VSAN 20  that  ensures  the  following  disks  are  prioritized  over  other  disks  when   ISLs  are  congested.  Use  the  FWWN  of  the  disks:   a. J2D4   b. J2D5   14. When  devices  are  not  specified  in  zones  in  VSAN 20,  they  should  be  allowed  to  read  data   from  each  other   15. J2D5  LUN 19  and  J1D6  LUN 116  should  be  able  to  communicate  to  each  other  in  VSAN 20.  No  other  LUNs  on  those  disks  can  communicate   16. Activate  zoning  in  VSAN 20 and  ensure  its  seen  on  both MDS1 and MDS2  

Task  4:  FC  Domain   1. Configure  FC  Domain  IDs  in  VSAN 10.  MDS1  should  be  using  a  static  ID  of  34  and  MDS2  should   prefer  to  use  an  ID  of  0x34,  but  can  use  a  different  one  when  this  is  already  taken   2. Ensure  MDS1  is  the  principal  switch  in  VSAN 10 3. Domain  IDs  for  new  switches  should  be  handed  out  in  a  sequential  order   4. Disruptive  restarts  from  other  switches  should  not  affect  MDS1 5. Ensure  the  J1D1  disk  in  VSAN 10  gets  assigned  an  FCID  in  the  range  of  0x222200  to   0x2222FF 6. MDS2  should  be  assigning  Domain  IDs  to  other  switches  in  the  fabric  for  VSAN 20.  MDS2   should  use  a  range  of  0xB0  to  0xCE.   Copyright © by IPexpert. All rights reserved.

 

51

CCIE Data Center Lab Preparation Workbook

  7. MDS1  should  prefer  a  Domain  ID  of  214  in  VSAN 20 8. Ensure  that  VSAN 30  is  prepared  for  fast-restart  

Task  5:  Fibre  Channel  Security  Features   1. Rogue  devices  cannot  be  connected  to  VSAN 10  other  than  the  current  JBODs  and  MDS   switches.  Assume  you  are  not  aware  of  the  WWPNs  and  SWWNs  of  the  current  attached  devices   and  switches.   2. Prepare  VSAN 10  so  the  following  PWWNs  that  will  be  added  to  in  the  future  are  able  to  access   the  Fibre  Channel  network:   a. 20:00:00:A3:BF:33:11:33  on  MDS1  fc1/11   b. 20:00:00:A3:DE:11:66:2B  on  MDS2   c. 20:00:00:A3:FE:00:98:32  can  be  connected  to  either  MDS   3. Configure  a  security  mechanism  in VSAN 20  to  ensure  all  devices  participating  are  manually   configured  before  they  are  allowed  access.  You  are  only  allowed  to  change  configuration  on   MDS1  for  this  task.  Be  as  specific  as  possible.   4. No  other  MDS  switches  other  than  MDS1  and  MDS2  are  allowed  to  participate  in  VSAN 30   5. Only  the  existing  Domain  IDs  are  allowed  to  be  used  in  VSAN 30   6. Ensure  the  strongest  Diffie-­‐Hellman  group  is  used  between  the  MDS  switches  for  link   authentication   7. Accept  a  password  of  ‘IPexpertMDS1’  on  MDS1  and  a  password  of  ‘IPexpertMDS2’  on   MDS2.  Be  as  specific  as  possible. 8. MDS1  should  actively  initiate  authentication  requests  to  MDS2  on  fc1/1.  When  MDS2  fails  to   respond  after  15  minutes  the  link  should  go  down.  MDS2  should  not  initiate  authentication   requests   9. Use  an  SHA1  hash  on  fc1/2  between  the  MDS  switches.  A  fall-­‐back  to  MD5  is  supported.  Both   MDS  switches  should  actively  start  negotiating  the  authentication  capabilities   10. Disable  authentication  on  the  second  member  of  port-channel 101   11. The  link  fc1/4  is  authenticated,  but  it  is  not  a  strict  requirement  and  is  able  to  come  online   without  any  authentication.  

Copyright © by IPexpert. All rights reserved.

 

52

CCIE Data Center Lab Preparation Workbook

  Task  6:  Advanced  Features   1. Assume  that  there  is  a  topology  with  more  than  2  MDS  switches.  Ensure  that  Cisco  Call  Home   configuration  is  distributed  between  all  switches.  MDS2  has  its  own  call-­‐home  configuration  and   should  not  be  changed  when  other  switches  are  changed.  Other  distributed  configuration   should  not  be  affected  by  this  configuration   2. Your  manager  has  asked  you  to  come  up  with  a  list  of  all  SCSI  hosts  connected  to  VSAN 10.   Save  this  list  to  a  file  called  ‘VSAN10hosts.txt’  on  the  flash  of  MDS1.   3. The  list  of  SCSI  hosts  should  be  generated  every  24  hours  and  the  text  file  on  the  flash  should  be   updated  with  the  updated  list.   4. J1D1  and  J2D1  are  synchronized  with  each  other.  J1D1  is  the  primary  disk  and  J2D1  is  its   backup.  Ensure  that  hosts  in  VSAN 10  can  automatically  keep  accessing  the  disk  when  the   primary  fails.  When  the  failed  disk  is  replaced  and  working  again,  it  should  return  to  being  the   primary  disk.                                   Copyright © by IPexpert. All rights reserved.

 

53

CCIE Data Center Lab Preparation Workbook

 

  Chapter  6:  Data   Center  Storage   Networking   Extension     Chapter  6:  Data  Center  Storage  networking  Extension  is  intended  to  let  you  be  familiar  with  the   Storage  Networking  features  on  the  Cisco  MDS  switches.  This  chapter  will  be  about  configuring  IP   features  like  iSCSI,  iSLB  and  FCIP  including  the  relevant  Security  features  for  Fibre  Channel  extension   across  IP  connections.  We  highly  recommend  creating  your  own  diagram  at  the  beginning  of  each  lab  so   you  are  able  to  draw  on  your  own  diagram,  making  it  much  easier  when  you  step  into  the  real  lab.   Multiple  topology  drawings  are  available  for  this  chapter.          

Copyright © by IPexpert. All rights reserved.

 

54

CCIE Data Center Lab Preparation Workbook

 

General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     5  hours  

Copyright © by IPexpert. All rights reserved.

 

55

CCIE Data Center Lab Preparation Workbook

 

Pre-­‐setup     •

Connect  to  the  MDS  switches  within  the  topology  



Use  the  central  topology  drawing  at  the  start  of  this  workbook  

• The   switches   start   with   a   blank   configuration.   You   will   be   creating   parts   of   your   own   Initial  Configuration  for  later  labs.   • This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor   Labs  (www.proctorlabs.com).  Connect  to  the  terminal  server  and  complete  the  configuration   tasks  as  detailed  below    

Drawing  1:  Physical  Topology  

 

    Copyright © by IPexpert. All rights reserved.

 

56

CCIE Data Center Lab Preparation Workbook

 

Drawing  2:  Logical  Topology  

 

 

Copyright © by IPexpert. All rights reserved.

 

57

CCIE Data Center Lab Preparation Workbook

 

Configuration  tasks  

Task  1:  Initial  set-­‐up  

1. Leave  the  configurations  of  MDS1  and  MDS2  in  tact  from  the  previous  exercises.   2. Configure  the  Nexus  5000  switches   SW2  and   SW3  with  the  VLANs  as  stated  in   Drawing 2.   MDS1   and   MDS2   should   be   able   to   communicate   over   these   VLANs   to   each   other   across  SW2  and  SW3.   3. Both   GigabitEthernet   interfaces   on   each   MDS   switch   should   have   access   to   all   VLANs   required  in  this  lab   4. When  required,  use  IP  addresses  in  the  range  of  198.18.X.Y/24  in  this  lab.  Where  X   is  the  VLAN  number  and  Y  is  the  Host  address  as  stated  in  Drawing 2     Task  2:  FCIP  

1. Configure   a   FCIP

1   connection   between   MDS1   and   MDS2   using   the   GigabitEthernet1/1 interface  

2. You  are  only  allowed  to  use  1  TCP  connection   3. VSAN 10  and  20  may  be  transported  across  this  connection  

4. Make  sure  MDS1  always  initiates  the  connection   5. Use  a  non-­‐default  port  for  the  FCIP 1  connection   6. When   GigabitEthernet1/1  would  fail,  the   GigabitEthernet1/2  interface  should   automatically   take   over   the   FCIP 1   connection.   You   are   not   allowed   to   change   the   FCIP   configuration   to   accomplish   this.   The   use   of   port-­‐channels   for   this   question   is   prohibited.   2   connections   GigabitEthernet1/2  interface  

7. Create   a   FCIP

between   MDS1   and   MDS2   using   the  

8. Ensure  this  connection  will  receive  a  higher  QoS  priority  than  FCIP 1   9. VSAN 10, 20  and  50  may  be  transported  across  this  connection    

10. Ensure   VSAN 10   uses   FCIP 1   as   primary   link   and   VSAN 20   uses FCIP 2   as   the   primary  link  on  MDS1,  where  MDS2  is  configured  vice  versa   11. The   FCIP 2  tunnel  should  be  brought  down  when  no  TCP  packets  are  received  for  90   seconds  

Copyright © by IPexpert. All rights reserved.

