Sie sind auf Seite 1von 11

1

Topology

SECTION 1 : NEXUS ( 38 Marks )


DC-1:
Assign interfaces to VDCs based on the interface allocation table.
DC1N7K3
Interface
Interface
DC1N7K4
Interface
Interface

Ethernet 3/17-25
Ethernet 4/17-25
Ethernet 3/26-34
Ethernet 4/26-34

A: Layer 2
Create VLANs in DC-1 devices as per the table
VLAN Number
30
40
50
70
80
90
Switches
DC1-N7K-1
DC1-N7K-3
DC1-N7K-4

VLAN Name
iSCSI
ESXi-MGMT
DMZ
VM-DATA
DCI_SITE
DCI_EXTEND
VLANS

80,90
30,40,50,70,80,90
30,40,50,70

B: Layer 3
Assign IP Address to the DC1N7K3, DC1N7K4 interfaces as per the table.
Switch
DC1N7K3
DC1N7K3

Interfaces
Loopback 0
VLAN 30

IP Address
10.0.1.3
10.1.30.129

DC1N7K3

VLAN 40

10.1.40.3

DC1N7K3

Ethernet 4/24

10.10.3.1

DC1N7K4

Loopback 0

10.0.1.4

DC1N7K4
DC1N7K4
DC1N7K4

VLAN 30
VLAN 40
Ethernet 4/26

10.1.30.130
10.1.40.4
10.10.4.1

Subnet Mask
255.255.255
.255
255.255.255
.128
255.255.255
.0
255.255.255
.252
255.255.255
.255
255.255.255
.128
255.255.255
.0
255.255.255

3
.252

Core Network is already configured.


Configure OSPF area 1 on Layer 3 links from DC1-N7K-3 and DC1-N7K-4
towards backbone.
Router ID for OSPF process should be loopback 0 only.
Physical interface should not participate in the DR-BDR election process.
The MTU of the physical interface need to be 9100.
Advertise loopback 0 on both the switches in OSPF area 1.
Advertise VLAN 30 and Interface VLAN 40 on both the switches in OSPF area
1.

C: STP Root Bridge


Configure DC1-N7K-3 as root for all VLANs. You are not allowed to change VLAN
priority on any switch to achieve this task.

D: DMZ

Configure DMZ links from DC1N7K3 (3/18), DC1N7K4 (3/26) to the Fabric
Interconnects.
Allow trunking for VLAN 50 only.
Ensure that the Nexus 7K DMZ Ports do not listen/learn STP BPDUs.
Configure Speed of these links as 1 GB.
These ports should come up after the UCS configuration.

E: Virtual Port Channel

Configure port Channel 100 on Trunk links between DC1-N7K-3 and DC1-N7K-4
and also use Bridge assurance.
Configure jumbo frame support on it.
Prune VLAN 50 , 80 ,90 from it.
Create Multi-Chassis link aggregation Groups on DC1-N7K-3 and DC1-N7K-4.
Use port channel 100 as Peer-link.
You are not allowed to add any L2 or L3 connection.
You may use any Domain ID.
Make sure DC1-N7k-3 is the primary VPC.
Make sure UCS will not become primary for LACP.
Configure E4/19 , E4/28 as port channel 10 towards FI-A.
Allow VLANs 30 , 40 , 70 on port-channel 10
Configure E4/20, E4/29 as port-channel 20 towards FI-B.
Allow VLANs 30 , 40 ,70 on port-channel 20.
Both Port-Channel need to support Jumbo Frame.

F: Gateway Fault Tolerance & Redundancy

Configure HSRP on DC1-N7K-3 & DC1-N7K-4 as per following table

Switch
DC1N7K
3
DC1N7K
3
DC1N7K
4
DC1N7K
4

VLAN
VLAN
30
VLAN
40
VLAN
30
VLAN
40

HSRP
Group
0
0
0
0

IP
Address
10.1.30.
254
10.1.40.
254
10.1.30.
254
10.1.40.
254

If DC1-N7K-4 comes online before DC1-N7K-3 , you need to make sure DC1N7K-3 becomes the Active
Make Sure that DC1-N7K-3 will be primary as soon as HSRP goes up for VLAN
30 & 40.

