1.

1 - DC2: Allocate ports and resources to VDC's

In Data Center 2 (DC2), there is one Cisco Nexus 7000 switch. On this switch VDC's are pre-configured
for you. During this task you will assign ports and resources to these VDC's
DC2-N7K-1 is the default VDC
DC2-N7K-3 and DC2-N7K-4 are non-default VDC's
In DC2, allocate ports to VDC's as shown in this table:
Device Name ID Ports Type
DC2-N7K-1 1 Ethernet3/1-8, Ethernet 4/1-16 Ethernet
DC2-N7K-3 3 Ethernet 3/17-24, Ethernet 4/17-24 Ethernet
DC2-N7K-4 4 Ethernet 3/25-32, Ethernet 4/25-32 Ethernet

In DC2, you must configure resources for the VDC's. Use resource templates to perform this task.
Create and apply VDC resource templates as shown in this table:
Template Name VDC Name Resource Minimum Maximum
otv-template DC2-N7K-1 VRF 8 16
VLAN 16 32
Port-Channel 0 32
switch-template DC2-N7K-3 & VRF 16 32
DC2-N7K-4 VLAN 64 128
Port-Channel 32 64

In DC2, make sure that these high-availability policies are applied to the VDC's:

High-availability policy for DC2-N7K-1 must be RESET.

High-availability policy for DC2-N7K-3 and DC2-N7K-4 must be BRINGDOWN.
(2 Points)
1.2 - DC2: Implement VLANs
You must configure VLANs in Data Center 2. These VLANs will be used later in the exam. Assign the
correct name and type as outlined here.
Configure these VLANs on DC2-N7K-1:
Device VLAN ID Name VLAN Mode
DC2-N7K-1 90 dci-site Classic Ethernet
4001 dci-data1 Classic Ethernet
4002 dci-data2 Classic Ethernet
DC2-N7K-3 30 iscsi FabricPath
DC2-N7K-4 40 Esx-mgmt FabricPath
50 Dmz FabricPath
4001 dci-data1 Classic Ethernet
4002 dci-data2 Classic Ethernet
DC2-N5K-1 30 iscsi FabricPath
DC2-N5K-2 40 esx-mgmt FabricPath
50 Dmz FabricPath
70 Vm-data Classic Ethernet
71 Vm-data-nat Classic Ethernet
72 Ace-ft Classic Ethernet
(1 Point)
1.3 - DC2: Configure Layer 2 Links
In this task, you must configure Layer 2 port channels and trunk ports between Data Center 2 switches.
Configure the Layer 2 port channel between DC2-N7K-3 and DC2-N7K-4. Use this information to
complete this task:
Use port channel number 200.
Allow only VLANs 90, 4001, and 4002 on the port channel.
Do not use LACP.

Port assignments are as follows:

VDC Name Port Channel Member Port
DC2-N7K-3 200 Ethernet 4/18-19
DC2-N7K-4 200 Ethernet 4/26-27

DC2-N7K-1 and DC2-N7K-3 are connected using a Layer2 link and a Layer 3 link. Configure the Layer 2
link between these switches as a trunk port.

Use following information to complete this task:

Use VLAN 1 as the native VLAN

Allow only VLAN 90, 4001, 4002 on the port channel.

VDC Name Trunk Port Mode

DC2-N7K-1 Ethernet 4/12 Layer 2
DC2-N7K-3 Ethernet 4/20 Layer 2

(1 Point)
1.4 - DC2: Configure Fabric Path
In DC2, enable fabric-path isis routing between DC2-N7K-3, DC2-N7K-4, DC2-N5K-1, and DC2-N5K-2
Perform these tasks:

Assure that all of the switches that are listed use the FabricPath network for Layer 2
switching between them.
The port channel between DC2-N7K-3 and DC2-N7K-4 will not participate in FabricPath.
Create a port channel between DC2-N5K-1 and DC2-N5K-2, and enable FabricPath on
the port channel. Use any number for the port channel.
Configure switch ID 30, 40, 50, and 60 on DC2-N7K-3, DC2-N7K-4, DC2-N5K-1, and DC2-
N5K-2 respectively.
Allow 20 seconds to detect any switch ID conflicts in the FabricPath domain.
Make sure that only two equal cost paths are selected in the FabricPath domain.
Make sure that DC2-N7K-3 and DC2-N7K-4 use DC2-N5K1 and DC2-N5K-2 as equal cost
paths.