 

58

CCIE Data Center Lab Preparation Workbook

 

12. The  FCIP 2  connection  should  use  the  highest  possible  compression   13. Ensure   FCIP 1   supports   a   method   that   sends   R_RDY   messages   locally,   which   causes   that  write  actions  are  done  faster   14. The  FCIP 2  connection  should  be  high  available.  A   third FCIP  connection  is  allowed   for   this   task.   Keep   high   availability   in   mind   when   configuring   the   third FCIP   connection.   When   a   failure   occurs   in   the   FCIP 2   connection   this   should   not   be   noticed   by  the  FSPF  protocol.  The  use  of  Ethernet  port-­‐channels  for  this  question  is  prohibited.     Task  3:  FCIP  Security  

1. Protect   the   failover   mechanism   of   the   FCIP 1   connection   using   a   MD5   hash   of   ‘SecureIPexpert’   2. Traffic   crossing   the   FCIP 1   connection   should   be   transferred   encrypted   across   the   IP   network.   3. Use   an   MD5   hash,   AES 128-bits   encryption   and   use   a   pre-shared-key   of   ‘IPexpertEncrypt’     Task  4:  SAN  Extension  Tuner  

1. Use  VSAN 50  and  the  FCIP 2  connection  for  this  task   2. Simulate  a  continuous  SCSI  read  flow  across  VSAN 50  using  the  FCIP 2  connection   3. Use  2  open  I/O  operations   4. Use  512KB  data  packets   5. Configure  the  traffic  simulation  in  2  directions     Task  5:  iSCSI  

1. Do  not  use  any  dynamic  configuration  option  which  might  be  available  in  this  task   2. Use  GigabitEthernet1/1  for  this  task  on  MDS1   3. Create   an   iSCSI   portal   on   this   interface   using   the   iSCSI   VLAN   as   mentioned   in   Drawing 2   4. Use  a  non-­‐default  port  for  the  iSCSI  portal   5. iSCSI  traffic  leaving  this  interface  should  be  marked  with  DSCP 22  

Copyright © by IPexpert. All rights reserved.

 

59

CCIE Data Center Lab Preparation Workbook

 

6. Configure  an  initiator  with  IP  address  198.18.71.100   7. Manually  assign  a  nWWN  and  a  pWWN  to  the  initiator   8. This  initiator  wants  to  access  resources  in   VSAN 20,  do  not  configure  the  VSAN  under   the  initiator   9. Ensure  that  only  the  just  configured  iSCSI  initiator  can  access  the  virtual  J2D1  target   10. Use  an  IQN  of  “iqn.iscsi-disk-JBOD2-Disk1”  for  this  target   11. This  target  should  only  be  available  on  this  iSCSI  portal   12. The   host   should   mutually   authenticate   the   iSCSI   session   with   a   username   of   “iSCSI1”  and  a  password  of  “IP3xp3rtiSCSI”   13. iSCSI   initiators  should  be  able  to  access   J1D3  on   LUN   0,  where  the   J1D3  FC  disk   only  advertises  LUN  10  

14. When  the  disk  J1D3  fails,  J2D3  should  seamlessly  take  over.  When  the  disk  in  J1D3  has   been  replaced  it  should  automatically  switch  back  to  this  primary  target   15. Enable  trespass  support   16. Improve  read  performance  on  MDS1  for  iSCSI  traffic   17. Configure   an   iSCSI   portal   in   the   iSCSI   VLAN   as   mentioned   in   Drawing 2   on   MDS2   GigabitEthernet1/1   18. All   iSCSI   initiators   on   this   new   portal   should   appear   as   a   single   N-port   in   the   Fibre  Channel  fabric   19. Enable  data-digest  on  this  portal   20. Configure   3   initiators   on   MDS2   named   iqn.initiator-server-1,   iqn.initiator-server-2  and  iqn.initiator-server-3.   21. Give   the   3   initiators   access   to   J1D1   in   VSAN 10   without   configuring   the   VSAN   database  for  VSAN 10   22. Use  a  single  zone  with  2  entries  to  accomplish  this     Task  6:  iSLB  

1. Do  not  use  any  dynamic  configuration  option  which  might  be  available  in  this  task 2. Configure  an   iSLB  portal  on   GigabitEthernet1/2  on   MDS1  and   MDS2 on  the   iSLB   VLAN  as  presented  in  Drawing 2   3. Configuration  for  iSLB  targets  and  initiators  may  only  be  done  on  MDS2   Copyright © by IPexpert. All rights reserved.

 

60

CCIE Data Center Lab Preparation Workbook

 

4. When  MDS2  fails,  MDS1  should  automatically  take  over  all  sessions   5. Ensure  that  both  MDS  switches  are  using  weighted  load  balancing.   6. Manual  zoning  changes  are  not  allowed   7. Configure   5   initiators   with   names   of   iqn.islb-initiator-host-1   through   host-5   8. Ensure   the   initiators   are   assigned   with   a   nWWN   and   2   pWWNs   which   are   automatically   assigned  by  the  MDS  switch   9. Zones  should  have  ‘IPexpert’  in  their  name 10. Host 3 is  a  database  server,  which  will  have  more   iSCSI  connections  than  the  other   hosts.  Ensure  load  balancing  takes  care  of  this.  

11. All   initiators   should   have   access   to   J2D2   LUN   0x0   and   0x1   in   VSAN 10   which   should   be   presented   as   LUN   0xA   and   0xB.   Do   not   use   the   ‘virtual-target’   command.   12. Use  J1D2  as  a  backup  when  J2D2  fails.  The  target  should  not  switch  back  when  J2D2   is  repaired   13. The   J1D1   disk   in   VSAN 20   should   be   made   high-­‐available   on   the   2   MDS   switches.   Ensure  iqn.islb-initiator-host-3  is  the  only  host  that  can  access  it  on  both   MDS   switches   using   the   resilient   iSLB   portal.   Do   not   use   the   ‘virtual-target’   command.   14. The  use  of   auto-zoning  is  not  allowed  for  the  question  above  as  is  zoning  based  on   Symbolic Name  or  IP  addressing   15. Ensure   all   initiators   are   authenticated   with   a   username   of   “host-1”   through   “host-5”  with  a  password  of  “iSLBpassw0rd”   16. Do  not  remove  any  configuration  from  the  MDS  switches  when  continuing  with  the  next   chapter                 Copyright © by IPexpert. All rights reserved.

 

61

CCIE Data Center Lab Preparation Workbook

 

  Chapter  7:  Data   Center  Unified   Fabric     Chapter  7:  Data  Unified  Fabric  is  intended  to  let  you  be  familiar  with  the  Storage  Networking  features   available  on  the  Cisco  Nexus  switches  and  combined  with  the  Cisco  MDS  switches.     This  chapter  will  be  about  implementing  FCoE  features  inside  of  the  Nexus  switches  and  the  backwards   compatibility  with  Native  FC  connections.  Besides  that  we  will  be  looking  at  N-­‐Port  Virtualization   configurations..   We  highly  recommend  creating  your  own  diagram  at  the  beginning  of  each  lab  so  you  are  able  to  draw   on  your  own  diagram,  making  it  much  easier  when  you  step  into  the  real  lab.  Multiple  topology   drawings  are  available  for  this  chapter.          

Copyright © by IPexpert. All rights reserved.

 

62

CCIE Data Center Lab Preparation Workbook

 

General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     2  hours  

Copyright © by IPexpert. All rights reserved.

 

63

CCIE Data Center Lab Preparation Workbook

  Pre-­‐setup  



Connect  to  the  MDS  switches  within  the  topology  



Use  the  central  topology  drawing  at  the  start  of  this  workbook  

• The  Nexus  switches  start  with  a  blank  configuration.  You  will  be  creating  parts  of  your   own  Initial  Configuration  for  later  labs.   •

The  MDS  switches  are  using  the  configuration  from  the  previous  chapters  

• This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor   Labs  (www.proctorlabs.com).  Connect  to  the  terminal  server  and  complete  the  configuration   tasks  as  detailed  below          

Drawing  1:  Physical  Topology  

 

Copyright © by IPexpert. All rights reserved.