DC-2:
Assign interfaces to VDCs based on the interface allocation table.
DC2N7K3
Interface
Interface
DC2N7K4
Interface
Interface

Ethernet 3/17-25
Ethernet 4/17-25
Ethernet 3/26-34
Ethernet 4/26-34

A: Layer 2
Create VLANs in DC-2 devices as per the table.
VLAN Number
31
41
80
90
Switches
DC2-N7K-1
DC2-N7K-3
DC2-N7K-4
DC2-N5K-1
DC2-N5K-2

VLAN Name
FP_VLAN1
FP_VLAN2
DCI_SITE
DCI-EXTEND
VLANS

80,90
31,41,80,90
31,41
31,41
31,41

Create FP VLAN 31,41 on DC2N7K3, DC2N7K4, DC2N5K1 & DC2N5K2.


Configure FP Links on DC2N7K3, DC2N7K4, DC2N5K1 & DC2N5K2
Configure DC2N7K3 to be the root for tree 1, DC2N7K4 to be the root for
tree 2.

Configure DC2-N7k-3, DC-3-N7K4 as spine switch N5k1, and N5K2 as leaf


switch.
Configure Fabric-path SwitchID as per table.
Switch
DC2-N7K-3
DC2-N7K-4
DC2-N5K-1
DC2-N5K-2

FP Switch ID
30
40
300
400

B: Layer-3
Assign IP Address to the DC1N7K3, DC1N7K4 interfaces as per the table.
Switch
DC2N7K3
DC2N7K3

Loopback 0
VLAN 31

IP Address
10.0.2.3
10.1.31.129

DC2N7K3

VLAN 41

10.1.41.3

DC2N7K3

Ethernet 4/24

10.20.3.1

DC2N7K4

Loopback 0

10.0.2.4

DC2N7K4

Interfaces

VLAN 31

DC2N7K4

VLAN 41

DC2N7K4

Ethernet 4/26

10.1.31.130
10.1.41.4
10.20.4.1

Subnetmask
255.255.255
.255
255.255.255
.128
255.255.255
.0
255.255.255
.252
255.255.255
.255
255.255.255
.128
255.255.255
.0
255.255.255
.252

Core Network is already configured.


Configure OSPF area 2 on Layer 3 links from DC2-N7K-3 and DC2-N7K-4
towards backbone.
Router ID for OSPF process should be loopback 0 only.
Physical interface should not participate in the DR-BDR election process.
The MTU of the physical interface need to be 9100.
Advertise loopback 0 on both the switches in OSPF area 2.
Advertise VLAN 31 and Interface VLAN 41 on both the switches in OSPF area
2.

C: Gateway Fault Tolerance & Redundancy

Configure VRRP on DC2-N7K-3 & DC2-N7K-4 as per following table

Switch
DC2N7K3
DC2N7K3
DC2N7K4
DC2N7K4

VLAN
VLAN
31
VLAN
41
VLAN
31
VLAN
41

VRRP Group

IP Address

10.1.31.254

10.1.41.254

10.1.31.254

10.1.41.254

Make sure DC2-N7K3 is the primary for VRRP group.


Make Sure that DC2-N7K-3 will be primary as soon as VRRP goes up

D: Virtual Port Channel (VPC+)

Configure VPC peers using DC2N5K1 and DC2N5K2.


Configure active portchannel 200 between 5k1 & 5K2 & make it a peer link.
Make sure DC2N5k1 configuration and operate as primary VPC Switch.
Create Port Channel 103 and 104 towards FEX.
Create VPC to FEX103 & FEX104
You may use any domain ID & SwitchID.
Ensure the LED on the FEX starts blinking for identification of the FEX inside a
rack.
Configure Static port-channel 2000 towards the server using port 1/20 of each
FEX.
Allow only VLAN 31 & 41 on it.
The server does not support LACP.
When the port comes up it need to be in forwarding state immediately.