(3 points)

1.5 - DC2: Configure vPC+ to Cisco UCS

In DC2, configure vPC domain 20 between DC2-N5K-1 and DC2-N5K-2.
Perform these tasks:
 Make sure that N5K-1 is always the vPC primary switch.
Use port channel ID 200 for the vPC peer link.
Do not add any new Layer 3 interfaces.
Use switch ID value 70.
Use port channel ID 10 toward Fabric Interconnect A (FI-A).
Use port channel ID 20 toward Fabric Interconnect B (FI-B).
Port channels to Cisco UCS should be configured as IEEE 802.1Q trunk interfaces that
allow only VLANs 30, 40, 70, and 71.
Make sure that port channels 10 and 20 come up without waiting for the standard
forward-time delay.
In a few months, our server team will connect a single-leg server on VLAN 300 that is
connected to N5K-2. Make sure that the interface does not go down in a dual-active
scenario.
Make sure that vPC peer devices are the primary devices on LACP and use priority value
2500.

(3 Points)
1.6 - DC2: Configure FEX
In Data Center 2 (DC2), configure active/active connections from DC2-N5K-1 and DC2-N5K-2 to the FEX.
Use FEX 103 and 104 as indicated in this figure. Make sure both FEX instances skip any bootup tests.

(2 Points)

1.7 - DC2: Implement Cisco NX-OS Layer 3 functionality

You must now configure Layer 3 interfaces on the Cisco Nexus 7000 switches in DC2. Configure the
following:

WAN Layer 3 interfaces on DC2-N7K-3 and DC2-N7K-4

Layer 3 link between DC2-N7K-3 and DC2-N7K-1
Loopback interfaces on DC2-N7K-1, DC2-N7K-3, and DC2-N7K-4

WAN interfaces connect the Cisco Nexus 7000 switch to the WAN switch. The WAN switch is
preconfigured. No configuration is necessary on your part.
Configure the WAN IP addresses as shown in this table:
Device Name Interface IP Address Subnet Mask
DC2-N7K-3 Ethernet 4/23 10.4.1.9 30
DC2-N7K-4 Ethernet 4/31 10.4.1.13 30

Make sure that the jumbo frame size of 9100 bytes is allowed on the WAN.
DC2-N7K-1 and DC2-N7K-3 are connected with a Layer 2 link and Layer 3 link. Configure the Layer 3 link
between these switches.

In DC2, configure the Layer 3 link between DC2-N7K-1 and DC2-N7K-3:

Device Name Interface IP Address Subnet Mask
DC2-N7K-1 Ethernet 4/5 10.4.1.22 30
DC2-N7K-3 Ethernet 4/24 10.4.1.21 30
In DC2, configure the loopback IP addresses as shown in this table:
Device Name Interface IP Address Subnet Mask
DC2-N7K-1 Loopback 0 10.0.2.1 32
DC2-N7K-3 Loopback 0 10.0.2.3 32
DC2-N7K-4 Loopback 0 10.0.2.4 32
(2 Points)

1.8 - DC2: Configure SVI and HSRP

In DC2, configure the switch virtual interfaces as shown in this table:
Device Name Interface IP Address Subnet Mask
DC2-N7K-3 VLAN 40 10.1.40.252 24
VLAN 4001 10.1.41.252 24
VLAN 4002 10.1.42.252 24
DC2-N7K-4 VLAN 40 10.1.40.253 24
VLAN 4001 10.1.41.253 24
VLAN 4002 10.1.42.253 24

In DC2, configure HSRP on DC2-N7K-3 and DC2-N7K-4 as shown in this table:

VLAN Virtual IP Address Group Active MD5 Key
VLAN 40 10.1.40.254 2 ANY CCIEDC
VLAN 4001 10.1.41.254 2 DC2-N7K-3 CCIEDC
VLAN 4002 10.1.42.254 2 DC2-N7K-3 CCIEDC

Use any key chain name. Make sure that HSRP waits 3 seconds before detecting a neighbor down
instance. Also make sure that DC2-N7K-3 is always the active router for VLAN 4001 and VLAN 4002.