 

64

CCIE Data Center Lab Preparation Workbook

 

Drawing  2:  Logical  Topology  VSAN  20  

   

Copyright © by IPexpert. All rights reserved.

 

65

CCIE Data Center Lab Preparation Workbook

 

Configuration  tasks   Task  1:  Native  Fibre  Channel  on  Nexus  

1. Leave  the  configurations  of  MDS1  and  MDS2  in  tact  from  the  previous  exercises.   2. Set   the   GigabitEthernet   interfaces   on   MDS1   and   MDS2   to   shutdown,   so   all   iSCSI   and  FCIP  connections  are  down   3. SW2  and   SW3  should  participate  in   VSAN 10  and   VSAN 20  using  native  Fibre  Channel   interface  fc1/31  and  fc1/32.  Use  fc1/13  and  fc1/14  on  the  MDS  switches.  

4. Ensure  the  interfaces  are  seen  as  a  single  connection  for  the  FSPF  protocol   5. Request   the   lowest   Domain ID   possible,   but   accept   any   other   as   given   out   by   the   principal  switch   6. Ensure  all  devices  in  VSAN 10  and  VSAN 20  are  visible  on  SW2  and  SW3 7. Keep  in  mind  the  security  mechanism  active  in  VSAN 10  and  VSAN 20

 

Task  2:  Fibre  Channel  over  Ethernet  (FCoE)  

1. Create  a  vPC  consisting  of  Ethernet1/24  on  both  SW2  and  SW3   2. Assume  a  host  is  connected  to  the  vPC  on  SW2  and  SW3.   3. This  host  should  be  able  to  communicate  to  disks  in   VSAN 10  on  SW2  and  disks  in  VSAN 20  on  SW3.     4. Use  VLAN 10  and  VLAN 20  for  this  task   5. Ensure  both  SW2  and  SW3  discard  FCoE  frames  received  across  the  interlink  between  the   switches   6. SW2  should  be  used  as  the  primary  switch  to  connect  to  

7. Non-­‐FCoE   traffic   is   not   allowed   to   cross   the   link.   You   are   not   allowed   to   use   the   switchport trunk allowed vlan  command.           Copyright © by IPexpert. All rights reserved.

 

66

CCIE Data Center Lab Preparation Workbook

  Task  3:  Multi  hop  FCoE  

1. Shutdown  all  ISL  links  on  the  MDS  switches   2. Ensure   that   the   Fibre   Channel   fabric   keeps   functioning   in   VSAN 20   without   enabling   direct  interfaces  between  the  MDS  switches   3. Configure  the  network  in  such  a  way  that  it  is  compliant  to  Drawing 2   4. Turn  on  the  VFID  check  on  SW1-1 to  prevent  loopbacks

5. Ensure  all  FCoE  connections  are  authenticated  using  an  SHA-1  hash   6. SW1-1  is  authenticating  using  a  password  of  ‘Nexus7000password’   7. SW1-1 should  authenticate  SW2  with  a  password  of  ‘SecureNexus5000-1’   8. SW3  is  using  a  password  of  ‘IPexpertIsAwesome’   9. SW1-1  should  never  initiate  the  authentication  negotiation  

Configure   a   feature   that   only   the   switches   currently   participating   in   VSAN 20   to   be  allowed  in  the  VSAN 20  fabric.

10.

  Task  4:  FCoE  Quality  of  Service  (QoS)  

1. Ensure  FCoE  best  practices  are  followed  in  this  topology   2. Configure   Quality of Service   so   all   Nexus   switches   support   the   configured   topology   3. Prevent  one  blocked  receiver  from  affecting  traffic  that  is  sent  to  other  non-­‐congested   blocking  receivers  on  SW2

4. The   link   between   SW2   and   SW3   is   2000 meters   long.   Ensure   the   topology   supports   lossless  Ethernet  on  this  link.   5. Fibre  Channel  frames  crossing  the  Nexus  switches  may  never  be  fragmented              

Copyright © by IPexpert. All rights reserved.

 

67

CCIE Data Center Lab Preparation Workbook

 

Drawing  3:  NPV  topology  

   

Task  5:  N-­‐Port  Virtualization  (NPV)  and  N-­‐Port  ID  Virtualization  (NPIV)   1. Enable  the  ISL  links  between  MDS1  and  MDS2  again   2. Ensure  the  MDS  switches  are  not  limited  to  239  Domain IDs  per  VSAN   3. MDS2  is  the  core  switch  and  MDS1  the  edge  switch  in  this  topology  

4. Devices  need  to  be  connected  in  VSAN 10   5. JBOD1  interface  on  MDS1  should  be  using  the  first  uplink  to  the  core  switch   6. JBOD2  interface  on  MDS1  should  be  using  the  third  uplink  to  the  core  switch  

7. Ensure  traffic  is  automatically  balanced  across  all  uplinks          

Copyright © by IPexpert. All rights reserved.

 

68

CCIE Data Center Lab Preparation Workbook

  Task  6:  FCoE  NPV  

1. Configure   SW2   to   support   N-­‐Port   Virtualization.   A   reboot   of   the   switch   is   not   allowed   to   accomplish  this  task   2. Use  Ethernet1/8  on  SW3  as  the  link  where  the  logins  are  received  from  SW2

3. Use  VSAN 20  for  this  task                                            

Copyright © by IPexpert. All rights reserved.

 

69

CCIE Data Center Lab Preparation Workbook

 

    Chapter  8:  Security   Features     Chapter  8:  Security  Features  is  intended  to  let  you  be  familiar  with  the  Security  features  which  are   available  on  the  Nexus  platform.  You  will  be  configuring  both  AAA  services  and  other  management   security  as  well  as  LAN  security  features  like  DHCP  snooping  and  other  protective  features.   We  highly  recommend  creating  your  own  diagram  at  the  beginning  of  each  lab  so  you  are  able  to  draw   on  your  own  diagram,  making  it  much  easier  when  you  step  into  the  real  lab.  Multiple  topology   drawings  are  available  for  this  chapter.            

Copyright © by IPexpert. All rights reserved.

 

70

CCIE Data Center Lab Preparation Workbook

 

General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     4  hours  

Pre-­‐setup   •

Connect  to  the  Nexus  switches  within  the  topology  



Use  the  central  topology  drawing  at  the  start  of  this  workbook  



The  Nexus  switches  start  with  a  blank  configuration.    

• This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor   labs  (www.proctorlabs.com).  Connect  to  the  terminal  server  and  complete  the  configuration   tasks  as  detailed  below  

Drawing  1:  Physical  Topology    

 

Copyright © by IPexpert. All rights reserved.

 

71

CCIE Data Center Lab Preparation Workbook

 

Drawing  2:  Logical  Topology  

Copyright © by IPexpert. All rights reserved.

 

72

CCIE Data Center Lab Preparation Workbook

 

Configuration  tasks   Task  1:  Port  Security  

1. Configure  a  basic  configuration  for  the  3  Nexus  switches   SW1,   SW2  and   SW3,  using  the   defaults  as  stated  at  the  beginning  of  this  workbook.   2. Create  VLANs  where  necessary  in  this  chapter.   3. Configure   a   port-channel   of   the   first   2   interfaces   between   each   switch.   Use   a   standards   based   protocol   to   negotiate   the   bundling   parameters.   The   result   should   be   equal  to  Drawing 2   4. Ensure  that  only   10  hosts  are  able  to  use   Ethernet1/11  on   SW2.  The  port  should  go   into  ‘errdisable’  when  the  11th  host  is  connected  to  the  interface.   5. Ensure   that   the   learnt   MAC   addresses   are   cleared   on   the   Ethernet1/11   interface   on   SW2  after  they  did  not  send  any  traffic  for  6 minutes.   6. Only  the  following  MAC  addresses  are  able  to  access  Ethernet1/11  on  SW3   a. 0010.4431.a1b3   b. 10:22:a0:f5:b3:de   c. 0011.99ff.22aa   d. 55:81:a0:9a:b0:0c   e. ba01.dad3.c0ff   7. Ensure  packet  count  is  logged  for  all  violating  packets  on  Ethernet1/11  on  SW3   8. Ensure   that   no   more   than   100   MAC   addresses   are   learnt   on   the   port-channel   between   SW2   and   SW3.   The   interfaces   should   keep   working,   but   stop   learning   and   deny   access  to  possible  new  MAC  addresses  after  the  number  has  been  reached.   9. On  the   port-channel  between   SW2  and   SW3  the  amount  of   MAC  addresses  should  be   divided   between   VLAN 10,   11,   12   and   13.   Ensure   VLAN 10   can   use   2/3 of   the   maximum.   10. Ensure  all  MAC  addresses  on  the  port-channel  between  SW2  and  SW3  are  saved  in  the   database   11. Create  a  routed  interface  of  Ethernet1/7  on  SW2  with  IP  address  198.18.100.1/24.   Create  a  VLAN 100  interface  on  SW3  with  IP  address  198.18.100.2.   12. Ensure   that   only   the   host   with   MAC   address   1234.5678.abcd   can   access   Ethernet1/7  on  SW3.  It’s  not  allowed  to  configure  this  MAC  address  on  SW3.   Copyright © by IPexpert. All rights reserved.