E: Overlay Transport Virtualization

Create L2 Trunk interface between DC1N7K1 & DC1N7K3, enable VLAN


80,90 on this trunk.
Create L2 Trunk interface between DC2N7K1 & DC2N7K3, enable VLAN
80,90 on this trunk.

Assign IP Addresses as per the table.


Switch

Interfaces

IP Address

DC1N7K1

Loopback 0

10.0.1.2

DC1N7K1

Ethernet 4/5

10.1.4.1

DC1N7K3

Ethernet 4/25

10.1.4.2

DC1N7K3

Vlan 90

10.1.90.1

DC2N7K1

Loopback 0

10.0.2.2

DC2N7K1
DC2N7K3

Ethernet 4/5
Ethernet 4/25

10.1.4.5
10.1.4.6

Subnetmask
255.255.255
.255
255.255.255
.252
255.255.255
.252
255.255.255
.252
255.255.255
.255
255.255.255
.252
255.255.255

DC2N7K3

Vlan 90

10.1.90.2

.252
255.255.255
.252

VLAN 80 is the site VLAN. VLAN 90 is the extended VLAN.


Configure OTV multicast mode.
The RP address is 20.0.0.1
Verify you can ping both side on interface VLAN 90.

SECTION 2 : STORAGE( 20 Marks )


A: MDS

Configure MD1 with 4 links to FI-A and 4 links to FI-B


The 4 links need to be configured as port channel., Po100 and Po200
DC2-N5K1-1 is preconfigured as NPV node & DC2-N5K-2 is neither configured
as NPV or NPIV.
Configure DC2-N5K-1 with 2 links to MDS2 with port channel. Allow only VSAN
1 and 100 on this link. Ensure the interfaces are seen as single connection for
the FSPF protocol. Port ID should be used as 21.
Configure DC2-N5K-2 with 2 links to MDS2 with port channel. Allow only VSAN
1 and 200 on this link. Ensure the interfaces are seen as single connection for
the FSPF protocol. Port ID should be used as 22.

B: FCIP

Configure Interface Gig 3/3-4 between MDS 1 to MDS 2. IP address of the


interface are as follows

ON MDS-1
Gi3/3 : 198.18.69.9 255.255.255.0
Gi3/4 : 198.18.70.9 255.255.255.0
ON MDS-1
Gi3/3 : 198.18.69.11 255.255.255.0
Gi3/4 : 198.18.70.11 255.255.255.0

Configure 2 FCIP connections on this link.


This link should carry VSAN 100 & VSAN 200.
Use FCIP Profile 10 for interface GIG 3/3.
Use FCIP profile 20 for Interface GIG 3/4.
Ensure that FCIP 1 link is preferred for all traffic over FCIP 2.
Configure the FCIP as MTU compliant with FC.

C: FCOE Task

Create a storage VDC DC2N7K2 and allocate interface 3/9-14.


Configure management IP address 10.1.1.2/24 and default gateway
10.1.1.254 for the storage VDC.
Ensure the storage traffic is load balanced using SRCDSTOXID to achieve
the maximum available throughput.
Create port channel 11 from DC2-N7K-2 (E3/9-10) to DC2-N5K1 (E1/4-5).
Create port channel 21 from DC2-N7k-2 (E3/11-12) to DC2-N5k-2 (E1/4-5)
The Link need to run FCOE and with LACP.
The load balance needs to be end to end with SRC-DST-OX-ID.

D: UCSC Series Connectivity

Configure Storage connection from UCSC-2


use VFC 311.
Configure Storage connection from UCSC-2
VFC 20.
Configure Storage connection from UCSC-1
VSAN 100.
Configure Storage connection from UCSC-1
VSAN 200.
Create VFC 320 & 420 for the same.

to storage VDC using VSAN 200 &


to N5K1 using VSAN 100 & use
through FEX103 Interface 1/20 to
through FEX104 interface 1/20 to

SECTION 3 : UCS ( 32 Marks )


A: UCS LAN and SAN tasks

Discover Chassis with 2 or more IOM links


Configure FI with Server Ports, LAN and SAN ports as per the topology
diagram.
Configure DMZ link between Fabric 1 and DC1N7K-3 as well as fabric 2 and
DC1N7K-4 with 1Gb speed
Allow VLAN 50 only on DMZ interface of FIs.
Create portchannel towards Nexus 7K using 2 uplinks on each FI. Allow only
corporate VLANs on it
Use same Port-channel ID as in NEXUS side
Corporate network should include all VLANs except 50.
Configure a portchannel from MDS-1 to Fabric 1 using 4 links. Allow only
VSAN 100 on this portchannel.
Configure a portchannel from MDS-1 to Fabric 2 using 4 links. Allow only
VSAN 200 on this portchannel.
Use same Port-channel ID as in MDS side.

