FL Dcnx7k31 Lg314

DCNX7K
Configuring Cisco Nexus 7000

Switches
Version 3.1
Fast Lane LAB Guide
Version 3.1.4
© 2018 Fast Lane and Cisco Systems, Inc. Fast Lane Lab Guide 3.1.4 1
ATTENTION
The Information contained in this guide is intended for training purposes only. This guide contains information and activities that, while beneficial for
purposes of training in a close, non-production environment, can result in downtime or other severe consequences and therefore are not intended as a
reference guide. This guide is not a technical reference and should not, under any circumstances be used in a production environment. Customers should
refer to the published specifications applicable to specific products for technical information. The information in this guide is distributed AS IS, and the
use of this information or implementation of any recommendations or techniques herein is a customer’s responsibility.
COPYRIGHT
© 2018 Fast Lane GmbH. All rights reserved.

All other brands and product names are trademarks of their respective owners.
No part of this book covered by copyright may be reproduced in any form or by any means (graphic, electronic, or mechanical, including photocopying,
recording, taping, or storage in an electronic retrieval system) without prior written permission of the copyright owner.
Fast Lane reserves the right to change any products described herein at any time and without notice. Fast Lane assumes no responsibility or liability arising
from the use of products or materials described herein, except as expressly agreed to in writing by Fast Lane. The use or purchase of this product or
materials does not convey a license under any patent rights, trademark rights, or any other intellectual property rights of Fast Lane product described in
this manual may be protected by one or more patents, foreign patents, or pending applications.
2 Cisco Data Center Configuring Nexus 7000 Switches (DCNX7K) 3.1

Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
n Guided Lab 1: Cisco Nexus 7000 Platform Discovery
n Guided Lab 2: Configuring User Management
n Guided Lab 3: Configuring System Management
n Guided Lab 4: Configuring Troubleshooting Features
n Guided Lab 5: Configuring Layer 2 Switching
n Guided Lab 6: Configuring vPC
n Guided Lab 7: Configuring Cisco FabricPath
n Guided Lab 8: Troubleshooting vPCs and Cisco FabricPath
n Guided Lab 9: Configuring Layer 3 Switching
n Guided Lab 10: Configuring FHRP (Optional)
n Guided Lab 11: Configuring MPLS
n Guided Lab 12: Configuring Cisco OTV
n Guided Lab 13: Implementing VXLAN Bridging on the Nexus 7000
n Guided Lab 14: Configuring LISP
n Guided Lab 15: Configuring FCoE
n Guided Lab 16: Configuring Security Features (Optional)
n Guided Lab 17: Configuring QoS (Optional)
n Guided Lab 18: Using Cisco Nexus 7000 Series Switch NX-API
Configuring Cisco Nexus 7000 Switches ............................................................................. 1
Overview ......................................................................................................................................... 3
Outline ....................................................................................................................................................... 3
Job Aids..................................................................................................................................................... 8
Laboratory Topology ................................................................................................................................. 8
Lab Connections ....................................................................................................................................... 9
Lab IP Address Plan................................................................................................................................ 12
Lab 0: Accessing the Remote Lab Environment ....................................................................... 13
Activity Objective ..................................................................................................................................... 13
Lab Topology........................................................................................................................................... 13
Task 1: Connect to the Remote Lab Environment .................................................................................. 14
Device Credentials .................................................................................................................................. 17
Guided Lab 1: Cisco Nexus 7000 Platform Discovery .............................................................. 18
Overview ................................................................................................................................................. 18
Visual Objective ....................................................................................................................................... 18
Required Resources................................................................................................................................ 18
Command List (Optional) ........................................................................................................................ 19
Task 1: Management Connectivity .......................................................................................................... 20
Task 2: Validation .................................................................................................................................... 21
Task 3: Interface Configuration ............................................................................................................... 27
Task 4: Layer 3 Connectivity ................................................................................................................... 30
Task 5: Checkpoints and Rollback .......................................................................................................... 32
Guided Lab 2: Configuring User Management .......................................................................... 38
Overview ................................................................................................................................................. 38
Task 2: AAA Server ................................................................................................................................. 40
Task 3: AAA ............................................................................................................................................ 42
Task 4: Users and Roles ......................................................................................................................... 43
Guided Lab 3: Configuring System Management ..................................................................... 46
Overview ................................................................................................................................................. 46
Task 1: Management Connectivity and Preparation ............................................................................... 49
Task 2: Scheduler ................................................................................................................................... 49
Task 3: Cisco (Smart) Call Home ............................................................................................................ 52
Task 4: Cisco Fabric Services (Optional) ................................................................................................ 58
Task 5: Cisco DCNM (Optional) .............................................................................................................. 64
Guided Lab 4: Configuring Troubleshooting Features ............................................................. 73
Overview ................................................................................................................................................. 73
Task 2: RMON ......................................................................................................................................... 75
Task 3: EEM ............................................................................................................................................ 77
Task 4: SPAN .......................................................................................................................................... 80

Guided Lab 5: Configuring Layer 2 Switching .......................................................................... 82
Overview .................................................................................................................................................. 82
Required Resources ................................................................................................................................ 83
Command List .......................................................................................................................................... 83
Task 2: Configure the Cisco Nexus 5000 Switch Interfaces .................................................................... 86
Task 3: Configuring Layer 2 Interfaces and Rapid PVST+ ...................................................................... 87
Task 4: Using STP Enhancements .......................................................................................................... 92
Task 5: Implementing and Verifying MST (optional) ................................................................................ 95
Task 6: Implementing and Verifying Q-in-Q Tunnels (optional) ............................................................. 102
Guided Lab 6: Configuring vPC ................................................................................................ 105
Overview ................................................................................................................................................ 105
Visual Objective ..................................................................................................................................... 105
Required Resources .............................................................................................................................. 105
Command List ........................................................................................................................................ 106
Task 1: Management Connectivity and Preparation .............................................................................. 107
Task 2: Configuring the vPC Domain .................................................................................................... 109
Task 3: Configuring the vPC Keepalive Link ......................................................................................... 110
Task 4: Configure the vPC Peer Link .................................................................................................... 112
Task 5: vPC Configuration and Optimization ......................................................................................... 114
Task 6: vPC Tracking Configuration (Optional) .................................................................................... 119
Guided Lab 7: Configuring Cisco FabricPath ......................................................................... 121
Overview ................................................................................................................................................ 121
Command List ........................................................................................................................................ 122
Task 2: Configure Cisco FabricPath and FabricPath Interfaces and VLANs ......................................... 125
Task 3: Configure vPC+ (Optional) ........................................................................................................ 129
Guided Lab 8: Troubleshooting vPCs and Cisco FabricPath ................................................ 135
Overview ................................................................................................................................................ 135
Task 2: Identify the Problem .................................................................................................................. 137
Task 3: Resolve the Problem ................................................................................................................. 138
Task 4: Troubleshooting Ticket TT2-FP ................................................................................................ 139
Task 5: Identify the Problem .................................................................................................................. 140
Task 6: Resolve the Problem ................................................................................................................. 141
Guided Lab 9: Configuring Layer 3 Switching ........................................................................ 142
Overview ................................................................................................................................................ 142
Command List ........................................................................................................................................ 143
Task 2: Configuring VRF with Static Routing ......................................................................................... 146
Task 3: Configuring VRFs with OSPFv2 ................................................................................................ 149
Task 4: Configuring VRFs and EIGRP .................................................................................................. 153
Task 5: Configuring BGP ....................................................................................................................... 156
Guided Lab 10: Configuring FHRP (Optional) ......................................................................... 159
Overview ............................................................................................................................................... 159
Required Resources.............................................................................................................................. 159
Command List ....................................................................................................................................... 159
Task 1: Management Connectivity and Preparation ............................................................................. 161
Task 2: Configure HSRP ....................................................................................................................... 163
Task 3: Virtual Router Redundancy Protocol ........................................................................................ 165
Task 4: Gateway Load Balancing Protocol ........................................................................................... 168
Guided Lab 11: Configuring MPLS (Optional) ......................................................................... 170
Overview ............................................................................................................................................... 170
Command List ....................................................................................................................................... 171
Task 2: Configure Basic MPLS ............................................................................................................. 174
Task 3: Configure MPLS Layer 3 VPNs ................................................................................................ 177
Task 4: Configure MPLS Traffic Engineering ........................................................................................ 181
Guided Lab 12: Configuring Cisco OTV ................................................................................... 186
Overview ............................................................................................................................................... 186
Command List ....................................................................................................................................... 187
Task 2: Configuring Basic Cisco OTV ................................................................................................... 191
Task 3: Configuring Advanced OTV (Optional) ..................................................................................... 194
Guided Lab 13: Implementing VXLAN ...................................................................................... 197
Overview ............................................................................................................................................... 197
Command List ....................................................................................................................................... 198
Task 2: Implement IP routing ................................................................................................................ 201
Task 3: Configure Multicast on Nexus 7000 Switches .......................................................................... 204
Task 4: Configure VXLAN Bridging ....................................................................................................... 206
Task 5: Configure centralized VXLAN Routing...................................................................................... 211
Guided Lab 14: Configuring LISP (Optional) ........................................................................... 214
Overview ............................................................................................................................................... 214
Command List ....................................................................................................................................... 214
Task 2: Configure LISP ......................................................................................................................... 218
Task 3: Configure LISP VM Mobility ...................................................................................................... 220
Guided Lab 15: Configuring FCoE ............................................................................................ 222
Overview ............................................................................................................................................... 222
Command List ....................................................................................................................................... 223
Task 2: Basic Configuration on the Cisco MDS Switch ......................................................................... 225
Task 3: Configuring FCoE on the Cisco Nexus 5000 Switch ................................................................ 227

Guided Lab 16: Configuring Security Features (Optional) ..................................................... 232
Overview ................................................................................................................................................ 232
Command List ........................................................................................................................................ 233
Task 2: Configuring ACLs ...................................................................................................................... 236
Task 3: Configuring Port Security .......................................................................................................... 240
Task 4: Configuring Traffic Storm Control ............................................................................................. 242
Guided Lab 17: Configuring QoS (Optional) ........................................................................... 244
Overview ................................................................................................................................................ 244
Command List (Optional) ....................................................................................................................... 245
Task 2: Configuring Class Maps ............................................................................................................ 249
Task 3: Configuring Policy Maps ........................................................................................................... 251
Task 4: Configuring Service Policies ..................................................................................................... 254
Guided Lab 18: Using Cisco Nexus 7000 NXAPI ..................................................................... 256
Overview ................................................................................................................................................ 256
Activity Objective .................................................................................................................................... 256
Command List ........................................................................................................................................ 257
Task 1: Configure the Cisco Nexus 7000 Series Switch to Accept HTTP Connections ........................ 258
Answer Key ................................................................................................................................. 263
Guided Lab 1: Cisco Nexus 7000 Platform Discovery ........................................................................... 263
Guided Lab 3: Configuring System Management .................................................................................. 264
Guided Lab 4: Configuring Troubleshooting Features ........................................................................... 264
Guided Lab 5: Configuring Layer 2 Switching ....................................................................................... 265
Guided Lab 6: Configuring vPC ............................................................................................................. 266
Guided Lab 7: Configuring Cisco FabricPath ........................................................................................ 266
Guided Lab 9: Configuring Layer 3 Switching ....................................................................................... 266
Guided Lab 10: Configuring FHRP (Optional) ....................................................................................... 266
Guided Lab 16: Configuring Security Features (Optional) ..................................................................... 267
Guided Lab 17: Configuring QoS (Optional) .......................................................................................... 268
Job Aids
Use the following job aids while performing the lab tasks in this lab guide.
Laboratory Topology
This diagram illustrates the physical topology of the lab pod that is used in this course.
FastLane(7K/5K/2K(Nexus(Lab((Rev.(5.0)(
FC(JBOD(
N7K(to(N7K(40GE:(
Pod1+2:(7/7W8( Windows(with(CNA(
Pod3+4:(7/9W10( 3( 3( MDS9124(
Pod5+6:(7/11W12( MDS9124(
(
For(4(Students(
N7K(to(N5K(40GE:(
Pod1:( (7/1(on(both(N7K( 1( 2( N7KW1( N7KW2( 1( 2( (
Pod2:( (7/2(on(both(N7K( GE(
Pod3:( (7/3(on(both(N7K((
Pod4:( (7/4(on(both(N7K(
Pod5:( (7/5(on(both(N7K( FC(
(
N7K(to(N2K(FEX:(
10GE(
2/1(2/2( 2/1(2/2(
none((Port(4(on(FEX(not(used)( 47( 48(
47( 48(
2/5( 2/5( 40GE(
2/6( 2/6(
11( 11(
4(
4(
9( 10( 3( 3( 10( 9(
1(2(3(4( 4(3(2(1(
2( 1((((((((2( 2((((((1( 2( Uses(dual(fabric(for(FC(

CNA( CNA( and(vPC(for(Ethernet(
ESXi(with(student(PCs(
as(VMs(with(passthrough( (infrastructure(Eth(und(
NIC(and(dualport(CNA( mgmt(eth(port(on(servers(
Win(VM( Win(VM( not(shown)(

Lab Connections
This table lists the physical connections between the devices that are used in this course.
From To
Device Interface Device Interface
N5K-1 Ethernet 1/3 Server 1 CNA port 1
Ethernet 1/4 Server 2 CNA port 2
Ethernet 1/9 N2K-1 Uplink port 1
Ethernet 2/1 N7K-1-pod1 Ethernet 7/1
Ethernet 2/5 N5K-2 Ethernet 2/5
Fibre Channel 1/47 MDS-1 Fibre Channel 1/1
N7K-1-pod1 Ethernet 7/1 N5K-1 Ethernet 2/1
From To

From To
Lab IP Address Plan
This table lists the IP addresses that are configured on the devices in this course.
Device Interface IP Address Prefix Length Default Gateway
N5K-1 Mgmt0 192.168.0.18 /24 192.168.0.10
N5K-2 Mgmt0 192.168.0.28 /24 192.168.0.10
N5K-3 Mgmt0 192.168.0.38 /24 192.168.0.10
N5K-4 Mgmt0 192.168.0.48 /24 192.168.0.10
N5K-5 Mgmt0 192.168.0.58 /24 192.168.0.10
N5K-6 Mgmt0 192.168.0.68 /24 192.168.0.10
N7K-1 admin Mgmt0 192.168.0.210 /24 192.168.0.10
N7K-2 admin Mgmt0 192.168.0.220 /24 192.168.0.10
N7K-1-pod1 Mgmt0 192.168.0.201 /24 192.168.0.10
N7K-2-pod2 Mgmt0 192.168.0.202 /24 192.168.0.10
N7K-1-pod3 Mgmt0 192.168.0.203 /24 192.168.0.10
N7K-2-pod4 Mgmt0 192.168.0.204 /24 192.168.0.10
N7K-1-pod5 Mgmt0 192.168.0.205 /24 192.168.0.10
N7K-2-pod6 Mgmt0 192.168.0.206 /24 192.168.0.10
Pod 1 server Mgmt NIC 192.168.0.11 /24
Pod 1 DCNM Eth0 192.168.0.17 /24
Pod 2 DCNM Eth0 192.168.0.27 /24
Pod 3 DCNM Eth0 192.168.0.37 /24
Pod 4 DCNM Eth0 192.168.0.47 /24
Pod 5 DCNM Eth0 192.168.0.57 /24
Pod 6 DCNM Eth0 192.168.0.67 /24

Lab 0: Accessing the Remote Lab Environment
Complete this lab activity to access the remote lab environment in order to complete your lab
activities.
Activity Objective
After completing this activity, you will be able to meet this objective:
n Connect to the remote lab environment
Lab Topology
FastLane&ACI&Lab&
OSPF&router&
40&
Cisco&
40& 2P& L2&switch&
2P&
APIC&
1P& P& P&
1P&
BareMetal&
Host1&
Web&VM,&
App&VM&
vCenter& DB&VM&
Student&PC& Appl.& ESXi1& vASA& ESXi2&
BareMetal&
Host2&
Management&Network&
Task 1: Connect to the Remote Lab Environment
In this task, you will connect to the remote labs.
Activity Procedure
Complete these steps:
Step 1 Start the remote lab client on your local PC
Step 2 Select “Preferences” and select a sensible Resolutin (as big as possible but a
smaller than the display in front of you)
Step 3 Verify the connection tests are all “green” – If not click “recheck” – of the
problem persists notify your instructor.
Step 4 Click OK
Step 5 Click the “Select Option 1” to log into the RemoteLab1.0 based lab.

Step 6 Log into the remote lab with the credentials supplied by your instructor
Step 7 Click your Pod in the left menu
Step 8 Click on the “Win PC” in the lower left corner to start your RDP session.
Step 9 For a console connection to your Nexus 5000 click the Nexus 5000 switch
Step 10 For a console connection to your MDS click the MDS switch
Step 11 The nexus 7000 is NOT reachable via console (there is just one console and that
belongs to the admin context) – click the PC in the lower left corner and open a
putty ssh session to 192.168.0.20P (P is your Pod #) for access.
Step 12 Use the user account “Administrator” with the password “1234QWer” to log into
your student PC
Caution Whenever this lab guides talks about the Student PC the remote controlled PC is referred to,
never the local PC.

Device Credentials
This table lists the usernames and passwords that are configured on devices in this course.
Device Username Password
N5K admin 1234QWer
N7K-1 pod1 pod1
N7K-2 pod2 pod2
N7K-1 pod3 pod3
N7K-2 pod4 pod4
N7K-1 pod5 pod5
N7K-2 pod6 pod6
N7K-1-pod1, 3, 5 admin 1234QWer
N7K-2-pod2, 4, 6 admin 1234QWer
Pod Server Administrator 1234QWer
DCNM appliance admin 1234QWer
Guided Lab 1: Cisco Nexus 7000 Platform Discovery
Overview
Complete this lab activity to practice what you learned in the related module.
Upon completing this guided lab, you will be able to:
n Connect to the Cisco Nexus 7000 Switch
n Validate key Cisco Nexus 7000 hardware and software parameters
n Configure I/O module interfaces in your VDC
n Assign IP addresses to interfaces and validate Layer 3 connectivity
n Create a configuration checkpoint and perform a rollback operation
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
In this configuration, a pod consists of four students, two servers, two Cisco Nexus 7000 Series
Switches, two Cisco Nexus 5600 Series Switches, two Cisco Nexus 2000 Series Fabric Extenders,
and servers. These are the resources and equipment that are required to complete this activity:
n A PC connected to an onsite laboratory or a PC with an Internet connection, which is required
to access the remote laboratory equipment
n A lab switch that is connected to the management port of each laboratory device, if using a
remote laboratory

Command List (Optional)
The table describes the commands that are used in this activity.
Command Description
checkpoint {[cp-name] [description descr] | This command creates a checkpoint of the running
file filename } configuration to either a user checkpoint name or a file.
config This command enters global configuration mode.
dir bootflash: This command displays the bootflash contents.
This command specifies an Ethernet interface to

interface Ethernet slot/port
configure, and enters interface configuration mode.
This command configures the IP address for this

ip address ipv4 address/length
interface.
This command dedicates the full bandwidth of 10 Gb to

rate-mode dedicated
one port.
This command sets the shared rate mode for the

rate-mode shared
specified port.
rollback running-config checkpoint cp- This command creates a rollback to the specified
name checkpoint name or file.
This command displays status information about the

show cp state
supervisor module control processor.
This command displays information about the

show environment
hardware environment status.
show interface brief This command displays a table of interface states.
This command displays all hardware inventory

show inventory
information.
This command displays IP-related interface

show ip interface brief
information.
This command displays module information for all I/O

show module
modules and supervisor modules in the chassis.
This command displays detailed information about

show redundancy status
redundancy.
This command displays the interface running

show running-config interface
configuration.
This command displays information about the software

show version
version.
This command configures the interface as a Layer 2

switchport interface and deletes any configuration that is specific
to Layer 3 on this interface.
Task 1: Management Connectivity
In this task, you will use a Telnet or terminal utility to establish a connection to the default VDC.
Activity Procedure
Step 1 Using the remote access procedure and the login credentials that were provided to you
by your instructor, complete a connection to the DCNX7K lab.
Step 2 Log into the remote server.
Step 3 Start the SSH client on the remote server.
Step 4 Connect to the default Nexus 7000 VDC belonging to your pod.
N7K-1 (192.168.0.210) is the default VDC for pods 1, 3 and 5.
N7K-2 (192.168.0.220) is the default VDC for pods 2, 4 and 6.
Step 5 Use the login user name is podP and password podP, where P is your pod number.
Step 6 Connect to your Nexus 5000 switch by clicking on the icon in the remote lab GUI, log
in with user “admin” and password “1234QWer”
Note If the Nexus 5000 is initial config mode: Assign the admin password “1234QWer” and do NOT
enter setup. (crtl&c will break out of setup if you entered it by mistake – the only saved change
will be the admin password)
switch login: admin

Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2011, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Step 7 Configure the hostname N5K-P (P is your pod number) and management interface IP
address and save the configuration.
switch# conf
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# hostname N5K-P
N5K-P(config)# interface mgmt 0
N5K-P(config-if)# ip address 192.168.0.P8/24
N5K-P(config-if)# no shutdown
Activity Verification
You have completed this task when you attain these results:
n You have connected to the Nexus 7000 default VDC.

Task 2: Validation
In this task, you will validate key Cisco Nexus 7000 hardware and software parameters.
Activity Procedure
Step 1 View the bootflash directory.
N7K-1# dir bootflash:
15 Nov 19 05:33:15 2014 admin.rc.cli
4096 Jan 15 22:54:56 2015 lost+found/
477631895 Jun 22 13:39:18 2015 n7000-s2-dk9.7.2.0.D1.1.bin
67478627 Jun 22 13:41:49 2015 n7000-s2-epld.7.2.0.D1.1.img
37505536 Jun 22 13:40:36 2015 n7000-s2-kickstart.7.2.0.D1.1.bin
4096 Nov 28 21:22:18 2014 scripts/
4096 Jan 16 00:50:28 2015 vdc_2/
4096 Jan 16 01:07:50 2015 vdc_3/
4096 Jul 22 15:55:02 2013 vdc_4/
4096 Jan 19 16:20:34 2015 vdc_5/
Usage for bootflash://sup-local

650735616 bytes used
1123520512 bytes free
1774256128 bytes total
Q1) What is the file size of each kickstart and system image?
Step 2 Determine the system software version that is currently running on the Cisco Nexus
7010 Switch.
N7K-1# show version
Cisco Nexus Operating System (NX-OS) Software

TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_serie
s_home.html
Copyright (c) 2002-2015, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Software
BIOS: version 2.12.0
kickstart: version 7.2(0)D1(1)
system: version 7.2(0)D1(1)
BIOS compile time: 05/29/2013
kickstart image file is: bootflash:///n7000-s2-kickstart.7.2.0.D1.1.bin
kickstart compile time: 5/19/2015 11:00:00 [06/14/2015 21:46:33]
system image file is: bootflash:///n7000-s2-dk9.7.2.0.D1.1.bin
system compile time: 5/19/2015 11:00:00 [06/14/2015 23:40:32]
Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor Module-2")
Intel(R) Xeon(R) CPU with 12224912 kB of memory.
Processor Board ID JAF1726BCLF
Device name: N7K-1

bootflash: 1966080 kB
slot0: 0 kB (expansion flash)
Kernel uptime is 0 day(s), 0 hour(s), 5 minute(s), 9 second(s)
Last reset at 584217 usecs after Tue Jun 23 05:11:47 2015
Reason: Reset Requested by CLI command reload

System version: 7.2(0)D1(1)
Service:
plugin
Core Plugin, Ethernet Plugin
Q2) Which version of Cisco NX-OS Software is currently?
Q3) How much memory is present on the CPU motherboard?
Q4) How much bootflash memory is present?
Step 3 Determine the Cisco Nexus 7010 hardware components.

N7K-1# show inventory
NAME: "Chassis", DESCR: "Nexus7000 C7010 (10 Slot) Chassis "
PID: N7K-C7010 , VID: V02 , SN: JAF1545CJAM
NAME: "Slot 5", DESCR: "Supervisor Module-2"

PID: N7K-SUP2 , VID: V01 , SN: JAF1726BCLF
NAME: "Slot 7", DESCR: "10/40 Gbps Ethernet Module"

PID: N7K-F312FQ-25 , VID: V01 , SN: JAE183107YH
NAME: "Slot 11", DESCR: "Fabric card module"

PID: N7K-C7010-FAB-1 , VID: V04 , SN: JAF1551AMLC
NAME: "Slot 12", DESCR: "Fabric card module"

PID: N7K-C7010-FAB-1 , VID: V04 , SN: JAF1550CAKS
NAME: "Slot 33", DESCR: "Nexus7000 C7010 (10 Slot) Chassis Power Supply"
PID: N7K-AC-6.0KW , VID: V02 , SN: AZS15420093
NAME: "Slot 34", DESCR: "Nexus7000 C7010 (10 Slot) Chassis Power Supply"
PID: N7K-AC-6.0KW , VID: V02 , SN: AZS15420095
NAME: "Slot 36", DESCR: "Nexus7000 C7010 (10 Slot) Chassis Fan Module"
PID: N7K-C7010-FAN-S , VID: V01 , SN: FLN154400CV
PID: N7K-C7010-FAN-S , VID: V01 , SN: FLN154400HA
PID: N7K-C7010-FAN-F , VID: V02 , SN: FOX1543XA7B
PID: N7K-C7010-FAN-F , VID: V02 , SN: FOX1543XA3R

Q5) How many fabric modules are installed in the Cisco Nexus 7010 Switch chassis?
Q6) Does this switch offer N + 1 switching redundancy?
Q7) How many I/O modules are installed in this chassis?
Q8) How many power supplies are installed in this chassis?
Q9) How many system fans (FAN-S) are installed in this chassis?
Q10) Is there system fan redundancy in this chassis?
Q11) How many fabric fans (FAN-F) are installed in this chassis?
Q12) Is there fabric fan redundancy in this chassis?
Q13) How many empty I/O module slots are there in this chassis?
Step 4 Determine the active supervisor.

N7K-1# show system redundancy status
Redundancy mode
---------------
administrative: HA
operational: None
This supervisor (sup-5)

-----------------------
Redundancy state: Active
Supervisor state: Active
Internal state: Active with no standby
Other supervisor (sup-6)

------------------------
Redundancy state: N/A
Supervisor state: N/A

Internal state: N/A
System start time: Fri Jan 16 01:38:22 2015

System uptime: 63 days, 23 hours, 33 minutes, 37 seconds
Kernel uptime: 63 days, 23 hours, 36 minutes, 10 seconds
Active supervisor uptime: 63 days, 23 hours, 33 minutes, 37 seconds
Q14) Which supervisor slot is active?
Step 5 Display system environment information.

N7K-1# show environment
Power Supply:
Voltage: 50 Volts
Power Actual Total
Supply Model Output Capacity Status
(Watts ) (Watts )
------- ------------------- ----------- ----------- --------------
1 N7K-AC-6.0KW 635 W 6000 W Ok
2 N7K-AC-6.0KW 0 W 0 W Ok
3 ------------ 0 W 0 W Absent
Actual Power
Module Model Draw Allocated Status
(Watts ) (Watts )
------- ------------------- ----------- ----------- --------------
5 N7K-SUP2 92 W 190 W Powered-Up
6 supervisor N/A 0 W Absent
7 N7K-F312FQ-25 279 W 340 W Powered-Up
Xb1 N7K-C7010-FAB-1 N/A 80 W Powered-Up
Xb2 N7K-C7010-FAB-1 N/A 80 W Powered-Up
Xb3 xbar N/A 80 W Absent
fan1 N7K-C7010-FAN-S 198 W 720 W Powered-Up
fan2 N7K-C7010-FAN-S 198 W 720 W Powered-Up
fan3 N7K-C7010-FAN-F 11 W 120 W Powered-Up
fan4 N7K-C7010-FAN-F 11 W 120 W Powered-Up
N/A - Per module power not available
Power Usage Summary:

--------------------
Power Supply redundancy mode (configured) PS-Redundant
Power Supply redundancy mode (operational) Non-Redundant
Total Power Capacity (based on configured mode) 6000 W

Total Power of all Inputs (cumulative) 6000 W
Total Power Output (actual draw) 905 W
Total Power Allocated (budget) 2800 W
Total Power Available for additional modules 3200 W
Clock:
----------------------------------------------------------
Clock Model Hw Status
----------------------------------------------------------
A Clock Module -- NotSupported/None
B Clock Module -- NotSupported/None
Fan:
------------------------------------------------------
Fan Model Hw Status
------------------------------------------------------
Fan1(sys_fan1) N7K-C7010-FAN-S 1.1 Ok
Fan2(sys_fan2) N7K-C7010-FAN-S 1.1 Ok
Fan3(fab_fan1) N7K-C7010-FAN-F 1.1 Ok
Fan4(fab_fan2) N7K-C7010-FAN-F 1.1 Ok
Fan_in_PS1 -- -- Ok
Fan_in_PS2 -- -- Ok

Fan_in_PS3 -- -- Absent
Fan Zone Speed: Zone 1: 0x90 Zone 2: 0x50
Fan Air Filter : Present
Temperature:
--------------------------------------------------------------------
Module Sensor MajorThresh MinorThres CurTemp Status
(Celsius) (Celsius) (Celsius)
--------------------------------------------------------------------
5 Inlet (s1) 60 42 20 Ok
5 PMFPGA (s2) 80 60 26 Ok
5 Crossbar(s3) 105 95 29 Ok
5 L2L3Dev1(s4) 105 95 23 Ok
5 Arbiter (s5) 105 95 33 Ok
5 CPU1CORE1(s6) 85 70 28 Ok
5 CPU1CORE2(s7) 85 70 23 Ok
5 CPU1CORE3(s8) 85 70 29 Ok
5 CPU1CORE4(s9) 85 70 23 Ok
5 DDR3DIMM1(s14) 95 85 27 Ok
5 DDR3DIMM2(s15) 95 85 28 Ok
5 DDR3DIMM3(s16) 95 85 27 Ok
7 Crossbar(s1) 125 105 36 Ok
7 Arb-mux (s2) 125 105 32 Ok
7 L2L3Dev1(s4) 125 105 40 Ok
7 L2L3Dev2(s5) 125 105 38 Ok
7 L2L3Dev3(s6) 125 105 36 Ok
7 L2L3Dev4(s7) 125 105 32 Ok
7 L2L3Dev5(s8) 125 105 38 Ok
7 L2L3Dev6(s9) 125 105 34 Ok
xbar-1 Intake (s2) 60 42 21 Ok
xbar-1 Crossbar(s3) 105 95 36 Ok
xbar-2 Intake (s2) 60 42 20 Ok
xbar-2 Crossbar(s3) 105 95 34 Ok
Q15) Which power supply redundancy mode is currently specified?
Q16) Which module or modules draw the least amount of power?
Q17) How many sensors are distributed on a single I/O module?
Step 6 Display individual module hardware summary information.

N7K-1# show module
Mod Ports Module-Type Model Status
--- ----- ----------------------------------- ------------------ ----------
5 0 Supervisor Module-2 N7K-SUP2 active *
7 12 10/40 Gbps Ethernet Module N7K-F312FQ-25 ok
Mod Sw Hw
--- --------------- ------
5 7.2(0)D1(1) 1.1
7 7.2(0)D1(1) 1.1
Mod MAC-Address(es) Serial-Num

--- -------------------------------------- ----------
5 84-78-ac-24-80-a1 to 84-78-ac-24-80-b3 JAF1726BCLF
7 28-c7-ce-5d-fb-24 to 28-c7-ce-5d-fb-5f JAE183107YH
Mod Online Diag Status

--- ------------------
5 Pass
7 Pass
Xbar Ports Module-Type Model Status

--- ----- ----------------------------------- ------------------ ----------
1 0 Fabric Module 1 N7K-C7010-FAB-1 ok
2 0 Fabric Module 1 N7K-C7010-FAB-1 ok
Xbar Sw Hw
--- --------------- ------
1 NA 1.1
2 NA 1.1
Xbar MAC-Address(es) Serial-Num

--- -------------------------------------- ----------
1 NA JAF1551AMLC
2 NA JAF1550CAKS
• this terminal session

Step 7 Close your SSH session to the default VDC.
n You have successfully identified key software and hardware parameters.

Task 3: Interface Configuration
During this exercise, you will complete interface configuration on all I/O modules and activate the
interfaces in your pod Nexus 7000 VDC.
Activity Procedure
Caution DO NOT continue to use the SSH session from the last Task!

Step 2 Connect to your pod Nexus 7000 VDC (192.168.0.20P).
Step 3 When you receive the N7KY-podP# prompt, enter the username “admin” and password
“1234QWer”. (P is your pod number. Y is the group number: 1 for pods 1, 3 and 5 and
2 for pods 2, 4 and 6.)
Step 4 View the status of all I/O modules. The interface will be different in different lab pods.
N7K-Y-podP# show interface brief
-----------------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
-----------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 1000 1500
------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
------------------------------------------------------------------------------
Eth7/A 1 eth access down Administratively down auto(D) --
Eth7/B 1 eth access down Administratively down auto(D) --
Eth7/C 1 eth access down Administratively down auto(D) --
Eth7/D 1 eth access down Administratively down auto(D) --
Q18) Are the I/O module interfaces currently set to perform as Layer 2 or Layer 3 interfaces?
Step 5 Determine the QSFP+ transceiver type that is installed in module 7. (Replace the letter
in the first column with the exact interface number for your pod.)
Pod 1 and 2 Pod 3 and 4 Pod 5 and 6
Ethernet 7/A, Ethernet 7/1, Ethernet 7/3, Ethernet 7/5,

Ethernet 7/B, Ethernet 7/2, Ethernet 7/4, Ethernet 7/6,
Ethernet 7/C, Ethernet 7/7, Ethernet 7/9, Ethernet 7/11,
Ethernet 7/D Ethernet 7/8 Ethernet 7/10 Ethernet 7/12
N7K-Y-podP# show interface ethernet 7/A, ethernet 7/B, ethernet 7/C, ethernet
7/D transceiver
Ethernet7/A
transceiver is present
type is QSFP-40G-AOC
name is CISCO
part number is AFBR-7QER02Z-CS1
revision is 01
serial number is AVE1811B0DN-A
nominal bitrate is 10300 MBit/sec per channel
Link length supported for copper is 2 m
cisco id is --
cisco extended id number is 16
cisco part number is 10-2928-01
cisco product id is QSFP-H40G-AOC2M
cisco vendor id is V01
Ethernet7/B
name is CISCO
revision is 01
serial number is AVE1828C04S-B
cisco id is --
Ethernet7/C
name is CISCO
revision is 01
serial number is AVE1828C04D-B
cisco id is --
Ethernet7/D
name is CISCO
revision is 01
serial number is AVE1828C053-A
cisco id is --
Q19) Which type of QSFP+ transceivers are installed in module 7?
Q20) What is the maximum distance between devices that this transceiver will support?

Step 6 Enable the module 7 interfaces with installed SFP+ transceivers. (Replace the letter in
the first column with the exact interface number for your pod.)
Ethernet 7/A, Ethernet 7/1, Ethernet 7/3, Ethernet 7/5,

Ethernet 7/B, Ethernet 7/2, Ethernet 7/4, Ethernet 7/6,
Ethernet 7/C, Ethernet 7/7, Ethernet 7/9, Ethernet 7/11,
Ethernet 7/D Ethernet 7/8 Ethernet 7/10 Ethernet 7/12
N7K-Y-podP# config
N7K-Y-podP(config)# interface eth 7/A, eth 7/B, eth 7/C, eth 7/D
N7K-Y-podP (config-if-range)# no shutdown
N7K-Y-podP(config-if-range)# show interface brief | include up
mgmt0 -- up 192.168.0.20P 1000 1500

Eth7/A 1 eth access up none 40G(D) --
Eth7/B 1 eth acesss up none 40G(D) --
Eth7/C 1 eth acesss up none 40G(D) --
Eth7/D 1 eth acesss up none 40G(D) --
Note The interface will only show “up” if your partner pod has also enabled their interface.
10G (D) = 10 Gbps Dedicated, 10G(S) = 10 Gbps Shared, 40G (D) = 40 Gbps
Dedicated.
n You have used the show commands to verify the Layer 2 connectivity and confirmed that
traffic can pass between devices.
Task 4: Layer 3 Connectivity
During this exercise, you will assign IP addresses to the interfaces and verify Layer 3 connectivity
using the ping command.
Activity Procedure
Step 1 Verify Cisco Discovery Protocol neighbors.
Note Your partner pod must have completed task 3. Work together with them for this lab to succeed.
N7K-Y-podP (config-if-range)# show cdp neighbors

Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute
Device-ID Local Intrfce Hldtme Capability Platform Port ID

switch(FOC1843R54E)
Eth7/1 141 R S I s N5K-C5672UP EthX/A
switch(FOC1841R063)
Eth7/2 137 R S I s N5K-C5672UP EthX/B
N7K-2-podQ(JAF1540BLJK)
EthX/C 140 R S I s N7K-C7010 EthX/C
N7K-2-podQ(JAF1540BLJK)
EthX/D 140 R S I s N7K-C7010 EthX/D
Step 2 Using the addresses that are listed in the “Lab IP Addresses Plan” section of this Lab
Guide, assign IP address 192.168.100.7P (P is your pod number) to the interface on
module 7, connected to peer pod. Addresses can be found in the “Job Aids” section of
this Lab Guide.