 

73

CCIE Data Center Lab Preparation Workbook

 

13. Ensure  SW2  and  SW3  are  able  to  ping  each  other.     Task  2:  DHCP  Snooping,  DAI,  IP  Source  Guard  

1. A   DHCP  server  is  connected  in   VLAN   50  on  interface   Ethernet3/10  on   SW1.  No  other   interfaces  are  allowed  to  send  DHCP  OFFER  messages  to  clients.   2. Ensure  the  DHCP  server  receives  the  DHCP  REQUEST  packets  with  information  about  the   port  that  the  host  is  connected  to  in  the  DHCP  packet   3. When  a   DHCP   REQUEST  message  is  received  on  an  interface,  the   Source   MAC  address   and  the  DHCP  Client  Hardware  Address  should  be  verified  to  match   4. Ensure  VLAN  50  is  protected  for  ARP  Spoofing  attacks  on  SW1   5. SW1  should  not  check  ARP  packets  received  on  the  port-channel  interfaces  

6. Ensure  that  ARP  requests  to  IP  addresses  that  fall  in  the  range  of  198.18.50.0/28  are   always  allowed   7. Ensure  that  SW1  keeps  a  log  of  the  last  50  deny  and  accept  messages   8. Ensure  that  SW1  also  checks  for  invalid  or  unexpected  IP  addresses  in  ARP  packets   9. Ensure   that   all   IP   traffic   is   checked   for   spoofing   attacks   on   interface   Ethernet3/11, Ethernet3/13  and  Ethernet3/14  using  the  DHCP  Snooping  database.   10. A   host   with   MAC   address   4019.a201.b04e   and   a   statically   configured   IP   address   of   198.18.50.254   is   connected   to   Ethernet3/12   on   SW1.   Ensure   this   host   is   allowed   access.   11. Configure  a  SVI  with  IP  address  198.18.50.1/24  in  VLAN 50  on  SW1.     12. Ensure   that   all   traffic   entering   the   VLAN   interface   is   checked   against   the   routing   table  to  ensure  that  the  switch  knows  the  Destination  IP  address  of  the  packet  and   it  has  a  routing  entry  towards  this  network.  A  default  route  would  also  qualify  for  this   check.     Task  3:  Access  Control  Lists  

1. Use   a   protection   on   VLAN   50   of   SW1   to   protect   it   against   denied   traffic   according   to   the   following  rules.       2. Be  as  specific  as  possible.   3. The  198.18.255.100  host  is  allowed  to  access  hosts  in  VLAN 50.  

Copyright © by IPexpert. All rights reserved.

 

74

CCIE Data Center Lab Preparation Workbook

  4. Secure   Web   traffic   coming   from   servers   in   198.18.128.0/18   to   VLAN 50   is   allowed.   Clients  in  VLAN 50  are  using  non-reserved  ports.  

5. The   Server   farm   is   located   in   the 198.19.0.0/16   subnet   and   the 198.18.192.0/24   subnet.   Hosts   in   VLAN 50   want   to   access   Web   servers,   DNS   servers   and   Mail  (to   receive  mail  through   POP3  and   send  mail)  servers.  You  are  prohibited   to  configure  these  applications  in  the   ACL.  Only  two  entries  in  the  ACL  are  allowed  for   this  question.   6. You  are  not  allowed  to  apply  the  ACL  to  the  VLAN  interface   7. A  host  connected  in   VLAN 50  through  interface   Ethernet1/15  on   SW2  is  not  allowed   to  access  the  IMAP  server  with  IP  address 198.19.0.25.  Ensure  this  is  enforced.   8. A   rogue   device   is   found   that   tries   to   log-­‐in   to   management   interfaces.   Deny   telnet   and   SSH  traffic  to  the   management  interface  of  the  switches  from  the   192.0.2.0/24   subnet.   Ensure   all   other   IP   address   are   still   able   to   manage   the   switches   through   all   management  services.  Only  a  single  ACL  entry  is  allowed  for  this  task.     9. Ensure   all

TCP   traffic   entering   on   Ethernet3/22   on   SW1   is   copied   to   Ethernet3/23  on  SW1    

10. In   addition   to   the   IP   security   of   VLAN   50   your   manager   also   wants   to   only   allow   valid   MAC  addresses  from  the  Server  farm  to  access  hosts  in  VLAN  50.  The  servers  have  MAC   addresses  in  the  range  of  0bad.c0ff.ee00  up  to 0bad.c0ff.eeff.     11. Statistics  should  be  collected  per  entry  in  VLAN 50  

12. Ensure  the  control plane  of  SW2  and  SW3  is  optimized  for Layer 3 routing     Task  4:  AAA  services  

Always  group  configurations  for  AAA  servers   There  is  a  RADIUS  server  in  the  management  network  with  IP  address 172.16.100.201   The  TACACS+  server  in  this  network  is  172.16.100.202   Both AAA  servers  are  using  a  key  of  “IPexpertAAA”   Declare  the   RADIUS  server  dead  after   22  minutes.  Check  if  the   RADIUS  server  is  working   every   2  minutes.  Use  a  username  of  “ipexpert”  and  a  password  of  “IPexpert123”   for  this  task   Requests  to  AAA  servers  should  timeout  after  2  seconds   On  SW2  configure  default  authentication  to  be  done  by  the  RADIUS  server  

Copyright © by IPexpert. All rights reserved.

 

75

CCIE Data Center Lab Preparation Workbook

  SW2  should  perform  a   fall-back  to  local  user  database  in  case  the   RADIUS  server  does   not  respond.  

For  access  to  the  console  port  only  the  local  user  database  should  be  used   On  SW3  a  Cisco  proprietary  protocol  should  be  used  for  authenticating  SSH  users.     When  users  do  not  have  a  role  assigned,  they  should  not  be  able  to  log-­‐in  to  the  switch.   Users  that  try  to  log-­‐in  shout  be  notified  when  AAA  servers  are  unreachable   Use   the   strongest   encryption   for   the   local   username/password   database   available   and   ensure  that  existing  passwords  are  converted    Ensure  accounting  is  enabled  on  SW2   The  TACACS+  users  are  configured  with  IOS-­‐style  privilege  levels.  Ensure  SW3 honors   these.   SW2  should  require  local  user  entries  to  use  strong  passwords.  SW3  does  not  enforce  this.  

Create  a  user  on   SW3  with  your  first  name  as  username  which  expires  on  December  31st  of   this  year.     Task  5:  802.1X  

1. Hosts   that   want   to   access   SW1   are   required   to   authenticate.   Hosts   are   connected   at   interfaces  Ethernet3/25  up  to  3/31   2. Users  should  be  authenticated  by  the  RADIUS  server   3. On   Ethernet3/26  and   Ethernet3/27  it  should  be  possible  to  have   multiple  hosts   connected   4. After  an   hour  the   authentication  should  be  re-­‐checked  against  the   RADIUS  server   for   all   interfaces   participating   in   the   authentication.   You   are   not   allowed   to   use   global  configuration  commands  for  this  task.   5. Interface   Ethernet3/31  has  a  printer  connected  that  has  no  software  to  support  this   authentication.   Ensure   the   interface   is   still   authenticated   against   the   RADIUS   server.   6. The  switch  should  allow  up  to  4  authentication  attempts  before  denying  access   7. Ensure  all  activity  on  the  switch  is  logged  with  the  RADIUS  server       Copyright © by IPexpert. All rights reserved.