(2 Points)
1.9 - DC2: Implement Cisco NX-OS Layer 3 Routing
In DC2, set up EIGRP. Enable EIGRP within DC2 devices and on the connectivity to the WAN. Make sure
that fast failure detection is enabled. The core WAN router is preconfigured with EIGRP.
Perform these tasks on DC2-N7K-1:
Configure EIGRP with AS number 1.
Use the loopback 0 address as the router ID.
Configure interfaces E4/5 in EIGRP.
You are not permitted to use static routes.

Perform these tasks on DC2-N7K-3:

Configure EIGRP with AS number 1.
Use the loopback 0 address as the router ID.
Configure interface E4/23 and E4/24 in EIGRP.
Advertise these SVIs into EIGRP
o VLAN 40
o VLAN 4001
o VLAN 4002
You are not permitted to use static routes.
You are not permitted to configure EIGRP on the VLAN interface.
Make sure that a summary route is sent for VLAN 40, VLAN 4001, and VLAN 4002.

Perform these tasks on DC2-N7K-4:

Configure EIGRP with AS number 1.
Use the loopback 0 address as the router ID.
Configure interface E4/31 in EIGRP.
Advertise these SVIs into EIGRP
o VLAN 40
o VLAN 4001
 o VLAN 4002
You are not permitted to use static routes.
You are not permitted to configure EIGRP on the VLAN interface.
Make sure that a summary route is sent for VLAN 40, VLAN 4001, and VLAN 4002.
( 3 Points)

1.10 - DC2: Configure ACL

In this task, you will configure an IP access list on the WAN interface on DC2 switches.
Allow traffic to VLAN 40, VLAN 4001, and VLAN 4002 via the WAN interface according to this table:

Switch Name WAN Interface Destination Traffic Allowed

DC2-N7K-3 Ethernet 4/23 VLAN 40: 10.1.40.0/24 Any Traffic to this Network
VLAN 4001: 10.1.41.0/24 World Wide Web
Secure Socket Layer
Telnet
VLAN 4002: 10.1.42.0/24 World Wide Web
Secure Socket Layer
Telnet
DC2-N7K-4 Ethernet 4/31 VLAN 40: 10.1.40.0/24 Any Traffic to this Network
VLAN 4001: 10.1.41.0/24 World Wide Web
Secure Socket Layer
Telnet
VLAN 4002: 10.1.42.0/24 World Wide Web
Secure Socket Layer
Telnet

(4 Points)
1.11 - DC2: Configure syslog and NTP
In DC2, make sure that DC2-N7K-3 receives the time from the NTP server 20.0.0.1.
There is a syslog server on a remote sire that is accessible from the WAN network. Configure DC2-N7K-3
to send logs to syslog.
The IP address of the syslog server is 10.0.0.1.
(1 Point)

1.12 - DC2: Configure STP

In this task, you will configure Spanning Tree Protocol in Data Center 2.
Complete these tasks on DC2-N7K-1, DC2-N7K-3, and DC2-N7K-4:

Configure Multiple Spanning Tree for VLAN 4001 and VLAN 4002.
Make sure that DC2-N7K-3 is the root for VLAN 4001 and VLAN 4002.
Use this information to configure MST:
o MST region = 1
o Name = ccie
o MST revision number = 5
Enable Bridge Assurance on the appropriate ports.
 (2 Points)

1.13 - DC1: Allocate ports to VDCs and implement Vlans

In DC1, allocate ports to VDCs as shown in this table:

Device Name ID Ports Type

DC1-N7K-1 1 Ethernet3/1-8,Ethernet4/1-8,Ethernet4/10, Ethernet
Ethernet 4/12,Ethernet 4/14, Ethernet 4/16
DC1-N7K-2 2 Ethernet3/9-16,Ethernet4/9,Ethernet 4/11, Ethernet
Ethernet 4/13, Ethernet 4/15
DC1-N7K-3 3 Ethernet 3/17-24, Ethernet 4/17-24 Ethernet
DC1-N7K-4 4 Ethernet 3/25-32, Ethernet 4/25-32 Ethernet

You must configure VLANs in Data Center 1. These VLANs will be used later in the exam. Assign the
correct name and type as outlined here.
Configure these VLANs on DC1-N7K-1, DC1-N7K-2, DC1-N7K-3, and DC1-N7K-4:
Device Name Vlan ID VLAN Name VLAN Mode
DC1-N7K-1 90 dci-site Classic Ethernet
DC1-N7K-2 4001 dci-data1 Classic Ethernet
DC1-N7K-3 4002 dci-data2 Classic Ethernet
DC1-N7K-4

(2 Points)

1.14 - DC1: Configure Layer 2 links

In this task, you must configure Layer 2 port channels and trunk ports between Data Center 1 switches.
Configure the Layer 2 port channel between DC1-N7K-3 and DC1-N7K-4. Use this information to
complete this task:
Use port channel number 200.
Allow only VLANs 90, 4001, and 4002 on the port channel.
Use LACP.
Use VLAN 90 as the native VLAN.
Make sure that the native VLAN is tagged.
Here are the port assignments:
Device Name Port Channel Member Port
DC1-N7K-3 200 Ethernet 4/18-19
DC1-N7K-4 200 Ethernet 4/26-27

DC1-N7K-1 and DC1-N7K-3 are connected using a Layer 2 link and a Layer 3 link. In this task, you will
configure the Layer 2 link between these switches as a trunk port. Use this information to complete this
task:
Allow only VLANs 90, 4001, and 4002.
Use VLAN 90 as the native VLAN.
Device Name Trunk Port Mode
DC1-N7K-1 Ethernet 4/12 Layer 2
DC1-N7K-3 Ethernet 4/20 Layer 2

DC1-N7K-2 and DC1-N7K-4 are connected using a Layer 2 and a Layer 3 link. In this task, you will
configure the Layer 2 link between these switches as a trunk port. Use this information to complete this
task:
Allow only VLANs 90, 4001, and 4002.
Use VLAN 90 as the native VLAN.

Device Name Trunk Port Mode

DC1-N7K-2 Ethernet 4/13 Layer 2
DC1-N7K-4 Ethernet 4/28 Layer 2
 (2 Points)

1.15 - DC1: Implement Cisco NX-OS Layer 3 functionality

You must now configure Layer 3 interfaces on the Cisco Nexus 7000 switches in DC1. Configure the
following:
WAN Layer 3 interfaces on DC1-N7K-3 and DC1-N7K-4
Layer 3 link between DC1-N7K-3 and DC1-N7K-1
Layer 3 link between DC1-N7K-4 and DC1-N7K-2
Loopback interfaces on DC1-N7K-1, DC1-N7K-2, DC1-N7K-3, and DC1-N7K-4
WAN interfaces connect the Cisco Nexus 7000 switch to the WAN switch. The WAN switch is
preconfigured. No configuration is necessary on your part.

Configure the WAN IP addresses as shown in this table:

Device Name Interface IP Address Subnet Mask
DC1-N7K-3 Ethernet 4/23 10.4.1.1 30
DC1-N7K-4 Ethernet 4/31 10.4.1.5 30

Make sure that the jumbo frame size of 9100 bytes is allowed on the WAN.
DC1-N7K-1 and DC1-N7K-3 are connected with a Layer 2 link and Layer 3 link. Configure the Layer 3 link
between these switches.
In DC1, configure the Layer 3 link between DC1-N7K-1 and DC1-N7K-3:
Device Name Interface IP Address Subnet Mask
DC1-N7K-1 Ethernet 4/5 10.4.1.17 30
DC1-N7K-3 Ethernet 4/24 10.4.1.18 30

DC1-N7K-2 and DC1-N7K-4 are connected with a Layer 2 link and Layer 3 link. Configure the Layer 3 link
between these switches.
In DC1, configure the Layer 3 link between DC1-N7K-2 and DC1-N7K-4:
Device Name Interface IP Address Subnet Mask
DC1-N7K-2 Ethernet 4/9 10.4.1.26 30
DC1-N7K-4 Ethernet 4/25 10.4.1.25 30

In DC1, configure the loopback IP addresses as shown in this table:

Device Name Interface IP Address Subnet Mask

DC1-N7K-1 Loopback0 10.0.1.1 32
DC1-N7K-2 Loopback0 10.0.1.2 32
DC1-N7K-3 Loopback0 10.0.1.3 32
DC1-N7K-4 Loopback0 10.0.1.4 32
(2 Points)

1.16 - DC1: Configure SVI and HSRP

In DC1, configure SVI 4001 and 4002 on DC1-N7K-3 and DC1-N7K-4:
Device Name Interface IP Address Subnet Mask
DC1-N7K-3 VLAN 4001 10.1.41.250 24
VLAN 4002 10.1.42.250 24
DC1-N7K-4 VLAN 4001 10.1.41.251 24
VLAN 4002 10.1.42.251 24

Configure HSRP on DC1-N7K-3 and DC1-N7K-4 as shown in this table:

VLAN Virtual IP Group Active MD5 Key
VLAN 4001 10.1.41.254 2 DC1-N7K-3 CCIEDC
VLAN 4002 10.1.42.254 2 DC1-N7K-3 CCIEDC
Use any key chain name. Make sure that HSRP waits 3 seconds before detecting a neighbor down
instance. Also make sure that DC1-N7K-3 is always the active router for VLAN 4001 and VLAN 4002.
(2 Points)

1.17 - DC1: Implement Cisco NX-OS Layer 3 Routing

In DC1, set up EIGRP. Enable EIGRP within DC1 and also on the connectivity to the WAN. Make sure that
fast failure detection is enabled.
The core WAN router is preconfigured with EIGRP.
You are not permitted to use static routes.

Perform these tasks on DC1-N7K-1:

Configure EIGRP with AS number 1.
 Use the loopback 0 address as the router ID.
Configure interfaces E4/5 in EIGRP.

Perform these tasks on DC1-N7K-2:

Configure EIGRP with AS number 1.
Use the loopback 0 address as the router ID.
Configure interfaces E4/9 in EIGRP.

Perform these tasks on DC1-N7K-3:

Configure EIGRP with AS number 1.
Use the loopback 0 address as the router ID.
Configure interface E4/23 and E4/24 in EIGRP.

Perform these tasks on DC1-N7K-4:

Configure EIGRP with AS number 1.
Use the loopback 0 address as the router ID.
Configure interface E4/25 and E4/31 in EIGRP.
(3 Points)

1.18 - DC1 and DC2: Configure OTV

You must now perform Cisco Data Center Interconnect (DCI) between DC1 and DC2. The WAN core is
enabled for multicast. During this task, you will make sure that DC1-N7K-1, DC1-N7K-2, DC1-N7K-3, and
DC1-N7K-4 are configured appropriately to support OTV within DC1.
Similarly, make sure that DC2-N7K-1, DC2-N7K-3, and DC2-N7K-4 are configured appropriately to
support OTV in DC2.
VLAN 4001 and VLAN 4002 must be extended between DC1 and DC2. All other VLANs will stay local to
the data center. Do not create additional VLANs for this task.
You are allowed to use a multicast address range to achieve the task.
The RP address is 20.0.0.1. PIM sparse mode is running in the WAN core.
In Data Center 1, perform these tasks:
On the Layer 2 trunk port between DC1-N7K-1 and DC1-N7K-3, only allow VLANs that must be
extended.
On the Layer 2 trunk port between DC1-N7K-2 and DC1-N7K-4, only allow VLANs that must be
extended.
Use the loopback 0 address as the router ID.
Use VLAN 90 as the site VLAN.

In Data Center 2, perform these tasks:

On the Layer 2 trunk port between DC2-N7K-1 and DC2-N7K-3. Only allow VLANs that must be
extended.
Use VLAN 90 as the site VLAN.

After completing these infrastructure tasks, configure the necessary DCI tasks as specified in the
question. Then verify that DCI was successful by pinging SVIs 4001 and 4002 from DC1-N7K-3 and DC2-
N7K-3.
Make sure that HSRP is localized within each data center.
(3 Points)

2.1 - Fibre Channel port channel, ISL, and trunking

Refer to this figure:
You have been asked to help resolve a non-optimal Fibre Channel port channel between DC2-MDS-1 and
DC2-N5K-2. The desired result is that port channel ID 22 is up at 8 Gb/s between the two devices and
that only VSANs 1 and 200 are able to traverse it.
(3 Point)

2.2 - Implement Fibre Channel NPV and NPIV features

Configure the two Fibre Channel links between DC2-N5K-1 and DC2-MDS-1 to be two parallel, non-
trunking, NPV-NPIV links for VSAN 100.
The customer demands that servers in VSAN 100 that use these links be distributed equally at all times,
even in the event that one of the links goes down and comes back up.
2.3 - Implement FCoE NPV features
Create a logical device within DC2-N7K-1 that is capable on FCoE functionality. Use the following
parameters:

Device Name ID Port Allocation

DC2-N7K-2 2 Ethernet 3/9-16

Initialize this logical device with the following parameters:

Password : cisco
Mgmt IP : 10.1.1.27
Mgmt Netmask : 255.255.255.0
Mgmt Gateway : 10.1.1.254
Telnet : Enabled

Configure a FCoE NPV-NPIV F-Port trunking and port-channeling link between the DC2-N7K-2 and DC2-
N5K-1 switches. Create VSAN 100
and allow only this VSAN across this link. This link should be configured to use LACP. Make sure that
SID/DID/OXID load-balancing is used
across this link. Use port channel ID 11.
(4 points)
2.4 - Troubleshoot multihop FCoE
The customer reports that the FCoE VE Port channel between the DC2-N7K-2 and DC2-N5K-2 switches is
no working. You have been asked to resolve the issue and get the FCoE VE Port channel working. Once it
is up, it should transport VSAN 200 only. The link should be formed with LACP and use port channel ID
12. Traffic form the N5K to the N7K must load-balance with SID/DID. The resolution must not impact
port channel 11.

(3 points)

2.5 - Implement IP Storage Based Solution

Configure two FCIP links between the DC1-MDS-1 and DC2-MDS-1 switches. Allow VSANs 1, 200 and 100
across both links. The customer has a firewall between the date centers that only permits connections
for each FCIP tunnel with port 3005. The connections must only be initialized from the DC2-MDS-1 side.
Link MTU should be able to accommodate a complete Fibre Channel frame. Use FCIP profiles 10 and
20, and interfaces FCIP 10 and 20.

Device Name Primary Link Address Secondary Link Address

DC1-MDS-1 10.3.1.1/30 10.3.1.5/30
DC2-MDS-1 10.3.1.2/30 10.3.1.6/30

(2 points)

2.6 - Implement FCoE Host Configuration

Configure FCoE connections for DC2-SRV-3 and DC2-SRV-4.
 DC2-SRV-3 port 1 should be in VSAN/VLAN 200. Use vfc 311 for this interface.
DC2-SRV-3 port 0 should be in VSAN/VLAN 100. Use vfc 20 for this interface.
Interface vfc20 must always use DC2-N5K-1 uplink FC 1/32.
DC2-SRV-4 port 0 should be in VSAN/VLAN 100. Use vfc 320 for this interface.
DC2-SRV-4 port 1 should be in VSAN/VLAN 200. Use vfc 420 for this interface.
All required configurations on the host side are preconfigured. You are only required to configure the
N5K and N7K sides. You have access to both servers' Cisco Integrated Management Controllers in case
you need to verify and troubleshoot from the host side.

Section 3 - Unified Computing

You have been tasked to configure and troubleshoot an existing computing solution based on Cisco UCS.
DC2 will be hosting your primary computing cluster. Your primary storage array resides in DC1 and is
reachable via the FCIP link that was already configured. You must configure all Cisco UCS endpoints as
well as SAN and LAN devices as instructed. No access is required to the storage array. Please review this
topology subset, which shows the relevant devices for this section.
Reference Topology:

Note: The port numbers on the topology diagram are the physical port numbers.

3.1 - Troubleshoot Cisco UCS domain infrastructure

You have been tasked to reconfigure the uplink connectivity for your Cisco UCS domain. Configure the
uplinks as shown in the diagram. Port channel IDs and VPC IDs should match each side of the links where
applicable.
The network administrator previously implemented a disjoint Layer 2 network design. This is no longer
required. Remove all disjoint
Layer 2 configurations from Cisco UCS and disable any uplinks that are not listed in this reference
diagram.
(5 points)

3.2 - Modify CoS for iSCSI

Some of your blades will use iSCSI. To accommodate this, perform these configurations:
Configure the Silver CoS queue to accommodate 9000-byte frames
Create a QoS policy named ccie-dc-qos and assign the Silver priority. Allow full host control.
Assign the QOS policy to the two existing vNIC templates.
(3 Points)

3.3 - Create FCoE boot policy

Create a boot policy that meets these criteria:
Name of policy: fcoe-boot-pol.
The CD-ROM should be the first boot device.
The second boot device should be the SAN Boot Primary, using LUN ID 0 on Fabric B.
Obtain target WWN information from the resources that are at your disposal.
(3 Points)

3.4 - Create WWxN pool

Create these resource pools or policies:
Sequentially allocated WWxN pool called ccie-dc-wwxn.
Add a WWN block starting with 20:00:00:25:B5:C0:FF:EE of the minimum size.
(2 points)

3.5 - Create I/O connectivity policies

Create a LAN connectivity policy that meets these requirements:
Name: ccie-lan-con-pol
Create two vNICs named eth0 and eth1 and bind each vNIC to a unique existing vNIC template.
Adapter settings should be optimized for VMware

Create a SAN connectivity policy that meets these requirements:

Name: ccie-san-con-pol
Create a single vHBA named fc0 and assign it to VSAN 200
Use existing WWxN pool that was previously created.
(4 points)

3.6 - Cisco UCS Initiator Zoning

Now that you have created your connectivity policies, you must add your initiators to the correct MDS
zones. Ensure that the existing MDS zones are correctly configured to ensure that your Cisco UCS
initiators and targets can communicate. Add initiator WWNs as required, using the resources that are at
your disposal.
(3 points)

3.7 - Remote boot host over FCoE multihop

As part of this questions and the next one, you must create a service profile. Detailed requirements for
the service profile are provided here.
Part of your objective is to ensure that the previously installed operating system successfully boots with
your configured service profile.

Note: If object names are not explicitly provided, you can use your own naming convention. If policies or
settings are not explicitly provided, use the default values.

Perform the following configurations:

Create a service profile named fcoe-boot in the root organization.
This profile should be restricted to blades that have no local disks installed.
Assign the LAN and SAN connectivity policies that were created in the previous section.
The service profile should use the previously created ccie-xxxx resource pools.
Assign the boot policy that you created in the previous section.
Associate the service profile with Server 1/1 and ensure that the ESX host boots up.
(4 Points)

3.8 - Configure Cisco UCS authentication

LDAP authentication had been configured by one of your colleagues, but they are unable to perform a
successful test authentication. Your task is to troubleshoot and resolve the issue. The LDAP
administrator has confirmed that these details are correct.
No access to the Microsoft Active Directory server is required.

Active Directory Object Value

Domain Controller 10.1.1.214
Bind User CN=ucs binduser, OU=CiscoUCS, DC=cciedc, DC=lab
Bind User Password Cisco
Base DN DC=cciedc, DC=lab
Port 389
Filter $AMAccountName=$userid
Group Authorization Enable
Authentication Domain Name Ldap-domain
Group Recursion Recursive
TargetAttribute Memberof
Ldap provider group Name Ldap-group

Active Directory Group Mapped Cisco UCS Role

Ucsaaa Aaa
Ucsnetwork Network
Active Directory Test User Expected Role
John.smith aaa
 (5 Points)

3.9 - Configure Call Home monitoring

Your manager has instructed you to configure Call Home for Cisco UCS. Call Home should be configured
to only send notifications regarding association failures.
Use these details for configure Call Home:
No need to test Call Home or send inventory

Contact: John Smith

Phone: +1555-555-5555
Email: john.smith@cisco.com
Address: 555 Tasman
Contract ID: 555
From Email: DC2-UCS@cisco.com
Reply To: DC2-UCS@cisco.com
SMTP Server: 10.1.1.201
(2 Points)

Section 4 - Data Center Virtualization with Cisco Nexus 1000V

The Cisco Nexus 1000V Switch has been previously installed. All VMware configurations have been
completed. No access to VMware vCenter or the host is required. The Cisco VSM contains a basic
configuration. After a review of these directives, make any necessary changes.

4.1 - Implement Virtual Switch Module

Assuming that your Cisco UCS blade booted successfully in the previous section, there should be two
modules inserted and online on Cisco VSM.
Modify the uplink port profile to use manual subgroup IDs. The manual subgroup ID for each uplink
interface should match with the vmnic numbering of the host.
Example: vmnic1 = subgroup ID 1, vmnic2 = subgroup ID 2, and so on.
(3 Points)
4.2 - Troubleshoot: Basic port profile configuration
A colleague mistakenly configured the name of the vlan50 port profile. This port profile is already in use
and must not be deleted. Your task is to change the port profile name that is presented to VMware
vCenter to dmz.
(2 Points)
4.3 - Advanced port profile configuration, part 1
You have been tasked to configure the Cisco Nexus 1000V Switch to support iSCSI traffic for IP storage.
One of your colleagues has created a port profile called iscsi. The configuration is no complete. Your job
is to modify the port profile and any other configuration to support IP- based storage.
(3 points)
4.4 - Advanced port profile configuration, part 2
To ensure that proper QoS is applied to your IP storage traffic, configure the iscsi port profile to assign a
CoS value of 2 to all traffic. This will align with the CoS that was previously configured in the Cisco UCS
section. You may use any names you want for policy names.
 (2 points)

UCS / N1K Reference Section

Device IP Username Password
UCS-Cluster-IP 10.1.1.50 admin cisco
DC-FI-A 10.1.1.51 admin cisco
DC-FI-B 10.1.1.52 admin cisco
DC1-MDS-1 10.1.1.61 admin cisco
DC2-N7K-3 10.1.1.24 admin cisco
DC2-N7K-4 10.1.1.25 admin cisco
DC2-N1K (VSM) 10.1.1.212 admin cisco

UCS Pools / Resources Pool Name Starting Value Qty (if applicable)
UUID suffix ccie-dc-uuid 1111-000000000001 10
WWPN (Fabric A) ccie-dc-wwpn-a 20:00:00:25:B5:10:10:01 4
WWPN (Fabric B) ccie-dc-wwpn-b 20:00:00:25:B5:10:10:0A 4
WWNN ccie-dc-wwnn 20:00:00:25:B5:11:10:01 4
MACs ccie-dc-mac 00:25:B5:00:00:01 32
Managements IPs 10.1.1.53/24 7
(KVM)
Management Gateway 10.1.1.254

Storage Objects Value

Fiber Channel SAN Boot LUN ID 0
SAN Boot Policy san-boot-dual
Fabric A zone name zone_ucs_van100
Fabric B zone name zone_ucs_vlan200
Zone set name zs_vsan100, zs_vsan200
Zone names zone_ucs_vsan100, zone_ucs_vsan200