Ethernet X/C Ethernet 7/7 Ethernet 7/9 Ethernet 7/11
N7K-Y-podP # config
N7K-Y-podP (config-if)# interface ethernet X/C
N7K-Y-podP (config-if)# no switchport
N7K-Y-podP (config-if)# ip address 192.168.100.7P/24
Step 3 Verify that the IP addresses have been applied.
N7K-Y-podP (config-if)# show ip interface brief
IP Interface Status for VRF "default"(1)
Interface IP Address Interface Status
EthernetX/C 192.168.100.7P protocol-up/link-up/admin-up
Step 4 Verify Layer 3 link connectivity between interfaces using the ping command.
Note Before completing Step 4, assure that the peer pod has completed Steps 1 through 3 too.
Q21) Are your ping commands successful?
n You have used the show commands to verify the Layer 3 connectivity and confirmed that
traffic can pass between devices.
Task 5: Checkpoints and Rollback
This exercise will familiarize you with creating and utilizing a configuration checkpoint and
rollback. This exercise allows you to name and retrieve the saved running configuration from a
particular point in time. Creating a checkpoint is a convenient feature that allows you to revert to
an older running configuration. An older running configuration may be required because of
configuration error or instability of the existing configuration.
Activity Procedure
Step 1 Switch to your Nexus 5000 terminal session
Step 2 View the running configuration.
Step 3 Display existing checkpoints on your Nexus 5000
N5K-P# show checkpoint summary
N5K-P#
Step 4 Check the options for the checkpoint command..
N5K-P# checkpoint ?
<CR>
WORD Checkpoint name (Max Size 80)
description Checkpoint description for the given checkpoint
file Create configuration rollback checkpoint to file
Step 5 Create a NVRAM based checkpoint on your Nexus 5000

N5K-P# checkpoint base
....Done
Step 6 Create a file based checkpoint on your Nexus 5000
N5K-P# checkpoint file base
Checkpoint file already exists, this will overwrite the
checkpoint file,
Continue? (y/n) [n] y
Done
Note Your Nexus 5000 may not display the “continue” warning depending on existence of that file.
Step 7 Display checkpoints on your Nexus 5000

User Checkpoint Summary
----------------------------------------------------------------
1) base:
Created by admin
Created at Sun, 11:55:56 04 Sep 2016
Size is 7,343 bytes
Description: None
N5K-P#

Note “show checkpoint” only displays NVRAM-based checkpoints
Step 8 Display the checkpoint file on your Nexus 5000

N5K-P# dir base
7343 Sep 04 11:56:38 2016 base
Usage for bootflash://sup-local

954195968 bytes used
595841024 bytes free
1550036992 bytes total
N5K-P#
Step 9 Check the content of the checkpoint file on your Nexus 5000
N5K-P# sho file base
!Command: Checkpoint cmd vdc 1

!Time: Sun Sep 4 11:56:38 2016
version 6.0(2)N2(1)
switchname N5K-P
feature telnet
!#feature ssh
feature lldp
<…snip…>
Note Checkpoint files are just text files on the file system.
Step 10 Change the hostname of the switch

N5K-P# conf
N5K-P(config)# hostname ?
WORD Enter switchname (Max Size 32)
N5K-P(config)# hostname blablubb

blablubb(config)# end
blablubb#
Step 11 Check the difference between the “base” checkpoint (it does not matter if you use the
file-based or NVRAM-based checkpoint) and the running config – this is basically what
we did - changes since the snapshot
blablubb# sho diff rollback-patch checkpoint base running-config
Collecting Running-Config
#Generating Rollback Patch
!!
!
hostname blablubb
blablubb#
Step 12 Check the differences between the running-config and the base checkpoint (this is what
we need to do to get the old config back.
blablubb# sho diff rollback-patch running-config checkpoint base
!!
!
switchname N5K-P
blablubb#
Step 13 Create a new NVRAM based checkpoint named “newname”
blablubb(config)# checkpoint newname
....Done
blablubb(config)#
Step 14 Check the differences between the running-config and the newname checkpoint (should
be empty)
blablubb(config)# sho diff rollback-patch running-config
checkpoint newname
Rollback Patch is Empty
blablubb(config)#
Step 15 Enable the HTTP server on the Nexus 5000 switch
blablubb# conf
blablubb(config)# feature http-server
blablubb(config)# exit
Step 16 Check the changes since we created “base” (how to get from “base” to “running-
config”)
blablubb# sho diff rollback-patch checkpoint base running-config
!!
!
switchname blablubb
no feature http-server
blablubb#
Step 17 Check how to “undo” the changes since we created base (how to get from “running-
config” to “base”

!!
!
switchname N5K-P
no feature http-server
blablubb#
Step 18 Check the changes since we created “newname”
blablubb# sho diff rollback-patch checkpoint newname running-config
!!
!
feature http-server
blablubb#
Step 19 Check what changes where done between “base” and “newname”
blablubb# sho diff rollback-patch checkpoint base checkpoint newname
!!
!
hostname blablubb
blablubb#
Step 20 Check how to get back from current running config to “newname”
blablubb# sho diff rollback-patch running-config checkpoint newname
!!
no feature http-server <- Note the NO command here!!!
blablubb#
Step 21 Check how to get back from current running config to “base”
!!
!
switchname N5K-P
no feature http-server <- Note the NO command here!!!
blablubb#
Step 22 Rollback the configuration to “base”
blablubb# rollback running-config checkpoint base
Generating Rollback patch for switch profile
Note: Applying config parallelly may fail Rollback verification
Executing Rollback Patch
Generating Running-config for verification
Generating Patch for verification
Rollback completed successfully.
N5K-P#
Note Note the switch has the original name
Step 23 Rollback (or forward) to “newname” using the “verbose” option

N5K-P# rollback running-config checkpoint newname verbose
========================================================
`config t `
`hostname blablubb`
========================================================
blablubb#
Step 24 Reconfigure the http server
blablubb# conf
blablubb(config)# feature http-server
blablubb(config)# exit
Step 25 Rollback to the file-based checkpoint “base” using the verbose option
blablubb# rollback running-config file base verbose
========================================================

`config t `
`switchname N5K-P`
`no feature http-server ` <- Note the NO command here!!!
========================================================
N5K-P#
Step 26 Remove checkpoint newname using the no form of the command.
N5K-P# no checkpoint newname
....Done
N5K-P#
Note A file-based checkpoint is deleted by just deleting the file from flash
Step 27 Check “base” is the only existing checkpoint.

User Checkpoint Summary
----------------------------------------------------------------
1) base:
Created by admin
Created at Sun, 11:55:56 04 Sep 2016
Size is 7,343 bytes
Description: None
N5K-P#
n You have created configuration checkpoints. You have made some changes to the
configuration, compared configurations and you have successfully rolled back to the previous
checkpoint.
Guided Lab 2: Configuring User Management
Overview
n Verify that the AAA server is configured correctly
n Configure the Cisco Nexus 7000 Switch to support central authentication through the AAA
server
n Verify the AAA configuration
n Configure the Cisco Nexus 7000 Switch to support local authentication by configuring local
users and roles
n Verify local authentication, local users, and roles configuration
Visual Objective
Required Resources
Switches, two Cisco Nexus 5000 Series Switches and two Cisco Nexus 2000 Series Fabric
Extenders.

Command Description
aaa authentication login default group This command configures the default authentication
radius methods.
interface policy deny This command enters role interface policy

configuration mode.
permit interface This command specifies a list of interfaces that the

role can access.
permit vlan This command specifies a range of VLANs that the

role can access.
permit vrf This command specifies the VRF that the role can
access.
radius-server host X.X.X.X key key This command specifies the IPv4 and key for a
RADIUS server to use for authentication.
role name name This command specifies a user role and enters role
configuration mode.
rule 1 permit read-write This command configures a read-and-write rule for

all operations.
show aaa authentication This command displays AAA authentication login

configuration information.
show radius-server This command displays all configured RADIUS

server parameters.
show role This command displays the user role configuration.
show running-config aaa This command displays the AAA configuration in the
running configuration.
username username password password This command configures a user account.

role role
vlan policy deny This command enters role VLAN policy configuration
mode.
vrf policy deny This command enters role VRF policy configuration
mode.
In this task, you will use a Telnet or terminal utility to establish management connectivity on your
pod.
Activity Procedure
Step 2 Connect to your pod Nexus 7000 VDC at 192.168.0.20P with username “admin” and
password “1234QWer”.
n You have connected to your pod VDC.
Task 2: AAA Server

In this task, you will verify that the AAA server is configured correctly for the lab.
Activity Procedure
Step 1 Open a session to your Windows server. Login using the username Administrator and
password 1234QWer.
Step 2 Launch the Network Policy Server from the taskbar icon.
Step 3 The overview screen will appear.

Step 4 Select RADIUS Clients and Servers > RADIUS Clients from the management pane.
Verify that your switch is listed with the correct IP address. The address that should
appear is the management IP address of your switch.
Step 5 Connect to your Nexus 7000 VDC.

Step 6 Configure the RADIUS server with the IP address 192.168.0.P1 (P is your pod number)
and the shared key 1234QWer.
N7K-Y-podP(config)# radius-server host 192.168.0.P1 key 0 1234QWer
Step 7 Verify the RADIUS server configuration.
N7K-Y-podP(config)# show radius-server
retransmission count:1
timeout value:5
deadtime value:0
source interface:any available
total number of servers:1
following RADIUS servers are configured:

192.168.0.P1:
available for authentication on port:1812
available for accounting on port:1813
RADIUS shared secret:********
Step 8 Verify that the student account credentials are valid on the authentication server.
N7K-Y-podP(config)# test aaa server radius 192.168.0.P1 vrf management student
student
user has been authenticated
Note The user “student” with the password “student” is setup in Windows.
n You have verified that the AAA server is correctly configured with show and test commands.
Task 3: AAA
In this task, you will configure the Cisco Nexus 7000 Switch to support central authentication
through the AAA server, and verify that the configuration has been correctly applied.
Activity Procedure
Step 1 Configure the VDC AAA login authentication in your pod.
N7K-Y-podP(config)# aaa authentication login default group radius
Step 2 Verify the AAA configuration.

N7K-Y-podP(config)# show running-config aaa
!Command: show running-config aaa

!Time: Tue Jan 20 10:27:05 2015
version 7.2(0)D1(1)
aaa authentication login default group radius
N7K-Y-podP(config)# show aaa authentication

default: group radius
Caution Do not close your ssh session during the completion of the task.
Step 3 Reconfigure the AAA login authentication back to local.

N7K-Y-podP(config)# no aaa authentication login default group radius
N7K-Y-podP(config)# show aaa authentication

default: local
n You have used show commands to verify the AAA configuration on the switch.

Task 4: Users and Roles
During this exercise, you will configure the Cisco Nexus 7000 Switch to support local
authentication by configuring local users and roles, and verify that the configuration has been
correctly applied.
Activity Procedure
Step 1 Verify the AAA login authentication configuration and insure that local method is
configured.
N7K-Y-podP(config)# show running-config aaa all
!Command: show running-config aaa all

!Time: Tue Jan 20 10:28:32 2015
version 7.2(0)D1(1)
aaa authentication login default local
aaa authorization ssh-publickey default local
aaa authorization ssh-certificate default local
aaa accounting default local
aaa user default-role
aaa authentication login default fallback error local
aaa authentication login console fallback error local
no aaa authentication login invalid-username-log
no aaa authentication login error-enable
no aaa authentication login mschap enable
no aaa authentication login mschapv2 enable
no aaa authentication login chap enable
no aaa authentication login ascii-authentication
no radius-server directed-request
Step 2 Issue the show role command.
N7K-Y-podP(config)# show role
Role: vdc-admin
Description: Predefined vdc admin role has access to all commands within a VDC
instance
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit read-write
Role: vdc-operator
Description: Predefined vdc operator role has access to all read commands
within a VDC instance
-------------------------------------------------------------------
-------------------------------------------------------------------
1 permit read
---output ommited---
Step 3 Create a new role named Netadmin.

N7K-Y-podP(config)# role name Netadmin
N7K-Y-podP(config-role)# show role
Role: vdc-admin
Description: Predefined vdc admin role has access to all commands within a VDC
instance
-------------------------------------------------------------------
-------------------------------------------------------------------
1 permit read-write
Role: vdc-operator
Description: Predefined vdc operator role has access to all read commands
within a VDC instance
-------------------------------------------------------------------
-------------------------------------------------------------------
1 permit read
---output ommited---
Role: Netadmin
Description: new role
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
Step 4 Assign read and write privileges to the newly created role Netadmin.
N7K-Y-podP(config-role)# rule 1 permit read-write
Step 5 Modify VLAN and VRF polices for the newly created role. Deny all VLANs except for
the range 1–100 and deny all VRF instances except VRF Webservers and VRF
Appservers.
N7K-Y-podP(config-role)# vlan policy deny
N7K-Y-podP(config-role-vlan)# permit vlan 1-100
N7K-Y-podP(config-role-vlan)# vrf policy deny
N7K-Y-podP(config-role-vrf)# permit vrf Webservers
N7K-Y-podP(config-role-vrf)# permit vrf Appservers
N7K-Y-podP(config-role-vrf)# show role name Netadmin
Role: Netadmin
Vlan policy: deny
Permitted vlans: 1-100
Vrf policy: deny. Permitted vrfs Webservers,Appservers
-------------------------------------------------------------------
-------------------------------------------------------------------
1 permit read-write
Step 6 Verify your location in the command hierarchy:

N7K-Y-podP(config-role-vrf)# where
conf; role name Netadmin; vrf policy deny admin@N7K-Y-podP%default
Step 7 Limit access to only the first two physical interfaces in your pod.
Ethernet X/A, Ethernet 7/1, Ethernet 7/3, Ethernet 7/5,

Ethernet X/B Ethernet 7/2 Ethernet 7/4 Ethernet 7/6
N7K-Y-podP(config-role-vrf)# interface policy deny

N7K-Y-podP(config-role-interface)# permit interface ethernet X/A,ethernet X/B
N7K-Y-podP(config-role-interface)# show role name Netadmin
Role: Netadmin
Vlan policy: deny
Permitted vlans: 1-100
Interface policy: deny
Permitted interfaces:

EthernetX/A-B
Vrf policy: deny. Permitted vrfs Webservers,Appservers
-------------------------------------------------------------------
-------------------------------------------------------------------
1 permit read-write
Step 8 Attach the role Netadmin to the new user RBACNetadmin with the password “test123.”
N7K-Y-podP(config-role-interface)# username RBACNetadmin password test123 role
Netadmin
Step 9 Assign the new password.
N7K-pod1(config)# username RBACNetadmin password 1234QWer role Netadmin
Step 10 Log into your VDC using the new user account and test RBAC.
n You have used the show commands to verify the local user and roles configuration. You have
successfully logged on as that user and verified the restriction in commands available for that
role.
Guided Lab 3: Configuring System Management
Overview
n Configure Cisco Fabric Services on the Cisco Nexus 7000 Switch and verify the configuration
n Configure the scheduler to run a job periodically and on demand, and verify that the job runs
automatically when required
n Configure Cisco Smart Call Home to send an email message when an event occurs, and verify
that the email is received by the intended recipient
n Use Cisco Prime DCNM and monitor and manage the Cisco Nexus 7000 Switch
Visual Objective
Required Resources
Extenders.

Command Description
application commit This command commits the pending changes for an

application to the fabric.
application distribute This command enables Cisco Fabric Services distribution

for an application.
callhome This command enters Smart Call Home configuration mode.
callhome test This command generates a Smart Call Home message for
testing purposes.
cfs ipv4 distribute This command enables Cisco Fabric Services distribution
over IPv4.
cfs ipv4 mcast-address group-address This command changes the IPv4 multicast address that is
used for Cisco Fabric Services over IPv4.
cfs region nr This command creates a Cisco Fabric Services region.
copy bootflash:filename tftp://ip-address vrf vrf This command copies a file in bootflash to a TFTP server.
copy running-config bootflash:/ filename This command copies the current running configuration to a
file in bootflash.
destination-profile name alert-group groups This command sets the Smart Call Home alert groups for a
destination profile.
destination-profile name email-addr email- This command sets the email address to which Smart Call
address Home messages for a destination profile are sent.
destination-profile name format format This command creates a Smart Call Home destination
profile using XML, short text, or full text format.
destination-profile name message-level level This command sets the Smart Call Home message level for
a destination profile.
destination-profile name message-size size This command sets the maximum message size for a Smart
Call Home destination profile.
dir bootflash: This command lists the files in bootflash.
email-contact email-address This command sets the email contact for Smart Call Home.
enable This command enables Smart Call Home.
feature scheduler This command enables the scheduler feature.
job name name This command assigns a job to a schedule.
phone-contact phone-number This command sets the contact phone number for Smart
Call Home.
radius This command assigns the radius application to the Cisco

Fabric Services region.
radius-server host ip-address key key This command configures a RADIUS server and key.
role This command assigns the role application to the Cisco

Fabric Services region.
role name name This command creates a user role.
rule nr permit read feature feature This command creates a rule that grants read access for a
specific feature.
Command Description
rule nr permit read-write feature feature This command creates a rule that grants read-write access
for a specific feature.
scheduler job name name This command creates a scheduler job.
scheduler schedule name name This command creates a schedule.
show application pending-diff This command displays the pending Cisco Fabric Services
changes for an application.
show callhome destination-profile profile This command displays the operational parameters for a
name Smart Call Home destination profile.
show callhome transport This command displays the transport settings for Smart Call
Home messages.
show cfs lock This command displays the Cisco Fabric Services locks in
the fabric.
show cfs peers This command displays the active Cisco Fabric Services
peers.
show cfs regions This command displays the active Cisco Fabric Services
regions.
show cli variables This command displays the Cisco NX-OS system and user-
defined CLI variables.
show radius-server ip-address This command displays the RADIUS servers on the switch.
show role name name This command displays a specific user role on the switch.
show scheduler logfile This command displays the scheduler log.
show scheduler schedule This command displays the configured schedules on the
switch.
snmp-server contact contact-name This command sets the SNMP contact name.
streetaddress address This command sets the contact address for Smart Call
Home.
time start +time This command sets the start time for a schedule as an offset
to the current time.
time weekly day-and-time This command sets a weekly recurring time for a schedule.
transport email from email-address This command sets the “from” email address that is used in
Smart Call Home messages.
transport email reply-to email-address This command sets the “reply-to” email address that is used
in Smart Call Home messages.
transport email smtp-server ip-address use-vrf This command sets the IP address for the SMTP server that
vrf is used to send Smart Call Home messages.

Task 1: Management Connectivity and Preparation
In this task, you will use a Telnet or terminal utility to establish management connection on your
pod.
Activity Procedure
Task 2: Scheduler
In this task you will configure the scheduler to run a job periodically and on demand, and verify
that the job runs automatically when required.
Activity Procedure
Step 1 Start the 3CDeamon TFTP server on the REMOTE Windows server using the taskbar
shortcut.
Caution DO NOT start the TFTP server on your local classroom PC.
Step 2 Examine the default CLI variables that are available on your VDC.
N7K-Y-podP(config)# show cli variables

VSH Variable List (* = session vars)
-----------------
SWITCHNAME="N7K-Y-podP"
TIMESTAMP="2015-01-20-11.37.19"
Step 3 Copy the running configuration to the TFTP server that is running on your Windows
server. Use the IP address on the management network for the server, which is
192.168.0.P1 (P is your pod Number).
Note If this address is not reported by the TFTP Server you probably started the TFTP server on the
local PC, not on the remote server.
N7K-Y-podP(config)# copy running-config tftp://192.168.0.P1/$(SWITCHNAME)-

$(TIMESTAMP).cfg vrf management
Trying to connect to tftp server......
Connection to Server Established.
TFTP put operation was successful

Copy complete.
Step 4 Enable the scheduler feature.
N7K-Y-podP(config)# feature scheduler
Step 5 Create a scheduler job named BACKUP-CFG. Copy the running configuration to the
TFTP server in your pod using the management IP address (192.168.0.P1) where P is
your pod number.
N7K-Y-podP(config)# scheduler job name BACKUP-CFG

N7K-Y-podP(config-job)# copy running-config tftp://192.168.0.P1/$(SWITCHNAME)-
$(TIMESTAMP).cfg vrf management
N7K-Y-podP(config-job)# exit
Step 6 Create a schedule named DAILY where the job starts immediately and will repeat once
every 24 hours.
N7K-Y-podP(config)# scheduler schedule name DAILY
N7K-Y-podP(config-schedule)# job name BACKUP-CFG
N7K-Y-podP(config-schedule)# time start now repeat 24:00
Schedule starts from Tue Jan 20 11:41:26 2015
Step 7 Verify your configuration.
N7K-Y-podP(config-schedule)# show scheduler conf

config terminal
feature scheduler
scheduler logfile size 16
end
config terminal
scheduler job name BACKUP-CFG
copy running-config tftp://192.168.0.P1/$(SWITCHNAME)-$(TIMESTAMP).cfg vrf
management
end
config terminal
scheduler schedule name DAILY
time start 2015:01:20:11:41 repeat 24:0
job name BACKUP-CFG
end
Step 8 Verify the scheduler job.
N7K-Y-podP(config-schedule)# show scheduler job

Job Name: BACKUP-CFG
--------------------
copy running-config tftp://192.168.0.P1/$(SWITCHNAME)-$(TIMESTAMP).cfg vrf
management
==============================================================================
Step 9 Verify the scheduler schedule.
N7K-Y-podP (config-schedule)# show scheduler schedule

Schedule Name : DAILY
---------------------------
User Name : admin
Schedule Type : Run every 0 Days 24 Hrs 0 Mins
Start Time : Tue Jan 20 11:41:26 2015

Last Execution Time : Yet to be executed
-----------------------------------------------
Job Name Last Execution Status
-----------------------------------------------
BACKUP-CFG -NA-
==============================================================================
Step 10 Wait for a few minutes, then verify that the job has been completed using the scheduler
log file.
N7K-Y-podP(config-schedule)# show scheduler logfile

Job Name : BACKUP-CFG Job Status: Success (0)
Schedule Name : DAILY User Name : admin
Completion time: Thu Feb 9 17:06:13 2012
--------------------------------- Job Output ---------------------------------
`copy running-config tftp://192.168.0.P1/N7K-1-podP-2012-02-09-17.20.31.cfg vrf
management`
Connection to Server Established.
[ ] 0.50KBTrying to connect to tftp server......
TFTP put operation was successful
Copy complete, now saving to disk (please wait)...
==============================================================================
Step 11 Verify the log on the TFTP server to ensure that the configuration file has been
received.
n You have used the show commands to verify the scheduler configuration, and then run the
scheduler job and confirmed that it runs as required.
Task 3: Cisco (Smart) Call Home
During this exercise, you will configure Cisco Smart Call Home to send an email message when an
event occurs, and verify that the intended recipient receives the email.
Activity Procedure
Step 1 Configure the SNMP system contact on your pod Cisco Nexus 7000 (podP@cisco.com,
where P is your pod number).
Note This step is required by callhome.
N7K-Y-podP(config)# snmp-server contact podP@cisco.com
Step 2 Enter the Call Home configuration context and specify customer and contact
information.
N7K-Y-podP(config)# callhome
N7K-Y-podP(config-callhome)# email-contact podP@cisco.com
N7K-Y-podP(config-callhome)# phone-contact +49-40-25334610
N7K-Y-podP(config-callhome)# streetaddress Gasstrasse 4 D-22761 Hamburg
Step 3 Verify the Call Home parameters.
N7K-Y-podP(config-callhome)# show callhome

callhome disabled
Callhome Information:
contact person name(sysContact):podP@cisco.com
contact person's email:podP@cisco.com
contact person's phone number:+49-40-25334610
street addr:Gasstrasse 4 D-22761 Hamburg
site id:
customer id:
contract id:
switch priority:7
duplicate message throttling : enabled
periodic inventory : enabled
periodic inventory time-period : 7 days
periodic inventory timeofday : 08:00 (HH:MM)
Distribution : Disabled
Step 4 Create a Call Home destination profile named nexus7klab.
N7K-Y-podP(config-callhome)# destination-profile nexus7klab

N7K-Y-podP(config-callhome)# destination-profile nexus7klab format ?
XML XML message format
full-txt Plain text message format
short-txt Short text message format
N7K-Y-podP(config-callhome)# destination-profile nexus7klab format full-txt
Step 5 Configure two more profiles for short messages and the NOC.
N7K-Y-podP(config-callhome)# destination-profile SMS
N7K-Y-podP(config-callhome)# destination-profile SMS format short-txt
N7K-Y-podP(config-callhome)# destination-profile NOC
N7K-Y-podP(config-callhome)# destination-profile NOC format XML

Step 6 Enable those profiles for all messages.
N7K-Y-podP(config-callhome)# destination-profile nexus7klab alert-group ?

All This alert group consists of all of the callhome
messages
Cisco-TAC Events which are meant for Cisco TAC only
Configuration Events related to Configuration
Diagnostic Events related to Diagnostic
EEM EEM events
Environmental Power,fan,temperature related events
Inventory Inventory status events
License Events related to licensing
Linecard-Hardware Linecard related events
Supervisor-Hardware Supervisor related events
Syslog-group-port Events related to syslog messages filed by port manager
System Software related events
Test User generated test events
N7K-Y-podP(config-callhome)# destination-profile nexus7klab alert-group all

N7K-Y-podP(config-callhome)# destination-profile SMS alert-group all
N7K-Y-podP(config-callhome)# destination-profile NOC alert-group all
Step 7 Configure the following:

— NOC to receive all messages but debug messages
— nexus7klab to receive all notifications
— SMS profile (which would be routed through an email2SMS gateway) to receive critical
messages
— SMS messages will be 160 characters maximum
N7K-Y-podP(config-callhome)# destination-profile nexus7klab message-level 2

N7K-Y-podP(config-callhome)# destination-profile SMS message-level 6
N7K-Y-podP(config-callhome)# destination-profile NOC message-level 1
N7K-Y-podP(config-callhome)# destination-profile SMS message-size 160
Step 8 Configure all profiles to use email address podP@cisco.com (where P is your pod
number) as the receiver.
N7K-Y-podP(config-callhome)# destination-profile NOC email-addr podP@cisco.com

N7K-Y-podP(config-callhome)# destination-profile SMS email-addr podP@cisco.com
N7K-Y-podP(config-callhome)# destination-profile nexus7klab email-addr
podP@cisco.com
Step 9 Configure global Cisco Call Home email parameters.
N7K-Y-podP(config-callhome)# transport email smtp-server 192.168.0.10 use-vrf

management
N7K-Y-podP(config-callhome)# transport email from nexus@example.net
N7K-Y-podP(config-callhome)# transport email reply-to noc@yourcompany.local
Step 10 Verify global Cisco Call Home email parameters.
N7K-Y-podP(config-callhome)# show callhome transport
from email addr:nexus@example.net

reply to email addr:noc@yourcompany.local
smtp server:192.168.0.10
smtp server port:25
smtp server vrf:management
smtp server priority:0
http proxy server:

http proxy server port:
http proxy status:Disabled
Step 11 Configure the Cisco Call Home periodic inventory notification to send one inventory
message every day.
N7K-Y-podP(config-callhome)# periodic-inventory notification interval 1
Step 12 Enable Cisco Call Home.
N7K-Y-podP(config-callhome)# enable
Step 13 Test your configuration.
N7K-Y-podP(config-callhome)# callhome test

trying to send test callhome message
successfully sent test callhome message
warning:
The specified message level for destination profile: SMS is higher than the
level for alert Test(2)
no email address configured for destination profile:full_txt
no email address configured for destination profile:short_txt
no email address configured for destination profile:CiscoTAC-1
Note The warnings are for the partially configured but unused destination profiles.
Step 14 Start the IE browser on your Windows server desktop and open address
http://192.168.0.10/mail. Log in with the username “podP” and password “podP”
where P is your pod number.

Step 15 Open the INBOX to check your mail.
Step 16 Check for new emails.
Step 17 Open the first email.

Step 18 Open the second email.
n You have used the show commands to verify the Smart Call Home configuration, logged into
the Mercury email server, and verified receipt of an email when the event occurred.
Task 4: Cisco Fabric Services (Optional)
In this task, you will Configure Cisco Fabric Services on the Cisco Nexus 7000 Switch and verify
the configuration.
Activity Procedure
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Change the multicast address that is used for Cisco Fabric Services over IPv4 according
to the following table.
Device Cisco Fabric Services

Multicast Address
N7K-1-pod1 239.255.12.12
N7K-2-pod2 239.255.12.12
N7K-1-pod3 239.255.34.34
N7K-2-pod4 239.255.34.34
N7K-1-pod5 239.255.56.56
N7K-2-pod6 239.255.56.56
N7K-Y-podP(config)# cfs ipv4 mcast-address 239.255.x.x (see table above for X)

Distribution over this IP type will be affected
Change multicast address for CFS-IP ?
Are you sure? (y/n) [n] y
N7K-Y-podP(config)#
Step 3 Enable Cisco Fabric Services distribution over IPv4 on your Cisco Nexus 7000 VDC.
N7K-Y-podP(config)# cfs ipv4 distribute
Step 4 Examine the Cisco Fabric Services peers that were discovered.
N7K-Y-podP# show cfs peers
Physical Fabric
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:f0:25:72:a9:e3:42 192.168.0.20P [Local]
20:00:10:8c:cf:14:62:c2 192.168.0.20Q
Total number of entries = 2
Note Do not continue to the next step until this command lists exactly two entries, your own Cisco
Nexus 7000 VDC and your peer pod Cisco Nexus 7000 VDC. Each pair of peer pods uses a
unique multicast address to separate them from other pairs of peer pods in the same lab. In this
lab task, you will be working very closely with your peer pod and it is important that you progress
through the lab at the same pace.
Step 5 Define a Cisco Fabric Services region on your Cisco Nexus 7000 VDC according to the
following table.

Device Cisco Fabric Services Region
N7K-1-pod1 12
N7K-2-pod2
N7K-1-pod3 34
N7K-2-pod4
N7K-1-pod5 56
N7K-2-pod6
N7K-Y-podP(config)# cfs region ST

N7K-Y-podP(config-cfs-region)#
Step 6 Add the applications named “role” and “radius” to the Cisco Fabric Services region.
N7K-Y-podP(config-cfs-region)# role
WARNING: If an Application is moved/assigned to a new region,
its scope is restricted to that region and it ignores all other regions
for distribution or merge.
N7K-Y-podP(config-cfs-region)# radius
WARNING: If an Application is moved/assigned to a new region,
its scope is restricted to that region and it ignores all other regions
for distribution or merge.
N7K-Y-podP(config-cfs-region)#
Step 7 Examine the Cisco Fabric Services region that you created.
N7K-Y-podP# show cfs regions
N7K-Y-podP#
Note Even though the applications have been assigned to the region, they have not been activated
for Cisco Fabric Services distribution yet. Therefore, they do not show in the output of the show
cfs regions command.
Step 8 Enable Cisco Fabric Services distribution for the applications “role” and “radius.”
N7K-Y-podP(config-cfs-region)# role distribute
N7K-Y-podP(config-cfs-region)# radius distribute
Step 9 Re-examine the Cisco Fabric Services region.

N7K-Y-podP# show cfs regions
Region-ID : ST
Application: role
Scope : Physical-fc-ip
-------------------------------------------------------------------------
-------------------------------------------------------------------------
20:00:f0:25:72:a9:e3:42 192.168.0.20P [Local]
20:00:10:8c:cf:14:62:c2 192.168.0.20Q
Region-ID : ST
Application: radius
-------------------------------------------------------------------------
-------------------------------------------------------------------------
20:00:f0:25:72:a9:e3:42 192.168.0.20P [Local]
20:00:10:8c:cf:14:62:c2 192.168.0.20Q
Step 10 Define a user role named TIER-2-OPS. This command can result in two possible
outcomes.
First possible result:
N7K-Y-podP(config)# role name TIER-2-OPS
N7K-Y-podP(config-role)#
Second possible result:

N7K-Y-podP(config)# role name TIER-2-OPS
ERROR: Operation failed. Fabric is already locked. Check cfs event-history
errors for details
N7K-Y-podP(config)#
Note The outcome of this command depends on who enters the role command first. Cisco Fabric
Services locks the fabric for the application as soon as you start configuring it. Other switches
cannot make changes as long as the lock remains.
Step 11 Examine the Cisco Fabric Services locks for the fabric.
N7K-Y-podP(config)# show cfs lock
Application: role
------------------------------------------------------------------------------
Switch WWN IP Address User Name User Type
------------------------------------------------------------------------------
20:00:b4:14:89:e3:9d:c4 192.168.0.20P admin CLI/SNMP v3
Note Switch WWN and the IP address point to a Cisco Nexus 7000 VDC that has locked Cisco Fabric
Services.
Step 12 If you got the first result on Step 10, continue here. If you got the second result on the
previous step, skip the next series of steps and continue at Step 21.
Step 13 Add a rule to the role TIER-2-OPS that adds read access to the role for all features.
N7K-Y-podP(config-role)# rule 1 permit read
Step 14 Add three more rules to add read-write rights for the “diagnostics,” “ping,” and “vlan”
features.
N7K-Y-podP(config-role)# rule 2 permit read-write feature diagnostics
N7K-Y-podP(config-role)# rule 3 permit read-write feature ping
N7K-Y-podP(config-role)# rule 4 permit read-write feature vlan
Step 15 Examine the role TIER-2-OPS.
N7K-Y-podP# show role name TIER-2-OPS
^
% Invalid command at '^' marker.
Q1) Why do you get an error message?

Step 16 Examine the pending Cisco Fabric Services changes for the “role” application.
N7K-Y-podP# show role pending-diff
+Role: TIER-2-OPS
+ Description: new role
+ Vlan policy: permit (default)
+ Interface policy: permit (default)
+ Vrf policy: permit (default)
+ -------------------------------------------------------------------
+ Rule Perm Type Scope Entity
+ -------------------------------------------------------------------
+ 4 permit read-write feature vlan
+ 3 permit read-write feature ping
+ 2 permit read-write feature diagnostics
+ 1 permit read
Step 17 Commit the pending Cisco Fabric Services changes for the “role” application to the
fabric.
N7K-Y-podP(config)# role commit
You have interface configuration. Do you want to proceed? [no] yes
Step 18 Examine the role TIER-2-OPS again.
N7K-Y-podP# show role name TIER-2-OPS
Role: TIER-2-OPS
Vlan policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
-------------------------------------------------------------------
4 permit read-write feature vlan
3 permit read-write feature ping
2 permit read-write feature diagnostics
1 permit read
Step 19 Ask your lab partners in the peer pod to execute the show role name TIER-2-OPS
command on their Cisco Nexus 7000 VDC.
Q2) Do they see the newly created role in their VDC?
Step 20 Skip the next series of steps and continue at Step 28.
Step 21 Configure a RADIUS server with IP address 192.168.0.P1, where P is your pod
number. Configure S3cr3t-K3y as the RADIUS server key.
N7K-Y-podP(config)# radius-server host 172.16.0.P1 key S3cr3t-K3y
Step 22 Add a second RADIUS server with IP address 192.168.0.Q1, where Q is your peer pod
number. Again, configure S3cr3t-K3y as the RADIUS server key.
N7K-Y-podP(config)# radius-server host 172.16.0.Q1 key S3cr3t-K3y
Step 23 Examine the RADIUS servers that you configured.
N7K-Y-podP# show radius-server 172.16.0.Q1
RADIUS server not found
N7K-Y-podP# show radius-server 172.16.0.P1
RADIUS server not found
Q3) Why do you not see the configured RADIUS servers?
Step 24 Examine the pending Cisco Fabric Services changes for the “radius” application.
N7K-Y-podP# show radius pending-diff
+radius-server host 172.16.0.P1 authentication accounting
+radius-server host 172.16.0.Q1 authentication accounting
Step 25 Commit the pending Cisco Fabric Services changes for the “radius” application to the
fabric.
N7K-Y-podP(config)# radius commit
Step 26 Examine the RADIUS servers again.
N7K-Y-podP# show radius-server
retransmission count:1
timeout value:5
deadtime value:0
source interface:any available
total number of servers:4
following RADIUS servers are configured:

192.168.0.P1:
192.168.0.Q1:
172.16.0.P1:
172.16.0.P1:
Step 27 Ask your lab partners in the peer pod to execute the show radius-server command on
their Cisco Nexus 7000 VDC. Do they see the newly created RADIUS servers in their
VDC? Were the RADIUS secret keys also exchanged through Cisco Fabric Services?
Caution The RADIUS server information is exchanged through Cisco Fabric Services, but the RADIUS
server keys are not included. The global radius-server key command can be used to set a
default key for all RADIUS servers.
Step 28 Verify with your peer pod that you see the role and RADIUS servers that were
distributed through Cisco Fabric Services in this exercise in both Cisco Nexus 7000
VDCs before moving on to the next task.
Step 29 Remove Cisco Fabric Services configuration.
N7K-Y-podP(config)# no cfs ipv4 distribute
This will prevent CFS from distributing over IPv4 network.
N7K-Y-podP(config)# no cfs ipv4 mcast-address 239.255.ST.ST
Distribution over this IP type will be affected
Change multicast address for CFS-IP ?
N7K-Y-podP(config)# no cfs region ST
WARNING: All applications in the region will be moved to default region.
N7K-Y-podP(config)# no role distribute
N7K-Y-podP(config)# no radius distribute
N7K-Y-podP(config)# show running-config cfs
!Command: show running-config cfs

!Time: Mon Jun 29 22:34:46 2015

version 7.2(0)D1(1))
n You have enabled Cisco Fabric Services distribution using IPv4 and configured a Cisco Fabric
Services region and IPv4 multicast group.
n You have created a new role, distributed the role configuration through Cisco Fabric Services
between your pod and peer pod VDCs, and verified the operation of Cisco Fabric Services.
n You have created RADIUS servers, distributed the RADIUS server configuration through
Cisco Fabric Services between your pod and peer pod VDCs, and verified the operation of
Cisco Fabric Services.
Task 5: Cisco DCNM (Optional)
During this exercise, you will use Cisco Prime DCNM to monitor and manage the Cisco Nexus
7000 Switch.
Activity Procedure
Step 1 On your N5K configure and enable the interfaces connecting to the N7K VDCs.
N5K-P# conf
N5K-P(config)# interface ethernet 2/1-2
Step 2 On your N7K VDC configure and enable the interfaces connecting to the N5Ks.
Pod 1&2 Pod 3&4 Pod 5&6
Eth7/1-2 Eth 7/3-4 Eth 7/5-6
N7K-X-PodP# conf
N7K-X-PodP(config)# interface ethernet 7/x-y (see table for x and y)
N7K-X-PodP(config-if)# no shutdown
Step 3 Connect to your assigned Windows server.

Step 4 Open the session to your Windows server by clicking the icon in the remote lab GUI
and login using username administrator with password 1234QWer.
Step 5 Open the Internet Explorer browser using the taskbar shortcut. Enter the address
http://192.168.0.P7/, where P is your pod number.
Step 6 Login to your DCNM appliance using admin as username and 1234QWer as password.
Step 7 Navigate to Admin > General > Data Sources.

Step 8 Click on the add icon ‘+’ next to Admin > Data Sources > LAN to start the discovery
of your environment.
Step 9 Choose Discovery Type of Hops from Seed Switch with a range of 1 hop and enter the
management IP address of your pod Nexus 7000 VDC, 192.168.0.20P. Enter
username admin and password 1234QWer and then click Next.
Step 10 In the Shallow LAN Discovery mark the checkbox next Name to select all discovered
Switches and click Add.
Note The discovery process will take several minutes to complete.
Step 11 When the discovery process is completed, expand the discovery task from the left
column to review all of the discovered devices. Discovery was successful if the status of
the devices displays as listed as true in the Managed column.

Step 12 Click on the DCNM-LAN link in the main menu to start the installation of the local
DCNM-LAN GUI client.
Step 13 Acknowledge all Java warnings and login using the username admin and the password
1234QWer.
Step 14 Verify that you see four devices listed in the device discovery pane: Your Cisco Nexus
7000 VDC, your Cisco Nexus 5000 Switch, your peer pod Cisco Nexus 7000 VDC, and
your peer pod Cisco Nexus 5000 Switch.
Step 15 Using “Shift”+”left mouse button” highlight all devices, then right click and choose
Deep Discovery.
Step 16 Wait for the discovery status to switch from “in progress” to “managed”, click View >
Refresh to make sure the client displays the status change.
Step 17 In the Feature Selector pane select Devices and Credentials to verify that all four
devices are listed with the status Managed.

Step 18 On the left of your screen, select the Topology tab and examine the Topology View of
your pod and peer pod. Rearrange the topology to your liking. When you are happy
with the result, save the topology layout. Click Save Layout.
Step 19 Click the Export as JPG button to save the visible area of your topology to the desktop
as a JPG picture named Topology Diagram.jpg.
Step 20 On the left of your screen, select the Inventory tab.
Step 21 Open the inventory of your Cisco Nexus 7000 Switch and your Cisco Nexus 5600
Switch and examine the components.
Step 22 Go to the Environmental Status section of your assigned Cisco Nexus 7000 Switch.
Step 23 Go to the Memory Utilization tab of your assigned Cisco Nexus 7000 Switch. Click
New Charts in the toolbar and create a chart that graphs the memory utilization on the

switch. Set the frequency to 30 seconds and start the data collection for the chart.
Acknowledge all warnings/confirmation requests and wait for a few minutes to allow
the chart to collect some data.
Step 24 On the left of your screen, select the Interfaces tab. Select the item for the physical
Ethernet interfaces within the tab.
Step 25 Select your Cisco Nexus 7000 VDC and select the interface that connects your Cisco
Nexus 7000 VDC to your Cisco Nexus 5000 Switch and expand basic settings.
Pod 1 Pod 2 Pod 3 Pod 4 Pod 5 Pod 6
Eth7/1 Eth 7/2 Eth 7/3 Eth 7/4 Eth 7/5 Eth 7/6
Step 26 Examine the port details and status and close the DCNM LAN client when finished.
n You have logged into the Cisco Prime DCNM server and verified that the topology reflects all
switches in the network, and used the interface to monitor and manage the Cisco Nexus 7000
Switch.