 

76

CCIE Data Center Lab Preparation Workbook

  Task  6:  Cisco  TrustSec  

1. Ensure  all  switches  authenticate  each  other  in  the  network   2. Ensure  Cisco  TrustSec  is  using  RADIUS  for  authentication   3. Enable  Cisco TrustSec  on  the  802.1X  interfaces  from  Task 5   4. SW1  should  authenticate  itself  with  a  password  of  “SW1p@ssw0rd”   5. SW2  should  authenticate  itself  with  a  password  of  “SW2p@ssw0rd”   6. SW3  should  authenticate  itself  with  a  password  of  “P@ssw0rdSW3”  

7. Ensure   switches   authenticate   each   other   without   using   the   RADIUS   server   for   exchanging  SGT’s.   8. You   are   allowed   to   use   a   SVI   on   each   switch   in   VLAN   99   with   the   IP   subnet   of   198.18.99.0/24   9. Leave  all  configuration  in  place  on  the  switches  when  continuing  with  the  next  chapter.                                

Copyright © by IPexpert. All rights reserved.

 

77

CCIE Data Center Lab Preparation Workbook

 

   

Chapter  9:   Management   Features     Chapter  9:  Management  Features  is  intended  to  let  you  be  familiar  with  the  Management  features   which  are  available  on  the  Nexus  platform.  You  will  be  configuring  Role  Based  Access  Control  (RBAC),   SNMP,  Syslog,  NetFlow,  NTP  and  many  more.   We  highly  recommend  creating  your  own  diagram  at  the  beginning  of  each  lab  so  you  are  able  to  draw   on  your  own  diagram,  making  it  much  easier  when  you  step  into  the  real  lab.  Multiple  topology   drawings  are  available  for  this  chapter.               Copyright © by IPexpert. All rights reserved.

 

78

CCIE Data Center Lab Preparation Workbook

 

General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     4  hours  

Pre-­‐setup   •

Connect  to  the  Nexus  switches  within  the  topology  



Use  the  central  topology  drawing  at  the  start  of  this  workbook  



The  Nexus  switches  start  with  configuration  from  the  previous  chapter  

• This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor   Labs  (www.proctorlabs.com).  Connect  to  the  terminal  server  and  complete  the  configuration   tasks  as  detailed  below  

Drawing  1:  Physical  Topology  

 

Copyright © by IPexpert. All rights reserved.

 

79

CCIE Data Center Lab Preparation Workbook

 

Drawing  2:  Logical  Topology  

Copyright © by IPexpert. All rights reserved.

 

80

CCIE Data Center Lab Preparation Workbook

 

Configuration  tasks   Task  1:  Role  Based  Access  Control  (RBAC)  



Perform  configuration  on  SW1  



Create  a  username  “user1”  with  a  password  of  “User1p@ssw0rd”  



User1  should  only  be  allowed  to  configure  the  following:  



o

VLANs  

o

VLAN Interfaces  

o

Spanning-Tree  

o

First Hop Redundancy Protocols  

You  are   not  allowed  to  configure  these  features  directly  under  the   role  configuration  for   user1



User1  is  only  allowed  to  configure  interfaces  Ethernet3/1  through  Ethernet3/10  



Configure  username  “user2”  with  password  “User2User2”  



User2  is  not  allowed  to  change  configuration,  but  is  allowed  to  verify  everything  related  to   o

Access Lists  

o

Routing protocols  

o

Licensing  



You   are   not   allowed   to   configure   individual   routing-protocols   or   configure   a   new   feature-group  for  user2



User2 can  only  configure  Layer  3  protocols  in  VRF  “VPN1”,  “VPN2”  and  “VPN3”  



Configure  username  “maintenance”  with  password  “MainTenanc3”  



User   maintenance   should   only   be   allowed   to   configure   management   protocols   and   upgrade  software  



Username   “storage-admin”   with   password   “st0rage-@Dmin”   is   allowed   to   configure   Fibre Channel  related  configurations  



Username  “nocuser”  with  password  “NOCus3r”  and  a   role-­‐name  of  “NOC”  is  allowed  to   execute  all  show  and  is  allowed  to  issue  a  Telnet  or  SSH  from  the  CLI  



Ensure  all  switches  share  a  common  role  configuration  

Copyright © by IPexpert. All rights reserved.

 

81

CCIE Data Center Lab Preparation Workbook

 

  Task  2:  Traffic  monitoring  



Regulations  determine  that  all  traffic  entering  SW1  through  the  port-­‐channels  connecting  to   SW2  and  SW3  should  be  monitored,  but  only  for  VLAN 50  and  99.  



Traffic  should  be  directed  to  a  monitoring  server  connected  to  Ethernet3/19. VLAN  tags   should  be  retained.



Ensure  the   MTU  size  for  the  monitoring  is  consistent  at   1100   bytes,  no  matter  what  the   MTU  of  the  source  packet  is  



An   interface   on   a   third   party   switch   is   being   monitored,   but   the   monitoring   server   is   connected  to  Ethernet3/20  on  SW1.  Use  a  Layer 2  transportation  to  pick  up  this  traffic.   Use VLAN 601  for  this  task.  



Interface   Ethernet1/17   on   SW2   should   be   monitored,   but   the   monitoring   server   is   connected  to  Ethernet3/17  on  SW3.  Use  a  Layer 3  transportation  to  accomplish  this.  



Ensure  this   Layer 3  monitoring  traffic  receives  a   high priority  treatment  throughout   the  network  



Use  the  finest  granularity  possible  for  the Layer 3  monitoring  session.      

Task  3:  NetFlow  



Use   SW1   for   this   task.   The   port-­‐channels   to   the   other   switches   should   be   used   for   collecting   information  



Create  a  flow  record  based  on  the  IPv4 source and  destination  IP  address    



Ensure  the  flow ID  is  captured  and  the  pps  (packets per second)  64-bit  counter  



This  information  should  be  exported  to  the  server  with  IP  address  of  172.16.100.109  



Ensure  that  5  out  of  150  packets  are  sampled  that  enter  the  port-­‐channels  of  SW1



Ensure  that  it’s  possible  for  Layer 2  fields  to  be  exported  to  the  flow  server    

Task  4:  Management  protocols  



Ensure  the  management  server  172.16.100.110  receives  version 2c traps  from  SW1  

Copyright © by IPexpert. All rights reserved.

 

82

CCIE Data Center Lab Preparation Workbook

 



This   server   should   also   be   able   to   read   information   from   SW1   while   using   a   classical   community  string  of  ‘IPexpert’  



Configure  your  name  and  current  location  on  SW1  



Ensure  that  SW1  does  not  accept  SNMPv3  unencrypted  requests    



User  ‘version3’  with  password  ‘version3password’  should  be  able  to  access   SW1  using   SNMP version 3  



Ensure  that  the  version3  user  has  the  same  rights  as  the  storage-admin  user  



The  Telnet and SSH  sessions  should  see  Informational  messages  



Debugging  messages  should  be  visible  in  a  separate  logfile  



Ensure  logfiles  are  using  the  most  precise  timestamps  



Logging   up   to   Notifications   level   should   be   sent   to   172.16.100.110   with   a   facility  of  local3  



SW1  should  be  synching  it’s  time  to  SW2  and  SW3  



SW1  is  a  stratum 1  clock  



Devices  other  than  SW2  and  SW3  should  not  be  able  to  synchronize  time  with  SW1  



Ensure  all  time  synchronization  is  secured  via  a  key  of  ‘TimeIPX’  



Set  the  timezone  to  your  current  location  



SW1  should  identify  itself  to  other  Cisco  devices  with  it’s  serial  number  



All  switches  should  send  advertisements  about  themselves  every  10  seconds    



Interface   Ethernet1/10-20   on   SW2   and   SW3   has   devices   connected   that   are   outside   of   your   management   domain.   They   should   not   be   able   to   see   any   information   about   the   devices  that  they  are  connected  to.      

Task  5:  Device  management  



The  current  configuration  of  SW1  should  be  stored  so  it  can  be  re-­‐used    



You   should  be  able  to   compare   differences  with  a  newer  version  of  the  configuration   compared  to  the  now  saved  one  



The   configuration   of   SW1   should   also   be   saved   to   a   TFTP   server   at   IP   address   172.16.100.103  on  a  weekly  basis.  

Copyright © by IPexpert. All rights reserved.

 

83

CCIE Data Center Lab Preparation Workbook

 



This  saving  should  be  done  every  Sunday  night  at 10PM  (22:00).  



Ensure  the  hostname  and  the  date  and  time  are  included  in  the  filename  that  is  saved  



Users   logging   in   to   the   switches   should   see   a   message   that   they   are   logging   in   to   the   “IPexpert CCIE Data Center Lab”  



Save  a  “show tech-support”  to  the  flash  and  compress  the  file  by  creating  the  zip  file   manually.  