B: UCS server tasks


Configure UUID/MAC/WWNN/WWPN/ IP pools as per table.
UCS Pools
Resources
UUID-Suffix

Pool Name
DC-FI-uuid
DC-FI-wwpna
DC-FI-wwpnb

wwpn (FI-A)
wwpn (FI-b)
wwnn

DC-FI-wwnn

MACs
Management IP
Management
gateway

DC-FI-mac

Start Value
1111000000000001
20:00:00:25:b5:10:
10:01
20:00:00:25:b5:10:
10:0A
20:00:00:25:b5:11:
10:01
00:25:B5:00:00:01
10.1.1.53/24

Quanti
ty
10
4
4
4
32
7

10.1.1.254

Configure VLAN according the table


VLAN Number
30
40
50
70
100
200

VLAN Name
iSCSI
ESXi-MGMT
DMZ
VM_DATA
UCS_FCoE_VLAN_VSA
N100
UCS_FCoE_VLAN_VSA
N200

Configure Service Profile with the name RemoteBoot . Make use of pools that
you configured earlier.
Configure policy that will ensure that the service profile can only be assigned to
blade that have no local disk.
Configure 2 vHBAs first connected to Fabric 1, second to Fabric 2. One HBA
per fabric ( fc0,fc1)
Configure Updating vNIC template vnic-a , vnic-b and allow only corporate
networks. Configure 4 vNICs in the Service Profile bound to the vNIC templates
you created.
Make sure any disruptive change to the service profile requires user
acknowledgement. You are not allowed to create a new policy.
Failover should be transparent to OS.
Name
vNIC Template
name
vNIC Name
vHBA name
Boot Policy

FI-A

FI-B

vnic-a

vnic-b

eth0,eth2
fc0
San-boot-dual

eth1,eth3
fc1

10

Enable CDP on vNIC , dont create new policy.


Configure a Service Profile boot policy with primary and secondary SAN target
containing preinstalled server images.
Storage Object
FI-A FC Target
FI-B FC Target
FC SAN Boot LUN iD

Value
50:00:40:20:02:f4:6a:
45
50:00:40:21:02:f4:6a:
45
1

Associate the service profile with blade 1 and make sure the blade boots up
with the preinstalled ESXi from the SAN.
Create Zones in MDS1 for VSAN 100 and VSAN 200. Zoning should include all
the pooled addresses given in the table and target disk wwpn.
Create a Host Firmware Packages policy for Adapter and BIOS using the latest
version. Do not assign it to any server.
Create a Management Firmware Packages policy using the latest version. Do
not assign it to any server.
Clone the service profile you created, and with minimum configuration changes
assign this service profile to blade 2. Do not power on the server after the
successful assignment.

C: Configure the UCS with LDAP authentication according to the


table.
AD Object
Domain Controller
Bind User
Bind User Password
Base DN
Port
Filter
Group Authorization
Authorization Domain
Name
Group Recursion
Target Attribute
LDAP Provider Group
Name
AD Group
ucsaaa
ucsnetwork

Value
10.1.1.214
CN=ucsbinduser,OU=CiscoUCS,DC=ccie
dc,DC=lab
Cisco
DC=cciedc,DC=lab
389
$AMAccountName=$userid
Enable
ldap-domain
Rescursive
memberOf
ldap-group
UCS Role
aaa
network

SECTION 4 : NEXUS 1000v ( 10 Marks )

Once Remote server boots up you will see a VEM module being added to the
N1K.

11

Go through the N1K configuration and do any changes required so that it is


optimized for the UCS environment .