Guided Lab 4: Configuring Troubleshooting
Features
Overview
n Configure the Cisco Nexus 7000 Switch to use the RMON feature to monitor the traffic and
generate alerts when certain levels are reached
n Configure the EEM to respond to an event that occurs on the switch by automatically running
some commands
n Configure a SPAN session and use it to capture some specified traffic and send it through to
the destination ports
Visual Objective
Required Resources
Extenders.
Command Description
action number[.number2] cli command1 This command runs the configured CLI commands.
[command2...] [local]
action number[.number2] syslog [priority prio- This command sends a customized syslog message at
val] msg error-message the configured priority.
destination interface type {number | range} This command configures destinations for copied source
packets.
event event-statement This command configures the event statement for the
policy.
event manager applet applet-name This command registers the applet with EEM and enters
applet configuration mode.
event track object-number state {any | down | This command triggers an event if the tracked object is in
up} the configured state.
monitor session session-number This command enters the monitor configuration mode.
no shut This command enables the SPAN session.
rmon event index [log] [trap string] [owner name] This command configures an RMON event.
[description string]
rmon hcalarm index mib-object sample-interval This command creates an RMON alarm.
{absolute | delta} rising-threshold-high value
rising-threshold-low value [event-index] falling-
threshold-high value falling-threshold-low
value [event-index] [owner name] [storagetype
type]
show event manager history events This command displays the history of events for all
policies.
show monitor session This command displays the SPAN session configuration.
show rmon logs This command displays information about RMON logs.
source {interface type | vlan {1-3967,4048- This command configures sources and the traffic direction
4093}} [rx | tx | both] in which to copy packets.
switchport monitor This command configures the switchport interface as a

SPAN destination.
track object-id interface interface-type number This command creates a tracked object for an interface.
{{ip | ipv6} routing | line-protocol}

In this task, you will use a Telnet or terminal utility to establish a management connection on your
pod.
Activity Procedure
Step 2 Connect to your pod Nexus 7000 VDC.
n You have connected to your pod VDC.
Task 2: RMON
Configure the Cisco Nexus 7000 Switch to use the RMON feature to monitor the traffic and
generate alerts when certain levels are reached.
Activity Procedure
Step 1 Identify the mgmt0 SNMP interface index.
N7K-Y-podP# show interface snmp-ifindex
Port IFMIB Ifindex (hex)

------------------------------------------------------------------------------
mgmt0 83886080 (0x5000000 )
EthX/A 439353344 (0x1a300000)
EthX/B 439357440 (0x1a301000)
EthX/C 439377920 (0x1a306000)
EthX/D 439382016 (0x1a307000)
Step 2 Verify OID 1.3.6.1.2.1.2.2.1.10.
N7K-Y-podP# show snmp internal translate oidorname 1.3.6.1.2.1.2.2.1.10

ifInOctets 1.3.6.1.2.1.2.2.1.10
Step 3 Configure an RMON alarm with the following parameters:

— OID 1.3.6.1.2.1.2.2.1.10
— mgmt0 IFMIB from Step 1
— Sampling interval 10 sec
— Sample type delta
— Rising threshold 5000 generates event 10
— Falling threshold 3000 generates event 20
N7K-Y-podP# conf
N7K-Y-podP(config)# rmon alarm 10 1.3.6.1.2.1.2.2.1.10.83886080 10 delta rising-
threshold 5000 10 falling-threshold 3000 20 owner admin
Step 4 Configure an RMON event to generate a syslog message when the Cisco NX-OS
Software triggers a rising alarm.
N7K-Y-podP(config)# rmon event 10 log trap public description PKT_too_high owner
admin
Step 5 Configure an RMON event to generate a syslog message when the Cisco NX-OS
Software triggers a falling alarm.
N7K-Y-podP(config)# rmon event 20 log trap public description PKT_normal owner
admin
Step 6 Connect to your Windows server and start ping with 1450-byte packets to your VDC
mgmt0 IP address 192.168.0.20P (P is your pod number).
C:\Documents and Settings\Administrator>ping 192.168.0.20P -n 10 -l 1450
Pinging 192.168.0.20P with 1450 bytes of data:

Reply from 192.168.0.20P: bytes=1450 time=4ms TTL=255
Reply from 192.168.0.20P: bytes=1450 time<1ms TTL=255
Ping statistics for 192.168.0.20P:

Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 4ms, Average = 0ms
Step 7 Verify RMON logs on your pod Cisco Nexus 7000 Switch.
N7K-Y-podP(config)# show rmon logs

Event 10
1 PKT_too_high Rising alarm 10, fired at 2015/07/28-11:40:45
iso.3.6.1.2.1.2.2.1.10.83886080=39354 >= 5000
Event 20
1 PKT_normal Falling alarm 10, fired at 2015/07/28-11:41:05
iso.3.6.1.2.1.2.2.1.10.83886080=170 <= 3000
n You have used the show commands to verify the RMON configuration.
n You have generated some traffic on the Windows host so that the configured threshold is
reached and an alert is generated.

Task 3: EEM
During this exercise, you will configure the EEM to respond to an event that occurs on the switch
by automatically running some commands.
Activity Procedure
Step 1 Configure a tracked object for an interface that is connected to your peer pod Cisco
Nexus 7000 Switch.
Ethernet 7/C Ethernet 7/7 Ethernet 7/9 Ethernet 7/11
N7K-Y-podP(config)# track 10 interface ethernet 7/C line-protocol

Step 2 Register the applet named track_down
N7K-Y-podP(config-track)# event manager applet track_down
Step 3 Configure the EEM applet to trigger an event if the tracked object is in the down state.
N7K-Y-podP(config-applet)# event track 10 state down
Step 4 Configure the EEM applet to create a syslog message that the port is shutting down.
Ethernet 7/A Eth 7/1 Eth 7/2 Eth 7/3 Eth 7/4 Eth 7/5 Eth 7/6
N7K-Y-podP(config-applet)# action 1 syslog msg EEM applet track_down shutting

down port
Step 5 Configure the EEM applet to disable the interface that is connected to your Cisco Nexus
5000.
N7K-Y-podP(config-applet)# action 2 cli command “conf”

N7K-Y-podP(config-applet)# action 3 cli command “interface ethernet X/A”
N7K-Y-podP(config-applet)# action 4 cli command “shutdown”
Tip The command accepts only one parameter – therefore commands with spaced need “”
Step 6 Register the applet named track_up with the EEM.
N7K-Y-podP(config)# event manager applet track_up
Step 7 Configure the EEM applet to trigger an event if the tracked object is in the up state.
N7K-Y-podP(config-applet)# event track 10 state up
Step 8 Configure the EEM applet to create a syslog message that the port is bringing up.
N7K-Y-podP(config-applet)# action 1 syslog msg EEM applet track_up bringing up

port
Step 9 Configure the EEM applet to enable the interface that is connected to your Cisco Nexus
5000.
N7K-Y-podP(config-applet)# action 2 cli command “conf”
N7K-Y-podP(config-applet)# action 3 cli command “interface ethernet 7/A”
N7K-Y-podP(config-applet)# action 4 cli command “no shut”
Step 10 Shut down the interface that is connected to your peer pod Cisco Nexus 7000 Switch.
N7K-Y-podP(config-applet)# interface ethernet 7/C

N7K-Y-podP(config-if)# shutdown
Step 11 Check the log for matching events.
N7K-Y-podP(config-if)# show logging last 100 |i track

2015 Jul 28 11:53:29 N7K-Y-podP %OTM-5-OTM_OBJECT_STATUS: Status of tracking
object 10 changed to DOWN
2015 Jul 28 11:53:29 N7K-Y-podP eem_policy_dir: %eem_policy_dir-6-LOG:
track_down: EEM applet track_down shutting down port
Step 12 Display the interface status.
N7K-Y-podP(config-if)# show interface brief
------------------------------------------------------------------------------
------------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 1000 1500
------------------------------------------------------------------------------
Interface Ch #
------------------------------------------------------------------------------
EthX/A 1 eth access down Administratively down auto(D) --
EthX/B 1 eth access up none 40G(D) --
EthX/C -- eth routed down Administratively down auto(D) --
EthX/D 1 eth access up none 40G(D) --
Q4) What is the status of the interface that is connected to your Cisco Nexus 5000?
Step 13 Enable the interface that is connected to your peer pod Cisco Nexus 7000 Switch.
N7K-Y-podP(config-if)# interface ethernet X/C

N7K-Y-podP(config-if)# no shutdown
Step 14 Check the log for matching events.
N7K-Y-podP(config-if)# show logging last 100 |i track

object 10 changed to DOWN
track_down: EEM applet track_down shutting down port
object 10 changed to UP

track_up: EEM applet track_up bringing up port
Step 15 Display the interface status.

N7K-Y-podP(config-if)# show interface brief
------------------------------------------------------------------------------
------------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 1000 1500
------------------------------------------------------------------------------
Interface Ch #
------------------------------------------------------------------------------
EthX/A 1 eth access up none 40G(D) --
EthX/B 1 eth access up none 40G(D) --
EthX/C -- eth routed up none 40G(D) --
EthX/D 1 eth access up none 40G(D) --
Q5) What is the status of interface that is connected to your Cisco Nexus 5600?
n You have used the show commands to verify the EEM configuration, and then simulated an
event that causes the EEM to run corrective commands.
Task 4: SPAN
During this exercise, you will configure a SPAN session and use it to capture some specified
traffic. Then you will send it through to a destination port to which an analyzer is attached.
Activity Procedure
Step 1 Enable SPAN monitoring on the interface that is connected to your Windows server on
your Nexus 5600.
N5K-P# conf
N5K-P(config)# interface ethernet 1/3
N5K-P(config-if)# switchport monitor
Step 2 Verify the configuration.
N5K-P(config-if)# show running-config interface ethernet 1/3
!Command: show running-config interface Ethernet1/3

!Time: Fri Mar 23 07:35:58 2001
version 7.0(4)N1(1)
interface Ethernet1/3
switchport monitor
Step 3 To configure a SPAN session, enable a monitor session number 1.
N5K-P(config-if)# monitor session 1
Step 4 Specify Ethernet 2/1 and 2/2 as source interfaces connected to Cisco Nexus 7000
Switches.
N5K-P(config-monitor)# source interface ethernet 2/1-2 both
Step 5 Specify Ethernet 1/3 as the destination interface.
N5K-P(config-monitor)# destination interface ethernet 1/3
Step 6 Enable a monitoring session.
N5K-P(config-monitor)# no shut
Step 7 Verify the SPAN session configuration.
N5K-P(config-monitor)# show running-config monitor
!Command: show running-config monitor

!Time: Fri Mar 23 07:37:47 2001
version 7.0(4)N1(1)
logging level monitor 6
monitor session 1
source interface Ethernet2/1 both
source interface Ethernet2/2 both
destination interface Ethernet1/3

no shut
N5K-P(config-monitor)# show monitor session 1
session 1
---------------
type : local
state : up
acl-name : acl-name not specified
source intf :
rx : Eth2/1 Eth2/2
tx : Eth2/1 Eth2/2
both : Eth2/1 Eth2/2
source VLANs :
rx :
source VSANs :
rx :
destination ports : Eth1/3
Legend: f = forwarding enabled, l = learning enabled
Step 8 Remove the SPAN interface configuration.
N5K-P# conf
N5K-P(config-if)# no switchport monitor
n You have used the show commands to verify the SPAN session configuration.
Guided Lab 5: Configuring Layer 2 Switching
Overview
n Configure the Layer 2 interfaces and Rapid PVST+, and verify that the Rapid PVST+
configuration is performing as expected
n Configure the STP enhancements that are required, and verify that the configuration is
performing as expected
n Configure MST on the Cisco Nexus 7000 Switch, and then verify the configuration
n Configure the Cisco Nexus 7000 Switch to support Q-in-Q tunnels, and then verify that the
configuration is performing as expected
Visual Objective

Required Resources
Extenders.
Command List
Command Description
feature udld This command enables UDLD on a switch.
instance nr vlan vlan-list This command maps a list of VLANs to an MST

instance.
l2protocol tunnel This command enables Layer 2 protocol tunneling.
(Optional) You can enable Cisco Discovery Protocol,
STP, or VTP tunneling.
name mst-region-name This command configures the MST region name.
name vlan-name This command configures the VLAN name.
rate-mode dedicated This command sets the first port in a port group to
dedicated mode.
revision mst-revision-nr This command configures the MST revision number.
show interface brief This command displays a summary of the interface.
show interface transceiver This command displays detailed information about

installed SFPs.
show l2protocol tunnel summary This command displays a summary of all ports that
have Layer 2 protocol tunnel configurations.
show spanning-tree This command displays information that is related to
the STP.
show spanning-tree inconsistentports This command displays the switch ports that are in the
spanning-tree inconsistent state.
show spanning-tree summary This command displays a summarized view of the
spanning-tree operational status.
show udld neighbors This command displays the list of current UDLD
neighbors.
show vlan internal usage This command displays the list of VLANs that are
reserved for internal use.
spanning-tree guard root This command enables Root Guard on an interface.
spanning-tree mode mst This command changes the STP to MST.
spanning-tree mst nr root primary This command changes the priority of the switch in
order to make it the root of the spanning tree for the
MST instance.
spanning-tree mst nr root secondary This command lowers the spanning-tree priority of the
switch below the default value, to make the switch the
backup spanning-tree root for the MST instance.
Command Description
spanning-tree mst configuration This command enters configuration mode for MST.
spanning-tree port type edge This command configures an interface as a spanning-

tree edge port.
spanning-tree port type network This command enables Bridge Assurance on an
interface.
spanning-tree vlan vlan-list root primary This command changes the priority of the switch in
order to make it the root of the spanning tree for the
listed VLANs.
spanning-tree vlan vlan-list root secondary This command lowers the spanning-tree priority of the
switch below the default value to make the switch the
backup spanning-tree root for the listed VLANs.
switchport This command configures an interface as a Layer 2
switch port.
switchport mode dot1q-tunnel This command creates an 802.1Q tunnel on the port.
switchport mode trunk This command configures an interface as a trunk port.
udld aggressive This command enables UDLD aggressive mode.
vlan vlan-list This command creates one or more VLANs.

In this task, you will use a Telnet or terminal utility to establish a connection to your pod VDC and
your pod Nexus 5000 console.
Activity Procedure
Step 3 Rollback your N7K configuration to checkpoint “base”
N7K-Y-podP# rollback running-config checkpoint base
N7K-Y-podP#
Note The “base” checkpoint on the N7K has been created by the support team when setting up the
lab.
Step 4 Switch to your Nexus 5000 console

Step 5 Roll back to the configuration checkpoint BASE on your Nexus 5000 series switch.
N5K-P# rollback running-config checkpoint base
Rollback completed successfully
n You have connected to your assigned Pod Nexus 7000 VDC.
n You have connected to your assigned Cisco Nexus 5000 Switch.
Task 2: Configure the Cisco Nexus 5000 Switch Interfaces
In this task, you will configure the Cisco Nexus 5000 Switch interfaces.
Activity Procedure
Step 1 Set interfaces 2/1 and 2/2 within your Cisco Nexus 5000 Switch for trunk operation.
N5K-P(config-if-range)# switchport mode trunk
N5K-P(config-if-range)# no shutdown
Note The interfaces will display “link not connected” until the N7K will be configures (next task)
Step 2 Use the show cdp neighbors command or the interface descriptions in the
configuration to find interfaces that are connected to your peer Cisco Nexus 5000
Switch and disable them.
N5K-P(config-if-range)# interface ethernet 2/5-6

N5K-P(config-if-range)# shutdown
N5K-P(config-if-range)# show interface ethernet 2/5-6 brief
------------------------------------------------------------------------------
Interface Ch #
------------------------------------------------------------------------------
Eth2/5 1 eth access down Administratively down 40G(D) --
Eth2/6 1 eth access down Administratively down 40G(D) –-
n You have configured interfaces on Cisco Nexus 5000 Switch.

Task 3: Configuring Layer 2 Interfaces and Rapid PVST+
In this task you will configure the Layer 2 interfaces and Rapid PVST+, and then verify that the
Rapid PVST+ configuration is performing as expected. While your workgroup is responsible for
one Cisco Nexus 5000 Switch and one Cisco Nexus 7000 VDC, your peer workgroup will
configure the other Cisco Nexus 5000 Switch and the VDC on the other Cisco Nexus 7000, so
some coordination is required.
Activity Procedure
Step 2 Change all the interfaces in your VDC that are listed on the following table to Layer 2
switch ports instead of routed ports and shut these interfaces down.
N7K-Y-podP# conf
N7K-Y-podP (config)# interface e 7/C
N7K-Y-podP (config-if)# switchport
N7K-Y-podP (config-if)# shutdown
Step 3 Verify that the proper interfaces have been enabled and changed to Layer 2 switch
ports.
N7K-Y-podP # show interface ethernet 7/C brief
------------------------------------------------------------------------------
Interface Ch #
------------------------------------------------------------------------------
EthX/C 1 eth access down Administratively down auto(D) --
Step 4 Configure all the Layer 2 interfaces from the previous step as trunks and verify that the
change was successful.
N7K-Y-podP (config)# interface eth 7/A-B, eth 7/D
N7K-Y-podP (config-if-range)# switchport
N7K-Y-podP (config-if-range)# switchport mode trunk
N7K-Y-podP (config-if-range)# no shut
N7K-1-podP (config-if-range)# show interface brief
------------------------------------------------------------------------------
------------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 1000 1500
------------------------------------------------------------------------------
Interface Ch #
------------------------------------------------------------------------------
Eth7/A 1 eth trunk up none 40G(D) --
Eth7/B 1 eth trunk up none 40G(D) --
Eth7/C 1 eth access down Administratively down auto(D) --
Eth7/D 1 eth trunk up none 40G(D) --
Step 5 Examine spanning-tree operation for VLAN 1 using the show spanning-tree vlan 1
command. Output can vary depending on the installed hardware.
N7K-Y-podP # show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 64a0.e742.6e42
Cost 1
Port 925 (EthernetX/D)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 64a0.e743.03c2
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Eth7/A Desg FWD 1 128.897 P2p
Eth7/B Desg FWD 1 128.901 P2p
Eth7/D Root FWD 1 128.925 P2p
Q1) Which PVRST+ path cost method is being used?
Q2) Which switch or VDC is the root bridge for VLAN 1 in your pod pair?
Step 6 Examine which VLANs are available to you and that are used internally.
N7K-Y-podP # show vlan internal usage
VLAN DESCRIPTION
--------- -------------------------------------------------------
3968-4031 Multicast
4032-4035,4048-4059 Online Diagnostic
4036-4039,4060-4087 ERSPAN
4042 Satellite
4044 Native VLAN to enable/disable tagging

4040 Fabric scale
4041 Fabric Multicast vpc (FP)
4045 Fabric Multicast vpc (CE)
4043 FCF vlans
3968-4095 Current
Step 7 On both devices in your pod, create VLAN 10 and give it the name “TEST.” Verify that
the Cisco Nexus 5000 Switches and the Cisco Nexus 7000 VDCs in both your pod and
your peer pod contain VLANs 1 and 10.
N7K-Y-podP (config)# vlan 10
N7K-Y-podP (config-vlan)# name TEST
N5K-P(config)# vlan 10
N5K-P(config-vlan)# name TEST
Step 8 Examine spanning-tree operation for all VLANs. Output can vary depending on the
installed hardware.
N7K-Y-podP # show spanning-tree
VLAN0001
Cost 1


---------------- ---- --- --------- -------- --------------------------------
VLAN0010
Cost 1


---------------- ---- --- --------- -------- --------------------------------
Q3) Which switch or VDC is the root bridge for the spanning-tree instance for VLAN 10? Is it
the same or different from VLAN 1?
Step 9 Create additional VLANs 11 through 14 and 111 through 113 on both your Cisco
Nexus 7000 VDC and your Cisco Nexus 5000 Switch.
N7K-Y-podP(config)# vlan 11-14, 111-113
N5K-P(config)# vlan 11-14, 111-113

Step 10 Examine the spanning-tree instances that are running in your pod. Output can vary
depending on the spanning-tree topology.
N7K-Y-podP# show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: none
Port Type Default is disable
Edge Port [PortFast] BPDU Guard Default is disabled
Edge Port [PortFast] BPDU Filter Default is disabled
Bridge Assurance is enabled
Loopguard Default is disabled
Pathcost method used is short
STP-Lite is enabled
Name Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 3 3
VLAN0010 0 0 0 3 3
VLAN0011 0 0 0 3 3
VLAN0012 0 0 0 3 3
VLAN0013 0 0 0 3 3
VLAN0014 0 0 0 3 3
VLAN0111 0 0 0 3 3
VLAN0112 0 0 0 3 3
VLAN0113 0 0 0 3 3
---------------------- -------- --------- -------- ---------- ----------
9 vlans 0 0 0 27 27
Q4) Is there a separate spanning-tree instance for each VLAN?
Step 11 Pods 1, 3, and 5 should configure the VDC of switch N7K-1 as the primary root bridge
for the odd VLANs (VLAN 11, 13, 111, and 113) and as the secondary root bridge for
the even VLANs (VLAN 10, 12, 14, and112).
N7K-1-podP(config-vlan)# spanning-tree vlan 11, 13, 111, 113 root primary
N7K-1-podP(config)# spanning-tree vlan 10, 12, 14, 112 root secondary
Step 12 Pods 2, 4, and 6 should configure the VDC of switch N7K-2 as the primary root bridge
for the even VLANs (VLAN 10, 12, 14, and112) and as the secondary root bridge for
the odd VLANs (VLAN 11, 13, 111, and 113).
N7K-2-podP(config-vlan)# spanning-tree vlan 10, 12, 14, 112 root primary

N7K-2-podP(config)# spanning-tree vlan 11, 13, 111, 113 root secondary

Step 13 Verify that the spanning tree for VLANs 10 through 13 and 111 through 113 is
behaving as expected.
N7K-1-podP# show spanning-tree root
Root Hello Max Fwd

Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- ----- ----- --- --- ----------------
VLAN0001 32769 64a0.e742.6e42 1 2 20 15 Ethernet7/D
VLAN0011 24587 64a0.e743.03c2 0 2 20 15 This bridge is root
N7K-2-podQ# show spanning-tree root
Root Hello Max Fwd

---------------- -------------------- ----- ----- --- --- ----------------
VLAN0001 32769 64a0.e742.6e42 0 2 20 15 This bridge is root
VLAN0011 24587 64a0.e743.03c2 1 2 20 15 Ethernet7/D
Step 14 Save the configurations on the switches in your pod.
n You have configured the interface leading to the peer Cisco Nexus 7000 VDC as rate-mode
dedicated.
n You have verified basic interface operation and settings on your Cisco Nexus 7000 VDC and
Cisco Nexus 5000 Switch.
n You have configured the links between the switches in your pod and your peer pod as 802.1Q
trunks.
n You have created VLANs 10 through 13.
n You have configured the odd VDC as the root for the odd VLANs and the even VDC as the
backup root for the odd VLANs.
n You have configured the even VDC as the root for the even VLANs and the odd VDC as the
backup root for the even VLANs.
n You have verified spanning-tree operation for VLANs 10 through 13.
Task 4: Using STP Enhancements
During this exercise, you will configure some of the spanning-tree optimization and protection
features and verify their operation.
Activity Procedure
Step 1 It is a best practice to configure ports that are connected to end devices, such as servers,
as spanning-tree edge ports. Configure the ports on your Cisco Nexus 5000 Switch that
connect to the lab servers as spanning-tree edge ports.
N5K-P(config)# interface e 1/3-4
N5K-P(config-if-range)# spanning-tree port type edge
Warning: edge port type (portfast) should only be enabled on ports connected
to a single host. Connecting hubs, concentrators, switches, bridges, etc...
to this interface when edge port type (portfast) is enabled, can cause
temporary bridging loops.
Use with CAUTION
Edge Port Type (Portfast) will be configured in 2 interfaces due to the range
command but will only have effect when the interfaces are in a non-trunking
mode.
Note The spanning-tree edge port feature is also known as Portfast. However, the Cisco NX-OS
Software does not support the “spanning-tree portfast” command.
Step 2 Enable UDLD in aggressive mode on the devices and all necessary ports in your pod
and peer pod to protect your switches against unidirectional link failures.
N7K-Y-podP(config)# feature udld
N7K-Y-podP(config)# udld aggressive
N7K-Y-podP(config)# show cdp neighbors

N5K-P(FOC1843R54E)
EthX/A 150 R S I s N5K-C5672UP Eth2/1
N5K-Q(FOC1841R063)
EthX/B 150 R S I s N5K-C5672UP Eth2/2
N7K-Y-podQ(JAF1540BLJK)
EthX/D 147 R S I s N7K-C7010 EthX/D
N7K-Y-podP(config)# interface e X/A-B, e X/D

N7K-Y-podP(config-if-range)# udld enable
N7K-Y-podP(config-if-range)# udld aggressive
N5K-P(config)# feature udld

N5K-P(config)# udld aggressive
N5K-P(config)# interface e 2/1 - 2
N5K-P(config-if-range)# udld aggressive
Step 3 Use the show udld neighbors command to verify UDLD operation.
N7K-Y-podP# show udld neighbors
Port Device Name Device ID Port ID Neighbor State
--------------------------------------------------------------------------
EthernetX/A FOC1843R54E 1 Ethernet2/1 bidirectional

EthernetX/B FOC1841R063 1 Ethernet2/2 bidirectional
EthernetX/D JAF1540BLJK 1 EthernetX/D bidirectional
Step 4 UDLD can protect against bridging loops that are caused by physical problems, but it
cannot protect against software-caused spanning-tree failures. The bridge assurance
feature can help protect against bridging loops that are caused by software failures.
Enable bridge assurance on the link between the Cisco Nexus 7000 VDC in your pod
and the VDC in your peer pod.
Ethernet X/D Ethernet 7/8 Ethernet 7/10 Ethernet 7/12
N7K-Y-podP(config)# int e X/D

N7K-Y-podP(config-if)# spanning-tree port type network
Step 5 Verify that bridge assurance is enabled on the link between the VDCs using the show
spanning-tree command.
N7K-Y-podP# show spanning-tree vlan 10
VLAN0010
Cost 1


---------------- ---- --- --------- -------- --------------------------------
EthX/A Desg FWD 1 128.897 P2p
EthX/B Desg FWD 1 128.901 P2p
EthX/D Root FWD 1 128.925 Network P2p
Q5) Which keyword indicates that bridge assurance is enabled on the port?
Step 6 On your Cisco Nexus 7000 VDC, enable terminal monitor to see the logging messages.
N7K-Y-podP(config)# terminal monitor
Step 7 On your Cisco Nexus 7000 VDC, enable bridge assurance on the ports that are
connected to the Cisco Nexus 5000 Switches in your pod and peer pod.
Ethernet X/A Ethernet 7/1, Ethernet 7/3, Ethernet 7/5,

Ethernet X/B Ethernet 7/2 Ethernet 7/4 Ethernet 7/6
N7K-Y-podP(config)# int e X/A, e X/B

N7K-Y-podP(config-if-range)# spanning-tree port type network
Step 8 Wait a moment and observe the log messages on the Cisco Nexus 7000 VDC.
N7K-Y-podP(config-if-range)# 2015 Jan 21 11:53:00 N7K-Y-podP %$ VDC-2 %$ %STP-2-
BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port EthernetX/B VLAN0001.
2015 Jan 21 11:53:00 N7K-Y-podP %$ VDC-2 %$ %STP-2-BRIDGE_ASSURANCE_BLOCK:
Bridge Assurance blocking port EthernetX/A VLAN0001.
Bridge Assurance blocking port EthernetX/B VLAN0010.
Q6) Can you explain what happened?
Step 9 Repair the misconfiguration by enabling bridge assurance on your Cisco Nexus 5000
Switch for the ports that connect to the Cisco Nexus 7000 VDCs.
N5K-P(config)# int e 2/1 - 2
N5K-P(config-if-range)# spanning-tree port type network
Step 10 Ensure that no spanning-tree problems remain in the network by executing the show
spanning-tree inconsistentports command. Issue the command on all switches in your
pod and peer pod and verify that no inconsistent ports remain.
N7K-Y-podP# show spanning-tree inconsistentports
N5K-P# show spanning-tree inconsistentports
n You have enabled, and later disabled, root guard on the ports on the Cisco Nexus 7000 VDC
that lead to the Cisco Nexus 5000 Switches in your pod and peer pod.
n You have configured the ports leading to the servers in your pod and peer pod as spanning-tree
edge ports.
n You have successfully enabled UDLD in aggressive mode between the switches in your pod
and peer pod.
n You have successfully enabled bridge assurance between the switches in your pod and peer
pod.
n You have observed the spanning-tree behavior when bridge assurance is enabled on only one
side of a link.

Task 5: Implementing and Verifying MST (optional)
During this exercise, you will configure MST and verify that it is operating properly in your pod
and peer pod.
Activity Procedure
Step 1 Configure your Cisco Nexus 7000 VDC to participate in an MST region using the
following parameters (S is the SMALLER of the two peer pod numbers, and T is the
LARGER of the two peer pod numbers. Pods 5 and 6 will use 56 as the domain
identifier.)
Device Region Name Revision Number
N7K-1-pod1 Pod1and2 12
N7K-2-pod2
N7K-2-pod4
N7K-2-pod6
N7K-Y-podP(config)# spanning-tree mst configuration

N7K-Y-podP(config-mst)# name <see table above>
N7K-Y-podP(config-mst)# revision <see table above>
N7K-Y-podP(config-mst)# exit
Step 2 Change the spanning-tree mode on your Cisco Nexus 7000 VDC to MST.
N7K-Y-podP(config)# spanning-tree mode mst
Step 3 Configure your Cisco Nexus 5000 Switch to participate in an MST region using the
following (S is the SMALLER of the two peer pod numbers, and T is the LARGER of
the two peer pod numbers. Pods 5 and 6 will use 56 as the domain identifier.)
Device Region Name Revision Number
N5K-1 Pod1and2 12
N5K-2
N5K-3 Pod3and4 34
N5K-4
N5K-5 Pod5and6 56
N5K-6
N5K-P(config)# spanning-tree mst configuration

N5K-P(config-mst)# name <see table above>
N5K-P(config-mst)# revision <see table above>
N5K-P(config-mst)# exit
Step 4 Change the spanning-tree mode on your Cisco Nexus 5000 Switch to MST.
N5K-P(config)# spanning-tree mode mst
Step 5 Verify that MST is operating correctly between the VDCs and switches in your pod and
peer pod. Output can vary.
N7K-Y-podP# show spanning-tree
MST0000
Spanning tree enabled protocol mstp
Cost 0


---------------- ---- --- --------- -------- --------------------------------
EthX/A Desg FWD 500 128.897 Network P2p
EthX/B Desg FWD 500 128.901 Network P2p
Note Be aware that MST configuration is not applied until you exit MST configuration mode.
Therefore, you should leave MST configuration mode before issuing any show commands to
verify MST operation.
Q7) Which spanning-tree path cost method does MST use by default?

Q8) How many MST instances are currently being used? Can you achieve VLAN load
balancing with this configuration?
Step 6 Change the MST configuration on your Cisco Nexus 7000 VDC to add two new MST
instances. Map VLANs 11, 13,111, and 113 to MST instance 1 and map VLANs 10, 12,
14, and 112 to MST instance 2.
N7K-Y-podP(config)# spanning-tree mst configuration
N7K-Y-podP(config-mst)# instance 1 vlan 11,13,111,113
N7K-Y-podP(config-mst)# instance 2 vlan 10,12,14,112
N7K-Y-podP(config-mst)# exit
Step 7 Verify MST operation on the switches in your pod. Output can vary depending on the
installed hardware.
MST0000
Cost 0


---------------- ---- --- --------- -------- --------------------------------
MST0001
Cost 500


---------------- ---- --- --------- -------- --------------------------------
MST0002
Cost 500

---------------- ---- --- --------- -------- --------------------------------
N5K-P# show spanning-tree
MST0000
Cost 500
Port 258 (Ethernet2/2)

Address 8c60.4f22.ad7c

---------------- ---- --- --------- -------- --------------------------------
Eth1/3 Desg FWD 2000 128.131 Edge P2p
Eth1/9 Desg FWD 2000 128.137 P2p
Eth1/10 Desg FWD 2000 128.138 P2p
Eth1/11 Desg FWD 2000 128.139 P2p
Eth2/1 Altn BLK 500 128.257 Network P2p Bound(RSTP)
Eth2/2 Root FWD 500 128.258 Network P2p Bound(RSTP)
Step 8 Change the MST configuration on your Cisco Nexus 5000 Switch to match the
configuration on your VDC by mapping VLANs 11 and 13 to MST instance 1 and
mapping VLANs 10 and 12 to MST instance 2.
N5K-P(config)# spanning-tree mst configuration
N5K-P(config-mst)# instance 1 vlan 11,13,111,113
N5K-P(config-mst)# instance 2 vlan 10,12,14,112
N5K-P(config-mst)# exit
Step 9 Verify that MST is now operating properly on all devices in your pod and peer pod.
Output can vary depending on the installed hardware.
MST0000
Cost 0


---------------- ---- --- --------- -------- --------------------------------

MST0001
Cost 500


---------------- ---- --- --------- -------- --------------------------------
MST0002
Cost 500


---------------- ---- --- --------- -------- --------------------------------
N5K-P# show spanning-tree
MST0000
Cost 0


---------------- ---- --- --------- -------- --------------------------------
Eth1/9 Desg FWD 2000 128.137 P2p
Eth1/10 Desg FWD 2000 128.138 P2p
Eth1/11 Desg FWD 2000 128.139 P2p
Eth2/1 Altn BLK 500 128.257 Network P2p
Eth2/2 Root FWD 500 128.258 Network P2p
MST0001
Cost 500


---------------- ---- --- --------- -------- --------------------------------
MST0002
Cost 500


---------------- ---- --- --------- -------- --------------------------------
Note You should not see any boundary ports in the output of the show spanning-tree commands.
Q9) Which switches or VDCs are the root bridges for each of the MST instances? Are they the
same or different?
Step 10 Students working on pod 1, pod 3 and pod 5 will configure the VDCs of switch N7K-1
as the root bridge for MST instances 0 and 1 and as the backup root bridge for MST
instance 2.
N7K-1-podP(config)# spanning-tree mst 0 root primary
N7K-1-podP(config)# spanning-tree mst 2 root secondary
Step 11 Students working on pod 2, pod 4 and pod 6 will configure the VDCs of switch N7K-2
as the root bridge for MST instance 2 and as the backup root bridge for MST instance 1.
Step 12 Verify that the root bridges are selected as expected.
N7K-1-podP(config)# show spanning-tree root
Root Hello Max Fwd
MST Instance Root ID Cost Time Age Dly Root Port
--------- ------------------- --- ------ --- --- ------
MST0000 24576 64a0.e743.03c2 0 2 20 15 This bridge is root
MST0001 24577 64a0.e743.03c2 0 2 20 15 This bridge is root
MST0002 24578 64a0.e742.6e42 500 2 20 15 EthernetX/D

Root Hello Max Fwd
MST Instance Root ID Cost Time Age Dly Root Port
------------ ---------------- ----- ---- -- --- ----------
MST0000 24576 64a0.e743.03c2 0 2 20 15 EthernetX/D
MST0001 24577 64a0.e743.03c2 500 2 20 15 EthernetX/D
MST0002 24578 64a0.e742.6e42 0 2 20 15 This bridge is root
Step 13 Ensure that you have no spanning-tree inconsistent ports or boundary ports on the
switches in your pod and peer pod.
N7K-Y-podP(config)# show spanning-tree | include Bound
N7K-Y-podP(config)# show spanning-tree inconsistentports
N5K-P# show spanning-tree | include Bound

N5K-P# show spanning-tree inconsistentports
n You have successfully enabled MST on all switches in your pod.
n You have configured the odd VDC as the root for the MST instance that contains the odd
VLANs and the even VDC as the backup root for this MST instance.
n You have configured the even VDC as the root for the MST instance that contains the even
VLANs and the odd VDC as the backup root for this MST instance.
Task 6: Implementing and Verifying Q-in-Q Tunnels (optional)
This exercise will familiarize you with creating Q-in-Q tunnels on the Cisco Nexus 7000 Switch
and then verify that the configuration is performing as expected.
Activity Procedure
Step 2 Create a VLAN 100 dedicated to a Q-in-Q tunnel. Verify that the VLAN is created.
N7K-Y-podP(config)# vlan 100
N7K-Y-podP(config-vlan)# name QinQ
N7K-Y-podP(config-vlan)# exit
N7K-Y-podP(config)# vlan configuration 100
N7K-Y-podP(config-vlan-config)# no ip igmp snooping
N7K-Y-podP(config-vlan-config)# exit
N7K-Y-podP(config)# show vlan name QinQ
VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------
100 QinQ active EthX/A, EthX/B, EthX/D
VLAN Type Vlan-mode

---- ----- ----------
100 enet CE
Remote SPAN VLAN

----------------
Disabled
Primary Secondary Type Ports

------- --------- --------------- -----------------------------------------
Step 3 Disable the Ethernet interface on your VDC that is connected to the Nexus 5000 Switch
in your peer pod. Verify that your VDC is connected only to the Nexus 5000 Switch in
your pod and the peering Nexus 7000 VDC.
Ethernet X/B E 7/2 E 7/1 E 7/4 E 7/3 E 7/6 E 7/5
N7K-Y-podP(config)# interface ethernet X/B

N7K-Y-podP(config-if)# show cdp neighbors

N5K-P(SSI1416121X) EthX/A 159 R S I s N5K-C5672UP Eth2/1
N7K-Y-podQ(JAF1351BCDM) EthX/D 155 R S I s N7K-C7010 EthX/D
Step 4 Create an 802.1Q tunnel port on the interface that is connected to the Cisco Nexus 5000
Switch in your pod.
Ethernet X/A E 7/1 E 7/2 E 7/3 E 7/4 E 7/5 E 7/6
N7K-Y-podP(config)# interface ethernet X/A

N7K-Y-podP(config-if)# switchport mode dot1q-tunnel
Step 5 Assign the Q-in-Q VLAN 100 to the same interface.

N7K-Y-podP(config-if)# switchport access vlan 100
Step 6 Set the 802.1Q tunnel port to an edge port.

N7K-Y-podP(config-if)# spanning-tree port type edge
Warning: Edge port type (portfast) should only be enabled on ports connected to
a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when edge port type (portfast) is enabled, can cause temporary
bridging loops.
Use with CAUTION
Edge Port Type (Portfast) has been configured on Ethernet1/2 but will only
have effect when the interface is in a non-trunking mode.
Step 7 Enable the Layer 2 protocol tunnel for STP and Cisco Discovery Protocol.
N7K-Y-podP(config-if)# l2protocol tunnel stp
N7K-Y-podP(config-if)# l2protocol tunnel cdp
Step 8 Connect to your assigned Cisco Nexus 5000 Switch.