Also   save   a   “show compressed  



Both  outputs  should  be  saved  in  a  compressed  Tar  file  

interfaces”   output   to   flash   and   let   this   be   automatically  

  Task  6:  Smart  Call  Home  and  GOLD  



During  boot-up  all  switches  should  run  the  maximum  level  of  diagnostics  



SW1   should   generate   a   message   towards   the   on-­‐call   support   engineer   when   a   critical   issue  occurs.  



Do  not  use  an  existing  profile  



This   message   should   be   sent   to   [email protected]   via   the   mail   server   mail.ciscocallhome.com.    



You  can  use  172.16.100.111  as  the  server  to  resolve  names.  



The  sender  of  the  message  should  be  your  name  and  e-­‐mail  



All  urgency  levels  and  any  size  should  be  sent  



Send  periodic  inventory  notifications  every  day  to  [email protected]  



SW1  is  the  core  switch  and  an  important  switch.  Ensure  this  is  noticed  in  the  messages.  



Cisco TAC   should   receive   XML   messages   via   e-­‐mail   ([email protected])   and  directly  via  HTTP.    



You   are   allowed   to   create   one   additional   destination profile   for   the   previous   question        

Copyright © by IPexpert. All rights reserved.

 

84

CCIE Data Center Lab Preparation Workbook

 

  Chapter  10:  Data   Center  Unified   Computing   Networking     Chapter  10:  Data  Center  Unified  Computing  Networking  is  intended  to  let  you  be  familiar  with  the   Networking  features  which  are  available  on  the  Unified  Computing  platform.  You  will  be  configuring   VLANs,  Port-­‐Channels,  switch  modes,  PIN  groups  and  Polices  related  to  the  Networking  features  of  the   UCS  system.   We  highly  recommend  creating  your  own  diagram  at  the  beginning  of  each  lab  so  you  are  able  to  draw   on  your  own  diagram,  making  it  much  easier  when  you  step  into  the  real  lab.   Multiple  topology  drawings  are  available  for  this  chapter.      

Copyright © by IPexpert. All rights reserved.

 

85

CCIE Data Center Lab Preparation Workbook

 

General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     4  hours  

 

Copyright © by IPexpert. All rights reserved.

 

86

CCIE Data Center Lab Preparation Workbook

 

Pre-­‐setup   •

Connect  to  the  Nexus  switches  within  the  topology  



Use  the  central  topology  drawing  at  the  start  of  this  workbook  



The  UCS  system  and  Fabric  Interconnects  start  with  a  blank  configuration  

• This   lab   is   intended   to   be   used   with   online   rack   access   provided   by   our   partner   Proctorlabs   (www.proctorlabs.com).   Connect   to   the   terminal   server   and   complete   the   configuration  tasks  as  detailed  below    

Drawing  1:  Physical  Topology  

 

   

Copyright © by IPexpert. All rights reserved.

 

87

CCIE Data Center Lab Preparation Workbook

 

Configuration  tasks   Task  1:  Initial  set-­‐up  



Ensure   that   the   Fabric   Interconnects   are   able   to   be   managed   with   IP   addresses   172.16.100.6,   .7   and   .8.   The   172.16.100.8   address   should   be   the   Virtual   IP   address  to  manage  the  interconnect  cluster.  



Ensure   the   UCS1   chassis   is   detected.   Interface   1/1   through   1/4   are   used   for   connecting  the  chassis  



The   uplinks   are   connected   to   1/9   and   1/10.   Ensure   these   are   bundled   as   a   single   logical  connection  



Identify  the  port-­‐channels  by  giving  them  easily  rememberable  names  



Ensure   the   Fabric Interconnects   are   easily   found   for   physical   maintenance   by   engineers  



Ensure  the   chassis  and   servers  are  also  given  easy  readable  names  that  are  shown   in  the  Equipment tree    

Task  2:  VLANs  



Create  VLAN 11, 12, 13  and  15  with  only  using  2  create  commands  



Create  VLAN 1  through  10 except 8  on  both  Fabric Interconnects  



VLAN 16  is  the  primary  Private  VLAN  



VLAN 17  is  an  Isolated  VLAN  



Configure   a   VLAN   named   “IPexpertVLAN”   this   VLAN   should   have   number   20   on   Fabric Interconnect A  and  number  21  on  Fabric Interconnect B.        

Task  3:  vNIC  templates  



Ensure  vNICs  on  fabric interconnect A  get  MAC  addresses  assigned  in  the  range   of  00:05:12:AA:00:00  to  00:05:12:AA:00:11    

Copyright © by IPexpert. All rights reserved.

 

88

CCIE Data Center Lab Preparation Workbook

 



Create   a   vNIC   template   for   management   traffic   in   VLAN 10.   This   traffic   should   be   untagged   and   should   automatically   switch   over   between   fabrics.   Ensure   that   after   using  the  template  to  create  a  vNIC  it  does  not  stay  connected  with  it.  



Create   vNIC  templates  with   vNIC#-$-XYZ  where   #  is  the  vNIC  number,   $  is  the  fabric   interconnect  on  which  it’s  active  and  XYZ  is  a  short  description  what  it’s  used  for  



The  first  vNIC  pair  should  be  active  on  fabric interconnect A  and  should  carry  all   VLANs   except   the   Private   VLANs.   This   vNIC   should   be   using   the   new   settings   once   the   template  as  changed  after  the  creation  of  the  vNIC.  



Create  a  redundant  vNIC  on   Fabric Interconnect B  with  the  same  settings  as  the   previous  question.  



Ensure  vNICs  on  fabric interconnect B  get  MAC  addresses  assigned  in  the  range   of  00:05:12:BB:00:00  to 00:05:12:BB:00:22  



The  second  vNIC  template  redundant  pair  should  carry  all  the  Private  VLANs  and  should   be  offered  with  2  paths  to  the  host  over  different  fabrics  



Create  a  third  vNIC  which  is  active  on  fabric B  and  has  VLAN 11,12  and  13  enabled.   Frames  without  a  tag  should  be  assigned  to  VLAN 10.  



Ensure  the  third  vNIC  is  able  to  support  Jumbo  frames      

Task  4:  Policies  and  pin  groups  



Ensure  the  first  redundant  vNIC  pair  allows  CDP  traffic  



Ensure  the  second  redundant  vNIC  pair  will  not  go  down  in  case  of  an  uplink  failure  



Create  a  pin  group  for  each  of  the  Fabric  Interconnects  



Ensure  that  the  management  vNIC  is  connected  to  the  uplink  of  FI1-B      

Task  5:  Quality  of  Service  



The   Private   VLAN   traffic   should   get   a   higher   priority   treatment   throughout   the   UCS   system  



The   system   needs   to   differentiate   between   3   QoS   classes   and   a   class   for   FCoE   traffic.   Divide  traffic  evenly  across  the  3  classes  

Copyright © by IPexpert. All rights reserved.

 

89

CCIE Data Center Lab Preparation Workbook

 



Traffic   entering   on   the   third   vNIC   marked   with   802.1p   bits   should   be   trusted   in   the   UCS  system  



Ensure  traffic  on  the  management  vNIC  will  never  use  more  than  95Mbps  of  bandwidth  



All  classes  should  support  Jumbo  frames      

Task  6:  Disjoint  Layer  2  

• Create  additional  uplinks  for  Fabric A  and  Fabric B  using  ports  1/11  and  1/12 •

Create  VLANs 100  to  110  on  the  UCS  system  



All   even   VLANs   of   this   range   should   use   Uplink1/11 Uplink1/12 on Fabric B  

on

Fabric

A

and



All   odd   VLANs   of   this   range   should   use   Uplink1/12 Uplink1/11 on Fabric B  

on

Fabric

A

and



Ensure   vNICs   are   having   access   to   these   VLANs   while   maintaining   the   dispersion   between  uplinks  without  using  pin  groups      

Task  7:  Switch  mode  

Convert  the  Fabric Interconnect  cluster  to  switching  mode   Ensure  all  VLANs,  templates,  policies  and  settings  are  equal  to  the  previous  tasks                  

Copyright © by IPexpert. All rights reserved.

 

90

CCIE Data Center Lab Preparation Workbook

 

  Chapter  11:  Data   Center  Unified   Computing  Storage     Chapter  11:  Data  Center  Unified  Computing  Storage  is  intended  to  let  you  be  familiar  with  the  Storage   features  that  are  available  on  the  Unified  Computing  platform.  You  will  be  configuring  VSANs,  FCoE   features,  Quality  of  Service,  SAN  pinning  and  many  more  features     We  highly  recommend  creating  your  own  diagram  at  the  beginning  of  each  lab  so  you  are  able  to  draw   on  your  own  diagram,  making  it  much  easier  when  you  step  into  the  real  lab.   Multiple  topology  drawings  are  available  for  this  chapter.            

Copyright © by IPexpert. All rights reserved.

 

91

CCIE Data Center Lab Preparation Workbook

  General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     4  hours  

Copyright © by IPexpert. All rights reserved.

 

92

CCIE Data Center Lab Preparation Workbook

  Pre-­‐setup  

• Connect  to  the  Nexus  switches  within  the  topology   • Use  the  central  topology  drawing  at  the  start  of  this  workbook   • The  UCS  system  and  Fabric  Interconnects  use  the  configuration  of  the  previous  chapter  as  are   the  MDS  switches   • This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor  Labs   (www.proctorlabs.com).  Connect  to  the  terminal  server  and  complete  the  configuration  tasks   as  detailed  below     Drawing  1:  Physical  Topology  

Copyright © by IPexpert. All rights reserved.

 

93

CCIE Data Center Lab Preparation Workbook

  Configuration  tasks  

Task  1:  Initial  set-­‐up   •

Ensure   you   keep   the   configuration   of   the   previous   chapter   for   the   UCS system   and   the   Nexus  switches.  



Give  the  MDS  switches  in  the  topology  the  following  hostnames:  MDS1,  MDS2.  Configure  the   default  username  and  password  according  to  the  generic  lab  topology  



Ensure   that   they   can   be   reached   through   the   management   network   using   IP   addresses   in   the  range  as  stated  in  the  initial  set-­‐up  information  at  the  beginning  of  the  workbook.  Use   Host  IP  addresses  of  172.16.100.9  and  172.16.100.10



Enable   the   ISL   links   between   the   MDS   switches   on   fc1/1   through   fc1/4   and   trunk   all   VSANs.

• • •

Configure   the   JBOD   interfaces   fc1/5   and   fc1/6   so   FLOGI’s   are   seen   from   the   JBOD   into   the  FC  Fabric   The   MDS   switches   should   support   Fabric

Interconnects  

Logins   from   the   UCS

Fabric

Configure  the  interfaces  to  the   Fabric Interconnects  to  support  the   UCS  system.  The   UCS  Fabric Interconnects  are  connected  to  interfaces  fc1/9  on  the  MDS  switches  

 

Task  2:  VSANs   •

Create   a   VSAN   with   an   ID   of   301.   The   VLAN   connected   to   it   should   use   an   ID   of   1000+VSANID.    



VSAN 301  should  be  available  on  both  Fabrics.  



Hosts   in   VSAN 301   should   be   able   to   communicate   with   each   other   without   any   other   zoning  changes  



Create  VSAN 302  on  Fabric A  and  VSAN 303  on  Fabric B  with  matching  VLAN  IDs.    



This  VSAN  should  be  named  “SecondVSAN”.  



Create  all  these  VSANs  on  both  MDS  switches  

      Copyright © by IPexpert. All rights reserved.

 

94

CCIE Data Center Lab Preparation Workbook

 

Task  3:  Fibre  Channel  Trunks  and  Port  Channels   •

Ensure  that  all  created  VSANs  are  transported  across  the  FC Uplinks



Interface   32   on   both   Fabric Interconnects   should   become   a   native   Fibre   Channel   interface



Use  fc1/32  as  the  connection  to  the  MDS  switches  on  both  Fabric Interconnects  



In  the  near  future  the  FC  connection  to  the  MDS  switches  will  be  expanded.  Ensure  that  this   can   be   done   without   any   downtime   by   inserting   a   physical   connection   in   a   single   logical  connection.  



Ensure  the  MDS  switch  is  aware  of  this  change  

 

Task  4:  Pools   •

Ensure   vHBAs   on   fabric interconnect A   get   WWPNs   assigned   in   the   range   of   20:11:00:05:12:AA:00:00  to  20:11:00:05:12:AA:00:11



Ensure   vHBAs   on   fabric interconnect B   get   WWPNs   assigned   in   the   range   of   20:22:00:05:12:BB:00:00  to 20:22:00:05:12:BB:00:22



WWNNs  should  be  generated  in  the  same  range  except  with  a  prefix  of  20:88:



iSCSI Qualified Names   should   be   generated   with   the   following   format:   iqn.initiator.iscsi-boot-ipexpert:1  through  :25



iSCSI   interfaces   should   get   IP   addresses   assigned   in   the   range   of   198.18.200.10/24   through  198.18.200.35  with  a  default  gateway  of  198.18.200.254.    



The   iSCSI   name   resolving   should   be   done   against   198.18.254.254   and   198.18.254.253  

 

Task  5:  vHBA  templates   •

Create  vHBA  templates  connecting  to  VSAN 301  on  both  fabrics.    



The   VSAN 301   vHBAs  should  be  created  using  a  method  that  only  the  template  is  used  to   create  the  vHBA  and  after  that  it’s  disconnected  from  the  template.  



Create  vHBA  templates  connecting  to  VSAN  “SecondVSAN”  on  Fabric A  and  B.  



The   template   should   only   be   used   for   initially   creating   the   vHBA,   after   the   creation   changes   to  the  template  should  not  be  propagated  to  the   vHBA,  but  it  should  always  be  possible  to   re-­‐connect  it  again  to  have  changes  assigned  to  the  vHBA  from  the  template.  

Copyright © by IPexpert. All rights reserved.

 

95

CCIE Data Center Lab Preparation Workbook

 



The   “SecondVSAN”   templates   should   always   be   assigned   to   the   FC   forwarding   class.   Bandwidth  should  be  limited  to  100MBps.  



Create  another  vHBA  template  for  VSAN 304  on  Fabric B.  You  are  not  allowed  to  leave   the  vHBA  Template  wizard  for  this  task  



Ensure  vHBA’s  are  assigned  with  the  correct  WWN’s  according  to  the  previous  task  

   

Task  6:  SAN  Pinning  and  Storage  Policies   •

Create  a  pin  group  for  each  of  the  Fabric  Interconnects  



Ensure  that  second  vHBA  is  connected  to  the  uplink  of  FI1-B  



Create  a  policy  so  the  vHBA’s  are  using  best  practices  for  VMware  servers.  This  special  policy   should  support  up  to  512  LUNs  per FC target  



This  policy  should  also  allow  for  maximum  FLOGI  and  PLOGI retries  



Ring  Sizes  should  be  128  for  Transmit,  Receive  and  SCSI  queues  

 

Task  7:  Fibre  Channel  Boot  policies   •

Create  a  policy  so  that  a  server  is  able  to  boot  from  vHBA’s  in  VSAN 301.  



Before  the  server  boots  from  SAN,  it  should  try  to  boot  from  an  ISO  image  mounted  to  the   KVM  session.  



Ensure  that  the  server  will  still  boot  when  one  fabric  is  not  available.    



When   both   Fabrics   are   operational,   the   server   should   select   Fabric A.   You   can   assume   that  the  vHBA  of  Fabric A  has  a  lower  PCIe  bus  scan  order.  



Use  WWPN: 20:01:00:AA:BB:CC:DD:EE,  LUN 20  as  the  target  on  Fabric A  



On  Fabric B  the  WWPN  for  the  boot  disk  is:  20:01:00:EE:DD:CC:BB:AA,  LUN 21  



Create  another  policy  for  a  server  to  boot  from  VSAN 304.  



VSAN 304   has   2   boot   disks   available   for   failover.   Both   are   using   the   same   WWPN   as   the   previous  policy,  except  they  are  using  LUN 5  for  both  targets.  

    Copyright © by IPexpert. All rights reserved.

 

96

CCIE Data Center Lab Preparation Workbook

 

Task  8:  iSCSI  Boot  policies   •

When   the   Fibre Channel fabric   is   completely   down   the   servers   using   VSAN 301   should  still  be  able  to  access  their  boot  disks  through  the  use  of  the  iSCSI  protocol  



You  do  not  need  to  configure  the  MDS  switch  for  this  task,  assume  this  is  pre-­‐configured  



The   names   of   the   iSCSI   vNICs   that   will   be   created   in   the   service   profile   are   “iSCSIvNIC1”  and  “iSCSIvNIC2”  



The   iSCSI Targets  should  be  authenticated  with  a  username  of  “IPexpertISCSI”  and   a  password  of  “iSCSIstorage”  



The  iSCSI vNICs  should  have  TCP  Timestamps  enabled  and  the  connection  should  time-­‐ out  after  30  seconds  

 

Task  9:  Local  Disk  policies   •

When   blades   are   equipped   with   local   disks   they   should   get   a   protected   configuration   so  at  least  1  disk  is  able  to  fail  in  the  configuration.  