Step 9 Configure a SVI for VLAN 10 and verify connectivity to the peer Cisco Nexus 5000
SVI 10 (Q is your peer pod number).
N5K-P# conf
N5K-P(config)# feature interface-vlan
N5K-P(config)# interface vlan 10
N5K-P(config-if)# ip address 172.16.10.5P/24
N5K-P(config-if)# ping 172.16.10.5Q
PING 172.16.10.5Q (172.16.10.5Q): 56 data bytes
Request 0 timed out
64 bytes from 172.16.10.5Q: icmp_seq=1 ttl=254 time=1.898 ms
Step 10 Check for Cisco Discovery Protocol neighbors (Q is your peer pod number).
N5K-P(config-if)# show cdp neighbors
N5K-Q(FOC1841R063)
Eth2/1 150 R S I s N5K-C5672UP Eth2/1
N7K-Y-podP(JAF1545CJAM)
Eth2/1 28 R S s N7K-C7010 EthX/A
Q10) Why is the Cisco Nexus 5000 Switch a Cisco Discovery Protocol neighbor if there is no
direct Layer 2 connectivity between the two Cisco Nexus 5000 Switches?
Step 11 Verify the Q-in-Q tunnel on the Nexus 7000 VDC.

N7K-Y-podP(config-if)# show l2protocol tunnel summary
COS for Encapsulated Packets: 5
Shutdown Drop
Threshold Threshold
Port Protocol (cdp/dot1x/stp/vtp) (cdp/dot1x/stp/vtp) Status
-------- ----------------- -------------------- -------------------- ---------
EthX/A cdp ----- stp --- ----/----/----/---- ----/----/----/---- up
n You have configured a Q-in-Q tunnel on your VDC.
n You can ping the peering pod Nexus 5000 through the Q-in-Q tunnel.
n Show commands display that the Q-in-Q tunnel is up.
Guided Lab 6: Configuring vPC
Overview
n Log into your VDC
n Configure the vPC domain ID
n Configure the vPC keepalive link between the Cisco Nexus 7000 Switches
n Configure the vPC peer link between the Cisco Nexus 7000 Switches
n Configure and optimize the vPC
Visual Objective
Required Resources
Extenders.
Command List
Command Description
channel-group nr This command adds an interface to a port channel.
channel-group nr mode active This command adds an interface to a port channel that is
dynamically negotiated through LACP.
feature lacp This command enables the use of LACP.
feature vpc This command enables the vPC feature.
peer-keepalive destination vpc-peer-ip- This command enables the vPC peer keepalive link to the
address vPC peer IP address.
ping ip-address vrf vrf This command verifies IP connectivity to an IP address in a

VRF using ICMP echo messages.
show interface intf brief This command displays summarized status information for
an interface.
show lacp neighbor This command displays a list of LACP neighbors and their
operational parameters.
show license usage This command displays the usage of licensed features.
show port-channel summary This command displays a summarized view of port-channel

operation.
show running-config intf This command displays the current configuration for an
interface.
show spanning-tree This command displays information that is related to STP.
show vpc This command displays the vPC operational parameters.
show vpc brief This command displays a brief overview of vPC status.
show vpc consistency-parameters This command displays global vPC consistency status.
global
show vpc peer-keepalive This command displays status information for the vPC peer
keepalive link.
vpc nr This command adds a port-channel interface to a vPC.
vpc domain nr This command creates a vPC domain.
vpc peer-link This command defines a port-channel interface as the vPC

peer link.
In this task, you will use a Telnet or terminal utility to establish a connection to your VDC and
your Cisco Nexus 5000 Switch. The next step is to revert to the checkpoint BASE configurations
on the VDC and Nexus 5000.
Activity Procedure
Step 1 Connect to the Cisco Nexus 7000 VDC in your pod.
Step 2 Roll back to the configuration checkpoint base on your VDC (use the keyword best-
effort if the rollback fails without).

Step 3 Verify that SSH access is still possible otherwise connect via telnet and re-enable it.
Step 4 Connect to your Nexus 5000 switch by clinking on the icon in the remote lab GUI, log
in with user “admin” and password “1234QWer”
Step 5 Roll back to the configuration checkpoint base on your Nexus 5000 switch
N5K-P# conf
N5K-P(config-if)# switchport
N5K-P(config-if)# switchport mode trunk
Step 7 On your N5K configure and DISABLE the interfaces connecting to the peer N5K.
N5K-P# conf
N5K-P(config-if)# shutdown
Pod 1&2 Pod 3&4 Pod 5&6
Eth7/1-2 Eth 7/3-4 Eth 7/5-6
N7K-X-PodP# conf
N7K-X-PodP(config)# interface ethernet 7/a-b (see table for a and b)
N7K-X-PodP(config-if)# switchport
N7K-X-PodP(config-if)# switchport mode trunk
Step 9 On your N7K VDC create VLANs 10-14.
N7K-X-PodP# conf
N7K-X-PodP (config)# vlan 10-14
N7K-X-PodP (config-vlan)# exit
N7K-X-PodP (config)#
Step 10 On your N5K create VLANs 10-14.
N5K-P# conf
N5K-P(config)# vlan 10-14
N5K-P(config-vlan)# exit
N5K-P(config)#
n You have connected to your assigned pod VDC and your assigned Cisco Nexus 5000 Switch.
n You have successfully prepared the configurations.
Task 2: Configuring the vPC Domain
In this task, you will configure the vPC domain ID.
Activity Procedure
Step 1 Enable the vPC feature on your VDC.
N7K-Y-podP(config)# feature vpc
N7K-Y-podP(config)#
Q1) Check the licensing. Do you require a license for the vPC?
Step 2 Configure a vPC domain using the domain identifier XY. (X is the SMALLER of the
two peer pod numbers, and Y is the LARGER of the two peer pod numbers. Pods 5 and
6 will use 56 as the domain identifier.)
Device vPC Domain ID
N7K-1-pod1 12
N7K-2-pod2
N7K-1-pod3 34
N7K-2-pod4
N7K-1-pod5 56
N7K-2-pod6
N7K-Y-podP(config)# vpc domain XY

N7K-Y-podP(config-vpc-domain)#
N7K-Y-podP(config-vpc-domain)# show vpc

Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : XY
Peer status : peer link not configured
vPC keep-alive status : Disabled
Configuration consistency status : failed
Configuration inconsistency reason: vPC peer-link does not exist
Per-vlan consistency status : failed
Type-2 consistency status : failed
Type-2 inconsistency reason : vPC peer-link does not exist
vPC role : none established
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer-router : Disabled
Self-isolation : Disabled
Task 3: Configuring the vPC Keepalive Link
In this task, you will configure the vPC keepalive link between the Cisco Nexus 7000 Switches.
Activity Procedure
Step 1 You are going to use the management port as the peer keepalive-link. Ping your peer
pod mgmt0 IP (192.168.0.20Q, Q is your peer pod number) to make sure IP
connectivity works.
N7K-Y-podP(config-vpc-domain)# ping 192.168.0.20Q vrf management
PING 192.168.0.20Q (192.168.0.202): 56 data bytes
Request 0 timed out
--- 192.168.0.20Q ping statistics ---
5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.598/0.703/0.959 ms
Step 2 Configure the vPC keepalive link destination as your peer mgmt0 IP (192.168.0.20Q, Q
is your peer pod number).
N7K-Y-podP(config-vpc-domain)# peer-keepalive destination 192.168.0.20Q

Note:
--------:: Management VRF will be used as the default VRF ::--------
N7K-Y-podP(config-vpc-domain)#
Step 3 Check the vPC keepalive link. Do not continue to the next task before you verify that
the vPC peer keepalive status is alive.
N7K-Y-podP(config-vpc-domain)# show vpc

Legend:
vPC domain id : XY
vPC keep-alive status : Suspended (Destination IP not reachable)
After your peer pod has been configured correctly:
N7K-Y-podP (config-vpc-domain)# show vpc

Legend:
vPC domain id : XY
vPC keep-alive status : peer is alive
n You have used the show commands to verify that the vPC keepalive link is up.
Task 4: Configure the vPC Peer Link
In this task, you will configure the vPC peer link between the Cisco Nexus 7000 Switches.
Activity Procedure
Step 1 Create a static port-channel interface 7 containing the link between the Cisco Nexus
7000 Switches.
Ethernet 7/x Ethernet 7/8 Ethernet 7/10 Ethernet 7/12
N7K-Y-podP(config-vpc-domain)# interface ethernet 7/x (see table above for x)

N7K-Y-podP(config-if)# switchport
N7K-Y-podP(config-if)# switchport mode trunk
N7K-Y-podP(config-if)# channel-group 7 mode on
N7K-Y-podP(config-if)#
Step 2 Verify port channel status.
N7K-Y-podP(config-if)# show port-channel summary

Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
------------------------------------------------------------------------------
7 Po7(SU) Eth NONE Eth7/x(P)
Step 3 Make this port channel your peer link.
N7K-Y-podP(config-if)# interface port-channel 7

N7K-Y-podP(config-if)# vpc peer-link
Please note that spanning tree port type is changed to "network" port
type on vPC peer-link. This will enable spanning tree Bridge
Assurance on vPC peer-link provided the STP Bridge Assurance
(which is enabled by default) is not disabled.
Step 4 Check the global vPC consistency parameters.
N7K-Y-podP# show vpc consistency-parameters global
Legend:
Type 1 : vPC will be suspended in case of mismatch
Name Type Local Value Peer Value

------------- ---- ---------------------- -----------------------
STP MST Simulate PVST 1 Enabled Enabled
STP Port Type, Edge 1 Normal, Disabled, Normal, Disabled,
BPDUFilter, Edge BPDUGuard Disabled Disabled
STP MST Region Name 1 "" ""
STP Disabled 1 None None
STP Mode 1 Rapid-PVST Rapid-PVST
STP Bridge Assurance 1 Enabled Enabled
STP Loopguard 1 Disabled Disabled
STP MST Region Instance to 1
VLAN Mapping
STP MST Region Revision 1 0 0
Allowed VLANs - 1,10-14 1,10-14
Local error VLANs - - -
Step 5 Check the vPC status. Do not continue to the next task before you verify that peers have
formed adjacency.
N7K-Y-podP# show vpc brief
Legend:
vPC domain id : XY
Peer status : peer adjacency formed ok
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 inconsistency reason : Consistency Check Not Performed
vPC role : secondary
vPC Peer-link status

------------------------------------------------------------------------------
id Port Status Active vlans Active BDs
-- ---- ------ -----------------------------------------------------------
1 Po7 up 1,10-14 -
n You have used the show commands to verify that the vPC peer link is up and the VPC status is
OK.
Task 5: vPC Configuration and Optimization
In this task, you will configure the vPC between the Cisco Nexus 7000 Series Switches and the
Cisco Nexus 5000 Series Switches in your peer pod.
Activity Procedure
Step 1 Connect to your pod N5K. Create a port channel 7 using the LACP protocol, and add
e2/1 and 2/2 to this port channel.
N5K-P(config)# feature lacp

N5K-P(config-if-range)# channel-group 7 mode active
N5K-P(config-if-range)#
Step 2 Check the state of the port channel.

N5K-P(config-if-range)# show port-channel summary
S - Switched R - Routed
M - Not in use. Min-links not met
------------------------------------------------------------------------------
Channel
------------------------------------------------------------------------------
7 Po7(SD) Eth LACP Eth2/1(D) Eth2/2(D)
Step 3 Create LACP-based port channels 5P and 5Q on the Cisco Nexus 7000 Switches (P is
your pod number, Q is the peer pod number) using the port to your Cisco Nexus 5000
and to the peer Cisco Nexus 5000 (create two port channels on each Cisco Nexus 7000).
Caution Keep in mind P is always YOUR Pod+, Q is always your PARTNER/PEER Pod.
Ethernet 7/P E 7/1 E 7/2 E 7/3 E 7/4 E 7/5 E 7/6
Ethernet 7/Q E 7/2 E 7/1 E 7/4 E 7/3 E 7/6 E 7/5
N7K-Y-podP(config)# feature lacp

N7K-Y-podP(config)# interface ethernet 7/P (P is the port to YOUR N5K)
N7K-Y-podP(config-if)# channel-group 5P mode active
N7K-Y-podP(config-if)# interface ethernet 7/Q (Q is the port to the PEER N5K)
N7K-Y-podP(config-if)# channel-group 5Q mode active
Step 4 Check the state of the port channels on the Cisco Nexus 5000.
S – Switched R - Routed
------------------------------------------------------------------------------
Channel
------------------------------------------------------------------------------
7 Po7(SU) Eth LACP Eth2/1(P) Eth2/2(s)
Step 5 Configure vPC IDs 5P and 5Q on the two port channel interfaces 5P and 5Q that are
connected to the Cisco Nexus 5000 Switches. Check with your partner to make sure that
the correct interfaces are configured.
N7K-Y-podP(config-if)# interface port-channel 5P

N7K-Y-podP(config-if)# vpc 5P
N7K-Y-podP(config-if)# interface port-channel 5Q
N7K-Y-podP(config-if)# vpc 5Q
Step 6 Check the vPC status and consistency parameters for your vPC.
N7K-Y-podP# show vpc brief

Legend:
vPC domain id : XY
Auto-recovery status : Enabled (timeout = 240 seconds
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po7 up 1,10-14
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
5P Po5P up failed Peer does not have -
corresponding vPC
5Q Po5Q up failed Consistency Check Not -

Performed
After both Cisco Nexus 7000 Switches are configured correctly, your output should look like
this.
N7K-Y-podP# show vpc
Legend:
vPC domain id : XY

------------------------------------------------------------------------------
-- ---- ------ -----------------------------------------------------------
1 Po7 up 1,10-14 -
vPC status
Id : 5P
Port : Po5P
Status : up
Consistency : success
Reason : success
Active Vlans : 1,10-14
Id : 5Q
Port : Po5Q
Status : up
Reason : success
Active Vlans : 1,10-14
Step 7 Check the port channel status on the Cisco Nexus 5000 Switch.

S – Switched R - Routed
------------------------------------------------------------------------------
Channel
------------------------------------------------------------------------------
7 Po7(SU) Eth LACP Eth2/1(P) Eth2/2(P)
Step 8 Check the spanning tree and spanning-tree root bridges on pod 1, 3 or 5:
N7K-1-podP(config-if)# show spanning-tree root
Root Hello Max Fwd

---------------- -------------------- ------- ----- --- --- ----------------
VLAN0001 32769 64a0.e742.6e42 1 2 20 15 port-channel7
Step 9 Check the spanning tree and spanning-tree root bridges on pod 2, 4 or 6:
N7K-2-podQ(config-if)# show spanning-tree root

Root Hello Max Fwd
---------------- -------------------- ------- ----- --- --- ----------------
Step 10 Check the spanning tree and spanning-tree root bridges on the Cisco Nexus 5000
Switch.
N5K-P(config-if-range)# show spanning-tree root
Root Hello Max Fwd

---------------- -------------------- ------- ----- --- --- ----------------
Q2) What is the root ID on VLAN 1,10,12?
Step 11 Configure spanning-tree priority to prepare the peer switch feature on your pod VDC -
change the bridge priority to 8192. Ensure that your peer pod has also done these
configurations.
N7K-Y-podP(config)# spanning-tree vlan 1-4094 priority 8192
Step 12 Enable the peer-switch feature to optimize spanning-tree processing for the vPC
domain.
N7K-Y-podP(config-vpc-domain)# peer-switch
Step 13 Enable the vPC peer-gateway feature in order to allow your switch to forward traffic for
the peer switch router MAC addresses in order to support non-RFC compliant devices.
N7K-Y-podP(config-vpc-domain)# peer-gateway
This peer-gateway config may cause traffic loss. Do you want to continue
(y/n)? [n] y
Step 14 Enable IPv4 ARP and IPv6 ND synchronization.

N7K-Y-podP(config-vpc-domain)# ip arp synchronize
N7K-Y-podP(config-vpc-domain)# ipv6 nd synchronize
Step 15 Verify the spanning-tree root bridges on your VDC and the Nexus 5000 switch:
Root Hello Max Fwd

---------------- -------------------- ------- ----- --- --- ----------------
VLAN0001 8193 0023.04ee.be0c 0 2 20 15 This bridge is root
N7K-2-podQ(config)# show spanning-tree root
Root Hello Max Fwd

---------------- -------------------- ------- ----- --- --- ----------------
On your Nexus 5000 switch:
N5K-P(config)# show spanning-tree root
Root Hello Max Fwd

---------------- -------------------- ------- ----- --- --- ----------------
VLAN0001 8193 0023.04ee.be0c 1 2 20 15 port-channel7
Step 16 Verify the root ID and compare it with the root ID before you configure the peer switch
feature
n You have used the show commands to verify that the vPC appears in the port channel database
and that traffic is passing over the different physical interfaces.
Task 6: vPC Tracking Configuration (Optional)
In this task, you will configure and test the vPC tracking feature on the Cisco Nexus 7000 Series
Switch in your pod.
Activity Procedure
Step 1 On the primary vPC switch only, simulate module hardware failure. Disable all vPC
member interfaces and the interface in the peer link.
Ethernet X/A, Ethernet 7/1, Ethernet 7/3, Ethernet 7/5,

Ethernet X/B, Ethernet 7/2, Ethernet 7/4, Ethernet 7/6,
N7K-Y-podP(config)# interface ethernet X/A-B, ethernet X/D

N7K-Y-podP(config-if-range)# shu
Step 2 Verify the interface status on the secondary vPC switch.
N7K-Y-podQ# show interface brief
------------------------------------------------------------------------------
------------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 1000 1500
------------------------------------------------------------------------------
Interface Ch #
------------------------------------------------------------------------------
Eth7/1 1 eth trunk down suspended by vpc auto(D) 51
Eth7/2 1 eth trunk down suspended by vpc auto(D) 52
Eth7/7 1 eth access down Administratively down auto(D) --
Eth7/8 1 eth trunk down Link not connected auto(D) 7
------------------------------------------------------------------------------
Port-channel VLAN Type Mode Status Reason Speed Protocol
Interface
------------------------------------------------------------------------------
Po7 1 eth trunk down No operational members auto(D) none
Po51 1 eth trunk down suspended by vpc auto(D) lacp
Po52 1 eth trunk down suspended by vpc auto(D) lacp
Q3) Why are the vPC member interfaces on the secondary vPC switch disabled?
Step 3 Enable the interfaces again.

Step 1 Configure the vPC tracking feature on both VDCs in the vPC domain.
Ethernet 7/x, Ethernet 7/1, Ethernet 7/3, Ethernet 7/5,

Ethernet 7/y, Ethernet 7/2, Ethernet 7/4, Ethernet 7/6,
Ethernet 7/z Ethernet 7/8 Ethernet 7/10 Ethernet 7/12
N7K-Y-podP(config)# track 1 interface port-channel7 line-protocol
N7K-Y-podP(config-track)# track 2 interface ethernet7/x line-protocol
N7K-Y-podP(config-track)# track 3 interface ethernet7/y line-protocol
N7K-Y-podP(config-track)# track 4 interface ethernet7/z line-protocol
N7K-Y-podP(config-track)# track 10 list boolean or
N7K-Y-podP(config-track)# object 1
N7K-Y-podP(config-track)# vpc domain XY
N7K-Y-podP(config-vpc-domain)# track 10
Step 2 Disable all vPC interfaces and the interface in the peer link on the primary vPC switch
again, and check the interface status on the secondary vPC switch.
N7K-Y-podP(config-track)# show interface brief | no-more
------------------------------------------------------------------------------
------------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 1000 1500
------------------------------------------------------------------------------
Interface Ch #
------------------------------------------------------------------------------
Eth7/x 1 eth trunk up none 40G(D) 51
Eth7/y 1 eth trunk up none 40G(D) 52
Eth7/z 1 eth access down Administratively down auto(D) --
…
------------------------------------------------------------------------------
Port-channel VLAN Type Mode Status Reason Speed Protocol
Interface
------------------------------------------------------------------------------
Po7 1 eth trunk down No operational members auto(D) none
Po51 1 eth trunk up none a-40G(D) lacp
Po52 1 eth trunk up none a-40G(D) lacp
Step 3 Enable the interfaces again.

Step 4 Remove vPC tracking from your configuration.
n You have configured vPC tracking and used the show commands to verify that the tracking
feature modifies the vPC configuration as physical interfaces change their state.
Guided Lab 7: Configuring Cisco FabricPath
Overview
n Configure the Cisco FabricPath and FabricPath interfaces and VLANs
n Configure vPC+
Visual Objective
Required Resources
Extenders.
Command List
Command Description
fabricpath switch-id value This command assigns a static vPC+ ID to the vPC+
peer. The range is from 0 to 4094.
feature-set fabricpath This command enables the FabricPath feature that is

set in the VDC.
mode [ce | fabricpath] This command configures the VLANs as FabricPath

VLANs. The default VLAN mode is CE.
show fabricpath topology vlan This command displays information on all FabricPath
[active] topology VLANs.
spanning-tree mst [instance-id] You must configure all the MST VLANs on all the
priority [value] FabricPath Layer 2 gateway interfaces to a lower STP
priority.
switchport mode fabricpath This command specifies interfaces as FabricPath

ports
Cisco Nexus 5000 Switch. The next step is to revert to checkpoint BASE configurations on the
VDC and Cisco Nexus 5000.
Next, you will prepare your pod for Cisco FabricPath configuration.
Activity Procedure
Step 2 Roll back to the configuration checkpoint BASE on your VDC (use the keyword best-

Step 5 On your N5K configure and ENABLE the interfaces connecting to YOUR N7K VDC.
N5K-P# conf
Step 6 On your N5K configure and DISABLE the interfaces connecting to the PEER N7K
VDC.
N5K-P# conf
Step 7 On your N5K configure and DISABLE the interfaces connecting to your peer N5K.
N5K-P# conf
Step 8 On your N7K VDC configure and enable the interfaces connecting to YOUR N5Ks.
N7K-X-PodP# conf
N7K-X-PodP(config)# interface ethernet 7/P (P is your Pod#)
N7K-X-PodP# conf
N5K-P# conf
N5K-P(config)#
Step 11 On your N5K create a SVI for VLAN 10.
N5K-P# conf
N5K-P(config)# int vlan 10
N5K-P(config-if)# ip address 172.16.10.5P/24 (P is your Pod#)
N5K-P(config-if)# no shut
n You have connected to your pod VDC and your pod Cisco Nexus 5000.
n You have successfully loaded the configuration from checkpoint BASE.
n You have used the show cdp neighbors command and verified the following: the Cisco Nexus
5000 Switch in your pod is connected to your VDC on the F1 interface and your VDC is
connected to the peer VDC only with F1 interfaces.
Task 2: Configure Cisco FabricPath and FabricPath Interfaces
and VLANs
During this exercise, you will configure the Cisco FabricPath and FabricPath interfaces and
VLANs on your pod VDC.
Activity Procedure
Step 1 Enable the Cisco FabricPath feature set on your pod VDC.
N7K-Y-podP(config)# feature-set fabricpath
Step 2 Verify that FabricPath is enabled.
N7K-Y-podP(config)# show feature-set
Feature Set Name ID State

-------------------- -------- --------
fcoe 1 disabled
fabricpath 2 enabled
fex 3 disabled
mpls 4 disabled
fabric 7 disabled
Step 3 Examine the FabricPath switch ID of your Cisco Nexus 7000 VDC.
N7K-Y-podP(config)# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: '*' - this system
'[E]' - local Emulated Switch-id
'[A]' - local Anycast Switch-id
Total Switch-ids: 1
=========================================================================
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED/
ANYCAST
----------+----------------+------------+-----------+--------------------
*3150 f025.72a9.e342 Primary Confirmed No No
Step 4 Configure the switch ID of your VDC to be PQ, where P is your pod number and Q is
your peer pod number.
Device Switch ID
N7K-1-pod1 12
N7K-2-pod2 21
N7K-1-pod3 34
N7K-2-pod4 43
N7K-1-pod5 56
N7K-2-pod6 65
N7K-Y-podP(config)# fabricpath switch-id PQ

Step 5 Verify the configured FabricPath switch ID.
N7K-Y-podP(config)# show fabricpath switch-id
Total Switch-ids: 1
=========================================================================
ANYCAST
----------+----------------+------------+-----------+--------------------
*PQ f025.72a9.e342 Primary Confirmed Yes No
Step 6 Configure interfaces that are connected to your peer pod in FabricPath mode.
Ethernet 7/x-y Eth 7/7-8 Eth 7/9-10 Eth 7/11-12
N7K-Y-podP(config)# interface ethernet 7/x-y

N7K-Y-podP(config-if-range)# shutdown
N7K-Y-podP(config-if-range)# switchport mode fabricpath
N7K-Y-podP(config-if-range)# no shutdown
Step 7 Verify the status of interface Ethernet 7/D.

N7K-Y-podP(config-if-range)# show interface ethernet 7/x-y brief
------------------------------------------------------------------------------
Interface Ch #
------------------------------------------------------------------------------
Eth7/x 1 eth f-path up none 40G(D) –
Eth7/y 1 eth f-path up none 40G(D) --
Step 8 Examine the FabricPath switch ID table on your Cisco Nexus 7000 VDC.
N7K-Y-podP(config-if-range)# show fabricpath switch-id
Total Switch-ids: 2
=========================================================================
ANYCAST
----------+----------------+------------+-----------+--------------------
*PQ f025.72a9.e342 Primary Confirmed Yes No
QP 108c.cf14.62c2 Primary Confirmed Yes No
Step 9 Configure that the interface that is connected to your pod Cisco Nexus 5000 Switch is
configured in trunk mode.
Ethernet 7/A Eth 7/1 Eth 7/2 Eth 7/3 Eth 7/4 Eth 7/5 Eth 7/6
N7K-Y-podP(config)# interface ethernet 7/A

N7K-Y-podP(config-if)# switchport mode trunk
Step 10 Verify the status of interface Ethernet 7/A.

N7K-Y-podP config-if)# show interface ethernet 7/A brief
------------------------------------------------------------------------------
Interface Ch #
------------------------------------------------------------------------------
Eth7/A 1 eth trunk up none 40G(D) –-
Step 11 Verify the spanning-tree root in the STP domain.

N7K-Y-podP(config-if-range)# show spanning-tree root
Root Hello Max Fwd

---------------- -------------------- ------- ----- --- --- ----------------
Step 12 Configure the spanning-tree priority for all VLANs to 8192.
N7K-Y-podP(config-if)# spanning-tree vlan 1-4094 priority 8192
N7K-Y-podP(config-if)# show spanning-tree root
Root Hello Max Fwd

---------------- -------------------- ------- ----- --- --- ----------------
Step 13 Configure the VLANs from 10 to 14 in FabricPath mode.
N7K-Y-podP(config)# vlan 10-14
N7K-Y-podP(config-vlan)# mode fabricpath
N7K-Y-podP(config-vlan)# exit
Step 14 Display the FabricPath topology VLANs.
N7K-Y-podP(config)# show fabricpath topology vlan active
Topo-Description Topo-ID Active VLAN List

-------------------------------- --------- --------------------------------
0 0 10-14, 4040-4041
Step 15 Verify connectivity to SVI of VLAN 10 on the peer pod Cisco Nexus 5000 (Q is your
peer pod number). If the interface is not present configure it using the ip address
172.16.10.5P/24.
N5K-P# ping 172.16.10.5Q

Q4) Why are you able to ping SVI 10 on the peer pod Cisco Nexus 5000 Switch?
Step 16 Display the FabricPath routes on your pod VDC.
N7K-Y-podP(config)# show fabricpath route

FabricPath Unicast Route Table
'a/b/c' denotes ftag/switch-id/subswitch-id
'[x/y]' denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id
FabricPath Unicast Route Table for Topology-Default
0/PQ/0, number of next-hops: 0

via ---- , [60/0], 0 day/s 00:19:43, local
0/PQ/3, number of next-hops: 1
via sup-eth1, [81/0], 0 day/s 00:19:43, fpoam
1/QP/0, number of next-hops: 2
via Eth7/x, [115/10], 0 day/s 00:17:01, isis_fabricpath-default
via Eth7/y, [115/10], 0 day/s 00:17:00, isis_fabricpath-default
n You have used the show command and verified that Cisco FabricPath is enabled.
n You have used the ping command and verified connectivity to the peer pod.
Task 3: Configure vPC+ (Optional)
During this exercise, you will configure the vPC+ on your pod VDC.
Activity Procedure
Step 1 Enable the vPC feature on your VDC.
N7K-Y-podP(config)# feature vpc
Step 2 Configure a vPC domain using domain identifier XY. (X is the SMALLER of the two
peer pod numbers, and Y is the LARGER of the two peer pod numbers. Pods 5 and 6
will use 56 as the domain identifier.)
N7K-1-pod1
12
N7K-2-pod2
N7K-1-pod3
34
N7K-2-pod4
N7K-1-pod5
56
N7K-2-pod6
Step 3 Assign a static vPC+ ID to the vPC+ peer. Use static vPC+ ID 1XY. See the following
table for the specific ID in your pod.
N7K-1-pod1
112
N7K-2-pod2
N7K-1-pod3
134
N7K-2-pod4
N7K-1-pod5
156
N7K-2-pod6
N7K-Y-podP(config-vpc-domain)# fabricpath switch-id 1XY

Configuring fabricpath switch id will flap vPCs. Continue (yes/no)? [no] yes
Step 4 Configure the vPC keepalive link. The destination is your peer Cisco Nexus 7000 VDC
mgmt0 IP address (Q is your peer pod number).
N7K-Y-podP(config-vpc-domain)# peer-keepalive destination 192.168.0.20Q vrf

management
N7K-Y-podP(config-vpc-domain)# exit
Step 5 Create a static port-channel interface 7 containing the interfaces between the Cisco
Nexus 7000 Switches.
N7K-Y-podP(config)# interface ethernet 7/x-y

N7K-Y-podP(config-if-range)# channel-group 7 mode on
Step 6 Configure port channel 7 as the vPC peer link.

N7K-Y-podP(config-if-range)# interface port-channel 7
N7K-Y-podP(config-if)# vpc peer-link
Warning:
Ensure that VPC peer-link member ports on both peers use identical VDC types
(limit-resource module-type VDC config command).
Step 7 Restart the interfaces in the channel group and verify the vPC status. Do not continue to
the next steps before you have formed adjacency with your vPC peer.
N7K-Y-podP(config-if)# interface ethernet 7/x-y

N7K-Y-podP(config-if-range)# shutdown
N7K-Y-podP(config-if-range)# no shutdown
N7K-Y-podP(config-if-range)# show vpc

Legend:
vPC domain id : XY
vPC+ switch id : 1XY
vPC fabricpath status : peer is reachable through fabricpath
Dual-active excluded VLANs and BDs : -
Fabricpath load balancing : Disabled
Port Channel Limit : limit to 244

---------------------------------------------------------------------
-- ---- ------ --------------------------------------------------
1 Po7 up 1,10-14
Step 8 Examine the FabricPath switch IDs of your Cisco Nexus 7000 VDC.
N7K-Y-podP(config-if-range)# show fabricpath switch-id

Total Switch-ids: 4
=========================================================================
ANYCAST
----------+----------------+------------+-----------+--------------------
* XY 64a0.e743.03c2 Primary Confirmed Yes No
YX 64a0.e742.6e42 Primary Confirmed Yes No
1XY 64a0.e742.6e42 Primary Confirmed No Yes
[E] 1XY 64a0.e743.03c2 Primary Confirmed No Yes
Step 9 Create a vPC+ LACP channel on the interfaces that are connected to the Cisco Nexus
5000 Switch in your pod and the peer pod. The port channel ID is 5 and the vPC ID is 5
for all lab pods.
Ethernet X/A Eth 7/1 Eth 7/2 Eth 7/3 Eth 7/4 Eth 7/5 Eth 7/6
N7K-Y-podP(config-if)# feature lacp

N7K-Y-podP(config-if)# channel-group 5 mode active
N7K-Y-podP(config-if)# interface port-channel 5
N7K-Y-podP(config-if)# vpc 5
Step 10 Connect to the Cisco Nexus 5000 Switch in your pod.
Step 11 Enable the vPC feature.
N5K-P(config)# feature vpc
Step 12 Configure a vPC domain using the domain identifier 1XY as listed in the following
table.
N5K-1 212
N5K-2
N5K-3
234
N5K-4
N5K-5
256
N5K-6
N5K-P(config)# vpc domain 2XY

Step 13 Configure the vPC keepalive link. The destination is your peer Cisco Nexus 5000
Switch mgmt0 IP address (Q is your peer pod number):
N5K-P(config-vpc-domain)# peer-keepalive destination 192.168.0.Q8 vrf management
Step 14 Create a static port-channel interface 5 that contains the interfaces between the Cisco
Nexus 5000 Switches.
N5K-P(config-vpc-domain)# interface ethernet 2/5-6
N5K-P(config-if-range)# switchport mode trunk
N5K-P(config-if-range)# no shutdown
N5K-P(config-if-range)# channel-group 5 mode on
Step 15 Make this port channel a peer link and verify the vPC status. Do not continue to the
next steps before you have formed adjacency with your vPC peer.
N5K-P(config-if-range)# interface port-channel 5
N5K-P(config-if)# vpc peer-link
Please note that spanning tree port type is changed to "network" port type on
vPC peer-link.
This will enable spanning tree Bridge Assurance on vPC peer-link provided the
STP Bridge Assurance (which is enabled by default) is not disabled.
N5K-P(config-if)# show vpc

Legend:
vPC domain id : 2XY

Type-2 consistency status : success

---------------------------------------------------------------------
-- ---- ------ --------------------------------------------------
1 Po5 up 1,10-14
Step 16 Create a vPC LACP channel on the Cisco Nexus 5000 interfaces that are connected to
the Cisco Nexus 7000 in your pod and the peer pod. The port channel ID is 7 and the
vPC ID is 7 for all lab pods.
N5K-P(config-if)# feature lacp
N5K-P(config-if)# channel-group 7 mode active
N5K-P(config-if)# interface port-channel 7
N5K-P(config-if)# vpc 7
Step 17 Verify the vPC and port channel status on the Cisco Nexus 7000 VDC and your Nexus
5000.
N7K-Y-podP(config-if)# show vpc
Legend:
vPC domain id : XY
vPC+ switch id : 1XY
vPC fabricpath status : peer is reachable through fabricpath
vPC role : primary
Dual-active excluded VLANs and BDs : -
Fabricpath load balancing : Disabled
Port Channel Limit : limit to 244

------------------------------------------------------------------------------
-- ---- ------ -----------------------------------------------------------
1 Po7 up 10-14 -
vPC status
Id : 5
Port : Po5
Status : up
Reason : success
Active Vlans : 10-14
VPC+ Attributes: DF: Yes, FP MAC: 112.11.65535
N5K-P(config-if)# show vpc

Legend:
vPC domain id : 2XY

Type-2 consistency status : success

---------------------------------------------------------------------
-- ---- ------ --------------------------------------------------
1 Po5 up 1,10-14
vPC status
----------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
------ ----------- ------ ----------- -------------------------- -----------
7 Po7 up success success 1,10-14,111
-113,200
Step 18 Clean up the Fabric-Path configuration on your Nexus 7000 switch pod VDC.
N7K-Y-podP# conf
N7K-Y-podP(config)# no feature-set fabricpath
n You have used the show commands and verified that all vPCs are operational.
Guided Lab 8: Troubleshooting vPCs and Cisco
FabricPath
Overview
In this activity, you will log into your pod VDC and troubleshoot problems that are injected into
the lab configuration relating to vPCs and Cisco FabricPath. After completing this activity, you
will be able to meet these objectives:
n Use the troubleshooting process to identify the problem that is related to the vPC configuration
n Having identified the problem, resolve the issue so that the vPC becomes fully operational
n Use the troubleshooting process to identify the problem that is related to the Cisco FabricPath
configuration
n Having identified the problem, resolve the issue so that the Cisco FabricPath becomes fully
operational
Visual Objective
Required Resources
Extenders.

During this exercise, you will load the troubleshooting ticket onto the Cisco Nexus 7000 Switch.
Activity Procedure

Step 4 Load the troubleshooting ticket TT1-VPC onto your pod Cisco Nexus 7000 Switch.
N7K-Y-podP# copy bootflash:DCNX7K/TT1-VPC running-config
Copy complete.
Step 5 Connect to your pod Cisco Nexus 5000 Switch console.
Step 6 Roll back to the configuration checkpoint BASE on your Nexus 5000 switch

N5K-P# copy bootflash:DCNX7K/TT1-VPC running-config
Copy complete.
Step 7 Before continuing to the next task, verify that your lab partners in the peer pod have
also loaded the trouble ticket on both of their devices.
n You have successfully loaded the trouble ticket.
Task 2: Identify the Problem
Use the troubleshooting process to identify the problem that is related to the vPC configuration. In
this task, you will interact with your peer pod.
Activity Procedure
Step 1 Refer to the visual objective. The text description accompanying the trouble ticket is as
follows: “Overnight a Layer 2 connectivity problem was detected. The junior support
engineer determined that the problem affected all vPCs to your pod and your peer pod
Cisco Nexus 7000 VDCs.”
Step 2 Use the troubleshooting process to identify the problem that relates to the vPC
configuration.
n You have identified the problem that was injected into the lab environment.
Task 3: Resolve the Problem
During this exercise, having identified the problem, you will resolve the issue so that the virtual
port channel becomes fully operational.
Activity Procedure
Step 1 Create an action plan for restoring an operational port channel.
Step 2 Implement your action plan.
n You have identified how to resolve the problem.
n You have returned the lab environment to a fully working condition.
Task 4: Troubleshooting Ticket TT2-FP
During this exercise, you will load the troubleshooting ticket onto the Cisco Nexus 7000 Switch.
Activity Procedure
Step 1 Connect to your VDC
Step 2 Clear the vPC configuration on your pod Cisco Nexus 7000 Switch (use keyword best-
effort with rollback, if the rollback fails without).
N7K-Y-podP# conf
N7K-Y-podP(config)# no feature vpc
Disabling feature vpc may cause traffic loss. Continue? (y/n) [n] y
N7K-Y-podP(config)# rollback running-config checkpoint base
Step 3 Load the troubleshooting ticket TT2-FP onto your pod Cisco Nexus 7000 Switch.
N7K-Y-podP# copy bootflash:DCNX7K/TT2-FP running-config
Copy complete.
Step 4 Connect to your pod Cisco Nexus 5000 Switch.

Step 5 Load the troubleshooting ticket TT2-FP onto your pod Cisco Nexus 5000 Switch.
N5K-P# copy bootflash:DCNX7K/TT2-FP running-config
Copy complete.
Step 6 Before continuing to the next task, verify that your lab partners in the peer pod have
also loaded the trouble ticket on both of their devices.
n You have successfully loaded the trouble ticket.
Task 5: Identify the Problem
Use the troubleshooting process to identify the problem relating to the FabricPath configuration. In
this task, you will interact with your peer pod.
Activity Procedure
Step 1 Refer to the visual objective. The description that accompanies the trouble ticket is as
follows: “After planned maintenance, a problem was detected with connectivity in
VLANs 10, 11, 12, and 13. The support engineer determined that the links between
your pod and the peer pod Cisco Nexus 7000 VDCs are down.”
Step 2 Use the troubleshooting process to identify the problem relating to the FabricPath
configuration.
n You have identified the problem that was injected into the lab environment.
Task 6: Resolve the Problem
During this exercise, having identified the problem, you will resolve the issue so that FabricPath l
becomes fully operational.
Activity Procedure
Step 1 Create an action plan for restoring an operational port channel.
Step 2 Implement your action plan.
n You have identified how to resolve the problem.
n You have returned the lab environment to a fully working condition.
Overview
n Configure VRF instances with static routing and verify the configuration
n Configure VRF instances with OSPFv2 and verify the configuration
n Configure VRF instances with EIGRP and verify the configuration
n Configure BGP and verify configuration
Visual Objective
Required Resources
Extenders.
Command List
Command Description
feature interface-vlan This command enables VLAN interface mode .
ip router rip instance-tag This command associates this interface with a

RIP instance.
show ip route This command displays all routes.
show vrf This command displays the information for all

VRFs.
show vrf [vrf-name] interface This command displays the VRF status for an
interface.
vrf context vrf-name This command creates a new VRF and enters
VRF configuration mode.
vrf member vrf-name This command adds this interface to a VRF.
ip route {ip-prefix | ip-addr ip-mask} next-hop This command configures a static route and the
interface for this static route.
feature ospf This command enables the OSPFv2 feature.
router ospf instance-tag This command creates a new OSPFv2 instance

with the configured instance tag.
ip router ospf instance-tag area area-id This command adds the interface to the OSPFv2
instance and area.
show ip ospf This command displays the OSPFv2

configuration.
show ip ospf neighbors vrf vrf-name This command displays the list of OSPFv2
neighbors.
show ip ospf database vrf vrf-name This command displays the OSPFv2 link-state
database summary.
feature eigrp This command enables the EIGRP feature.
router eigrp instance-tag This command creates a new EIGRP process

with the configured instance tag.
ip router eigrp instance-tag This command associates this interface with the
configured EIGRP process.
show ip eigrp instance-tag This command displays a summary of the

configured EIGRP processes.
show ip eigrp instance-tag neighbors This command displays information about all the
EIGRP neighbors.
show license usage This command displays license usage

information.
show license usage This command displays a list of licensed features
LAN_ENTERPRISE_SERVICES_PKG that are in use for the Enterprise Services
license. package
Cisco Nexus 5000 Switch. The next step is to revert to the checkpoint BASE configurations on the
VDC and Nexus 5000 Switch.
Activity Procedure


Step 6 On your N5K configure and ENABLE the interfaces connecting to YOUR N7K VDCs.
N5K-P# conf
Step 7 On your N5K DISABLE the interfaces connecting to the PEER POD N7K VDC.
N5K-P# conf
Step 8 On your N7K VDC configure and ENABLE the interfaces connecting to YOUR N5Ks.
N7K-X-PodP# conf
N7K-X-PodP(config)# interface ethernet 7/P (P is your Pod #)
Step 9 On your N7K VDC DISABLE the interfaces connecting to the PEER N5Ks.
N7K-X-PodP# conf
N7K-X-PodP(config)# interface ethernet 7/Q (P is your PEER Pod #)
N7K-X-PodP(config-if)# shutdown
Step 10 On your N7K VDC ENABLE the interfaces connecting to the PEER N7K.
N7K-X-PodP# conf
N7K-X-PodP(config)# interface ethernet 7/x-y (see table above)
N7K-X-PodP# conf
N5K-P# conf
N5K-P(config)#
n You have connected to your assigned pod VDC.
n You have connected to your assigned pod Cisco Nexus 5000 Switch.
Task 2: Configuring VRF with Static Routing
During this exercise, you will configure VRF instances with static routing and verify the
configuration. While your workgroup is responsible for one Cisco Nexus 7000 VDC, your peer
workgroup will configure the other VDC on the other Cisco Nexus 7000 Switch, so some
coordination is required.
Activity Procedure
Step 1 Show the VRFs that exist within your VDC pod by default.
N7K-Y-podP# show vrf
VRF-Name VRF-ID State Reason
default 1 Up --
management 2 Up --
Step 2 Show the details of those VRFs.

N7K-Y-podP# show vrf detail
VRF-Name: default, VRF-ID: 1, State: Up
VPNID: unknown
RD: 0:0
Max Routes: 0 Mid-Threshold: 0
Table-ID: 0x80000003, AF: IPv6, Fwd-ID: 0x80000003, State: Up
VRF-Name: management, VRF-ID: 2, State: Up

VPNID: unknown
RD: 0:0
Max Routes: 0 Mid-Threshold: 0
Step 3 Verify the interfaces that belong to each VRF within your VDC pod.
N7K-Y-podP# show vrf default interface
Interface VRF-Name VRF-ID Site-of-Origin
N7K-Y-podP# show vrf management interface

mgmt0 management 2 --
Note Layer 2 ports (switchports) do not belong to any VRF.
Step 4 Try to configure VLAN 10 to the VRF instance management.
N7K-Y-podP(config)# feature interface-vlan

N7K-Y-podP(config)# interface vlan 10
N7K-Y-podP(config-if)# vrf member management
ERROR: VRF management is reserved only for mgmt0
Step 5 Create a new VRF instance named STATICvrf.

N7K-Y-podP(config)# vrf context STATICvrf
Step 6 Place the VLAN 11 interface into the STATICvrf VRF and assign IP 172.16.11.7P (P is
your pod number).
N7K-Y-podP(config-if)# vrf member STATICvrf
Warning: Deleted all L3 config on interface Vlan11
N7K-Y-podP(config-if)# ip address 172.16.11.7P/24
Step 7 Create a loopback interface Loopback 11 using IP address 192.168.11.7P/32 in VRF

STATICvrf.
N7K-Y-podP(config)# interface loopback 11
N7K-Y-podP(config-if)# vrf member STATICvrf
Warning: Deleted all L3 config on interface loopback11
Step 8 Create a static route pointing to your neighbor loopback using your peer pod VLAN 11
interface as the next hop (Q is your peer pod number).
N7K-Y-podP(config)# vrf context STATICvrf
N7K-Y-podP(config-vrf)# ip route 192.168.11.7Q/32 172.16.11.7Q
N7K-Y-podP(config-vrf)#
Step 9 Check the routing table for VRF STATICvrf (Q is your peer pod number).
N7K-Y-podP(config-vrf)# show ip route static vrf STATICvrf

IP Route Table for VRF "STATICvrf"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
192.168.11.7Q/32, ubest/mbest: 1/0

*via 172.16.11.7Q, Vlan11, [1/0], 00:00:44, static
Step 10 Ping your peer pod loopback 11 interface (Q is your peer pod number).
N7K-Y-podP# ping 192.168.11.7Q
ping 192.168.11.7Q
ping: sendto 192.168.11.7Q 64 chars, No route to host
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

Step 11 Ping your peer pod loopback 11 interface inside the VRF instance (Q is your Peer Pod
number).
N7K-1-pod1# ping 192.168.11.7Q vrf STATICvrf


n You have used the show commands to verify that the VRF is configured and that the static
routing entries are in the correct IP routing table.
Task 3: Configuring VRFs with OSPFv2
During this exercise, you will configure VRF instances with OSPFv2 and verify the configuration.
Activity Procedure
Step 1 Create a VRF context named OSPFvrf.
N7K-Y-podP(config)# vrf context OSPFvrf
Step 2 Place interface VLAN 12 into VRF OSPFvrf and assign IP address 172.16.12.7P/24 (P
is your pod number).
N7K-Y-podP(config-vrf)# interface vlan 12
N7K-Y-podP(config-if)# vrf member OSPFvrf
Step 3 Create interface loopback 12, place it into VRF OSPFvrf, and assign IP address
192.168.12.7P/32 (P is your pod number).
N7K-Y-podP(config-if)# interface loopback 12
N7K-Y-podP(config-if)# vrf member OSPFvrf
Step 4 Enable the OSPF feature.

N7K-Y-podP(config-if)# feature ospf
N7K-Y-podP(config)#
Q1) Check the Cisco Nexus 7000 Switch enterprise license. Is it in use?
N7K-Y-podP(config)# show license usage
Feature Ins
Lic Status Expiry Date Comments
Count
------------------------------------------------------------------------------
MPLS_PKG Yes - In use never -
STORAGE-ENT No - Unused -
VDC_LICENSES No 0 Unused -
ENTERPRISE_PKG No - Unused -
FCOE-N7K-F132XP No 0 Unused -
FCOE-N7K-F312FQ No 0 Unused -
ENHANCED_LAYER2_PKG Yes - Unused never -
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG Yes - Unused never -
LAN_ADVANCED_SERVICES_PKG Yes - Unused never -
LAN_ENTERPRISE_SERVICES_PKG Yes - In use never -
------------------------------------------------------------------------------
Step 5 Check the details of the license usage.
N7K-Y-podP(config)# show license usage LAN_ENTERPRISE_SERVICES_PKG

Application Vdc
----------------------------------------------------------------------------
ospf podP
----------------------------------------------------------------------------
Step 6 Configure OSPF on interface VLAN 12 using OSPF area 0.

N7K-Y-podP(config-if)# ip router ospf 42 area 0
Step 7 Configure OSPF on interface Loopback 12 using OSPF area P (P is your pod number).

N7K-Y-podP(config-if)# ip router ospf 42 area P
Step 8 Verify that the OSPF process runs.
N7K-Y-podP(config-if)# show ip ospf

Note: process currently not running
Step 9 Start the OSPF process and check it again.
N7K-Y-podP(config-if)# router ospf 42

N7K-Y-podP(config-router)#
N7K-Y-podP(config-router)# show ip ospf vrf OSPFvrf
Routing Process 42 with ID 192.168.12.7P VRF OSPFvrf

Routing Process Instance Number 1
Stateful High Availability enabled
Graceful-restart is configured
Grace period: 60 state: Inactive
Last graceful restart exit status: None
Supports only single TOS(TOS0) routes
Supports opaque LSA
This router is an area border
Administrative distance 110
Reference Bandwidth is 40000 Mbps
SPF throttling delay time of 200.000 msecs,
SPF throttling hold time of 1000.000 msecs,
SPF throttling maximum wait time of 5000.000 msecs
LSA throttling start time of 0.000 msecs,
LSA throttling hold interval of 5000.000 msecs,
LSA throttling maximum wait time of 5000.000 msecs
Minimum LSA arrival 1000.000 msec
LSA group pacing timer 10 secs
Maximum paths to destination 8
Number of external LSAs 0, checksum sum 0
Number of opaque AS LSAs 0, checksum sum 0
Number of areas is 2, 2 normal, 0 stub, 0 nssa
Number of active areas is 2, 2 normal, 0 stub, 0 nssa
Install discard route for summarized external routes.
Install discard route for summarized internal routes.
Area BACKBONE(0.0.0.0) (Inactive)
Area has existed for 00:00:11
Interfaces in this area: 1 Active interfaces: 1
Passive interfaces: 0 Loopback interfaces: 0
No authentication available
SPF calculation has run 1 times
Last SPF ran for 0.000299s
Area ranges are
Number of LSAs: 2, checksum sum 0xa226
Area (0.0.0.P) (Inactive)
Area has existed for 00:00:11
Interfaces in this area: 1 Active interfaces: 1
Passive interfaces: 0 Loopback interfaces: 1
No authentication available
SPF calculation has run 1 times
Last SPF ran for 0.000049s
Area ranges are
Number of LSAs: 2, checksum sum 0x17750
Step 10 Check the adjacent OSPF on VLAN 12. (Q is your peer pod number.)
N7K-Y-podP# show ip ospf neighbors vrf OSPFvrf

OSPF Process ID 42 VRF OSPFvrf
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
192.168.12.7Q 1 FULL/DR 00:00:26 172.16.12.7Q Vlan12
OR
OSPF Process ID 42 VRF OSPFvrf

192.168.12.7Q 1 FULL/BDR 00:00:26 172.16.12.7Q Vlan12
Step 11 Check the OSPF database.
N7K-Y-podP(config-router)# show ip ospf database vrf OSPFvrf

OSPF Router with ID (192.168.12.7P) (Process ID 42 VRF OSPFvrf)
Router Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# Checksum Link Count
192.168.12.7P 192.168.12.7P 62 0x80000003 0xa9e4 1
192.168.12.7Q 192.168.12.7Q 63 0x80000003 0xa7e3 1
Network Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# Checksum

172.16.12.7Q 192.168.12.7Q 63 0x80000002 0x0d03
Summary Network Link States (Area 0.0.0.0)

192.168.12.7P 192.168.12.7P 102 0x80000002 0x6879
192.168.12.7Q 192.168.12.7Q 105 0x80000002 0x5887
Router Link States (Area 0.0.0.P)
Link ID ADV Router Age Seq# Checksum Link Count

192.168.12.7P 192.168.12.7P 102 0x80000002 0x9287 1
Summary Network Link States (Area 0.0.0.P)

172.16.12.0 192.168.12.7P 61 0x80000002 0xe4c9
192.168.12.7Q 192.168.12.7P 61 0x80000002 0xe4c8
Step 12 Check the routing table and ping your peer loopback 12 IP address (Q is your peer pod
number).
N7K-Y-podP(config-router)# show ip route ospf-42 vrf OSPFvrf
IP Route Table for VRF "OSPFvrf"

192.168.12.7Q/32, ubest/mbest: 1/0

*via 172.16.12.7Q, Vlan12, [110/41], 00:01:42, ospf-42, inter
N7K-Y-podP (config-router)# ping 192.168.12.7Q vrf OSPFvrf

n You have used the show and ping commands to verify that the VRF is configured, and that the
OSPF routes are showing in the IP routing table and are reachable.
Task 4: Configuring VRFs and EIGRP
In this task, you will configure VRF instances with EIGRP and verify the configuration.
Activity Procedure
Step 1 Create a VRF context named EIGRPvrf.
N7K-Y-podP(config)# vrf context EIGRPvrf
Step 2 Create interface VLAN 13 in VRF EIGRPvrf using 172.16.13.7P/24 as the IP address
(P is your pod number).
N7K-Y-podP(config-if)# vrf member EIGRPvrf
Step 3 Create interface loopback 13, place it into VRF EIGRPvrf, and assign IP address
192.168.13.7P/32 (P is your pod number).
N7K-Y-podP(config-if)# vrf member EIGRPvrf
Step 4 Enable the EIGRP feature.

N7K-Y-podP(config-if)# feature eigrp
N7K-Y-podP(config)#
Step 5 Check the Cisco Nexus 7000 enterprise license. Is it in use?
Count
------------------------------------------------------------------------------
LAN_ENTERPRISE_SERVICES_PKG Yes - In use never -
------------------------------------------------------------------------------
N7K-Y-podP(config)# show license usage LAN_ENTERPRISE_SERVICES_PKG
Application Vdc
----------------------------------------------------------------------------
ospf podP
eigrp podP
----------------------------------------------------------------------------
Step 7 Start the EIGRP process for AS 42.
N7K-Y-podP(config)# router eigrp 42

Step 8 Configure EIGRP 42 on interface VLAN 13.

N7K-Y-podP(config-if)# ip router eigrp 42
Step 9 Configure EIGRP 42 on interface loopback 13.

N7K-Y-podP(config-if)# ip router eigrp 42
Step 10 Check the EIGRP process (P is your pod number).

N7K-Y-podP(config-if)# show ip eigrp vrf EIGRPvrf
IP-EIGRP AS 42 ID 192.168.13.7P VRF EIGRPvrf
Process-tag: 42
Status: running
Authentication mode: none
Authentication key-chain: none
Metric weights: K1=1 K2=0 K3=1 K4=0 K5=0
IP proto: 88 Multicast group: 224.0.0.10
Int distance: 90 Ext distance: 170
Max paths: 8
Number of EIGRP interfaces: 2 (1 loopbacks)
Number of EIGRP passive interfaces: 0
Number of EIGRP peers: 1
Graceful-Restart: Enabled
Stub-Routing: Disabled
NSF converge time limit/expiries: 120/0
NSF route-hold time limit/expiries: 240/0
NSF signal time limit/expiries: 20/0
Redistributed max-prefix: Disabled
Step 11 Check the EIGRP neighbor relationship (Q is your peer pod number).
N7K-Y-podP# show ip eigrp neighbors vrf EIGRPvrf
IP-EIGRP neighbors for process 42 VRF EIGRPvrf

H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.13.7Q Vlan13 13 00:01:16 1 200 0 4
Step 12 Check the routing table (Q is your peer pod number) and ping your peer loopback 13 IP
address (Q is your peer pod number).
N7K-Y-podP# show ip route eigrp-42 vrf EIGRPvrf
IP Route Table for VRF "EIGRPvrf"
192.168.13.7Q/32, ubqest/mbest: 1/0

*via 172.16.13.7Q, Vlan13, [90/130816], 00:01:48, eigrp-42, internal
N7K-Y-podP# ping 192.168.13.7Q vrf EIGRPvrf


n You have used the show commands to verify that the VRF is configured and that the EIGRP
routes are showing in the IP routing table.
Task 5: Configuring BGP
In this task, you will configure BGP and verify the configuration.
Activity Procedure
Step 1 Create SVI 14 and assign IP address 172.16.14.7P (P is your pod number).
N7K-Y-podP(config-if)# interface Vlan14
Step 2 Enable the BGP feature.

N7K-Y-podP(config)# feature bgp
Step 3 Configure the BGP process with AS number 6500P (P is your pod number).
N7K-Y-podP(config)# router bgp 6500P
Step 4 Configure a BGP session with your peer pod (Q is your peer pod number).
N7K-Y-podP(config-router)# neighbor 172.16.14.7Q remote-as 6500Q
N7K-Y-podP(config-router-neighbor)# address-family ipv4 unicast
Step 5 Verify the BGP session with your peer pod.

N7K-Y-podP(config-router-neighbor-af)# show ip bgp neighbors
BGP neighbor is 172.16.14.7Q, remote AS 6500Q, ebgp link, Peer index 1

BGP version 4, remote router ID 172.16.14.7Q
BGP state = Established, up for 00:00:04
Peer is directly attached, interface Vlan14
Last read 00:00:03, hold time = 180, keepalive interval is 60 seconds
Last written 00:00:03, keepalive timer expiry due 00:00:56
Received 6 messages, 0 notifications, 0 bytes in queue
Sent 6 messages, 0 notifications, 0 bytes in queue
Connections established 1, dropped 0
Last reset by us never, due to No error
Last reset by peer never, due to No error
Neighbor capabilities:
Dynamic capability: advertised (mp, refresh, gr) received (mp, refresh, gr)
Dynamic capability (old): advertised received
Route refresh capability (new): advertised received
Route refresh capability (old): advertised received
4-Byte AS capability: advertised received
Address family IPv4 Unicast: advertised received
Graceful Restart capability: advertised received
Graceful Restart Parameters:

Address families advertised to peer:
IPv4 Unicast
Address families received from peer:
IPv4 Unicast
Forwarding state preserved by peer for:
Restart time advertised to peer: 120 seconds
Stale time for routes advertised by peer: 300 seconds
Restart time advertised by peer: 120 seconds
Extended Next Hop Encoding Capability: advertised received
Receive IPv6 next hop encoding Capability for AF:
IPv4 Unicast
Message statistics:
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 1 1
Keepalives: 2 2
Route Refresh: 0 0
Capability: 2 2
Total: 6 6
Total bytes: 106 106
Bytes in queue: 0 0
For address family: IPv4 Unicast

BGP table version 3, neighbor version 3
0 accepted paths consume 0 bytes of memory
0 sent paths
Last End-of-RIB received 00:00:01 after session start
Local host: 172.16.14.7P, Local port: 179

Foreign host: 172.16.14.7Q, Foreign port: 62988
fd = 63
Step 6 Configure networks 192.168.P4.0/24, 192.168.P5.0/24, and 192.168.P6.0/24 to be
advertised by BGP to your peer pod (P is your pod number).
N7K-Y-podP(config-router-neighbor-af)# exit
N7K-Y-podP(config-router-neighbor)# exit
N7K-Y-podP(config-router)# address-family ipv4 unicast
N7K-Y-podP(config-router-af)# network 192.168.P4.0 mask 255.255.255.0
Step 7 Create interface loopback 14 and assign IP addresses 192.168.P4.1/24, 192.168.P5.1/24,

and 192.168.P6.1/24 (P is your pod number).
N7K-Y-podP(config-router-af)# interface loopback 14
N7K-Y-podP(config-if)# ip address 192.168.P4.1/24
N7K-Y-podP(config-if)# ip address 192.168.P5.1/24 ?
<CR>
secondary Configure additional IP addresses on interface
tag URIB route tag value for local/direct routes
N7K-Y-podP(config-if)# ip address 192.168.P5.1/24 secondary

N7K-Y-podP(config-if)# ip address 192.168.P6.1/24 secondary
Step 8 Verify the BGP table (P is your pod number, Q is your peer pod number).
N7K-Y-podP(config-if)# show ip bgp
BGP routing table information for VRF default, address family IPv4 Unicast
BGP table version is 14, local router ID is 192.168.P4.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-
injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath
Network Next Hop Metric LocPrf Weight Path

*>l192.168.P4.0/24 0.0.0.0 100 32768 i
*>l192.168.P5.0/24 0.0.0.0 100 32768 i
*>l192.168.P6.0/24 0.0.0.0 100 32768 i
*>e192.168.Q4.0/24 172.16.14.7Q 0 6500Q i
*>e192.168.Q5.0/24 172.16.14.7Q 0 6500Q i
*>e192.168.Q6.0/24 172.16.14.7Q 0 6500Q i
Step 9 Verify connectivity to the peer interface loopback addresses (Q is your peer pod
number).
N7K-Y-podP(config-if)# ping 192.168.Q4.1
PING 192.168.Q4.1 (192.168. Q4.1): 56 data bytes
64 bytes from 192.168.Q4.1: icmp_seq=0 ttl=254 time=1.091 ms
--- 192.168.Q4.1 ping statistics ---

N7K-Y-podP(config-if)# ping 192.168.Q5.1

PING 192.168.Q5.1 (192.168.Q5.1): 56 data bytes
--- 192.168.Q5.1 ping statistics ---

Step 10 Save your configurations.
n You have used the show commands to verify that the BGP is configured and that the BGP
routes are showing in the IP routing table.
Guided Lab 10: Configuring FHRP (Optional)
Overview
n Configure HSRP on a pair of Cisco Nexus 7000 Switches and verify the configuration by
setting up a continuous ping to see if there is any packet loss
n Configure VRRP on a pair of Cisco Nexus 7000 Switches and verify the configuration by
n Configure GLBP on a pair of Cisco Nexus 7000 Switches and verify the configuration by
Visual Objective
Required Resources
Extenders.
Command List
Command Description
address group-address This command configures the virtual IPv4

address for the specified VRRP group.
feature hsrp This command enables HSRP
feature glbp This command enables GLBP.
feature vrrp This command enables VRRP.
glbp group-number This command creates a GLBP group and

enters GLBP configuration mode.
hsrp group-number This command creates an HSRP group and

enters HSRP configuration mode.
vrrp group-number This command creates a virtual router group.
ip group-address This command enables GLBP or HSRP on an

interface and identifies the primary IP address
of the virtual gateway.
preempt This command configures the router to take

over as the active router for an HSRP group if
it has a higher priority than the current active
router.
priority This command sets the priority level that is

used to select the active router in an HSRP or
VRRP group.
show hsrp brief This command displays a brief summary of the

HSRP status for a group.
show glbp brief This command displays a brief summary of the

GLBP status for a group.
show vrrp This command displays the VRRP status for

all groups.
Cisco Nexus 5000 Switch. The next step is to revert to the checkpoint BASE configurations on the
VDC and the Nexus 5000 Switch.
Activity Procedure


N5K-P# conf
Pod 1&2 Pod 3&4 Pod 5&6
Eth7/1-2 Eth 7/3-4 Eth 7/5-6
N7K-X-PodP# conf
N7K-X-PodP(config)# interface ethernet 7/x-y (see table for x and y)
N7K-X-PodP# conf
N7K-X-PodP(config)# interface ethernet 7/x-y (see table above)
N7K-X-PodP# conf
N5K-P# conf
N5K-P(config)#
n You have connected to your pod VDC and your pod Cisco Nexus 5000 Switch.
Task 2: Configure HSRP
During this exercise, you will configure your VDC pod to be a member of two HSRP groups and
verify its operation and status.
Activity Procedure
Step 1 Enable the SVI feature on the Cisco Nexus 7000 Switch.
Step 2 Configure an SVI on the Cisco Nexus 7000 Switch for VLAN 111 using IP address
172.16.111.7P (P is your pod number).
Step 3 Enable the SVI feature on the Cisco Nexus 5000 Switch.
Step 5 Check Layer 2 connectivity by pinging IP addresses 172.16.111.7P and 172.16.111.5P

Step 6 Enable the HSRP feature on your Cisco Nexus 7000 VDC:
N7K-Y-podP(config)# feature hsrp
Step 7 Configure HSRP group 1 on your SVI interfaces.

N7K-Y-podP(config-if)# hsrp 1
N7K-Y-podP(config-if-hsrp)# ip 172.16.111.1
N7K-Y-podP(config-if-hsrp)# exit
Step 8 Verify that the active and standby routers that are part of HSRP within your VDC are
functioning.
N7K-Y-podP(config-if)# show hsrp brief
1 P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan111 1 100 Active local 172.16.111.7Q 172.16.111.1
(conf)
N7K-Y-podQ(config-if)# show hsrp brief

P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan111 1 100 Standby 172.16.111.7Q local 172.16.111.1
(conf)
Q1) Which are the active and standby routers in your first HSRP group?
Step 9 Change the priority of the HSRP group 1 on the standby HSRP router to 120. Verify the
state of both HSRP groups within both switches.
N7K-Y-podP(config-if-hsrp)# priority 120
Q2) Did any of the HSRP routers change their state?
Step 10 Recreate the instance on the former standby and change the priority to 120 before
assigning the group IP address.
N7K-Y-podP(config-if)# no hsrp 1
N7K-Y-podP(config-if-hsrp)# priority 120
Step 11 Remove the HSRP 1 instance within the active HSRP router and recreate the instance.
Step 12 Ping the HSRP group IP addresses from within your VDC pod.
Q4) Were the ping commands successful?
Task 3: Virtual Router Redundancy Protocol
During this exercise, you will configure VRRP on a pair of Cisco Nexus 7000 Switches, and verify
the configuration by setting up a continuous ping to see if there is any packet loss.
Activity Procedure
Step 1 You will perform the remainder of this task with the associated VDC pod in both Cisco
Nexus 7000 Switches, that is, Pod 1 will partner with Pod 2, and so on, for six total
groups.

Step 5 Enable the VRRP feature on your pod VDC.

N7K-Y-podP(config)# feature vrrp
Step 6 Configure VRRP group 1 on your VLAN 112 SVI interfaces and assign the IP address
172.16.112.7Z.
Z 1 3 5

N7K-Y-podP(config-if)# vrrp 1
N7K-Y-podP(config-if-vrrp)# address 172.16.112.7Z
Step 7 Verify that the active and standby routers that are part of VRRP within your VDC are
functioning.
N7K-1-podP(config-if)# show vrrp
Interface VR IpVersion Pri Time Pre State VR IP addr
---------------------------------------------------------------
Vlan112 1 IPV4 255 1 s Y Init 172.16.112.7Z
And
N7K-2-podP(config-if)# show vrrp

---------------------------------------------------------------
Vlan112 1 IPV4 100 1 s Y Init 172.16.112.7Z
Q5) Why is VRRP stuck in the INIT state on both routers?
Step 8 Enable VRRP using the no shutdown command.

N7K-Y-podP(config-if-vrrp)# no shutdown
Step 9 Check again that the active and standby routers that are part of VRRP within your VDC
are functioning.
N7K-Y-podP(config-if-vrrp)# show vrrp
---------------------------------------------------------------
Vlan112 1 IPV4 255 1 s Y Master 172.16.112.7Z
And
N7K-Y-podQ(config-if-vrrp)# show vrrp

---------------------------------------------------------------
Vlan112 1 IPV4 100 1 s Y Backup 172.16.112.7Z
Q6) Which are the active and standby routers in your first VRRP group?
Step 10 Change the priority of VRRP group 1 on the standby router to become a master.
N7K-2-podP(config-if-vrrp)# priority 254
Q7) What is priority of the current master?
Q8) What is the maximum configurable priority?
Step 11 Ping the VRRP group IP addresses from within your VDC pod. Disable the active
VRRP router in your group.
n You have used the show commands to verify the VRRP configuration.
n You logged into the Windows hosts and set up a continuous ping, and then disabled the active
VRRP router and verified that the client did not lose connectivity.
Task 4: Gateway Load Balancing Protocol
During this exercise, you will configure GLBP on a pair of Cisco Nexus 7000 Switches, and verify
the configuration by setting up a continuous ping to see if there is any packet loss.
Activity Procedure
Step 1 You will perform the remainder of this task with the associated VDC pod in both Cisco
Nexus 7000 Switches, that is, Pod 1 will partner with Pod 2, and so on, for six total
groups.
Step 5 Enable the GLBP feature on your pod VDC.

N7K-Y-podP(config)# feature glbp
Step 6 Configure GLBP group 1 on your SVI interfaces 113. Assign IP address 172.16.113.1.
N7K-Y-podP(config-if)# glbp 1
N7K-Y-podP(config-if-glbp)# ip 172.16.113.1
N7K-Y-podP(config-if-glbp)# exit
N7K-Y-podP(config-if)# exit
Step 7 Verify that the active and standby routers that are part of GLBP within your VDC are
functioning.
N7K-Y-podP# show glbp brief
Interface Grp Fwd Pri State Address Active rtr Standby rtr
Vlan113 1 - 100 Standby 172.16.113.1 172.16.113.7Q local
Vlan113 1 1 7 Listen 0007.B400.0101 172.16.113.7Q -
Vlan113 1 2 7 Active 0007.B400.0102 local -
And
N7K-Y-podQ# show glbp brief

Interface Grp Fwd Pri State Address Active rtr Standby rtr
Vlan113 1 - 100 Active 172.16.113.1 local 172.16.113.7Q
Vlan113 1 1 7 Active 0007.B400.0101 local -
Vlan113 1 2 7 Listen 0007.B400.0102 172.16.113.7Q -
Step 8 Ping the GLBP group IP addresses from within your VDC pod. Disable the active
GLBP router in your group.
n You have used the show commands to verify the VRRP configuration.
n You have logged into the Cisco Nexus 5000 Switch and set up a continuous ping, and then
disabled the active GLBP router and verified that the client did not lose connectivity.
Guided Lab 11: Configuring MPLS (Optional)
Overview
n Configure and verify MPLS and LDP on the Cisco Nexus 7000 Switch
n Configure and verify MP-BGP and MPLS VPN customers on the Cisco Nexus 7000 Switch
n Configure and verify MPLS TE, OSPF for Cisco MPLS TE, and an explicit path on the Cisco
Nexus 7000 Switch
Visual Objective
Required Resources
Extenders.
Command List
Command Description
autoroute announce This command specifies that the IGP should use the tunnel (if the
tunnel is up) in its enhanced SPF calculation.
bandwidth This command configures the bandwidth for the MPLS TE tunnel.
destination ip-address This command specifies the destination for a tunnel. The
destination must be the MPLS TE router ID of the destination
device or the hostname.
explicit-path name name This command enters explicit path configuration mode and
creates or modifies the specified path.
feature mpls l3vpn This command enables the MPLS feature set.
feature mpls ldp This command enables the MPLS LDP feature on the device.
feature mpls traffic-engineering This command enables the MPLS TE feature.
feature-set mpls This command enables the MPLS feature set.
index 10 next-address address This command inserts or modifies a path entry at a specific index.
interface tunnel-te number This command enters TE interface configuration mode.
ip unnumbered type slot/port This command gives the tunnel interface an IP address that is the
same as the IP address of the configured interface.
mpls ip This command enables MPLS LDP on the specified interface.
mpls ldp sync This command enables MPLS LDP IGP synchronization for all
OSPF interfaces.
mpls traffic-eng area area-id This command turns on MPLS TE for the indicated OSPF area.
mpls traffic-eng bandwidth This command allocates the MPLS TE bandwidth pool for the
interface.
mpls traffic-eng configuration This command enters MPLS TE configuration mode.
mpls traffic-eng router-id interface This command specifies that the TE router identifier for the node
is the IP address that is associated with the configured interface.
mpls traffic-eng tunnels This command enables MPLS TE tunnels on an interface.
path-option 10 explicit name name This command configures the tunnel to use a named IP explicit
path.
show mpls interface detail This command displays the configuration status of MPLS LDP on
the interface.
show mpls ldp neighbor detail This command shows that the LDP session between routers was
successfully established.
show mpls traffic-eng explicit-paths This command displays TE explicit paths.
show mpls traffic-eng link-management This command displays the link management information.
summary
show mpls traffic-eng tunnels brief This command displays information about configured MPLS TE
tunnels at the head and signaled TE LSPs at other hops.
VDC and Cisco Nexus 5000 Switch.


Step 4 Connect to your Nexus 5000 switch by clinking on the icon in the remote lab GUI
Step 5 Roll back to the configuration checkpoint BASE on your Nexus 5000 switch.
Step 6 On your N5K configure and ENABLE the interfaces connecting to the N7K VDCs.
N5K-P# conf
Step 7 On your N5K DISABLE the interfaces connecting to the N7K VDCs.
N5K-P# conf
N7K-X-PodP# conf
N7K-X-PodP# conf
N7K-X-PodP(config)# interface ethernet 7/Q (Q is your PEER Pod #)
N7K-X-PodP# conf
N5K-P# conf
Step 12 Disable the interface that is connected to the peer Cisco Nexus 5000 and 7000 VDC.
N5K-P# conf t
N5K-P(config)# int eth 2/5-6, eth 2/2
N5K-P(config-if)# show cdp neighbors
N7K-Y-podP(JAF1424AHSA) Eth2/1 155 R S I s N7K-C7010 EthX/A
Step 13 Connect to your VDC on the Cisco Nexus 7000 Switch.

Step 14 Configure the physical interface that MPLS will use to reach the DCI transport
infrastructure. Reconfigure the Ethernet interface that is connected to your peer pod as a
Layer 3 interface with address 192.168.100.7P/24 (P is your pod number).
N7K-Y-podP(config)#
N7K-Y-podP(config)# interface ethernet X/D
N7K-Y-podP(config-if)# no switchport
Step 15 Verify connectivity to the peer pod IP address, which was configured in previous Step
(Q is peer pod number).
N7K-Y-podP(config-if)# ping 192.168.100.7Q
Request 0 timed out
--- 192.168.100.75 ping statistics ---

n Your pod Cisco Nexus 5000 Switch is connected only to your pod VDC.
n You have IP connectivity between your pod VDC and peer pod VDC.
Task 2: Configure Basic MPLS

In this task, you will configure MPLS and LDP on a pair of VDCs on Cisco Nexus 7000 Switches,
and verify the configuration using show commands.
Activity Procedure
Step 1 Create interface loopback 14 with IP address 192.168.14.7P/32 (P is your Pod number).
Step 2 Enable the MPLS feature that is set on your pod VDC.
N7K-Y-podP(config)# feature-set mpls
Feature Ins
Lic Status Expiry Date Comments
Count
------------------------------------------------------------------------------
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused never -
------------------------------------------------------------------------------
N7K-Y-podP(config)# show feature-set

Feature Set Name ID State
-------------------- -------- --------
fcoe 1 disabled
fabricpath 2 disabled
fex 3 disabled
mpls 4 enabled
fabric 7 disabled
Step 4 Enable the MPLS LDP feature on your pod VDC.
N7K-Y-podP(config)# feature mpls ldp
N7K-2-pod2(config)# show license usage

Feature Ins Lic Status Expiry Date Comments
Count
------------------------------------------------------------------------------
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused never -
------------------------------------------------------------------------------
Step 5 Enable MPLS LDP on the interface that is connected to the peer pod VDC.

N7K-Y-podP(config-if)# mpls ip
Step 6 Verify the status of MPLS LDP on the interface.

N7K-Y-podP(config-if)# show mpls interface detail
Interface EthernetX/D:
ldp enabled
MPLS operational
Label space id 0x10000001
MPLS sub-layer EthernetX/D-mpls layer(0x26000001)
Step 7 Configure the OSPF process.
N7K-Y-podP(config-if)# feature ospf
N7K-Y-podP(config)# router ospf 100
Step 8 Configure OSPF on the interface that is connected to the peer pod VDC. Use OSPF area
0.
N7K-Y-podP(config-router)# interface ethernet X/D

Step 9 Configure OSPF on interface loopback 14. Use OSPF area P (P is your pod number).
N7K-Y-podP(config-if)# ip router ospf 100 area P
Step 10 Check the OSPF adjacency (Q is your peer pod number).

N7K-Y-podP(config-if)# show ip ospf neighbors
OSPF Process ID 100 VRF default

192.168.14.7Q 1 FULL/DR 00:00:09 192.168.100.7P EthX/D
Step 11 Configure MPLS LDP IGP synchronization for OSPF interfaces.

N7K-Y-podP(config-if)# router ospf 100
N7K-Y-podP(config-router)# mpls ldp sync
Step 12 Configure the LDP router ID to use the IP address of loopback 14.
N7K-Y-podP(config-router)# mpls ldp configuration
N7K-Y-podP(config-ldp)# router-id loopback 14
Step 13 Verify that the LDP session between routers was successfully established.
N7K-Y-podP(config-ldp)# show mpls ldp neighbor detail
Peer LDP Ident: 192.168.14.7Q:0; Local LDP Ident 192.168.14.7P:0
TCP connection: 192.168.14.7Q.61011 - 192.168.14.7P.646
Password: not required, none, in use
State: Oper; Msgs sent/rcvd: 8/9; Downstream; Last TIB rev sent 9
Up time: 00:01:09; UID: 1; Peer Id 0
LDP discovery sources:
EthernetX/D; Src IP addr: 192.168.100.7Q
holdtime: 15000 ms, hello interval: 5000 ms
Addresses bound to peer LDP Ident:
192.168.14.7Q 192.168.100.7Q
Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab
Capabilities Sent:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x050b)]
Capabilities Received:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x050b)]
n You have used the show commands to verify that MPLS is configured and that the LDP
session between routers was successfully established.
Task 3: Configure MPLS Layer 3 VPNs

In this task, you will configure MP-BGP and MPLS VPN customers on a pair of VDCs on Cisco
Nexus 7000 Switches, and verify the configuration using show commands.
Activity Procedure
Step 1 Enable the BGP feature on your Cisco Nexus 7000 VDC.
N7K-Y-podP(config)# feature bgp
Step 2 Enable the MPLS Layer 3 VPN feature on your Cisco Nexus 7000 VDC.
N7K-Y-podP(config)# feature mpls l3vpn
Step 3 Configure a BGP routing process. Use AS number 650XY. (X is the SMALLER of the
two peer pod numbers, and Y is the LARGER of the two peer pod numbers. Pods 5 and
6 will use 65056 as the AS number.)
Device BGP Process ID
N7K1-pod1
65012
N7K2-pod2
N7K1-pod3 65034
N7K2-pod4
N7K1-pod5
65056
N7K2-pod6
N7K-Y-podP(config)# router bgp 650XY
Step 4 Configure a BGP session with your peer pod. Use the IP address 192.168.14.7Q (Q is
your peer pod number).
N7K-Y-podP(config-router)# neighbor 192.168.14.7Q remote-as 650XY
N7K-Y-podP(config-router-neighbor)# update-source loopback 14
Step 5 Configure that a communities attribute should be sent to a BGP neighbor.

N7K-Y-podP(config-router-neighbor)# address-family vpnv4 unicast
N7K-Y-podP(config-router-neighbor-af)# send-community extended
Step 6 After your peer pod has finished BGP configuration, check the BGP neighbors.
N7K-Y-podP(config-router-neighbor-af)# show bgp vpnv4 unicast neighbors
BGP neighbor is 192.168.14.7Q, remote AS 650XY, ibgp link, Peer index 1

BGP version 4, remote router ID 192.168.14.7Q
BGP state = Established, up for 00:00:10
Using loopback14 as update source for this peer
Last read 00:00:07, hold time = 180, keepalive interval is 60 seconds
Last written 00:00:08, keepalive timer expiry due 00:00:51
Received 8 messages, 0 notifications, 0 bytes in queue
Sent 8 messages, 0 notifications, 0 bytes in queue
Connections established 1, dropped 0
Last reset by us never, due to No error
Last reset by peer never, due to No error
Neighbor capabilities:
Dynamic capability: advertised (mp, refresh, gr) received (mp, refresh, gr)
Dynamic capability (old): advertised received
Route refresh capability (new): advertised received
Route refresh capability (old): advertised received
4-Byte AS capability: advertised received
Address family VPNv4 Unicast: advertised received
Graceful Restart capability: advertised received
Graceful Restart Parameters:

Address families advertised to peer:
VPNv4 Unicast
Address families received from peer:
VPNv4 Unicast
Forwarding state preserved by peer for:
Restart time advertised to peer: 120 seconds
Stale time for routes advertised by peer: 300 seconds
Restart time advertised by peer: 120 seconds
Extended Next Hop Encoding Capability: advertised received
Receive IPv6 next hop encoding Capability for AF:
IPv4 Unicast
Message statistics:
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 2 2
Keepalives: 3 3
Route Refresh: 0 0
Capability: 2 2
Total: 8 8
Total bytes: 154 154
Bytes in queue: 0 0
For address family: VPNv4 Unicast

BGP table version 4, neighbor version 4
0 accepted paths consume 0 bytes of memory
0 sent paths
Extended community attribute sent to this neighbor
Third-party Nexthop will not be computed.
Last End-of-RIB received 00:00:03 after session start
Local host: 192.168.14.7P, Local port: 179

Foreign host: 192.168.14.7Q, Foreign port: 49523
fd = 60
Step 7 Define the VPN routing instance named vpn_web_servers.
N7K-Y-podP(config-router-neighbor-af)# vrf context vpn_web_servers
Step 8 Configure the route distinguisher. Configure the route distinguisher 650XY:1XY. (X is
the SMALLER of the two peer pod numbers, and Y is the LARGER of the two peer
pod numbers. Pods 5 and 6 will use 65056:156 as the route distinguisher.)
Device route distinguisher
N7K1-pod1 65012:112
N7K2-pod2
N7K1-pod3 65034:134
N7K2-pod4
N7K1-pod5 65056:156
N7K2-pod6
N7K-Y-podP(config-vrf)# rd 650XY:1XY
Step 9 Enter the IPv4 address family type configuration mode.

N7K-Y-podP(config-vrf)# address-family ipv4 unicast
Step 10 Configure a route target extended community for a VRF as follows: Import routing
information from the VPN extended community 650XY:1XY. Export routing
information to the VPN extended community 6500XY:1XY. (X is the SMALLER of
the two peer pod numbers, and Y is the LARGER of the two peer pod numbers. Pods 5
and 6 will use 65056:156 as the extended community.)
N7K-Y-podP(config-vrf-af-ipv4)# route-target import 650XY:1XY
N7K-Y-podP(config-vrf-af-ipv4)# route-target export 650XY:1XY
Step 11 Verify the VRF configuration.

N7K-Y-podP(config-vrf-af-ipv4)# show vrf vpn_web_servers
VRF-Name VRF-ID State Reason

vpn_web_servers 3 Up --
Step 12 Create SVI 10 on the same interface. Associate SVI 10 with VRF vpn_web_servers and
assign IP address 172.16.1P.7P/24 (P is your pod number).
N7K-Y-podP(config-vrf-af-ipv4)# feature interface-vlan
N7K-Y-podP(config-if)# vrf member vpn_web_servers
N7K-Y-podP(config-if)# ip address 172.16.1P.7P/24
Step 13 Check the interfaces that are associated with VRF vpn_web_servers.
N7K-Y-podP(config-if)# show vrf vpn_web_servers interface

Vlan10 vpn_web_servers 3 --
Step 14 Configure a route map that matches network 172.16.1P.0/24 (P is your pod number).
N7K-Y-podP(config-if)# ip prefix-list AllowPrefix seq 10 permit 172.16.1P.0/24
N7K-Y-podP(config)# show ip prefix-list
ip prefix-list AllowPrefix: 1 entries
seq 10 permit 172.16.1P.0/24
N7K-Y-podP(config)# route-map AllowConnected permit 10
N7K-Y-podP(config-route-map)# match ip address prefix-list AllowPrefix
Step 15 Verify the route map configuration.

N7K-Y-podP(config-route-map)# show route-map AllowConnected
route-map AllowConnected, permit, sequence 10
Match clauses:
ip address prefix-lists: AllowPrefix
Set clauses:
Step 16 Associate the BGP process with VRF vpn_web_servers.
N7K-Y-podP(config-route-map)# router bgp 650XY
N7K-Y-podP(config-router)# vrf vpn_web_servers
Step 17 Redistribute directly connected routes into BGP. Use route map AllowConnected.
N7K-Y-podP(config-router-vrf)# address-family ipv4 unicast
N7K-Y-podP(config-router-vrf-af)# redistribute direct route-map AllowConnected
Step 18 Verify that you have 172.16.1P.0/24 and 172.16.1Q.0/24 networks in the BGP table and
VRF routing table (P is your pod number, Q is your peer pod number).
N7K-Y-podP(config-router-vrf-af)# show ip bgp vrf vpn_web_servers
BGP routing table information for VRF vpn_web_servers, address family IPv4
Unicast
BGP table version is 5, local router ID is 172.16.11.7P
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-
injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath
Network Next Hop Metric LocPrf Weight Path

*>r172.16.1P.0/24 0.0.0.0 0 100 32768 ?
*>i172.16.1Q.0/24 192.168.14.7Q 0 100 0 ?
N7K-Y-podP (config-router-vrf-af)# show ip route vrf vpn_web_servers

IP Route Table for VRF "vpn_web_servers"
172.16.1P.0/24, ubest/mbest: 1/0, attached
*via 172.16.11.7Q, Vlan10, [0/0], 01:37:37, direct
172.16.1P.71/32, ubest/mbest: 1/0, attached
*via 172.16.11.7Q, Vlan10, [0/0], 01:37:37, local
172.16.1Q.0/24, ubest/mbest: 1/0
*via 192.168.14.7P%default, [200/0], 00:08:51, bgp-650XY, internal, tag
650XY (mpls-vpn)
Step 19 On your Cisco Nexus 5000 Switch, configure an interface that is connected to your
Windows server in VLAN 10.
N5K-P(config-if)# switchport access vlan 10
Step 20 On your Windows server, configure a network adapter that is connected to your pod
Cisco Nexus 5000 Switch with IP address 172.16.1P.101/24. (P is your pod number.)
Step 21 Open Windows Command Processor and use command route ADD 172.16.1Q.0
MASK 255.255.255.0 172.16.1P.7P to configure a static route to your peer pod. (P is
your pod number, Q is your peer pod number.)
Step 22 Use the ping command from your Windows server to verify connectivity to the peer
Windows server address 172.16.1Q.101 (Q is your peer pod number).
n You have used show commands to verify the MPLS Layer 3 VPN configuration.
n You can ping the peer Windows server through the configured MPLS Layer 3 VPN.
Task 4: Configure MPLS Traffic Engineering

During this exercise, you will configure MPLS TE, OSPF for MPLS TE, and an explicit path on a
pair of VDCs on Cisco Nexus 7000 Switches. You will also verify the configuration using show
and ping commands.
Activity Procedure
Step 1 Connect to your pod Cisco Nexus 7000 VDC. Remove the IP address, the OSPF
configuration, and disable MPLS LDP on the interface that is connected to your peer
Cisco Nexus 7000 VDC.
Ethernet X/D Eth 7/8 Ethernet 7/10 Ethernet 7/12
N7K-Y-podP(config)# default interface ethernet X/D
Step 2 Configure two subinterfaces on the same interface (P is your pod number) and enable
MPLS LDP.
Subinterface VLAN IP Address OSPF Process OSPF Area
101 101 192.168.101.7P/24 100 0
102 102 192.168.102.7P/24 100 0

N7K-Y-podP(config-if)# interface ethernet X/D.101
N7K-Y-podP(config-subif)# encapsulation dot1Q 101
N7K-Y-podP(config-subif)# ip address 192.168.101.7P/24
N7K-Y-podP(config-subif)# ip router ospf 100 area 0
N7K-Y-podP(config-subif)# mpls ip
N7K-Y-podP(config-subif)# no shutdown
N7K-Y-podP(config-if)# interface ethernet X/D.102
N7K-Y-podP(config-subif)# encapsulation dot1Q 102
N7K-Y-podP(config-subif)# ip address 192.168.102.7P/24
N7K-Y-podP(config-subif)# ip router ospf 100 area 0
N7K-Y-podP(config-subif)# mpls ip
N7K-Y-podP(config-subif)# no shutdown
Step 3 Check the OSPF adjacency.

N7K-Y-podP (config-subif)# show ip ospf ne
OSPF Process ID 100 VRF default
192.168.14.7P 1 FULL/DR 00:02:46 192.168.101.7P EthX/D.101
192.168.14.7P 1 FULL/DR 00:00:02 192.168.102.7P EthX/D.102
Step 4 Enable the MPLS TE feature.
N7K-Y-podP(config-subif)# feature mpls traffic-engineering
Step 5 Configure OSPF for MPLS TE.
N7K-Y-podP(config-subif)# router ospf 100
N7K-Y-podP(config-router)# mpls traffic-eng area 0
N7K-Y-podP(config-router)# mpls traffic-eng router-id loopback14
Step 6 Configure MPLS TE on subinterfaces that are connected to your peer pod Cisco Nexus
7000 VDC.
N7K-Y-podP(config-router)# interface ethernet X/D.101
N7K-Y-podP(config-subif)# mpls traffic-eng tunnels
N7K-Y-podP(config-subif)# mpls traffic-eng bandwidth 10000
N7K-Y-podP(config-subif)# interface ethernet X/D.102

N7K-Y-podP(config-subif)# mpls traffic-eng tunnels
N7K-Y-podP(config-subif)# mpls traffic-eng bandwidth 10000
Step 7 Create an MPLS TE tunnel with the following parameters (Q is your peer pod number).
Pod IP Address 1/A.10B Bandwidth Destination Address

Number 192.168.10C.7Q
1, 3 or 5 Unnumbered loopback 14 10000 192.168.101.72
2, 4 or 6 Unnumbered loopback 14 10000 192.168.102.71
N7K-Y-podP(config-subif)# interface tunnel-te 1

N7K-Y-podP(config-if-te)# ip unnumbered loopback14
N7K-Y-podP(config-if-te)# destination 192.168.10C.7Q
N7K-Y-podP(config-if-te)# bandwidth 10000
N7K-Y-podP(config-if-te)# path-option 10 explicit name Link1
N7K-Y-podP(config-if-te)# autoroute announce
N7K-Y-podP(config-if-te)# no shutdown
Step 8 Configure an explicit path.
Pod Next Address

Number 192.168.10C.7Q
1, 3 or 5 192.168.101.72
2, 4 or 6 192.168.102.71
N7K-Y-podP(config-if-te)# mpls traffic-eng configuration

N7K-Y-podP(config-te)# explicit-path name Link1
N7K-Y-podP(config-te)# index 10 next-address 192.168.10C.7Q
Explicit Path name Link1:
10: next-address 192.168.10C.7Q
N7K-Y-podP(config-te)# index 20 next-address 192.168.14.7Q
Explicit Path name Link1:
20: next address 192.168.14.7Q
Step 9 Use the ping command from your Windows server to verify connectivity to your peer
Windows server address 172.16.1Q.101 (Q is your peer pod number).
Step 10 Use various commands to verify the MPLS TE configuration.
N7K-Y-podP(config-te)# show mpls traffic-eng link-management summary
System Information::
Links Count: 2
Flooding System: enabled
IGP Area ID:: ospf-100 area-0
Flooding Protocol: OSPF
Flooding Status: data flooded
Periodic Flooding: enabled (every 60 seconds, next in 27 seconds)
Flooded Links: 2
IGP System ID: 192.168.14.7P
MPLS TE Router ID: 192.168.14.7P
Neighbors: 2
Link ID:: EthX/D.101 (192.168.101.7P)
Local Intfc ID: 439382117
Link Status:
Intfc Switching Capability Descriptors:
Default: Intfc Switching Cap psc1, Encoding ethernet
Link Label Type: Packet
Physical Bandwidth: 5640261 kbits/sec
Max Res Global BW: 10000 kbits/sec (reserved: 0% in, 100% out)
MPLS TE Link State: MPLS TE on, RSVP on, up, flooded, allocated
Inbound Admission: reject-huge
Outbound Admission: allow-if-room
Admin. Weight: 1 (IGP)
IGP Neighbor Count: 1
Link ID:: EthX/D.102 (192.168.102.7P)
Local Intfc ID: 439382118
Link Status:
Intfc Switching Capability Descriptors:
Default: Intfc Switching Cap psc1, Encoding ethernet
Link Label Type: Packet
Physical Bandwidth: 5640261 kbits/sec
Max Res Global BW: 10000 kbits/sec (reserved: 0% in, 0% out)
MPLS TE Link State: MPLS TE on, RSVP on, up, flooded, allocated
Inbound Admission: reject-huge
Outbound Admission: allow-if-room
Admin. Weight: 1 (IGP)
IGP Neighbor Count: 1
N7K-Y-podP(config-te)# show mpls traffic-eng explicit-paths
PATH Link1 (strict source route, path complete, generation 17)

20: next-address 192.168.14.7Q
N7K-Y-podP(config-te)# show mpls traffic-eng tunnels brief
Signalling Summary:
LSP Tunnels Process: running
Passive LSP Listener: running
RSVP Process: running
Forwarding: enabled
Periodic reoptimization: every 3600 seconds, next in 286 seconds
Periodic FRR Promotion: Not Running
Periodic auto-bw collection: disabled
TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT
N7K-Y-podP_t1 192.168.10C.7Q - EthX/D.10C up/up
N7K-Y-podQ_t1 192.168.10C.7P EthX/D.10C - up/up
Displayed 1 (of 1) heads, 0 (of 0) midpoints, 1 (of 1) tails
Step 11 Remove the static route from your Windows server: route DELETE 172.16.1Q.0 (Q is
your peer pod number).
n You have used the show commands to verify the MPLS TE configuration.
Guided Lab 12: Configuring Cisco OTV
Overview
n Configure basic Cisco OTV features and verify the configuration between the two sites
n Configure advanced Cisco OTV features and verify the configuration between the two sites
Visual Objective
Required Resources
Extenders.
Command List
Command Description
This command configures an accept lifetime for the

accept-lifetime start-time end-time key.
This command configures the authentication

authentication keychain keychain-name keychain for PDU authentication.
This command enables authentication of Cisco OTV

authentication-check PDUs.

authentication-type {cleartext | md5} method.
feature otv This command enables Cisco OTV.
This command creates a Cisco OTV overlay

interface overlay interface interface.
This command sets the IGMP version to the value

ip igmp version 3 specified.
This command creates the keychain and enters

key chain name keychain configuration mode.
This command enters key configuration mode for the

key key-ID key that you specified.
key-string [encryption-type] text-string This command configures the text string for the key.
This command configures multicast group addresses

that are used by the Cisco OTV control plane for this
otv control-group mcast-address OTV overlay.
This command configures one or more ranges of

local IPv4 multicast group prefixes used for multicast
otv data-group mcast-range1 data traffic.
This command extends a range of VLANs over this

overlay interface and enables Cisco OTV
otv extend-vlan vlan-range advertisements for these VLANs.
otv isis authentication keychain keychain- This command configures the authentication
name keychain for edge device authentication.
This command enables authentication of hello

otv isis authentication-check messages between Cisco OTV edge devices.

otv isis authentication-type {cleartext | md5} method.
This command joins the Cisco OTV overlay interface

otv join-interface interface with a physical Layer 3 interface.
This command enters OTV router configuration

otv-isis default mode.
send-lifetime start-time end-time This command configures a send lifetime for the key.
This command displays information about VLANs

show otv [overlay interface] vlan that are associated with an overlay interface.
This command displays information about the

show otv adjacency adjacencies on the overlay network.
This command displays the Cisco OTV VPN
show otv isis hostname vpn all configuration.
This command displays information about overlay

show otv overlay [interface] interfaces.
This command displays information about the Cisco

show otv route OTV routes.
This command displays information about the local

show otv site site.
vpn overlay-name This command enters OTV VPN configuration mode.
your pod Cisco Nexus 5000 Switch.
Activity Procedure
N7K-Y-podP(config)# no feature-set mpls
N7K-Y-podP(config)# rollback running-config checkpoint base

Step 5 Roll back to the configuration checkpoint BASE on your Nexus 5000 switch.
N5K-P# conf
N5K-P# conf
N5K-P# conf
N7K-X-PodP# conf
N7K-X-PodP# conf
N7K-X-PodP# conf
N5K-P# conf
N5K-P(config)#
N5K-P# conf
n Your pod Cisco Nexus 5000 Switch is connected only to your pod VDC.
Task 2: Configuring Basic Cisco OTV
In this task, you will configure basic Cisco OTV features and verify the configuration between the
two sites.
Activity Procedure
Step 1 Connect to your VDC pod and enable the Cisco OTV feature.
N7K-Y-podP(config)# feature otv
Step 2 Check the switch transport services license.

N7K-Y-podP# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
------------------------------------------------------------------------------
MPLS_PKG Yes - Unused never -
TRANSPORT_SERVICES_PKG Yes - In use never -
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused never - --
----------------------------------------------------------------------------
Step 3 Configure the physical interface that Cisco OTV uses to reach the DCI transport
infrastructure. Reconfigure the Ethernet interface that is connected to your peer pod as a
Layer 3 interface with address 192.168.100.7P/24 (P is your pod number).
Ethernet 7/D Eth 7/8 Eth 7/10 Eth 7/12
N7K-Y-podP(config)# interface ethernet 7/D

Step 4 Enable IGMP version 3 on the interface.

N7K-Y-podP(config-if)# ip igmp version 3
Step 5 Configure the site identifier. Use value 0xP (P is your pod number).
N7K-Y-podP(config-if)# otv site-identifier 0xP

% Site Identifier mismatch between edge devices within the same site will
prevent OTV local site adjacencies from coming up
Step 6 Create a logical Cisco OTV overlay interface.
N7K-Y-podP(config-if)# interface Overlay1
Step 7 Configure a multicast group address that is used by the Cisco OTV control plane for
this OTV overlay network.
N7K-Y-podP(config-if-overlay)# otv control-group 239.1.1.1
Step 8 Configure a range of local IPv4 multicast group prefixes used for multicast data traffic.
N7K-Y-podP(config-if-overlay)# otv data-group 232.1.1.0/28
Step 9 Join the Cisco OTV overlay interface with a physical Layer 3 interface that is
configured in the previous steps.
N7K-Y-podP(config-if-overlay)# otv join-interface ethernet 7/D
OTV needs join interfaces to be configured for IGMP version 3
Step 10 Assign the VLAN range to the Cisco OTV overlay.

N7K-Y-podP(config-if-overlay)# otv extend-vlan 10-13
N7K-Y-podP(config-if-overlay)# no shutdown
Step 11 Verify information about the overlay interfaces.

N7K-Y-podP# show otv overlay 1
OTV Overlay Information

Site Identifier 0000.0000.000P
Encapsulation-Format ip - gre
Overlay interface Overlay1
VPN name : Overlay1

VPN state : UP
Extended vlans : 10-13 (Total:4)
Control group : 239.1.1.1
Data group range(s) : 232.1.1.0/28
Broadcast group : 239.1.1.1
Join interface(s) : EthX/D (192.168.100.7P)
Site vlan : 1 (up)
AED-Capable : Yes
Capability : Multicast-Reachable
Step 12 Verify the adjacencies on the overlay network (Q is your peer pod number.)
N7K-Y-podP# show otv adjacency
Overlay Adjacency database
Overlay-Interface Overlay1 :
Hostname System-ID Dest Addr Up Time State
N7K-Y-podQ 0026.9804.a942 192.168.100.7Q 00:00:46 UP
Step 13 Verify the VLANs that are associated with an overlay interface.
N7K-Y-podP# show otv vlan
OTV Extended VLANs and Edge Device State Information (* - AED)
VLAN Auth. Edge Device Vlan State Overlay

---- ----------------------------------- ---------- -------
10* N7K-Y-podP active Overlay1
Step 14 Verify information about the local site.

N7K-Y-podP# show otv site
Dual Adjacency State Description
Full - Both site and overlay adjacency up
Partial - Either site/overlay adjacency down
Down - Both adjacencies are down (Neighbor is down/unreachable)
(!) - Site-ID mismatch detected
Local Edge Device Information:

Hostname N7K-Y-podP
System-ID b414.89de.6bc2
Site-Identifier 0000.0000.000P
Site-VLAN 1 State is Up
Site Information for Overlay1:
Local device is AED-Capable

Neighbor Edge Devices in Site: 0
Hostname System-ID Adjacency- Adjacency- AED-
State Uptime Capable
------------------------------------------------------------------------------
Step 15 Test connectivity from your pod Cisco Nexus 5000 Switch to your peer pod Cisco
Nexus 5000 Switch using IP addresses that are configured on SVI 10 (Q is your peer
pod number).
N5K-P# ping 172.16.10.5Q
36 bytes from 172.16.10.5Q: Destination Host Unreachable
Request 0 timed out

Caution You may have to try to ping from both sides – a VLAN interface is silent and the N7K can only
learn the MAC (and send it through OTV) once traffic has been sent – remember OTV does
NOT flood unknown traffic. The ARP request succeeds but the ARP reply never makes it back.
Step 16 Check information about the Cisco OTV routes on your pod VDC.
N7K-Y-podP# show otv route
OTV Unicast MAC Routing Table For Overlay1
VLAN MAC-Address Metric Uptime Owner Next-hop(s)

---- -------------- ------ -------- --------- -----------
10 0005.73e9.ddbc 42 00:00:50 overlay N7K-Y-podQ
10 0005.73ea.2ffc 1 00:01:19 site EthernetX/A
Step 17 Check the MAC address table on your VDC.

N7K-Y-podP# show mac address-table
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
G - 64a0.e742.6e42 static - F F sup-eth1(R)
* 1 000a.f71d.e3d2 dynamic ~~~ F F EthX/A
* 1 000a.f71d.e3d3 dynamic ~~~ F F EthX/A
* 1 000a.f71d.edc0 dynamic ~~~ F F EthX/A
* 1 000a.f71d.edc1 dynamic ~~~ F F EthX/A
* 10 8c60.4f18.9bbc dynamic ~~~ F F EthX/A
O 10 8c60.4f22.ad7c dynamic - F F Overlay1
You have completed this task when you attain these results.
n You have used the show commands to verify that the basic Cisco OTV configuration is in
place and that a connection exists between the two sites.
Task 3: Configuring Advanced OTV (Optional)

In this task, you will configure advanced Cisco OTV features and verify the configuration between
the two sites.
Activity Procedure
Complete these steps.
Step 1 Configure a key chain named otv-keys.
N7K-Y-podP(config)# key chain otv-keys
N7K-Y-podP(config-keychain)# key 0
N7K-Y-podP(config-keychain-key)# key-string 0 test12345
N7K-Y-podP(config-keychain-key)# accept-lifetime 00:00:00 Mar 01 2014 23:59:59
Sep 12 2019
N7K-Y-podP(config-keychain-key)# send-lifetime 00:00:00 Mar 01 2014 23:59:59 Aug
12 2019
Step 2 Configure authentication for edge devices.

N7K-Y-podP(config-keychain-key)# interface overlay 1
N7K-Y-podP(config-if-overlay)# otv isis authentication-check
N7K-Y-podP(config-if-overlay)# otv isis authentication-type md5
N7K-Y-podP(config-if-overlay)# otv isis authentication key-chain otv-keys
Step 3 Configure Cisco OTV PDU authentication. Use the VPN name Overlay1.
N7K-Y-podP(config)# otv-isis default
N7K-Y-podP(config-router)# vpn Overlay1
N7K-Y-podP(config-router-vrf)# authentication-check
N7K-Y-podP(config-router-vrf)# authentication-type md5
N7K-Y-podP(config-router-vrf)# authentication key-chain otv-keys
Step 4 Change an IS-IS network entity title for the routing process to 10.0000.0000.000P.00 (P
is your pod number).
N7K-Y-podP(config-router-vrf)# net 10.0000.0000.000P.00
Step 5 Check the Cisco OTV VPN configuration. (P is your pod number. Q is your peer pod
number.)
N7K-Y-podP(config-router-vrf)# show otv isis hostname vpn all
OTV-IS-IS Process: default dynamic hostname table VPN: Overlay1

Level System ID Dynamic hostname
1 0000.0000.000P* N7K-Y-podP
1 0000.0000.000Q N7K-Y-podQ
Step 6 Complete these steps only if you are working on pod 1, pod 3 or pod 5. Configure the
adjacency server.
N7K-1-podP(config-router-vrf)# interface Overlay1
N7K-1-podP(config-if-overlay)# otv adjacency-server unicast-only
Cannot Configure Adjacency-Server with Control-Group configured
N7K-1-podP(config-if-overlay)# no otv control-group 239.1.1.1

Cannot Configure Adjacency-Server with Data-Group configured
N7K-1-podP(config-if-overlay)# no otv data-group 232.1.1.0/28

Step 7 Complete this step only if you are working on pod 2, pod 4 or pod 6. Configure the
peer pod IP address as the adjacency server.
N7K-2-podP(config-router-vrf)# interface Overlay1

N7K-2-podP(config-if-overlay)# otv use-adjacency-server 192.168.100.7Q unicast-
only
Cannot Configure Adjacency-Server with Control-Group configured
N7K-2-podP(config-if-overlay)# no otv control-group 239.1.1.1
only
Cannot Configure Adjacency-Server with Data-Group configured
N7K-2-podP(config-if-overlay)# no otv data-group 232.1.1.0/28
only
Step 8 Verify information about overlay interfaces.

On pod 1, pod 3 or pod 5:
N7K-1-podP(config-if-overlay)# show otv overlay 1

VPN name : Overlay1

VPN state : UP
Site vlan : 1 (up)
AED-Capable : Yes
Capability : Unicast-Only
Is Adjacency Server : Yes
Adjacency Server(s) : [None] / [None]
On pod 2, pod 4 or pod 6:

N7K-2-podP(config-if-overlay)# show otv overlay 1

VPN name : Overlay1

VPN state : UP
Site vlan : 1 (up)
AED-Capable : Yes
Capability : Unicast-Only
Is Adjacency Server : No
Adjacency Server(s) : 192.168.100.7Q / [None]
Step 9 Check and that the Cisco OTV route to your partner pods OTV interface is present
again before continuing to the next step.
N7K-Y-podP# show otv route
OTV Unicast MAC Routing Table For Overlay1
VLAN MAC-Address Metric Uptime Owner Next-hop(s)

---- -------------- ------ -------- --------- -----------
10 0005.73e9.ddbc 42 00:00:50 overlay N7K-Y-podQ
Step 10 Test connectivity from your pod Cisco Nexus 5000 Switch to your peer pod Cisco
Nexus 5000 Switch, using IP addresses that are configured on SVI 10 (Q is your peer
pod number).
N5K-P# ping 172.16.10.5Q

You have completed this task when you attain these results.
n You have used the show commands to verify that the advanced Cisco OTV features are
configured correctly.
Guided Lab 13: Implementing VXLAN
Overview
Complete this lab activity to implement VXLAN bridging on the Cisco Nexus 7000 Series
Switch. Odd pods will connect to even pods and test connectivity over the bridged VXLAN.
Required Resources
Switches with F3 linecards, two Cisco Nexus 5000 Series Switches.
Command List
Command Description
feature pim Enables pim protocol
ip pim sparse-mode Enables PIM Sparce Mode on this interface
ip pim rp-address Configures a PIM static RP address for a multicast

group range
copy running-config startup-config This command copies the runningconfiguration to the

startup- configuration
show ip pim neighbor To display information about IPv4 Protocol Independent

Multicast (PIM) neighbors, use the show ip pim
neighbor command
show ip pim rp To display information about the rendezvous points

(RPs) for IPv4 Protocol Independent Multicast (PIM),
use the show ip pim rp command
show ip route To display the IP routing table, use the show ip route
command
feature vni Configures the global mode for all VXLAN bridge
domains.
feature nv overlay Enables the VXLAN feature
ip router ospf instance-tag area areaid [ To specify the Open Shortest Path First (OSPF)
secondaries none ] instance and area for an interface, use the ip router
ospf area command. To return to the default, use the
no form of this command
interface nve x Creates a VXLAN overlay interface that terminates

VXLAN tunnels
source-interface src-if The source interface must be a loopback interface that

is configured on the switch with a valid /32 IP address.
This /32 IP address must be known by the transient
devices in the transport network and the remote
VTEPs. This is accomplished by advertising it through a
dynamic routing protocol in the transport network
member vni [range] [mcast-group Associate VXLAN VNIs (Virtual Network Identifiers)
startaddr [end addr]] with the NVE interface and assign a multicast group to
the VNIs
show nve vni Displays VXLAN VNI status
Cisco Nexus 5000 Switch. Next step is to revert to checkpoint BASE configurations on the VDC
and Nexus 5000 Switch.
Activity Procedure

N5K-P# rollback running-config file base
Step 5 On your N5K configure and ENABLE the interfaces connecting to YOUR N7K VDC.
N5K-P# conf
N5K-P# conf
Step 7 On your N5K configure and DISABLE the interfaces connecting to the PEER N7K
VDC.
N5K-P# conf
Step 8 On your N5K create VLANs 10.
N5K-P# conf
N5K-P(config)# vlan 10
N5K-P(config)#

N5K-P# conf
Caution There is NO connectivity between the Nexus 5000 switches at this point.
Task 2: Implement IP routing
In this task, you will configure IP routing on the Cisco Nexus 7000 and verify the operations.
Note This lab requires coordination between pod pairs 1 and 2, 3 and 4, 5 and 6.
Activity Procedure

Step 1 Connect to your pod Cisco Nexus 7000 VDC
Step 2 Create a VRF for the underlay network
N7K-Y-podP(config)# vrf context underlay
N7K-Y-podP(config-vrf)# exit
N7K-Y-podP(config)#
Step 3 Configure the physical interface that we will use to reach the IP transport infrastructure
– here just a point-to-point link. Reconfigure the Ethernet interface that is connected to
your peer pod as a Layer 3 interface with address 192.168.100.7P/24 (P is your pod
number).
Ethernet 7/x Eth 7/8 Eth 7/10 Eth 7/12
N7K-Y-podP(config)# interface ethernet 7/x

N7K-Y-podP(config-if)# vrf member underlay
Step 4 Create and configure a loopback interface with IP 192.168.101.7P/32
N7K-Y-podP(config)# interface loop 0
N7K-Y-podP(config-if)# vrf member underlay
Step 5 Create an OSPF routing process
N7K-Y-podP(config)# feature ospf
N7K-Y-podP(config)# router ospf 42
N7K-Y-podP(config-router)# vrf underlay
N7K-Y-podP(config-router-vrf)# exit
N7K-Y-podP(config-router)# exit
N7K-Y-podP(config)#
Step 6 Configure OSPF on interface from step 2 using OSPF area 0
N7K-Y-podP(config)# interface ethernet 7/X (see table in step 3)
Step 7 Configure OSPF on interface Loopback 0 using OSPF area 0.

Use this section to verify your results.
Step 1 Verify OSP neighbor – wait for the adjacency to be “FULL” state
N7K-X-podP(config-if)# sho ip ospf neighbors vrf underlay
OSPF Process ID 42 VRF underlay
192.168.101.7Q 1 FULL/DR 00:00:02 192.168.100.7Q Eth7/10
N7K-X-podP(config-if)#
Step 2 Verify the routing table

N7K-X-podP(config-if)# sho ip route vrf underlay
IP Route Table for VRF "underlay"
192.168.100.0/24, ubest/mbest: 1/0, attached

*via 192.168.100.7P, Eth7/x, [0/0], 00:05:13, direct
192.168.100.7P/32, ubest/mbest: 1/0, attached
*via 192.168.100.7P, Eth7/x, [0/0], 00:05:13, local
192.168.101.7P/32, ubest/mbest: 2/0, attached
*via 192.168.101.7P, Lo0, [0/0], 00:04:40, local
*via 192.168.101.7P, Lo0, [0/0], 00:04:40, direct
192.168.101.7Q/32, ubest/mbest: 1/0
*via 192.168.100.7Q, Eth7/x, [110/2], 00:01:50, ospf-42, intra
Step 3 Verify reachability loopback-loopback with an extended ping.

N7K-X-podP(config-if)# ping 192.168.101.7Q source 192.168.101.7P vrf
underlay
PING 192.168.101.7Q (192.168.101.7Q) from 192.168.101.73: 56 data bytes

Task 3: Configure Multicast on Nexus 7000 Switches
In this task, you will configure PIM on the Cisco Nexus 7000 switches and verify the operations.
Note This lab requires coordination between pod pairs 1 and 2, 3 and 4, 5 and 6.
Activity Procedure

Step 1 Enable multicast routing and PIM.
N7K-Y-podP# conf
N7K-Y-podP(config)# feature pim
N7K-Y-podP(config)#
Step 2 Configure pim sparse-mode on loopback0 you’ve created in Task 1.
N7K-Y-podP(config)# interface loopback0

N7K-Y-podP(config-if)# ip pim sparse-mode
Step 3 Configure pim sparse-mode on the interface that face the other Nexus 7000 switch.
N7K-Y-podP(config)# interface ethernet 7/x

N7K-Y-podP(config-if)# ip pim sparse-mode
Step 4 Configure your Nexus 7000 VDC to be a BSR candidate on interface loop 0
N7K-2-pod4(config)# vrf context underlay
N7K-2-pod4(config-vrf)# ip pim bsr-candidate loopback 0
N7K-2-pod4(config-vrf)#
Step 5 Configure your Nexus 7000 VDC to be a BSR candidate on interface loop 0 for groups
239.1.1.0/24
N7K-2-pod4(config-vrf)# ip pim rp-candidate loopback 0 group-list 239.1.1.0/24
N7K-2-pod4(config-vrf)#
Use this section to verify your results.
Step 1 Verify your PIM neighbor
N7K-X-podP# sho ip pim neighbor vrf underlay
PIM Neighbor Status for VRF "underlay"
Neighbor Interface Uptime Expires DR Bidir- BFD
Priority Capable State
192.168.100.74 Ethernet7/10 00:04:13 00:01:43 1 yes n/a
N7K-X-podP#
Step 2 Verify RP and BSR configuration

N7K-X-podP# sho ip pim rp vrf underlay
PIM RP Status Information for VRF "underlay"
BSR: 192.168.101.7X, uptime: 00:03:21, expires: 00:01:52,
priority: 64, hash-length: 30
Auto-RP disabled
BSR RP Candidate policy: None
BSR RP policy: None
Auto-RP Announce policy: None
Auto-RP Discovery policy: None
RP: 192.168.101.7P*, (0), uptime: 00:03:37, expires: 00:02:12,

priority: 192, RP-source: 192.168.101.7X (B), group ranges:
239.1.1.0/24
RP: 192.168.101.7Q, (0), uptime: 00:03:09, expires: 00:02:12,
priority: 192, RP-source: 192.168.101.7X (B), group ranges:
239.1.1.0/24
N7K-X-podP#
Task 4: Configure VXLAN Bridging
In this task you need to implement VXLAN bridging on the Cisco Nexus 7000 Series Switch. The Nexus
5000 will be used as an “end station” to test connectivity over the bridged VXLAN.
Note The Nexus 5600 switch also supports full VXLAN functionality.
Activity Procedure

Step 1 Enable the NV overlay feature
N7K-X-podP(config)# feature nv overlay
N7K-X-podP(config)#
Step 2 Enable NVI feature
N7K-X-podP(config)# feature vni
N7K-X-podP(config)#
Step 3 Create VNI 5010
N7K-X-podP(config)# vni ?
<4096-16777215> Vni range, Example: 4096,4099-5013,5019,6011-
6099
N7K-X-podP(config)# vni 5010

N7K-X-podP(config-vni)# ?
clear Reset functions
no Negate a command or set its defaults
shutdown Shutdown VNI
end Go to exec mode
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name
where Shows the cli context you are in
N7K-X-podP(config-vni)# exit
N7K-X-podP(config)#
Step 4 Define system bridge domains 1000-1999
N7K-X-podP(config)# system bridge-domain 1000-1999
N7K-X-podP(config)#
Step 5 Create a bridge domain 1010
N7K-X-podP(config)# bridge-domain 1010
N7K-X-podP(config-bdomain)#
Step 6 Assign VNI 5010 to the bridge domain
N7K-X-podP(config-bdomain)# member vni 5010
N7K-X-podP(config-bdomain)# exit
N7K-X-podP(config)#
Step 7 Create an encapsulation profile for dot1q tagged VLAN 10 and VNI 5010
N7K-X-podP(config)# encapsulation profile vni vlan10_to_vni5010
N7K-X-podP(config-vni-encap-prof)# dot1q 10 vni 5010
N7K-X-podP(config-vni-encap-prof)# exit
N7K-X-podP(config)#
Note You can use any name you like.
Step 8 Create and enable the NVE interface, assign source loop0
N7K-X-podP(config)# int nve 1
N7K-X-podP(config-if-nve)# source-interface loopback 0
N7K-X-podP(config-if-nve)# no shut
N7K-X-podP(config-if-nve)#
Step 9 Assign VNI 5010 using ip multicast group 239.1.1.10
N7K-X-podP(config-if-nve)# member vni 5010 mcast-group 239.1.1.10
N7K-X-podP(config-if-nve)#
Step 10 Configure the Port 7/P connecting to your nexus 5000 switch for NOT switching
N7K-X-podP(config)# int ethernet 7/P
N7K-X-podP(config-if)# no switchport
N7K-X-podP(config-if)# no shutdown
Step 11 Assign the encapsulation profile to your interface using service instance ID 1
N7K-X-podP(config-if)# service instance 1 vni
N7K-X-podP(config-if-srv-vni)# encapsulation profile vlan10_to_vni5010 default
N7K-X-podP(config-if-srv-vni)# no shut
N7K-X-podP(config-if-srv-vni)#
Step 12 Check the state of your NVE VNI
N7K-X-podP# sho nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags

--------- -------- ----------------- ----- ---- ------------------ -----
nve1 5010 239.1.1.10 Up DP L2 [1010]
N7K-X-podP#
Step 13 Check the nve interface configuration
N7K-X-podP# sho nve interface
Interface: nve1, State: Up, encapsulation: VXLAN
VPC Capability: VPC-VIP-Only [not-notified]
Local Router MAC: f025.72a8.bf43
Host Learning Mode: Data-Plane
Source-Interface: loopback0 (primary: 192.168.101.7P, secondary: 0.0.0.0)
N7K-X-podP#
Step 14 Check the state of your Service Instance
N7K-X-podP# sho service instance vni detail
VSI: VSI-Ethernet7/P.1
If-index: 0x35302001
Admin Status: Up
Oper Status: Up
Auto-configuration Mode: No
encapsulation profile vni vlan10_to_vni5010
dot1q 10 vni 5010
Dot1q VNI BD
------------------
10 5010 1010
N7K-X-podP#
Step 15 Check the global Bridge Domain status
N7K-X-podP# sho bridge-domain summary
Allocated Bridge-Domain Range : 1000-1999

Allocated Fabric Bridge-Domain Range : 0
Number of existing Bridge-Domains : 1
Number of existing Fabric Bridge-Domains : 0
Configured fabric-control Bridge-Domain/VLAN : 0
Number of Operationally Up Bridge-Domains : 1
N7K-X-podP(config)#
Step 16 Check the state of your Bridge domain
N7K-X-podP# sho bridge-domain 1010
Bridge-domain 1010 (2 ports in all)

Name:: Bridge-Domain1010
Administrative State: UP Operational State: UP
vni5010
VSI-Eth7/P.1
nve1
N7K-X-podP#
Step 17 Verify your peer Pod has also reached this step.
Step 18 Send a ping from your Nexus 5000 to your peer Nexus 5000.
N5K-P# ping 172.16.10.5Q
36 bytes from 172.16.10.5P: Destination Host Unreachable
Request 0 timed out
N5K-P#
Step 19 Verify the ARP cache for the remote MAC
N5K-P# sho ip arp
Flags: * - Adjacencies learnt on non-active FHRP router

+ - Adjacencies synced via CFSoE
# - Adjacencies Throttled for Glean
D - Static Adjacencies attached to down interface
IP ARP Table for context default

Total number of entries: 1
Address Age MAC Address Interface
172.16.10.5Q 00:06:16 8c60.4f2f.077c Vlan10
N5K-P#
Step 20 Verify the the remote mac in the mac address table on your Nexus 7000 VDC
N7K-X-podP# sho mac address-table
Note: MAC table entries displayed are getting read from software.
Use the 'hardware-age' keyword to get information related to 'Age'
Legend:
age - seconds since last seen,+ - primary entry using vPC Peer-Link, E
-
EVPN entry
(T) - True, (F) - False , ~~~ - use 'hardware-age' keyword to
retrieve
age info
VLAN/BD MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
G - b414.89dc.7a43 static - F F sup-eth1(R)
* 1010 8c60.4f2d.bf7c dynamic ~~~ F F VSI-Eth7/P.1
* 1010 8c60.4f2f.077c dynamic ~~~ F F nve1/192.168.101.7Q
N7K-X-podP#
Step 21 Check the NVE peer learned by your Nexus 7000 VDC
N7K-X-podP# sho nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 192.168.101.7Q Up DP 00:13:27 n/a
N7K-X-podP#
Step 22 Check the VLAN configuration on your Nexus 7000 VDC, note VLAN 10 does NOT
exist.
N7K-X-podP(config)# sho vlan
VLAN Name Status Ports

---- -------------------------------- --------- -----------------------
1 default active Eth7/P, Eth7/X
VLAN Type Vlan-mode

---- ----- ----------
1 enet CE
Remote SPAN VLANs

-----------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- --------------- ----------------------------------
N7K-X-podP(config)#
Step 23 Check the spanning-tree status, note BD1010 has a STP instance.
N7K-X-podP(config)# sho spanning-tree
BD1010
Address 8c60.4f2f.077c
Cost 1
Port 905 (VSI-Ethernet7/P.1)
Hello Time 2 sec Max Age 20 sec Forward Delay
15 sec

Address f025.72a8.bf43
Hello Time 2 sec Max Age 20 sec Forward Delay
15 sec

---------------- ---- --- --------- -------- -------------------
VSI-Eth7/P.1 Root FWD 1 128.905 P2p
N7K-X-podP(config)#
§ You have verified ping works between the two Nexus 5000
§ You have verified MAC address are learned at the VXLAN bridge
Task 5: Configure centralized VXLAN Routing
In this task you need to implement VXLAN routing on the Cisco Nexus 7000 Series Switch. The Nexus
5000 will be used as an “end station” to test connectivity. This lab configures the two nexus 7K VDCs as
“border Leafs” in a VXLAN fabric using standard routing and HSRP.
Note The Nexus 5600 switch also supports full VXLAN routing functionality.
Activity Procedure

Step 1 Create a customer VRF “overlay1”
N7K-Y-podP(config)# vrf context overlay1
N7K-Y-podP(config-vrf)# exit
N7K-Y-podP(config)#
Step 2 Enable the interface-vlan feature
N7K-X-podP(config)# feature interface-vlan
Step 3 Enable the hsrp feature
N7K-X-podP(config)# feature hsrp
Note GLBP could also be used here.
Step 4 Create a BDI interface (like a VLAN interface but for a bridge domain)
N7K-Y-podP(config)# int bdi 1010
Step 5 Assign the interface to VRF “overlay1”
N7K-Y-podP(config-if)# vrf member overlay1
Warning: Deleted all L3 config on interface Bdi1010
Step 6 Assign address 172.16.10.7P/24 to the interface
Step 7 Create HSRP group 1 on the interface
N7K-Y-podP(config-if-hsrp)#
Step 8 Assign HSRP IP 172.168.10.1
N7K-Y-podP(config-if-hsrp)# exit
Step 9 Enable the interface
N7K-Y-podP(config-if)# no shut
Step 10 Test connectivity to YOUR BDI interface from your Nexus 5000 switch.
N5K-P# ping 172.16.10.7P
PING 172.16.10.7P (172.16.10.7P): 56 data bytes
Request 0 timed out
64 bytes from 172.16.10.7P: icmp_seq=1 ttl=254 time=1.411 ms
--- 172.16.10.7P ping statistics ---

N5K-P#
Step 11 Test connectivity to the PEER BDI interface from your Nexus 5000 switch.
N5K-P# ping 172.16.10.7Q
Request 0 timed out

N5K-P#
Step 12 Check the HSRP status on your Nexus 7000 VDC
N7K-Y-podP(config-if)# sho hsrp
Bdi1010 - Group 1 (HSRP-V1) (IPv4)
Local state is Active, priority 100 (Cfged 100)
Forwarding threshold(for vPC), lower: 1 upper: 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.494000 sec(s)
Virtual IP address is 192.168.10.1 (Cfged)
Active router is local
Standby router is unknown
Authentication text "cisco"
Virtual mac address is 0000.0c07.ac01 (Default MAC)
2 state changes, last state change 00:01:20
IP redundancy name is hsrp-Bdi1010-1 (default)
Step 13 Wait for the state of HSRP to become active or standby.
Step 14 Test connectivity from your Nexus 5000 switch to the HSRP IP.
N5K-P# ping 172.16.10.1
PING 172.16.10.1 (172.16.10.1): 56 data bytes
Request 0 timed out
64 bytes from 172.16.10.1: icmp_seq=1 ttl=254 time=1.355 ms
--- 172.16.10.1 ping statistics ---

N5K-P#
Step 15 On the Nexus 7000 VDC with the ACTIVE HSRP router shut the BDI interface
N7K-Y-podP(config)# int bdi 1010
N7K-Y-podP(config-if)# shut
Step 16 Retest connectivity from the Nexus 5000 switches.
N5K-P# ping 172.16.10.1
PING 172.16.10.1 (172.16.10.1): 56 data bytes
Request 0 timed out
--- 172.16.10.1 ping statistics ---

N5K-P#
§ You have verified ping works to the router IPs and HSRP IPs
§ HSRP works as usual in a “flood and learn” border leaf.
Guided Lab 14: Configuring LISP (Optional)
Overview
n Configure and verify LISP on the Cisco Nexus 7000 Switch
n Configure and verify LISP VM Mobility on the Cisco Nexus 7000 Switch
Visual Objective
Required Resources
Extenders.
Command List
Command Description
authentication-key key-type password This command enters the authentication key type and
password for the LISP site.
database-mapping EID-prefix/prefixlength This command configures a dynamic EID range, the
locator priority priority weight weight RLOC mapping relationship, and associated traffic
policy for all IPv4 dynamic EID prefixes for this LISP
site.
description description This command enters a description for the LISP site
that is being configured.
eid-prefix EID-prefix This command enters the EID prefix for which the LISP
site that is being configured is authoritative.
feature lisp This command enables the LISP feature set.
ip lisp database-mapping EID-prefix/prefix- This command configures an EID-to-RLOC mapping

length locator priority priority weight weight relationship and associated traffic policy for all IPv4
EID prefix(es) for this LISP site.
ip lisp etr map-server map-server-address This command configures the locator address of the
key key-type authentication-key LISP map server to which this router, acting as an IPv4
LISP ETR, registers.
ip lisp itr map-resolver map-resolver-address This command configures the locator address of the
map resolver to which this router sends map-request
messages for IPv4 EIDs.
ip lisp itr-etr This command enables both the LISP ITR and the
LISP ETR functionality.
ip lisp map-resolver map-resolver-address This command configures the locator address of the
map resolver to which this router sends.
ip lisp map-server This command enables LISP map server functionality

on the device.
ip lisp map-resolver This command enables LISP map resolver functionality

on the device.
lisp dynamic-eid dynamic-eid-map-name This command enables dynamic EIDs for roaming and
enters dynamic EID configuration mode.
lisp extended-subnet-mode This command configures this VLAN interface to work

with VLAN extensions such as Cisco OTV.
lisp mobility dynamic-eid-map-name This command associates this VLAN interface with a
dynamic EID map.
lisp site site-name This command creates the site name.
map-server map-server-address key [0 |3 |7] This command configures the IP address of the LISP
authentication-key map server to which this router registers as an IPv4
LISP ETR.
sh lisp dynamic-eid This command displays a summary of the dynamic

EIDs that are detected.
show ip lisp database This command displays the LISP ETR, configured local
IPv4 EID prefixes, and associated locator sets.
show ip lisp map-cache This command displays the LISP IPv4 EID-to-RLOC
data-cache mapping on an ITR.
Cisco Nexus 5000 Switch. Next step is to revert to checkpoint BASE configurations on the VDC
and Nexus 5000 Switch.
Activity Procedure
N7K-Y-podP# no feature otv


N5K-P# conf
N5K-P# conf
Step 8 On your N5K DISABLE the interfaces connecting to your peer N5K.
N5K-P# conf
N7K-X-PodP# conf
N7K-X-PodP# conf
N7K-X-PodP# conf
N5K-P# conf
N5K-P(config)#
Step 13 Configure a Layer 3 interface between your VDC and peer pod VDC. Use the IP
address 192.168.100.7P/24 (P is your pod number).

Step 14 Verify connectivity to your peer pod (Q is your peer pod number).
N7K-Y-podP(config-if)# ping 192.168.100.7Q

n You have IP connectivity between your pod VDC and your peer pod VDC.
Task 2: Configure LISP
In this task, you will enable LISP and configure the LISP map resolver, LISP-ALTLISP, and
ITR/ETR (xTR) on a pair of VDCs on Cisco Nexus 7000 switches, and verify the configuration
using show commands.
Activity Procedure
Step 1 Enable LISP functionality on your VDC.

N7K-Y-podP(config)# feature lisp
Step 2 Enable both the LISP ITR and the LISP ETR functionality.
N7K-Y-podP(config)# ip lisp itr-etr
Note The next two step are to be configured ONLY on the odd Pods VDCs. All following steps
have to be configured for each Pod, odd and even again.
Step 3 Only for VDCs pod1, pod3 and pod5 configure LISP map server and map resolver
functionality.
N7K-Y-podP(config)# ip lisp map-resolver
N7K-Y-podP(config)# ip lisp map-server
Step 4 Only for VDCs pod1, pod3 and pod 5 configure LISP site Pod P and Pod Q (P is your
pod number, Q is your peer pod number). Associate EID prefixes 172.16.1P.0/24 and
172.16.1Q.0/24, respectively. Use authentication key 123456789.
N7K-Y-podP(config)# lisp site PodP
N7K-Y-podP(config-lisp-site)# eid-prefix 172.16.1P.0/24
N7K-Y-podP(config-lisp-site)# authentication-key 0 123456789
N7K-Y-podP(config-lisp-site)# description LISP Site PodP
N7K-Y-podP(config)# lisp site PodQ

N7K-Y-podP(config-lisp-site)# eid-prefix 172.16.1Q.0/24
N7K-Y-podP(config-lisp-site)# authentication-key 0 123456789
N7K-Y-podP(config-lisp-site)# description LISP Site PodQ
Step 5 Configure the locator address 192.168.100.7X of the map resolvers to which this router
sends map-request messages for IPv4.
X 1 3 5
N7K-Y-podP(config)# ip lisp itr map-resolver 192.168.100.7X
Step 6 Configure an EID-to-RLOC mapping relationship for the 172.16.1P.0/24 prefix for this
LISP site. Use IP address 192.168.100.7P as the locator ID. (P is your pod number.)
N7K-Y-podP(config)# ip lisp database-mapping 172.16.1P.0/24 192.168.100.7P

priority 1 weight 100
Make sure EID-prefix 172.16.1P.0/24 is configured in the site's IGP
Step 7 Configure interface VLAN 10 with IP address 172.16.1P.7P/24.

Step 8 Configure the locator address 192.168.100.7X of the LISP map servers to which this
router, acting as an IPv4 LISP ETR, registers. Use authentication key 123456789.
X 1 3 5
N7K-Y-podP(config)# ip lisp etr map-server 192.168.100.7X key 0 123456789
Step 9 Verify the LISP ETR configured local IPv4 EID prefixes and associated locator set.
N7K-Y-podP(config)# show ip lisp database
LISP ETR IP Mapping Database for VRF "default" (iid 0), global LSBs: 0x00000001
EID-prefix: 172.16.1P.0/24, instance-id: 0, LSBs: 0x00000001

Locator: 192.168.100.7P, priority: 1, weight: 100
Uptime: 01:50:00, state: up, local
Step 10 On your Cisco Nexus 5000 Switch, configure interface Ethernet 1/3, which is connected
to your Windows server in VLAN 10.
Step 11 On your Windows server network adapter that is connected to your pod Cisco Nexus
5000 with IP address 172.16.1P.10P/24.
Step 12 Using the command shell add a route towards 172.16.1Q.0/24 with gateway
172.16.1P.7P (P is your pod number, Q is your peer pod number).
C:\> route add 172.16.1Q.0 mask 255.255.255.0 172.16.1P.7P
Step 13 Use the ping command from your Windows server to verify connectivity to peer
Windows server address 172.16.1Q.10Q (Q is your peer pod number).
C:\> ping 172.16.1Q.10Q
Step 14 Verify the current EID-to-RLOC map cache entries.
N7K-Y-podP(config)# show ip lisp map-cache
LISP IP Mapping Cache for VRF "default" (iid 0), 3 entries

* = Locator data counters are cumulative across all EID-prefixes
0.0.0.0/1, uptime: 00:12:39, expires: 00:02:20, via map-reply

Negative cache entry, action: forward-native
128.0.0.0/3, uptime: 00:12:39, expires: 00:02:20, via map-reply

Negative cache entry, action: forward-native
172.16.1Q.0/24, uptime: 00:01:41, expires: 23:58:18, via map-reply, auth

Locator Uptime State Priority/ Data Control MTU
Weight in/out in/out
192.168.100.7Q 00:01:41 up 1/100 0/0* 2/1 1500
Step 15 Remove the route to 172.16.1Q.0/24 from Windows server.
n You can ping your peer pod Windows server.
Task 3: Configure LISP VM Mobility

In this task, you will configure dynamic EIDs, VM mobility, and HSRP for VM mobility on a pair
of VDCs on Cisco Nexus 7000 Switches, and verify the configuration using show commands.
Activity Procedure
Step 1 Connect to your VDC and enable dynamic EIDS for roaming.
N7K-Y-podP(config)# lisp dynamic-eid eidmapVM
Step 2 Configure a dynamic EID range, the RLOC mapping relationship, and associated traffic
policy for dynamic EID prefixes 172.16.10.0/24 for this LISP site. (P is your pod
number):
N7K-Y-podP(config-dynamic-eid)# database-mapping 172.16.10.0/24 192.168.100.7P
priority 1 weight 100
Step 3 Configure the LISP map server to which this router registers as an IPv4 LISP ETR.
X 1 3 5
N7K-Y-podP(config-dynamic-eid)# map-server 192.168.100.7X key 0 123456789
Step 4 Configure the IP address 172.16.10.7P/24 and VM mobility with VLAN extensions on
VLAN11 (P is your pod number).
N7K-Y-podP(config-dynamic-eid)# interface vlan 10
N7K-Y-podP(config-if)# lisp mobility eidmapVM
N7K-Y-podP(config-if)# lisp extended-subnet-mode
Step 5 Verify a summary of dynamic EIDs that are detected.

N7K-Y-podP(config-dynamic-eid)# show lisp dynamic-eid
LISP Dynamic EID Information for VRF "default"

Dynamic-EID name: eidmapVM
Database-mapping [0] EID-prefix: 172.16.10.0/24, LSBs: 0x00000001
Locator: 192.168.100.7P, priority: 1, weight: 100
Uptime: 00:01:05, state: up, local
Registering more-specific dynamic-EIDs
Registering routes: disabled
Map-Server(s): 192.168.100.7X
Site-based multicast Map-Notify group: none configured
Extended Subnet Mode configured on 1 interfaces
Number of roaming dynamic-EIDs discovered: 0
n You have used show commands to verify LISP VM mobility configuration.
Guided Lab 15: Configuring FCoE
Overview
n Configure FCoE
Visual Objective
Required Resources
Extenders.
Command List
Command Description
This command erases the switch startup

write erase
configuration.
This command binds the virtual Fibre Channel

bind interface ethernet x/y
interface to an Ethernet interface.
This command applies a description to a channel

description description
group.
feature fcoe This command enables FCoE.
interface ethernet x/y This command enters interface mode.
interface vfc x This command enters virtual interface mode.
show fcoe This command displays the FCoE global details.
show interface brief This command displays interface details in brief.
This command displays the virtual Fibre Channel

show interface vfc x
interface.
This command displays the software version running

show version
on the switch.
This command displays the VLAN-to-VSAN mapping

show vlan fcoe
and status.
This command displays the VSAN interface

show vsan membership
membership details.
This command configures an interface as a spanning-

spanning-tree port type edge trunk
tree trunk port at the edge.
This command configures trunk mode on an

switchport mode trunk
interface.
vlan id This command configures a VLAN.
This command enter VSAN database configuration

vsan database
mode.
vsan id This command configures a VSAN.
This command associates a VSAN with a Fibre

vsan id interface vfc x
Channel interface.
In this task, you will use a Telnet or terminal utility to establish a connection to your Cisco Nexus
5000 Switch. Next step is to revert to checkpoint BASE configurations on the Nexus 5000.
Activity Procedure
n You have connected to your pod Cisco Nexus 5000 Switch.
Task 2: Basic Configuration on the Cisco MDS Switch
In this task, you will perform the initial configuration on the Cisco MDS 9000 Switch.
Activity Procedure
Step 1 Using the remote access procedure, connect to your pod Cisco MDS 9000 Switch (P is
your pod number).
User Access Verification
MDS-P login: admin
Password: 1234QWer
Step 2 Erase the startup configuration and reboot the switch.
MDS-P# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
MDS-P# reload
This command will reboot the system. (y/n)? [n] y
Step 3 When the switch has reloaded, configure the admin password as 1234QWer and select
N to enter setup.
---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no) [y]:
Enter the password for "admin": 1234QWer

Confirm the password for "admin": 1234QWer
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
Please register Cisco MDS 9000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. MDS devices must be registered to receive entitled
support services.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime

to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): n
Step 4 Log into the switch with the username “admin” and password “1234QWer.”
192.168.0.P9 login: admin
Password: 1234QWer
Step 5 Configure the device name MDS-P (P is your pod number):

switch# conf t
switch(config)# switchname MDS-P
MDS-P(config)#
Step 6 Enable Fibre Channel interfaces 1/1–1/3.

MDS-P(config)# interface fc 1/1-3
MDS-P(config-if)# no shutdown
Step 7 Verify the status of Fibre Channel interfaces 1/1–1/3.

MDS-P(config-if)# show interface fc1/1-3 brief
------------------------------------------------------------------------------
Interface Vsan Admin Admin Status SFP Oper Oper Port
Mode Trunk Mode Speed Channel
Mode (Gbps)
------------------------------------------------------------------------------
fc1/1 1 auto on notConnected swl -- --
fc1/2 1 auto on notConnected swl -- --
fc1/3 1 auto on up swl FL 1 --
Step 8 Create VSAN 200 and place Fibre Channel interface 1/3 into VSAN 200.
MDS-P(config)# vsan database
MDS-P(config-vsan-db)# vsan 200
MDS-P(config-vsan-db)# vsan 200 interface fc1/3
Traffic on fc1/3 may be impacted. Do you want to continue? (y/n) y
MDS-P(config-vsan-db)# show interface fc 1/3 brief
------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
fc1/3 200 auto on up swl FL 1 --
n You have performed an initial configuration on the Cisco MDS switch.
Task 3: Configuring FCoE on the Cisco Nexus 5000 Switch
In this task, you will configure FCoE on your Cisco Nexus 5000 Switch, and verify the
configuration using show commands.
Activity Procedure
Step 2 Enable FCoE on the Cisco Nexus 5000 Switch.
N5K-P# conf
N5K-P(config)# feature fcoe
FC license checked out successfully
fc_plugin extracted successfully
FC plugin loaded successfully
FCoE manager enabled successfully
FC enabled on all modules successfully
Enabled FCoE QoS policies successfully
Step 3 Configure the unified ports 47–48 to work as Fibre Channel interfaces.
N5K-P(config)# Slot 1
N5K-P(config-slot)# port 47-48 type fc
Port type is changed. Please reload the switch
Step 4 Save your configuration.
N5K-P(config-slot)# copy running-config startup-config

[########################################] 100%
Step 5 A reload is required for the unified ports to accept the change.
N5K-P(config-slot)# reload
WARNING: This command will reboot the system
Do you want to continue? (y/n) [n] y
Note The reload takes about 5 Minutes, do NOT use ctrl+c.
Step 6 As soon as the switch is accessible again, log in and configure interface Ethernet 1/3 for
FCoE.
N5K-P(config-sys-qos)# interface ethernet 1/3
N5K-P(config-if)# spanning-tree port type edge trunk
Warning: Edge port type (portfast) should only be enabled on ports connected to
a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when edge port type (portfast) is enabled, can cause temporary
bridging loops.
Use with CAUTION
Step 7 Create a virtual Fibre Channel interface and bind it to interface Ethernet 1/3.
N5K-P(config-if)# interface vfc 1
N5K-P(config-if)# bind interface ethernet 1/3
N5K-P(config-if)# show interface vfc 1
vfc1 is trunking
Bound interface is Ethernet1/3
Hardware is Ethernet
Port WWN is 20:00:8c:60:4f:22:ad:7f
Admin port mode is F, trunk mode is on
snmp link state traps are enabled
Port mode is TF
Port vsan is 1
Trunk vsans (admin allowed and active) (1)
Trunk vsans (up) ()
Trunk vsans (isolated) ()
Trunk vsans (initializing) (1)
1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
0 frames input, 0 bytes
0 discards, 0 errors
0 frames output, 0 bytes
last clearing of "show interface" counters Tue Jan 27 20:35:44 2015
Interface last changed at Tue Jan 27 20:35:49 2015
Step 8 Create VLAN 200 and enable FCoE.

N5K-P(config-if)# vlan 200
N5K-P(config-vlan)# fcoe
N5K-P(config)# show vlan fcoe
Original VLAN ID Translated VSAN ID Association State

---------------- ------------------ -----------------
200 200 Non-Operational
Step 9 Create VSAN 200 and assign VFC 1.

N5K-P(config)# vsan database
N5K-P(config-vsan-db)# vsan 200
N5K-P(config-vsan-db)# vsan 200 interface vfc 1
Step 10 Display the VSAN details and membership.

N5K-P(config-vsan-db)# show vsan 200
vsan 200 information
name:VSAN0200 state:active
interoperability mode:default
loadbalancing:src-id/dst-id/oxid
operational state:up
N5K-P(config-vsan-db)# show vsan membership

vsan 1 interfaces:
fc1/47 fc1/48
vsan 200 interfaces:

vfc1
vsan 4079(evfp_isolated_vsan) interfaces:
vsan 4094(isolated_vsan) interfaces:

Step 11 Check the FCoE database.
N5K-P(config-vsan-db)# show fcoe database
------------------------------------------------------------------------------
INTERFACE FCID PORT NAME MAC ADDRESS
------------------------------------------------------------------------------
vfc1 0x4d0000 21:00:00:c0:dd:18:6c:d5 00:c0:dd:18:6c:d5
Total number of flogi count from FCoE devices = 1.
Step 12 Confirm the VLAN-to-VSAN FCoE assignment.
N5K-P(config-vsan-db)# show vlan fcoe
Original VLAN ID Translated VSAN ID Association State

---------------- ------------------ -----------------
200 200 Operational
Step 13 Check the Fibre Channel login database.
N5K-P(config-vsan-db)# show flogi database

------------------------------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
------------------------------------------------------------------------------
vfc1 200 0x4d0000 21:00:00:c0:dd:18:6c:d5 20:00:00:c0:dd:18:6c:d5
Total number of flogi = 1.
Step 14 Check the FCNS table.
N5K-P(config-vsan-db)# show fcns database
VSAN 200:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x4d0000 N 21:00:00:c0:dd:18:6c:d5 scsi-fcp:init
Step 15 Enable the Fibre Channel ports 1/47 and 1/48.
N5K-P(config-vsan-db)# interface fc 1/47-48

Step 16 Verify the interface status.
N5K-P(config-if)# show interface fc 1/47-48 brief
------------------------------------------------------------------------------
Mode (Gbps)
------------------------------------------------------------------------------
fc1/47 1 auto on trunking swl TE 4 --
fc1/48 1 auto on trunking swl TE 4 --
Step 17 Check the FCNS table again.
N5K-P(config-if)# show fcns database
VSAN 200:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0xd1009b NL 21:00:00:0c:50:a3:c7:1f (Seagate) scsi-fcp:target
0xd100b3 NL 21:00:00:0c:50:a3:b4:31 (Seagate) scsi-fcp:target
0xda0000 N 20:00:00:0a:f7:1d:e3:d1 scsi-fcp:init
Step 18 Before you continue, verify that your peer pod has completed the previous steps.
Step 19 Configure interface Ethernet 2/5 as a trunk and allow only VLAN 200 on the interface.
N5K-P(config-if)# interface ethernet 2/5

N5K-P(config-if)# switchport trunk allowed vlan 200
N5K-P(config-if)#
Step 20 Create interface VFC 2 and bind it to interface Ethernet 2/5. Configure the interface as
E.
N5K-P(config-if)# interface vfc 2

N5K-P(config-if)# bind interface ethernet 2/5
N5K-P(config-if)# switchport mode E
Step 21 Verify the status of virtual Fibre Channel interface 2.
N5K-P(config-if)# show interface vfc 2 brief
------------------------------------------------------------------------------
Interface Vsan Admin Admin Status Bind Oper Oper
Mode Trunk Info Mode Speed
Mode (Gbps)
------------------------------------------------------------------------------
vfc2 1 E on trunking Eth2/5 TE 40
Step 22 Check that VSAN 200 is up on virtual Fibre Channel interface 2.
N5K-P(config-if)# show interface vfc 2

vfc2 is trunking
Bound interface is Ethernet2/5
Hardware is Ethernet
Port WWN is 20:01:8c:60:4f:22:ad:7f
Admin port mode is E, trunk mode is on
snmp link state traps are enabled
Port mode is TE
Port vsan is 1
Trunk vsans (admin allowed and active) (1,200)
Trunk vsans (up) (200)
Trunk vsans (isolated) ()
Trunk vsans (initializing) (1)
1 minute input rate 2232 bits/sec, 279 bytes/sec, 3 frames/sec
1 minute output rate 3152 bits/sec, 394 bytes/sec, 3 frames/sec
877 frames input, 106732 bytes
878 frames output, 124124 bytes
last clearing of "show interface" counters Tue Jan 27 20:41:38 2015
Interface last changed at Tue Jan 27 20:42:00 2015
Step 23 Check the FCNS table. Verify that you see pWWNs from your pod and from the peer
pod.
N5K-P(config-if)# show fcns database
VSAN 200:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0x7c0000 N 20:00:00:0a:f7:1d:ed:c1 scsi-fcp:init
0xad009b NL 22:00:00:0c:50:a3:c7:1f (Seagate) scsi-fcp:target
0xad00b3 NL 22:00:00:0c:50:a3:b4:31 (Seagate) scsi-fcp:target
0xd1009b NL 21:00:00:0c:50:a3:c7:1f (Seagate) scsi-fcp:target
0xd100b3 NL 21:00:00:0c:50:a3:b4:31 (Seagate) scsi-fcp:target
0xda0000 N 20:00:00:0a:f7:1d:e3:d1 scsi-fcp:init
Step 24 Clear up the configuration on the Cisco Nexus 5000 Switch.

N5K-P(config-if)# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
N5K-P(config-if)# reload
WARNING: This command will reboot the system
Do you want to continue? (y/n) [n] y
n You have used show commands to verify that the host has been able to successfully perform a
FLOGI into the switch.
n You have used show commands to verify that your pod and the peer pod form a Fibre Channel
fabric.
Guided Lab 16: Configuring Security Features
(Optional)
Overview
n Configure and verify access control lists using atomic programming
n Configure port security on the Cisco Nexus 7000 Switch and verify that the configuration has
been applied as per the design requirements
n Configure traffic storm control on the Cisco Nexus 7000 Switch and verify that the
configuration has been applied as per the design requirements
n Configure 802.1ae data encryption on the Cisco Nexus 7000 Switch
Visual Objective
Required Resources
Extenders.
Command List
Command Description
absolute start time date [end time date] This command creates an absolute rule that is in effect
beginning at the time and date that are specified after the
start keyword.
configure session name This command creates a configuration session and enters
session configuration mode.
commit This command validates the configuration changes that are

made in the current session and applies valid changes to
the device.
feature port-security This command enables port security globally.
ip access-group access-list {in | out} This command applies an IPv4 or IPv6 ACL to the Layer 3
interface for traffic flowing in the direction specified.
ip access-list name This command creates the IP ACL and enters IP ACL
configuration mode.
object-group ip address name This command creates the IPv4 address object group.
object-group ip port name This command creates the protocol port object group.
periodic list-of-weekdays time to time This command creates a periodic rule that is in effect on the
days that are specified by the list-of-weekdays argument
between and including the specified start and end times.
periodic weekday time to [weekday] time This command creates a periodic rule that is in effect for one
or more contiguous days between and including the
specified start and end days and times.
resequence ip access-list This command assigns sequence numbers to the rules

contained in the ACL.
show configuration session This command displays the contents of the session.
show interface [ethernet slot/port | port-channel This command displays the traffic storm control
number] counters storm-control configuration for the interfaces.
show ip access-lists This command displays the IPv4 ACL configuration.
show port-security interface This command displays the port security status of a specific
interface.
show running-config aclmgr This command displays ACL configuration, including all time
ranges.
storm-control {broadcast | multicast | unicast} This command configures traffic storm control for traffic on
level percentage the interface.
switchport port-security This command enables port security on the interface.
switchport port-security maximum number This command configures the maximum number of MAC
addresses that can be learned or statically configured for the
current interface.
time-range name This command creates the time range.
verify This command verifies the configuration as a whole, which

is based on the existing hardware and software
configuration and resources.
In this task, you will use a Telnet or terminal utility to establish a connection and will perform
initial configuration on your pod.
Activity Procedure
Step 1 Connect to your pod Cisco Nexus 7000 VDC.
Step 6 On your N5K configure and ENABLE the interface connecting to YOUR N7K VDCs.
N5K-P# conf
Step 7 On your N5K DISABLE the interfaces connecting to the PEER N7K VDCs.
N5K-P# conf
Step 8 On your N5K DISABLE the interfaces connecting to your peer N5K.
N5K-P# conf
Step 9 On your N7K VDC configure and ENABLE the interface connecting to YOUR N5Ks.
N7K-X-PodP# conf
Step 10 On your N7K VDC DISABLE the interface connecting to the PEER N5K.
N7K-X-PodP# conf
N7K-X-PodP# conf
N5K-P# conf
N5K-P(config)#
Step 13 Enable the SVI feature and configure SVI 10 with IP address 172.16.1P.7P/24 (P is
your pod number).
Step 14 Configure an Ethernet interface that is connected to your pod Windows server in
VLAN10.
N5K-P(config-if)# switchport mode access
Step 15 Configure the pod Windows server NIC connected to your pod Cisco Nexus 5000
Switch with IP address 172.16.1P.10P/24. Verify that you can ping 172.16.1P.7P. (P is
your pod number.)
n You have successfully the loaded configuration from checkpoint BASE.
n You have connectivity between the Windows server and SVI 10 on your pod VDC.
Task 2: Configuring ACLs
In this task, you will configure and verify ACLs using atomic programming.
Activity Procedure
Step 1 From within your VDC pod, enter the session using the configure session command.
Name your session ACL-CHECK and create two object groups, one named
RemSupport (includes host 172.16.1P.10P and host 172.16.1Q.10Q) and the
other named RemTerminal (permits Telnet and SSH).
N7K-Y-podP# configure session ACL-CHECK
Config Session started, Session ID is 1
N7K-Y-podP(config-s)# object-group ip address RemSupport
N7K-Y-podP(config-s-ipaddr-ogroup)# host 172.16.1P.10P
N7K-Y-podP(config-s-ipaddr-ogroup)# host 172.16.1Q.10Q
N7K-Y-podP(config-s-ipaddr-ogroup)# exit
N7K-Y-podP(config-s)# object-group ip port RemTerminal
N7K-Y-podP(config-s-port-ogroup)# eq 22
N7K-Y-podP(config-s-port-ogroup)# eq 23
Step 2 Verify the configuration session.

N7K-Y-podP(config-s-port-ogroup)# show configuration session
config session ACL-CHECK

0001 object-group ip address RemSupport
0002 host 172.16.1P.10P
0003 host 172.16.1Q.10Q
0004 object-group ip port RemTerminal
0005 eq 22
0006 eq 23
N7K-Y-podP(config-s-port-ogroup)# exit
Step 3 Configure the time range: absolute starting from 8:00 a.m. (0800) 27 January 2015 and
periodic for working time (from 8:00 a.m. [0800] to 6:00 p.m. [1800]) and weekends.
Adjust time to ensure that you are in the correct time range (show clock command on
the Cisco Nexus 7000 VDC).
N7K-Y-podP(config-s)show clock
Time source is NTP
23:41:48.846 UTC Tue Jan 27 2015
N7K-Y-podP(config-s)# time-range RemSupportVPN
N7K-Y-podP(config-s-time-range)# absolute start 8:00:00 27 January 2014
N7K-Y-podP(config-s-time-range)# periodic Monday Tuesday Wednesday Thursday
8:00:00 to 18:00:00
N7K-Y-podP(config-s-time-range)# periodic Friday 18:00:00 to Monday 9:00:00
N7K-Y-podP(config-s-time-range)# exit
Step 4 Create an IP access list named TermAccess.

N7K-Y-podP(config-s)# ip access-list TermAccess
Step 5 Configure the IP access list TermAccess to permit access from your pod and the peer
Windows servers to SVI 10. Use the object groups named RemSupport and
RemTerminal that were created in Step 1 with the time range RemSupportVPN that was
created in Step 3.
N7K-Y-podP(config-s-acl)# permit tcp addrgroup RemSupport host 172.16.1P.7P
portgroup RemTerminal time-range RemSupportVPN
Step 6 Assign the IP access list “TermAccess” to an SVI 10 interface within your pod VDC in
the ingress direction.
N7K-Y-podP(config-s)# interface vlan 10
N7K-Y-podP(config-s-if)# ip access-group TermAccess in
Step 7 Verify the configuration session.

N7K-Y-podP(config-s-if)# show configuration session
config session ACL-CHECK

0001 object-group ip address RemSupport
0002 host 172.16.1P.10P
0003 host 172.16.1Q.10Q
0004 object-group ip port RemTerminal
0005 eq 22
0006 eq 23
0007 time-range RemSupportVPN
0008 absolute start 8:0:0 27 January 2014
0009 periodic Monday Tuesday Wednesday Thursday 8:0:0 to 18:0:0
0010 periodic Friday 18:0:0 to Monday 9:0:0
0011 ip access-list TermAccess
0012 permit tcp addrgroup RemSupport host 172.16.1P.7P portgroup RemTerminal
time-range RemSupportVPN
0013 interface Vlan10
0014 ip access-group TermAccess in
Step 8 Verify the configuration session ACL-CHECK.

N7K-Y-podP(config-s-if)# verify
Verification Successful
Q1) Was the operation successful?
Q2) Ping the SVI from your Windows server. Was the ping successful? Why?
Step 9 If the operation in Step 9 was successful, then commit the session to the running
configuration.
N7K-Y-podP(config-s)# commit
Commit Successful
Q4) Try Telnet and SSH to the SVI from your Windows server. Were Telnet and SSH
successful? Why?
Step 10 Issue a show running-config aclmgr command.

N7K-Y-podP# show running-config aclmgr
!Command: show running-config aclmgr

!Time: Wed Jan 28 00:05:39 2015
version 7.2(0)D1(1)
object-group ip address RemSupport
10 host 172.16.1P.10p
20 host 172.16.1Q.10Q
object-group ip port RemTerminal
10 eq 22
20 eq 23
ip access-list TermAccess
10 permit tcp addrgroup RemSupport 172.16.1P.7P/32 portgroup RemTerminal time-
range RemSupportVPN
interface Vlan10
ip access-group TermAccess in
10 absolute start 8:00:00 27 January 2014
20 periodic Monday Tuesday Wednesday Thursday 8:00:00 to 18:00:00
30 periodic Friday 18:00:00 to Monday 9:00:00
Q5) Are the access list and object groups part of the running configuration?
Step 11 View the IP access list TermAccess.

N7K-Y-podP# show access-lists
IP access list TermAccess

10 permit tcp addrgroup RemSupport 172.16.11.71/32 portgroup RemTerminal
N7K-Y-podP# show access-lists expanded

10 permit tcp 172.16.1P.10P/32 172.16.1P.7P/32 eq 22 time-range RemSupportVPN
10 permit tcp 172.16.1P.10p/32 172.16.1P.7P/32 eq telnet time-range
RemSupportVPN
10 permit tcp 172.16.1Q.10Q/32 172.16.1Q.7Q/32 eq 22 time-range RemSupportVPN
10 permit tcp 172.16.1Q.10Q/32 172.16.1Q.7Q/32 eq telnet time-range
RemSupportVPN
Step 12 Check that the access list TermAccess is applied to interface VLAN 10.
N7K-Y-podP# show access-lists summary
IPV4 ACL TermAccess
Total ACEs Configured: 1
Configured on interfaces:
Vlan10 - ingress (Router ACL)
Active on interfaces:
Vlan10 - ingress (Router ACL)
IPV4 ACL __urpf_v4_acl__
IPV6 ACL __urpf_v6_acl__
Step 13 Permit the following IP hosts between sequence numbers 5 and 10.
192.168.150.10
192.168.160.10
192.168.165.55
192.168.179.35
N7K-Y-podP# conf t
N7K-Y-podP(config)# ip access-list TermAccess
N7K-Y-podP(config-acl)# 5 permit ip host 192.168.150.10 any
Step 14 View the IP access list TermAccess.
N7K-Y-podP(config-acl)# show access-lists TermAccess

5 permit ip 192.168.150.10/32 any
6 permit ip 192.168.160.10/32 any
7 permit ip 192.168.165.55/32 any
8 permit ip 192.168.179.35/32 any
10 permit tcp addrgroup RemSupport 172.16.1P.7P/32 portgroup RemTerminal
Step 15 Use the resequence command to change the sequence numbers and the step increment.
N7K-Y-podP(config)# resequence ip access-list TermAccess 10 20
Step 16 View the IP access list.

N7K-Y-podP(config)# show access-lists TermAccess

10 permit ip 192.168.150.10/32 any
30 permit ip 192.168.160.10/32 any
50 permit ip 192.168.165.55/32 any
70 permit ip 192.168.179.35/32 any
90 permit tcp addrgroup RemSupport 172.16.1P.7P/32 portgroup RemTerminal
n You have used the show commands to verify the ACL configuration. You have logged into the
Windows host and generated some traffic, and then verified that the traffic that should be
denied has been denied.
Task 3: Configuring Port Security
In this task, you will configure port security on the Cisco Nexus 7000 Switch and verify that the
configuration has been applied as per the design requirements.
Activity Procedure
Step 1 Enable the port security feature.
N7K-Y-podP(config)# feature port-security
N7K-Y-podP(config)#
Step 2 Verify that the port security feature is enabled.

N7K-Y-podP(config)# show feature | i port
eth_port_sec 1 enabled
Step 3 Enable port security on Ethernet interfaces that are connected to your pod Nexus 5000
Switch.
N7K-Y-podP(config)# interface ethernet 7/A

N7K-Y-podP(config-if)# switchport port-security
Step 4 Verify the port security configuration.

N7K-Y-podP(config-if)# show port-security interface ethernet 7/A
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Security violation count : 1
Step 5 Check the interface MAC address table.

N7K-Y-podP(config-if)# show mac address-table interface eth 7/A
Legend:
---------+-----------------+--------+---------+------+----+------------------
Step 6 Configure a static MAC address (for example 00C0.0000.0001).
N7K-Y-podP(config-if)# switchport port-security mac-address 00C0.0000.0001
Step 7 Remove port security from the interface and configure the static MAC address again.
N7K-Y-podP(config-if)# no switchport port-security

N7K-Y-podP(config-if)# switchport port-security mac-address 00C0.0000.0001
Step 8 Enable port security.
N7K-Y-podP(config-if)# switchport port-security
Step 9 Check the interface MAC address table on the interface.
N7K-Y-podP(config-if)# show mac address-table interface ethernet X/A

Legend:
---------+-----------------+--------+---------+------+----+------------------
* 1 00c0.0000.0001 static - T T Eth1/X
Step 10 Verify the port security configuration.
N7K-Y-podP(config-if)# show port-security interface ethernet X/A

Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Security violation count : 0
Step 11 Disable the port security feature.

N7K-Y-podP(config-if)# no feature port-security
Step 12 Restart the interface and verify the interface status.
N7K-Y-podP(config-if)# show interface ethernet X/A brief
------------------------------------------------------------------------------
Interface Ch #
------------------------------------------------------------------------------
EthX/A 1 eth trunk up none 40G(S) --
n You have used the show commands to verify that port security is configured.
Task 4: Configuring Traffic Storm Control
In this task, you will configure traffic storm control on the Cisco Nexus 7000 Switch and verify
that the configuration has been applied as per the design requirements.
Activity Procedure
Step 1 Configure the broadcast traffic storm control limits to 50 percent on interface Ethernet
X/C.
N7K-Y-podP(config)# interface ethernet 7/C

N7K-Y-podP(config-if)# storm-control broadcast level 50
Step 2 Verify the traffic storm control parameters.

N7K-Y-podP(config-if)# show interface ethernet 7/C counters storm-control
------------------------------------------------------------------------------
Port UcastSupp % McastSupp % BcastSupp % TotalSuppDiscards
------------------------------------------------------------------------------
Eth7/C 100.00 100.00 50.00 0
Step 3 Configure the multicast traffic storm control limits to 30 percent on interface Ethernet
7/C:
N7K-Y-podP(config-if)# storm-control multicast level 30

------------------------------------------------------------------------------
------------------------------------------------------------------------------
Eth7/C 100.00 30.00 30.00 0
Step 5 Configure the unicast traffic storm control limits to 75 percent on interface Ethernet
7/C.
N7K-Y-podP(config-if)# storm-control unicast level 75

------------------------------------------------------------------------------
------------------------------------------------------------------------------
Eth7/A 75.00 75.00 75.00 0
Note Only one suppression level is shared by all three suppression modes. As an example, if you set
the broadcast level to 30 and set the multicast level to 40, both levels are enabled and set to 40.
n You have used the show commands to verify that storm control is enabled.
Guided Lab 17: Configuring QoS (Optional)
Overview
n Configure type QoS class maps and verify the configuration
n Configure type QoS policy maps and verify the configuration
n Configure type QoS service policies and verify that the configuration has been applied to the
correct traffic stream
Visual Objective
Required Resources
Extenders.
Command Description
This command assigns the percentage of the

bandwidth remaining percent percent bandwidth that remains to this queue.
This command creates a reference to the class map

name, and enters policy-map class configuration
class type qos class-map-name mode.
This command configures the class map of type

class type queuing class-queuing-name queuing.
class-map [type qos] [match-any | match-all] This command creates or accesses the class map
class-map-name named class-map-name.
This command specifies the default action for
mapping input field values to output field values in a
default {value | copy} table map.
This command specifies a set of mappings of input

from source-value to dest-value field values to output field values in a table map.
This command configures the traffic class by

match [not] dscp dscp-list matching packets that are based on DSCP values.
police [cir] {committed-rate [data-rate] | percent Polices cir in bits or as a percentage of the link rate.
cir-link-percent} [bc committed-burst-rate [link- The conform action is taken if the data rate is cir. If
speed]][pir] {peak-rate [data-rate] | percent cir- be and pir are not specified, all other traffic takes the
link-percent} [be peak-burst-rate [link-speed]] violate action. If be or violate are specified, the
[conform {transmit | set-prec-transmit | set- exceed action is taken if the data rate is pir, and the
dscp-transmit | set-cos-transmit | set-qos- violate action is taken otherwise.
transmit | set-discard-class-transmit} [exceed
{drop | set dscp dscp table {cir-markdown-
map}} [violate {drop | set dscp dscp table {pir-
markdown-map}}]]}
This command creates or accesses the policy map

policy-map type qos qos-policy-map-name that is named qos-policy-map-name.
This command configures the policy map of type

policy-map type queuing policy-map-name queuing.
priority [level value] Selects this queue as a priority queue
This command assigns a queue limit that is based

on the percentage of the buffer memory that is used
queue-limit percent percent_of_queuelimit by the queue.
This command configures WRED for all CoS values
that are not configured by a CoS-specific random-
random-detect cos-based detect command.
service-policy [type qos] {input | output} This command adds the policy map to the input or
policy-map-name output packets of an interface or VLAN.
set dscp-value This command sets the DSCP value to dscp-value.
This command displays the QoS type class-map

show class-map type qos configuration.
This command displays information about all

show policy-map configured policy maps.

show policy-map type queuing configured policy maps of type queuing.
show table-map configured table maps or a selected table map.
This command creates or accesses the table map

table-map table-map-name and then enters table-map mode.

VDC and Cisco Nexus 5000 Switch.
Activity Procedure
Step 1 Connect to your pod Cisco Nexus 7000 VDC.
Step 4 Connect to your Nexus 5000 switch by clinking on the icon in the remote lab GUI Roll
back to the configuration checkpoint BASE on your Nexus 5000 series switch.
N5K-P# conf
N5K-P# conf
N7K-X-PodP# conf
N7K-X-PodP# conf
N7K-X-PodP# conf
N7K-X-PodP(config)# interface ethernet 7/x (see table above)
N7K-X-PodP# conf
N5K-P# conf
N5K-P(config)#
Step 12 Configure SVI 10 with IP address 172.16.10.7P/24 (P is your pod number).

Step 13 On your Cisco Nexus 5000 Switch, configure interface Ethernet 1/3 in VLAN 10:
Step 14 Connect to your assigned Windows server. Configure the NIC that is connected to your
pod Cisco Nexus 5000 Switch with IP address 172.16.10.10P/24. Verify that you can
ping 172.16.10. 10Q. (P is your pod number and Q is your peer pod number.)
Step 15 Open a command prompt and navigate to C:\Users\Administrator\Desktop\Labfiles.
Enter iperf.exe -h to see the help text for the Iperf utility.
Step 16 Start an Iperf server on your system in daemon mode. Use the web TCP port 80 as the
port and set the TCP window size to 64 KB.
C:\Documents and Settings\Administrator\Desktop\Labfiles> .\iperf.exe -s -D -p
80 -w 64k
------------------------------------------------------------
Server listening on TCP port 80
TCP window size: 64.0 KByte
------------------------------------------------------------
IPerf Service started.
Step 17 Check with your peer pod to make sure that they have started the Iperf daemon on their
server.
Step 18 Use the Iperf client to connect to the Iperf service on your peer pod Windows server on
VLAN 10. The IP address of your peer pod is 172.16.10.11Q. (Q is your peer pod
number.) Set the TCP window size to 64 KB and use TCP port 80 as the destination
port.
C:\Documents and Settings\Administrator Desktop\Labfiles> .\iperf.exe -c
172.16.10.10Q -w 64k -p 80
------------------------------------------------------------
Client connecting to 172.16.10.10Q, TCP port 80
------------------------------------------------------------
[1868] local 172.16.10.10P port 4131 connected with 172.16.10.10Q port 80
[ ID] Interval Transfer Bandwidth
[1868] 0.0-10.0 sec 1.96 GBytes 1.68 Gbits/sec
Q1) What is the transfer speed that you achieved?
n You can transfer data between your Windows server and your peer pod Windows server using
the Iperf utility.
n You can connect to your peer pod VDC using Telnet or SSH.
Task 2: Configuring Class Maps

In this task, you will configure type QoS class maps and verify the configuration.
Activity Procedure
Step 1 Connect to your VDC.
Step 2 Enable global QoS statistics.
N7K-Y-podP(config)# qos statistics
Step 3 Configure an access list named WEB-TRAFFIC that matches TCP port 80 for either the
source or the destination port. Enable statistics gathering for the access list.
N7K-Y-podP(config)# ip access-list WEB-TRAFFIC
N7K-Y-podP(config-acl)# permit tcp any any eq 80
N7K-Y-podP(config-acl)# permit tcp any eq 80 any
N7K-Y-podP(config-acl)# statistics per-entry
Step 4 Configure an access list named MGMT-TRAFFIC that matches TCP ports 22 and 23
for either the source or the destination port. Enable statistics gathering for the access
list.
N7K-Y-podP(config-acl)# ip access-list MGMT-TRAFFIC
N7K-Y-podP(config-acl)# statistics per-entry
Step 5 Configure a type QoS class map named WEB within your VDC pod.
N7K-Y-podP(config)# class-map type qos match-any WEB
Step 6 Configure the class to match traffic that is permitted by access list WEB-TRAFFIC.
N7K-Y-podP(config-cmap-qos)# match access-group name WEB-TRAFFIC
N7K-Y-podP(config-cmap-qos)# exit
Step 7 Configure a type QoS class map named MGMT within your VDC pod.
N7K-Y-podP(config)# class-map type qos match-any MGMT
Step 8 Configure the class to match traffic that is permitted by access list MGT-TRAFFIC.
N7K-Y-podP(config-cmap-qos)# match access-group name MGMT-TRAFFIC
Step 9 Configure a type QoS class map named WEB-CORE, which matches packets with CoS
value 4 within your VDC pod.
N7K-Y-podP(config)# class-map type qos match-any WEB-CORE
N7K-Y-podP(config-cmap-qos)# match cos 4
Step 10 Configure a type QoS class map named MGMT-CORE, which matches packets with
CoS value 2 within your VDC pod.
N7K-Y-podP(config)# class-map type qos match-any MGMT-CORE
N7K-Y-podP(config-cmap-qos)# match cos 2
Step 11 Validate the type QoS class map.
N7K-Y-podP# show class-map type qos
Type qos class-maps

====================
class-map type qos match-any WEB

match access-group name WEB-TRAFFIC
class-map type qos match-any MGMT

match access-group name MGMT-TRAFFIC
class-map type qos match-any WEB-CORE

match cos 4
class-map type qos match-any MGMT-CORE

match cos 2
class-map type qos conform-color-in
Description: Conform color map in input direction
class-map type qos conform-color-out

Description: Conform color map in output direction
class-map type qos exceed-color-in

Description: Exceed color map in input direction
class-map type qos exceed-color-out

Description: exceed color map in output direction
n You have used the show commands to verify the class map configuration.
Task 3: Configuring Policy Maps
In this task, you will configure type QoS and queuing policy maps and verify the configuration.
Activity Procedure
Step 1 Create a policy map of type QoS named CLASSIFICATION and associate the class
map WEB with it.
N7K-Y-podP(config-cmap-qos)# policy-map type qos CLASSIFICATION
N7K-Y-podP(config-pmap-qos)# class type qos WEB
N7K-Y-podP(config-pmap-c-qos)#
Step 2 Set the CoS value to 4.
N7K-Y-podP (config-pmap-c-qos)# set cos 4
Step 3 Associate the class map MGMT with the policy map and set the CoS value to 2.
N7K-Y-podP(config-pmap-c-qos)# class type qos MGMT
N7K-Y-podP(config-pmap-c-qos)# set cos 2
Step 4 Create a policy map of type QoS named POLICE and associate the class map WEB-
CORE with it.
N7K-Y-podP(config-pmap-c-qos)# policy-map type qos POLICE
N7K-Y-podP(config-pmap-qos)# class type qos WEB-CORE
Step 5 Configure this class map to mark these packets with DSCP af11 and police to 1 Mb/s:
N7K-Y-podP(config-pmap-c-qos)# set dscp af11
N7K-Y-podP(config-pmap-c-qos)# police cir 1 mbps
Step 6 Associate the class map MGMT-CORE and configure this class map to mark these
packets with DSCP af23.
N7K-Y-podP(config-pmap-c-qos)# class type qos MGMT-CORE
N7K-Y-podP(config-pmap-c-qos)# set dscp af23
Step 7 View the policy maps.
N7K-Y-podP(config)# show policy-map type qos
Type qos policy-maps

====================
policy-map type qos POLICE

class WEB-CORE
set dscp af11
police cir 1 mbps bc 200 ms conform transmit violate drop
class MGMT-CORE
set dscp af23
policy-map type qos CLASSIFICATION
class WEB
set cos 4
class MGMT
set cos 2
Step 8 Create a type queuing policy map named ToN5K.
N7K-Y-podP(config)# policy-map type queuing ToN5K
Step 9 Assign a class-map type queuing to the policy map named ToN5K.
N7K-Y-podP(config-pmap-que)# class type queuing ?
1p3q1t-8e-out-pq1 Egress priority queue 1 of 1p3q1t8e type
1p3q1t-8e-out-q-default Egress default queue of 1p3q1t8e type
1p3q1t-8e-out-q2 Egress queue 2 of 1p3q1t8e type
1p3q1t-8e-out-q3 Egress queue 3 of 1p3q1t8e type
1p3q4t-out-pq1 Egress priority queue of 1p3q4t type
1p3q4t-out-q-default Egress default queue of 1p3q4t type
1p3q4t-out-q2 Egress queue 2 of 1p3q4t type
1p7q4t-out-pq1 Egress priority queue of 1p7q4t type
1p7q4t-out-q-default Egress default queue of 1p7q4t type
2q4t-8e-in-q-default Ingress default queue of 4q2t8e type
2q4t-8e-in-q1 Ingress queue 1 of 4q2t8e type
2q4t-in-q-default Ingress default queue of 2q4t type
2q4t-in-q1 Ingress queue 1 of 2q4t type
8q2t-in-q-default Ingress default queue of 8q2t type
system-pq1 System default queue
system-q-default System priority queue
system-q2 System queue 2
system-q3 System queue 3
N7K-Y-podP(config-pmap-que)# class type queuing 1p7q4t-out-pq1
Step 10 Assign a queue limit that is based on the queue size or a percentage of the buffer
memory that is used by the queue.
N7K-Y-podP(config-pmap-c-que)# priority level 1
N7K-Y-podP(config-pmap-c-que)# queue-limit percent 20
N7K-Y-podP(config-pmap-c-que)# exit
Step 11 Assign a class-map type queuing to the policy map named ToN5K.
N7K-Y-podP(config-pmap-que)# class type queuing 1p7q4t-out-q-default
Step 12 Assign a queue limit that is based on the queue size or a percentage of the buffer
memory that is used by the queue.
N7K-Y-podP(config-pmap-c-que)# queue-limit percent 80
Step 13 Allocate a minimum percentage of the interface bandwidth to a queue.

N7K-Y-podP(config-pmap-c-que)# bandwidth remaining percent 25
Step 14 Configure WRED.

N7K-Y-podP(config-pmap-c-que)# random-detect cos-based
Step 15 View the policy map type queuing.

N7K-Y-podP(config-pmap-c-que)# show policy-map type queuing
Type queuing policy-maps

========================
policy-map type queuing ToN5K

class type queuing 1p7q4t-out-pq1
priority level 1
queue-limit percent 20
class type queuing 1p7q4t-out-q-default
bandwidth remaining percent 25
random-detect cos-based
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
class type queuing 1p3q1t-8e-out-q3
class type queuing 1p3q1t-8e-out-q-default
n You have used the show commands to verify the policy map configuration.
Task 4: Configuring Service Policies
In this task, you will configure type QoS service policies and verify that the configuration has been
applied to the correct traffic stream.
Activity Procedure
Step 1 Assign a service policy type QoS named Data to the Ethernet interface that is connected
to the Cisco Nexus 5000 Switch in the ingress direction.
N7K-Y-podP(config-if)# interface ethernet X/A

N7K-Y-podP(config-if)# service-policy type qos input CLASSIFICATION
Step 2 View the service police type QoS on the interface.
N7K-Y-podP(config-if-range)# show policy-map interface ethernet X/A type qos
Global statistics status : enabled
EthernetX/A
Service-policy (qos) input: CLASSIFICATION

SNMP Policy Index: 285212761
Class-map (qos): WEB (match-any)
Aggregate forwarded :
0 packets
Match: access-group WEB-TRAFFIC
0 packets
set cos 4
Class-map (qos): MGMT (match-any)
0 packets
Match: access-group MGMT-TRAFFIC
0 packets
set cos 2
Step 3 Assign a service policy type QoS named POLICE to the interface that is connected to
your peer VDC in the egress direction (P is your pod number).
N7K-Y-podP(config-if-range)# interface ethernet X/D

N7K-Y-podP(config-if)# service-policy type qos output POLICE
ERROR: Unable to perform the action due to incompatiblity: Module 7 returned
status "Egress policy on an L2 interface is not supported"
Step 4 Assign a service policy type QoS named POLICE to the interface that is connected to
your peer VDC in the ingress direction.
N7K-Y-podP(config-if)# service-policy type qos input POLICE
Step 5 View the service police type QoS on the port channel interface.
N7K-Y-podP(config-if)# show policy-map interface ethernet X/D type qos
Global statistics status : enabled
EthernetX/D
Service-policy (qos) input: POLICE

SNMP Policy Index: 285212776
Class-map (qos): WEB-CORE (match-any)
0 packets
Match: cos 4
0 packets
set dscp af11
police cir 1 mbps bc 200 ms
conformed 0 bytes, 0 bps action: transmit
violated 0 bytes, 0 bps action: drop
Class-map (qos): MGMT-CORE (match-any)
0 packets
Match: cos 2
0 packets
set dscp af23
Step 6 Do not continue to the next step until your peer pod has finished QoS configuration.
Step 7 Repeat the connection test that was performed in Task 1 in which you used the Iperf
client to connect to the Iperf service on your peer pod Windows server on VLAN 10.
The IP address of your peer pod is 172.16.10.11Q. (Q is your peer pod number.) Set the
TCP window size to 64 KB and use TCP port 80 as the destination port. Compare the
output with output in Task.:
C:\Documents and Settings\Administrator Desktop\Labfiles> .\iperf.exe -c

172.16.10.10Q -w 64k -p 80
------------------------------------------------------------
Client connecting to 172.16.10.10Q, TCP port 80
------------------------------------------------------------
[1868] local 172.16.10.10P port 4176 connected with 172.16.10.10Q port 80
[ ID] Interval Transfer Bandwidth
[1868] 0.0-10.5 sec 1.22 MBytes 969 Kbits/sec
n You have used the show commands to verify the service policy configuration and application.
Guided Lab 18: Using Cisco Nexus 7000 NXAPI
Overview
Complete this lab activity to become familiar with the Cisco NX-API Sandbox.
Activity Objective
Configure the Cisco Nexus 7000 Series Switch to run a web server for the Cisco NXAPI
Use the Cisco NX-API Sandbox to familiarize yourself with Rest APIs
Visual Objective
Required Resources
These are the resources and equipment required to complete this activity:
• One Cisco Nexus 7010 Switch
Command List
The table describes the commands used in this activity.
Commands
Command Description
feature nxapi Enables NX-API
show nxapi Displays port information
feature sandbox Enables Sandbox
Task 1: Configure the Cisco Nexus 7000 Series Switch to Accept
HTTP Connections
In this task, you will configure the Cisco Nexus 7000 Series Switch to accept a web browser connection into the
Cisco NX-API.
Activity Procedure

Step 1 Open a PuTTY session to the management interface of your pod Nexus 7010 switch.
Step 2 Log in to the Cisco Nexus 7010 Switch pod with the username admin and password
1234QWer.
login as: admin

Using keyboard-interactive authentication. Password:
Step 3 Enter configuration mode, and then enable the Cisco NX-API feature on your pod
switch.
N7K-Y-podP# con
N7K-Y-podP(config)# feature nxapi
Step 4 Enable the Cisco NX-API feature on your pod switch.
N7K-Y-podP(config)# nxapi sandbox
Step 5 Confirm that the NX-API is listening on ports 80 and 443.
N7K-Y-podP(config)# show nxapi nxapi enabled
Listen on port 80 Listen on port 443 Pod1(config)#
Step 6 Confirm that you have configured the management interface by typing the show run int
mgmt 0 command. This example is of Pod 1.
N7K-1-pod1(config)# show run int mgmt 0

interface mgmt0
vrf member management
ip address 192.168.0.201/24
N7K-1-pod1(config)#
Step 7 Open a web browser and connect to the management IP address of your pod.
Step 8 Log in with the username and password that you created in Lab 1 and click Log In.
Note If you are unable to connect to NX-API, verify that your mgmt 0 interface is configured
correctly.
Step 9 In the top-right corner, explore the options that are in the Message format field.
Step 10 Explore the options in the Command type field.
Step 11 In the Command type field, choose cli_show. The Textarea field should say "show
version" and the output should be xml. This setting is the default when you log in.
Click the POST button.
You should get an XML response that shows on the right-hand side of the page. Notice
that the response is formatted as you would expect from XML.
Step 12 Change Command type field to cli_show_ascii. This action will verify to you that the
command is the command you want by displaying the text as if you had entered the
command in the CLI.
Step 13 Change the value in the Textarea field to show switchname, and then click the POST
button. You will see that the ASCII output returns <hostname>Pod1</hostname> (or
the switchname that you have set your pod to).
Note Some examples of output are truncated to focus on certain elements.
<body>
<hostname> N7K-1-pod1</hostname>
</body>
Step 14 Change the Command type field to cli_conf and change the Textarea to switchname
NX-API_X where X is your pod number. Click the POST Request button and you will
get a returned output of success in the <msg> field.
<code>200</code>
<msg>Success</msg>
Step 15 Switch to interface e7/2 (since that interface is still at its default configuration) to add
Layer 2 information and enable the interface. Keep the Command type field set to
cli_conf. In the Textarea field, type commands to make the interface a switchport and a
trunk, add VLAN 1XX, where XX is your two-digit pod number (so Pod 1 would be
01, and so on), and enable the interface. Type the following:
interface e7/2 ; switchport ; switchport mode trunk ; switchport

trunk allowed vlan
101 ; no shut
Note There must be a space to the right and left of the semi-colon character that separates
commands.
Step 16 Once you post the input, you should get the same response message of success.
<body/>
<code>200</code>
<msg>Success</msg>
Step 17 Verify by changing the Command type field to cli_show_ascii, input the following
message, and post your request.
show switchname ; show run int e7/2
<body>N7K-Y-podP
</body>
<code>200</code>
<msg>Success</msg>
</output>
<output>
<body>!Command: show running-config interface Ethernet7/2
!Time: Tue Sep 15 17:17:31 2015
version 7.2(0)D1(1) interface Ethernet7/2
switchport trunk allowed vlan 201 no shutdown
Step 18 You can verify that the two changes you made have taken effect in the CLI. Open a
PuTTY session to your pod switch, and then type the show run int e7/2 command.
You will see that the switch name and interface have changed to reflect your use of the
Cisco NX-API.
N7K-Y-PodP# sh run int e7/2
!Command: show running-config interface Ethernet7/2

!Time: Tue Sep 15 17:56:22 2015
version 7.2(0)D1(1) interface Ethernet7/2
switchport trunk allowed vlan 201 no shutdown
Answer Key
The correct answers and expected solutions for the activities that are described in this guide
appear here. Please note that these answers and outputs are a guideline and may not completely
match your configurations or device outputs.
Guided Lab 1: Cisco Nexus 7000 Platform Discovery

Task 1 Validation
Q1) What is the file size of each kickstart and system image?
477631895 Jun 22 13:39:18 2015 n7000-s2-dk9.7.2.0.D1.1.bin
37505536 Jun 22 13:40:36 2015 n7000-s2-kickstart.7.2.0.D1.1.bin
Q2) Which version of Cisco NX-OS Software is currently running on the active and
standby processors?
BIOS: version 2.12.0
kickstart: version 7.2(0)D1(1)
system: version 7.2(0)D1(1)
Q3) How much memory is present on the CPU motherboard?

Intel(R) Xeon(R) CPU with 12224948 kB of memory.
Q4) How much bootflash memory is present?

bootflash: 1774256128 kB
Q5) How many fabric modules are installed in the Cisco Nexus 7010 Switch chassis?
Two fabric modules are installed in the Cisco Nexus 7010 Switch chassis.
Q6) Does this switch offer N + 1 switching redundancy?
This switch offers N+1 switching redundancy only for M1 I/O module.
Q7) How many I/O modules are installed in this chassis?
Two I/O modules are installed in this chassis.
Q8) How many power supplies are installed in this chassis?
One power supplies are installed in this chassis.
Q9) How many system fans are installed in this chassis?
Two system fans are installed in this chassis.
Q10) Is there system fan redundancy in this chassis?
Yes, there is system fan redundancy in this chassis.
Q11) How many fabric fans are installed in this chassis?
Two fabric fans are installed in this chassis.
Q12) Is there fabric fan redundancy in this chassis?
Yes, there is fabric fan redundancy in this chassis.
Q13) How many empty I/O module slots are there in this chassis?
There are six empty I/O module slots in this chassis.
Q14) Which supervisor is active?
Supervisor 5 is active.
Q15) Which power supply redundancy mode is currently specified?
Redundant power supply redundancy mode is specified, but the Cisco Nexus 7000 Switch uses
nonredundant mode because only two power supplies are installed in the chassis.
Q16) Which module or modules draw the least amount of power?
Fabric modules draw 60 W.
Q17) How many sensors are distributed on a single I/O module?
Eleven sensors are distributed on M1 I/O module and eighteen on F1 I/O module.
Task 2: Interface Configuration

Q18) Based on the output of the show interface brief command, how many SFP+
transceivers are installed in module 7?
Four SFP+ transceivers are installed in module 7.
Q19) Which interfaces within module 7 have SFP+ transceivers installed?
Pod 1 and 2: Ethernet 7/1, Ethernet 7/2, Ethernet 7/7, Ethernet 7/8
Q20) Are the I/O module interfaces currently set to perform as Layer 2 or Layer 3 interfaces?
The I/O module interfaces are currently set to perform as Layer 2 interfaces.
Q21) Which type of SFP+ transceivers are installed in module 7?
QSFP-40G-AOC are installed in module 7.
Q22) What is the maximum distance between devices that this transceiver will support?
QSFP-H40G-AOC3M supports 3 meters.
Task 3: Layer 3 Connectivity

Q23) Are your ping commands successful?
Your answer will depend on whether you have configured both devices correctly.
Guided Lab 3: Configuring System Management

Task 1: Cisco Fabric Services
Q1) Why do you get an error message?
You have to commit changes before you can see them in the running configuration.
Q2) Do they see the newly created role in their VDC?
No.
Q3) Why do you not see the configured RADIUS servers?
You have to commit changes before you can see them in the running configuration.
Guided Lab 4: Configuring Troubleshooting Features

Task 3: EEM
Down.
264 Configuring Cisco Nexus 7000 Switches (DCNX7K) v3.1 © 2018 Fast Lane and Cisco Systems, Inc.
Up.

Task 2: Configuring Layer 2 Interfaces and Rapid PVST+
Q1) Which PVRST+ path cost method is being used?
Rapid PVST+ uses the short (16-bit) path-cost method to calculate the cost by default. With the
short path-cost method, you can assign any value in the range of 1 to 65535.
Q2) Which switch or VDC is the root bridge for VLAN 1 in your pod pair?
Correct answer depends of current network topology. Typically one of Nexus 5000 is the root.
Q3) Which switch or VDC is the root bridge for the spanning-tree instance for VLAN 10?
Is it the same or different from VLAN 1?
Correct answer depends on the current network topology. It is expected that the same Nexus
5000 is the root for all VLANs.
Q4) Is there a separate spanning-tree instance for each VLAN?
Yes, PVRST+ creates a separate spanning-tree instance for each VLAN.
Task 3: Using STP Enhancements

Q5) Which keyword indicates that bridge assurance is enabled on the port?
The network point-to-point interface type keyword indicates that bridge assurance is enabled
on the port.
Q6) Can you explain what happened?
Bridge assurance is enabled on spanning-tree network type ports. Ports on the Cisco Nexus
5000 Switch are spanning-tree normal type ports. Bridge assurance on the Cisco Nexus 7000
Switch will block interfaces that are connected to the Cisco Nexus 5000 Switch.
Task 4: Implementing and Verifying MST

Q7) Which spanning-tree path cost method does MST use by default?
MST uses the short (16-bit) path-cost method to calculate the cost by default.
Q8) How many MST instances are currently being used? Can you achieve VLAN load
balancing with this configuration?
One MST instance is currently being used. You cannot achieve VLAN load balancing with this
configuration.
Q9) Which switches or VDCs are the root bridges for each of the MST instances? Are they
the same or different?
The switch with lowest Bridge ID is the root bridge. (BID is a combination of a default priority
value and the MAC address of the switch). Because we have not changed the priority, the
device with the lowest MAC address is the root bridge of all MST instances.
Configuration After Task 4

When you complete this activity, your Cisco Nexus 5000 Switch configuration and Cisco
Nexus 7000 VDC configuration will be similar to the results here, with differences that are
specific to your device or workgroup:
© 2016 Fast Lane and Cisco Systems, Inc. Lab Guide 3.1.0 265
Task 5: Implementing and Verifying Q-in-Q Tunnels
Q10) Why is the Cisco Nexus 5000 Switch a Cisco Discovery Protocol neighbor if there is
no direct Layer 2 connectivity between the two Cisco Nexus 5000 Switches?
You have configured a Layer 2 protocol tunnel Cisco Discovery Protocol on the Cisco Nexus
7000 tunnel interface.
Guided Lab 6: Configuring vPC

Task 1: vPC Domain
Q1) Check the licensing. Do you require a license for the vPC?
No, a license is not required for vPC.
Task 4: vPC Configuration and Optimization

Q2) What is the root ID on MST 0, 1 and 2?
Root IDs are the Cisco Nexus 7000 MAC addresses.
Q3) Why are the vPC member interfaces on the secondary vPC switch disabled?
The keepalive link is up and the secondary vPC switch assumes that the primary switch is up
and only the peer link is down.
Guided Lab 7: Configuring Cisco FabricPath

Task1: Configure the Cisco FabricPath and FabricPath Interfaces and VLANs
Q1) Why is your VDC the root for every STP instance?
FabricPath configuration divides the STP domain into multiple STP domains.
Q2) Why are you able to ping SVI 10 on the peer pod Cisco Nexus 5000 Switch?
VLAN 10 is being bridged by FabricPath on the Nexus 7000 Switches.
Task2: Configure the vPC+

Q3) Why are you unable to create a vPC on the M1 I/O module?
Only F1 interfaces are supported with vPC+.

Task3: Configuring VRFs with OSPFv2
Q1) Check the Cisco Nexus 7000 Switch enterprise license. Is it in use?
Yes, OSPF uses the enterprise license.
When you complete this activity, your Cisco Nexus 7000 VDC configuration will be similar to
the results here, with differences that are specific to your device or workgroup (P is your pod
number, Q is your peer pod number):
Guided Lab 10: Configuring FHRP (Optional)

Task 1: Configure HSRP
Q1) Which are the active and standby routers in your first HSRP group?
The router with the highest IP address for the respective group is elected as active. Pod 2, pod
4, and pod 6 are the active routers. Pod 1, pod 3, and pod 5 are standby routers.
No.
Yes.
Yes.
Task 2: Virtual Router Redundancy Protocol

Q5) Why is VRRP stuck the INIT state on both routers?
Student has to enable VRRP with no shutdown command.
Q6) Which are the active and standby routers in your first VRRP group?
Pod 1, pod 3, and pod 5 are master routers. Pod 2, pod 4, and pod 6 are back-up routers.
Q7) What is priority of the current master?
The priority of the current master is 255 because the VRRP group IP address is the same as the
SVI IP address.
Q8) What is the maximum configurable priority?
The maximum configurable priority is 254.
Yes.
Task 3: Gateway Load Balancing Protocol

Yes.
Guided Lab 16: Configuring Security Features (Optional)

Task 1: Configuring ACLs
Q1) Was the operation successful?
Yes, the “verify” operation was successful because we have a small number of ACL entries in
IOM memory.
Yes, the ping was successful, because the ACL has not been committed yet.
No, the ping was not successful, because ICMP is not permitted in the ACL named
TermAccess.
Q4) Try Telnet and SSH to the SVI from your Windows server. Were Telnet and SSH
successful? Why?
Yes, Telnet and SSH were successful, because the ACL named TermAccess permits Telnet and
SSH.
Q5) Are the access list and object groups part of the running configuration?
Yes, the access list and object groups are part of the running configuration.
Guided Lab 17: Configuring QoS (Optional)
Task 0: Initial Configuration
Q1) What is the transfer speed that you achieved?
This page intentionally left blank
270
FastLane(7K/5K/2K(Nexus(Lab((Rev.(5.0)(
FC(JBOD(
N7K(to(N7K(40GE:(
Pod1+2:(7/7W8( Windows(with(CNA(
Pod3+4:(7/9W10( 3( 3( MDS9124(
Pod5+6:(7/11W12( MDS9124(
(
For(4(Students(
N7K(to(N5K(40GE:(
Pod1:( (7/1(on(both(N7K( 1( 2( N7KW1( N7KW2( 1( 2( (
Pod2:( (7/2(on(both(N7K( GE(
Pod3:( (7/3(on(both(N7K((
Pod5:( (7/5(on(both(N7K( FC(
Configuring Cisco Nexus 7000 Switches (DCNX7K) v3.1

(
N7K(to(N2K(FEX:(
10GE(
2/1(2/2( 2/1(2/2(
none((Port(4(on(FEX(not(used)( 47( 48(
47( 48(
2/5( 2/5( 40GE(
2/6( 2/6(
11( 11(
4(
4(
9( 10( 3( 3( 10( 9(
1(2(3(4( 4(3(2(1(
2( 1((((((((2( 2((((((1( 2( Uses(dual(fabric(for(FC(

CNA( CNA( and(vPC(for(Ethernet(
ESXi(with(student(PCs(
as(VMs(with(passthrough( (infrastructure(Eth(und(
mgmt(eth(port(on(servers(
© 2018 Fast Lane and Cisco Systems, Inc.

NIC(and(dualport(CNA( Win(VM(
Win(VM( not(shown)(

FL Dcnx7k31 Lg314

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FL Dcnx7k31 Lg314

Uploaded by

Copyright:

Available Formats

DCNX7K

Configuring Cisco Nexus 7000

Fast Lane LAB Guide

© 2018 Fast Lane GmbH. All rights reserved.

2 Cisco Data Center Configuring Nexus 7000 Switches (DCNX7K) 3.1

4 Cisco Data Center Configuring Nexus 7000 Switches (DCNX7K) 3.1

6 Cisco Data Center Configuring Nexus 7000 Switches (DCNX7K) 3.1

2( 1((((((((2( 2((((((1( 2( Uses(dual(fabric(for(FC(

8 Cisco Data Center Configuring Nexus 7000 Switches (DCNX7K) 3.1

Device Interface Device Interface

N5K-1 Ethernet 1/3 Server 1 CNA port 1

Ethernet 1/4 Server 2 CNA port 2

Ethernet 1/9 N2K-1 Uplink port 1

Ethernet 1/10 N2K-1 Uplink port 2

Ethernet 1/11 N2K-2 Uplink port 3

Ethernet 2/1 N7K-1-pod1 Ethernet 7/1

Ethernet 2/2 N7K-2-pod2 Ethernet 7/1

Ethernet 2/5 N5K-2 Ethernet 2/5

Ethernet 2/6 N5K-2 Ethernet 2/6

Fibre Channel 1/47 MDS-1 Fibre Channel 1/1

Fibre Channel 1/48 MDS-1 Fibre Channel 1/2

N7K-1-pod1 Ethernet 7/1 N5K-1 Ethernet 2/1

Ethernet 7/2 N5K-2 Ethernet 2/2

Ethernet 7/7 N7K-2-pod2 Ethernet 7/7

Ethernet 7/8 N7K-2-pod2 Ethernet 7/8

N5K-2 Ethernet 1/3 Server 2 CNA port 1

Ethernet 1/4 Server 1 CNA port 2

Ethernet 1/9 N2K-2 Uplink port 1

Ethernet 1/10 N2K-2 Uplink port 2

Ethernet 1/11 N2K-1 Uplink port 3

Ethernet 2/1 N7K-2-pod2 Ethernet 7/2

Ethernet 2/2 N7K-1-pod1 Ethernet 7/2

Ethernet 2/5 N5K-1 Ethernet 2/5

Ethernet 2/6 N5K-1 Ethernet 2/6

Fibre Channel 1/47 MDS-2 Fibre Channel 1/1

Fibre Channel 1/48 MDS-2 Fibre Channel 1/2

N7K-2-pod2 Ethernet 7/1 N5K-1 Ethernet 2/2

Ethernet 7/2 N5K-2 Ethernet 2/1

Ethernet 7/7 N7K-1-pod1 Ethernet 7/7

Ethernet 7/8 N7K-1-pod1 Ethernet 7/8

N5K-3 Ethernet 1/3 Server 3 CNA port 1

Device Interface Device Interface

Ethernet 1/4 Server 4 CNA port 2

Ethernet 1/9 N2K-3 Uplink port 1

Ethernet 1/10 N2K-3 Uplink port 2

Ethernet 1/11 N2K-4 Uplink port 3

Ethernet 2/1 N7K-1-pod3 Ethernet 7/3

Ethernet 2/2 N7K-2-pod4 Ethernet 7/3

Ethernet 2/5 N5K-4 Ethernet 2/5

Ethernet 2/6 N5K-4 Ethernet 2/6

Fibre Channel 1/47 MDS-3 Fibre Channel 1/1

Fibre Channel 1/48 MDS-3 Fibre Channel 1/2

N7K-1-pod3 Ethernet 7/3 N5K-3 Ethernet 2/1

Ethernet 7/4 N5K-4 Ethernet 2/2

Ethernet 7/9 N7K-2-pod4 Ethernet 7/9

Ethernet 7/10 N7K-2-pod4 Ethernet 7/10

N5K-4 Ethernet 1/3 Server 4 CNA port 1

Ethernet 1/4 Server 3 CNA port 2

Ethernet 1/9 N2K-4 Uplink port 1

Ethernet 1/10 N2K-4 Uplink port 2

Ethernet 1/11 N2K-3 Uplink port 3

Ethernet 2/1 N7K-2-pod4 Ethernet 7/4

Ethernet 2/2 N7K-1-pod3 Ethernet 7/4