Create   one   additional   policy   that   when   the   policy   is   applied   to   a   blade   where   the   local   disks  are  already  configured  that  this  is  overwritten  with  the  new  configuration  



Create  a  policy  so  that  when  a   service   profile  is  disassociated  from  a  blade  the  disks   are  formatted  and  settings  in  the  BIOS  are  set  to  default  

                        Copyright © by IPexpert. All rights reserved.

 

97

CCIE Data Center Lab Preparation Workbook

 

  Chapter  12:  Data   Center  Unified   Computing  Servers   and  Blades     Chapter  12:  Data  Center  Unified  Computing  Servers  and  Blades  is  intended  to  let  you  be  familiar  with   the  primary  features  of  the  Unified  Computing  System.  In  this  lab  we  will  be  configuring  all  settings   related  to  compute  blades  and  servers.  This  means  we  will  be  configuring  service  profiles,  templates  and   policies  related  to  the  compute  nodes.   We  highly  recommend  creating  your  own  diagram  at  the  beginning  of  each  lab  so  you  are  able  to  draw   on  your  own  diagram,  making  it  much  easier  when  you  step  into  the  real  lab.   Multiple  topology  drawings  are  available  for  this  chapter.      

Copyright © by IPexpert. All rights reserved.

 

98

CCIE Data Center Lab Preparation Workbook

  General  Rules   •

Try  to  diagram  out  the  task.  Draw  your  own  connections  the  way  you  like  it  



Create  a  checklist  to  aid  as  you  work  thru  the  lab  



Take  a  very  close  read  of  the  tasks  to  ensure  you  don’t  miss  any  points  during  grading!    



Take  your  time.  This  is  not  a  Mock  Lab,  so  no  time  constraints  are  in  place  for  finishing  this   particular  chapter  

Estimated  Time  to  Complete:  

     4  hours  

Copyright © by IPexpert. All rights reserved.

 

99

CCIE Data Center Lab Preparation Workbook

  Pre-­‐setup  

• Connect  to  the  Nexus  switches  within  the  topology   • Use  the  central  topology  drawing  at  the  start  of  this  workbook   • The  UCS  system  and  Fabric  Interconnects  use  the  configuration  of  the  previous  chapter  as  are   the  MDS  switches  and  Nexus  switches   • This  lab  is  intended  to  be  used  with  online  rack  access  provided  by  our  partner  Proctor  Labs   (www.proctorlabs.com).  Connect  to  the  terminal  server  and  complete  the  configuration  tasks   as  detailed  below   Drawing  1:  Physical  Topology  

Copyright © by IPexpert. All rights reserved.

 

100

CCIE Data Center Lab Preparation Workbook

 

Configuration  tasks   Task  1:  Server  pools   •

Ensure   you   keep   the   configuration   of   the   previous   chapter   for   the   UCS system,   the   Nexus   switches  and  the  MDS  switches.  



Combine  blades  on  the  left  side  of  the  chassis  in  a  pool  named  “LEFT”  



Create  an  automatic  classification  of  compute  nodes  so  all  blades  with  48GB  of  RAM  are  set   together  inside  a  pool  called  “48GB”  



Create  a  classification  so  all  blades  with  a  Cisco  VIC  card  will  be  combined  in  a  pool  called   “VIC”  



Ensure  that  all  servers  are  placed  inside  a  pool  “IPexpertServers”    

Task  2:  UUID  pools   •

Servers  should  get  an  Identifier  assigned  through  the  use  of  a  pool.  The  prefix  should  be   automatically  generated  by  the  UCS  Manager.    



The  pool  should  be  called  “IPexpertIDs”  and  consist  of  a  size  of  32  identifiers.    



The  suffix  should  start  with  “7442-C0FFEE”  



Create  a  second  identifier  pool  where  the  identifiers  should  start  with  “01010202-ABCDDEF0-0ABB-AA”,  a  total  of  16  identifiers  should  be  generated.    

Task  3:  Management  IP  addresses   •

Create  an  IP  address  pool  for  addresses 172.16.100.20  up  to  27  with  a  mask  of  /24  and   a  gateway  of  .254



Assign  IP  addresses  to  the  first  2  blades  in  the  chassis  by  using  the  pool  



Assign   static   IP   addresses   to   the   other   2   blades.   Blade 3   should   have   an   IP   address   of   172.16.100.28  and  blade 4  an  IP  address  of  172.16.100.29



The  other  addresses  in  the  pool  are  used  during  the  creation  of  service  profiles        

Copyright © by IPexpert. All rights reserved.

 

101

CCIE Data Center Lab Preparation Workbook

 

Task  4:  Server  policies   •

Create  a  policy  so  the  settings  of  the  blade  are  set  to  the  following  parameters:   o

Quiet  boot  is  enabled  

o

Server  is  reset  after  a  power  loss  

o The  front  panel  should  be  locked  out   o

Hyper  threading  is  enabled  

o

Virtualization  support  is  enabled  

o

CPU performance  is  set  to  enterprise  

o Server  should  be  secured  by  a  hardware  feature  to  prevent  viruses  and  malicious  code   to  be  executed   o

Serial  port  is  disabled  

o

RAID  controller  is  enabled  

o The  server  should  be  powered  off  when  the  OS  is  not  booted  after  20  minutes   •

Create   a   policy   so   that   changes   are   only   applied   to   the   servers   after   an   acknowledgement   by  the  user  



Create  a  policy  so  SoL  is  enabled  with  a  speed  of  19200



Create  a  policy  for  SoL  users  with  a  username  of  IPexpert  and  a  password  of  IPexpert  

Task  5:  Service  Profile  Templates   •

Create  a  template  called  “SP_template1”  to  give  a  server  state  information  which  keeps   connected  to  the  profile  when  it’s  deployed.  



Ensure  UUIDs  are  assigned  from  the  pool  “IPexpertIDs”  



The  World Wide Node Name  should  be  assigned  using  the  pre-­‐configured  pool  



The  disks  inside  the  blade  should  be  configured  with  a   RAID 1  configuration  which  is  not   overwritten  if  a  current  configuration  is  in  place  



Redundant  vHBA’s  should  be  created  to  support  boot  from  VSAN  301  



Ensure  correct  WWPNs  are  assigned  



The  custom  created  VMware  adapter  policy  should  be  used  

Copyright © by IPexpert. All rights reserved.

 

102

CCIE Data Center Lab Preparation Workbook

 



Pick  names  for  the  vHBA  so  the  created  boot  policy  will  work  without  changes  



Create  vNICs  for  management  and  2  for  data  traffic.  The  Data  vNICs  should  be  redundant   with  2  active  paths  across  fabrics  where  the  management  should  be  protected.  



Ensure  the  vNICs  are  created  with  optimized  settings  for  VMware  



All  vNICs  and  vHBAs  should  be  based  on  templates  



Leave  placement  of  vNICs  and  vHBAs  to  the  system  



Configure   the   system   to   boot   from   SAN   in   VSAN 301 based   on   a   previously   configured   template.  



The   user   should   confirm   changes   that   require   a   reboot.   Again   this   should   be   based   on   a   previously  configured  policy  



Servers  should  be  automatically  booted  up  when  this  template  is  deployed  to  a  server  



No  servers  need  to  be  assigned  now  



Servers  need  to  be  powered  on  after  this  template  is  applied  as  service  profile  



Ensure  BIOS  settings  are  applied  according  to  the  policy  created  in  Task 4  



Enable   Serial over LAN   with   a   speed   of   19200bps   without   configuring   this   speed   directly  in  the  service profile  



Users  accessing  the  Serial over LAN  feature  require  to  use  a  username  and  password  of   “IPexpert”  



The  Management IP address  of  this  service  profile  should  be  coming  from  the  previously   configured  IP  address  pool  



Hard Disks   should   not   be   erased   when   the   service profile   is   removed   from   the   blade.  Create  a  new  policy  to  support  this  configuration  called  “NO_SCRUB”  

 

Task  6:  Service  Profiles   •

Assign   the   previously   created   template   to   all   servers   while   using   the   server   pool   containing  all  the  blades  in  the  chassis  



You  are  not  allowed  to  configure  the  pool  under  the  template  configuration  



Use  a  prefix  of  “UCS1-SP”  for  naming  of  the  service  profiles    

  Copyright © by IPexpert. All rights reserved.

 

103

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF