Implementing Cisco Data Center Unified Fabric

DCUFI
Implementing Cisco
Data Center Unified
Fabric
Version 5.1
Fast Lane LAB Guide
Version 5.1.2
ATTENTION
The Information contained in this guide is intended for training purposes only. This guide contains information and activities that, while
beneficial for purposes of training in a close, non-production environment, can result in downtime or other severe consequences and therefore are
not intended as a reference guide. This guide is not a technical reference and should not, under any circumstances be used in a production
environment. Customers should refer to the published specifications applicable to specific products for technical informat ion. The information in
this guide is distributed AS IS, and the use of this information or implementation of any recommendations or techniques herei n is a customer’s
responsibility.
COPYRIGHT
© 2016 Fast Lane GmbH. All rights reserved.
All other brands and product names are trademarks of their respective owners.
No part of this book covered by copyright may be reproduced in any form or by any means (graphic, electronic, or mechanical, including
photocopying, recording, taping, or storage in an electronic retrieval system) without prior written permission of the copyright owner.
Fast Lane reserves the right to change any products described herein at any time and without notice. Fast Lane assumes no responsibility or
liability arising from the use of products or materials described herein, except as expressly agreed to in writing by Fast Lane. The use or purchase
of this product or materials does not convey a license under any patent rights, trademark rights, or any other intellectual property rights of Fast
Lane product described in this manual may be protected by one or more patents, foreign patents, or pending applications.
2 Implementing Cisco Data Center Unified Fabric (DCUFI) v5.1 © 2016 Fast Lane and Cisco Systems, Inc.
DCUFI .............................................................................................................................1
Fast Lane Lab Guide 5.1.2 ............................................................................................5
Overview ............................................................................................................................. 5
Outline ....................................................................................................................................... 5
Fast Lane Nexus Lab ......................................................................................................... 6
Nexus Lab Topology – Lab Aids................................................................................................. 6
Lab IP Address Plan .................................................................................................................. 9
Lab 2-1: Configure Layer 2 Switching ............................................................................ 11
Activity Objective ......................................................................................................................11
Visual Objective ........................................................................................................................11
Job Aids ...................................................................................................................................12
Required Resources .................................................................................................................12
Command List ..........................................................................................................................13
Task 1: Management Connectivity ............................................................................................14
Task 2: Configure the Cisco Nexus 5000 Switch Interfaces .......................................................16
Task 3: Configuring Layer 2 Interfaces and Rapid PVST+ .........................................................17
Task 4: Using STP Enhancements ............................................................................................22
Task 5: Implementing and Verifying MST ..................................................................................25
Lab 2-2: Configure vPCs.................................................................................................. 32
Job Aids ...................................................................................................................................33
Command List ..........................................................................................................................34
Task 1 (Optional): Management Connectivity and Preparation ..................................................36
Task 2: vPC Domain .................................................................................................................38
Task 3: vPC Keepalive Link ......................................................................................................39
Task 4: vPC Peer Link ..............................................................................................................40
Task 5: vPC Configuration and Optimization .............................................................................42
Task 6: FEX Configuration ........................................................................................................46
Lab 2-3: Configure Cisco FabricPath.............................................................................. 50
Command List ..........................................................................................................................51
Job Aids ...................................................................................................................................51
Task 1: Examine Spanning Tree Load Balancing ......................................................................52
Task 2: Implement Cisco FabricPath .........................................................................................54
Lab 2-4: Configure Layer 3 Switching ............................................................................ 58
Job Aids ...................................................................................................................................59
Command List ..........................................................................................................................59
Task 1: Establish “default” VRF Connectivity between your Cisco Nexus 7000 Series Switch VDC
and Your Peer Pod Cisco Nexus 7000 Series Switch ................................................................62
Task 2: Static Routing ...............................................................................................................65
Task 3: OSPFv2 .......................................................................................................................67
Task 4: EIGRP..........................................................................................................................70
Lab 3-1: Configure OTV ................................................................................................... 74
Job Aids ...................................................................................................................................75
Command List ..........................................................................................................................76
Task 1: Configuring Basic OTV .................................................................................................77
© 2016 Fast Lane and Cisco Systems, Inc. Fast Lane Lab Guide 5.1.2 3
Lab 3-2: Configure QoS ................................................................................................... 83
Activity Objective ...................................................................................................................... 83
Visual Objective ....................................................................................................................... 83
Command List .......................................................................................................................... 85
Task 1: Verify Baseline Connectivity ......................................................................................... 86
Task 2: Class Maps .................................................................................................................. 87
Task 3: Policy Maps ................................................................................................................. 88
Task 4: Service Policies ........................................................................................................... 89
Lab 3-3: Configure Security Features ............................................................................. 91
Job Aids ................................................................................................................................... 92
Required Resources................................................................................................................. 92
Command List .......................................................................................................................... 93
Task 1: Port Security ................................................................................................................ 94
Task 2: Traffic Storm Control .................................................................................................... 96
Task 3: Configuring Access Control List Using Atomic Programming ........................................ 97
Lab 4-1: Configure FCoE ................................................................................................. 99
Required Resources................................................................................................................. 99
Command List ........................................................................................................................ 100
Job Aids ................................................................................................................................. 101
Task 1: Preparing Cisco Nexus 5548UP and 5596UP Switches for Fibre Channel Services .... 102
Task 2: Configuring FCoE on the Cisco Nexus 5548UP and 5596UP Switches ....................... 104
Task 3: Implementing Fibre Channel Services ........................................................................ 107
Task 4: Basic Configuration on the Cisco MDS Switch ............................................................ 109
Lab 4-2: Configuring NPV .............................................................................................. 112
Activity Objective .................................................................................................................... 112
Visual Objective ..................................................................................................................... 112
Command List ........................................................................................................................ 114
Task 1: Configure NPV Mode on the Cisco Nexus 5600 Platform Switch ................................ 116
Task 2: Configure NPIV on the Cisco MDS 9124 Switch ......................................................... 119
Lab 5-1: Configure System Management ..................................................................... 122
Job Aids ................................................................................................................................. 123
Required Resources............................................................................................................... 123
Command List ........................................................................................................................ 124
Task 1: Configure Cisco Fabric Services ................................................................................ 126
Task 2: Configure the Scheduler............................................................................................. 130
Task 3: Configure Cisco Smart Call Home .............................................................................. 133
Lab 5-2: Implement Cisco DCNM for LAN .................................................................... 140
Required Resources............................................................................................................... 140
Command List ........................................................................................................................ 141
Job Aids ................................................................................................................................. 141
Task 1: Installing Cisco Prime Data Center Network Manager ................................................ 142
Task 2: Network Discovery ..................................................................................................... 142
Task 3: Platform Inventory ...................................................................................................... 147
Tear-out Lab diagram .................................................................................................... 150
DCUFI
Fast Lane Lab Guide 5.1.2

Overview
This guide presents the instructions and other information concerning the lab activities for
this course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
 Job Aids
 Lab 2-1: Configure Layer 2 Switching
 Lab 2-2: Configure vPCs
 Lab 2-3: Configure Cisco FabricPath
 Lab 2-4: Configure Layer 3 Switching
 Lab 3-1: Configure OTV
 Lab 3-2: Configure QoS
 Lab 3-3: Configure Security Features
 Lab 4-1: Configure FCoE
 Lab 4-2: Configure NPV
 Lab 5-1: Configure System Management
 Lab 5-2: Implement Cisco DCNM for LAN
 Answer Key
Fast Lane Nexus Lab
Nexus Lab Topology – Lab Aids
Physical topology and pod assignments
Job Aids
These job aids are available to help you complete the lab activity.
Lab Connections
This table lists the physical connections between the devices that are used in this course.
From To
Device Interface Device Interface
N5K-1 Ethernet 1/3 Server 1 CNA port 1
Ethernet 1/4 Server 2 CNA port 2
Ethernet 1/9 N2K-1 Uplink port 1
Ethernet 2/1 N7K-1-pod1 Ethernet 7/1
Ethernet 2/5 N5K-2 Ethernet 2/5
Fibre Channel 1/47 MDS-1 Fibre Channel 1/1
N7K-1-pod1 Ethernet 7/1 N5K-1 Ethernet 2/1
From To
From To
Lab IP Address Plan

This table lists the IP addresses that are configured on the devices in this course.
Device Interface IP Address Prefix Length Default Gateway
N5K-1 Mgmt0 192.168.0.18 /24 192.168.0.10
N5K-2 Mgmt0 192.168.0.28 /24 192.168.0.10
N5K-3 Mgmt0 192.168.0.38 /24 192.168.0.10
N5K-4 Mgmt0 192.168.0.48 /24 192.168.0.10
N5K-5 Mgmt0 192.168.0.58 /24 192.168.0.10
N5K-6 Mgmt0 192.168.0.68 /24 192.168.0.10
N7K-1 admin Mgmt0 192.168.0.210 /24 192.168.0.10
N7K-2 admin Mgmt0 192.168.0.220 /24 192.168.0.10
N7K-1-pod1 Mgmt0 192.168.0.201 /24 192.168.0.10
N7K-2-pod2 Mgmt0 192.168.0.202 /24 192.168.0.10
N7K-1-pod3 Mgmt0 192.168.0.203 /24 192.168.0.10
N7K-2-pod4 Mgmt0 192.168.0.204 /24 192.168.0.10
N7K-1-pod5 Mgmt0 192.168.0.205 /24 192.168.0.10
N7K-2-pod6 Mgmt0 192.168.0.206 /24 192.168.0.10
Pod 1 server Mgmt NIC 192.168.0.11 /24
Pod 1 DCNM Eth0 192.168.0.17 /24
Pod 2 DCNM Eth0 192.168.0.27 /24
Pod 3 DCNM Eth0 192.168.0.37 /24
Pod 4 DCNM Eth0 192.168.0.47 /24
Pod 5 DCNM Eth0 192.168.0.57 /24
Pod 6 DCNM Eth0 192.168.0.67 /24
Device Login Credentials

This table lists the usernames and passwords that are configured on devices in this course.
Device Username Password
N5K admin 1234QWer
N7K-1 pod1 pod1
N7K-2 pod2 pod2
N7K-1 pod3 pod3
N7K-2 pod4 pod4
N7K-1 pod5 pod5
N7K-2 pod6 pod6
N7K-1-pod1, 3, 5 admin 1234QWer
N7K-2-pod2, 4, 6 admin 1234QWer
Pod Server Administrator 1234QWer
DCNM appliance admin 1234QWer
Lab 2-1: Configure Layer 2 Switching
Complete this lab activity to practice what you have learned in the related module.
Activity Objective
In this activity, you will implement Layer 2 switching features on the Cisco Nexus 7000
Series and 5600 Platform switches. After completing this activity, you will be able to meet
these objectives:
 Configure the Layer 2 interfaces and Rapid PVST+, and verify that the Rapid PVST+
configuration is performing as expected
 Configure the STP enhancements that are required, and verify that the configuration is
performing as expected
 Configure MST on the Cisco Nexus 7000 Switch, and then verify the configuration
Visual Objective
The figure illustrates what you will accomplish in this activity.
Job Aids
 Lab topology diagram
 Job Aids at the beginning of the Lab Guide
 STP Root assignment
(P is always your Pod #)
(Q is your peer Pod #)
(X is the odd Pod #)
(Y is the even Pod #)
Pod VLAN STP Root Primary VLAN STP Root Secondary
N7K-X-PodP VLAN11, VLAN13 VLAN10, VLAN12
N7K-Y-PodQ VLAN10, VLAN12 VLAN11, VLAN13
 MST region assignment

Device Region Name Revision Number
N7K-X-PodP regXY XY
N7K-Y-PodQ regXY XY
Required Resources
These are the resources and equipment that are required to complete this activity:
 Two Cisco Nexus 7000 Series switch VDCs
 Two Cisco Nexus 5600 Platform switches
Command List
The table describes the commands that are used in this activity.
Cisco NX-OS Commands
Command Description
show interface brief Displays a summary of the interfaces
show interface transceiver Displays detailed information about installed small form-
factor pluggables (SFPs)
rate-mode dedicated Sets the first port in a port group to dedicated mode
switchport Configures an interface as a Layer 2 switch port
switchport mode trunk Configures an interface as a trunk port
show spanning-tree Displays information related to the Spanning Tree Protocol

(STP)
show vlan internal usage Displays the list of VLANs that are reserved for internal use
vlan <vlan-list> Creates one or more VLANs
name <vlan-name> Configures the VLAN name
show spanning-tree summary Displays a summarized view of the spanning-tree

operational status
spanning-tree vlan <vlan- Changes the priority of the switch in order to make it the
list> root primary root of the spanning tree for the listed VLANs
spanning-tree vlan <vlan- Lowers the spanning-tree priority of the switch below the
list> root secondary default value in order to make the switch the backup
spanning-tree root for the listed VLANs
spanning-tree guard root Enables root guard on an interface
spanning-tree port type Configures an interface as a spanning-tree edge port

edge
feature udld Enables UniDirectional Link Detection (UDLD) on a switch
udld aggressive Enables UDLD aggressive mode
show udld neighbors Displays the list of current UDLD neighbors
spanning-tree port type Enables Bridge Assurance on an interface

network
show spanning-tree Displays the switch ports that are in the spanning-tree
inconsistentports inconsistent state
spanning-tree mst Enters configuration mode for Multiple Spanning Tree

configuration (MST)
name <mst-region-name> Configures the MST region name
revision <mst-revision-nr> Configures the MST revision number
spanning-tree mode mst Changes the spanning-tree protocol to MST
instance <nr> vlan <vlan- Maps a list of VLANs to an MST instance

list>
spanning-tree mst <nr> Changes the priority of the switch in order to make it the
root primary root of the spanning tree for the MST instance
Task 1: Management Connectivity
In this task, you will use a Telnet or terminal utility to establish a connection to your pod
VDC and your pod Nexus 5000 console.
Activity Procedure
Complete these steps:
Step 1 Start the SSH client on the remote server.
Step 2 Connect to your pod Nexus 7000 VDC.
Step 3 Click on your Nexus 5000 icon on the remote lab page to open a console session
to your Nexus 5000.
Step 4 A Cisco Nexus 5000 Series Switch that has been rebooted and does not have a
startup configuration present will repeatedly display the following initial dialog
message. If this message appears, type yes to abort Power On Auto Provisioning.
2012 Jul 11 13:19:33 switch %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 1 has
come online
Starting Power On Auto Provisioning...Done
Abort Power On Auto Provisioning and continue with normal setup

?(yes/no)[n]: yes
Step 5 A Cisco Nexus 5000 Series Switch that has been rebooted with a startup
configuration present will prompt for login credentials. If the login prompt
appears, login with username admin and password 1234QWer. Then, reset the
switch with the following commands.
User Access Verification
N5K-P login: admin
Password:
Last login: Wed Jul 11 14:47:25 from 192.168.0.P1
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
N5K-P# write erase

Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
N5K-P# reload
WARNING: This command will reboot the system
Do you want to continue? (y/n) [n] y
Note The switch will take approximately 5-10 minutes to reload.
Step 6 When the reload has completed, the initial dialog message will be displayed.
Type yes to abort Power On Auto Provisioning.
come online

?(yes/no)[n]: yes
Step 7 The system admin account setup dialog will prompt for enforcing secure
passwords. It is recommended to always implement secure passwords. Type yes
to continue.
---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no): yes

Step 8 You will be required to enter and confirm the admin password. The password
must follow the secure guidelines. Enter 1234QWer as the password.
Note Use the exact password and capitalization as shown. Please do not use any other
passwords in the lab.
Enter the password for "admin":

Confirm the password for "admin":
Note Cisco Nexus Series Switches implement username and password authentication by
default. There must always be an admin username with an associated password. Unlike
Cisco IOS Software devices, an enable password alone is not sufficient, even in the
default configuration.
Step 9 The Basic System Configuration Dialog will now appear. When prompted, enter
no or ctrl-c to abort the remainder of the basic system configuration dialog.
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
Please register Cisco Nexus 5000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. Nexus devices must be registered to receive entitled
support services.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime

to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): no
Step 10 After a brief time, you will be prompted to log in to your assigned Cisco Nexus
5000 Series Switch. Enter the username and password as configured above.
switch login: admin
Password:
Step 11 Configure the hostname N5K-P (P is your pod number) and management
interface IP address and save the configuration.
switch# conf
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# hostname N5K-P
N5K-P(config)# interface mgmt 0
N5K-P(config-if)# ip address 192.168.0.P8/24
N5K-P(config-if)# no shutdown
N5K-P(config)# copy running-config startup-config
[########################################] 100%
Activity Verification
You have completed this task when you attain these results:
 You have connected to your assigned Pod Nexus 7000 VDC.
 You have connected to your assigned Cisco Nexus 5000 Switch.
Task 2: Configure the Cisco Nexus 5000 Switch Interfaces

In this task, you will configure the Cisco Nexus 5000 Switch interfaces.
Activity Procedure
Step 1 From within your Nexus 5000 Switch, view the interface parameters.
N5K-P# show interface brief
---------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch#
---------------------------------------------------------------------------
Eth1/1 1 eth access down SFP not inserted 10G(D) --
Eth1/3 1 eth access up none 10G(D) --
Eth1/47 1 eth access down SFP validation failed 10G(D) --
Eth1/48 1 eth access down SFP validation failed 10G(D) --
Eth2/6 1 eth access up none 40G(D) -–
---------------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
---------------------------------------------------------------------------
mgmt0 -- up 192.168.0.P8 1000 1500
Step 2 Set interfaces 2/1 and 2/2 within your Cisco Nexus 5000 Switch for trunk mode
and operation and validate.
N5K-P(config)# interface ethernet 2/1-2
N5K-P(config-if-range)# switchport mode trunk
N5K-P(config-if-range)# show interface ethernet 2/1-2 brief
---------------------------------------------------------------------------
Interface Ch#
---------------------------------------------------------------------------
Eth2/1 1 eth trunk up none 40G(D) --
Eth2/2 1 eth trunk up none 40G(D) --
Step 3 Use the show cdp neighbors command to find interfaces that are connected to
your peer Cisco Nexus 5000 Switch and disable them.
N5K-P(config-if-range)# interface ethernet 2/5-6

N5K-P(config-if-range)# shutdown
N5K-P(config-if-range)# show interface ethernet 2/5-6 brief
---------------------------------------------------------------------------
Interface Ch#
---------------------------------------------------------------------------
Eth2/5 1 eth access down Administratively down 40G(D) --
Eth2/6 1 eth access down Administratively down 40G(D) –-
 You have configured interfaces on Cisco Nexus 5000 Switch.
Task 3: Configuring Layer 2 Interfaces and Rapid PVST+

In this task you will configure the Layer 2 interfaces and Rapid PVST+, and then verify that
the Rapid PVST+ configuration is performing as expected. While your workgroup is
responsible for one Cisco Nexus 5000 Switch and one Cisco Nexus 7000 VDC, your peer
workgroup will configure the other Cisco Nexus 5000 Switch and the VDC on the other
Cisco Nexus 7000, so some coordination is required.
Activity Procedure
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Check the interface state of your assigned interfaces. (The interface will differ
between pods.)
N7K-Y-podP# show interface brief
---------------------------------------------------------------------------
---------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 1000 1500
---------------------------------------------------------------------------
Interface Ch#
---------------------------------------------------------------------------
Eth7/A 1 eth access up none 40G(D) --
Eth7/B 1 eth access up none 40G(D) --
Eth7/C 1 eth access up none 40G(D) --
Eth7/D 1 eth access up none 40G(D) --
Step 3 Change the interface in your VDC listed on the following to administratively
shut down.
Pod 1 and 2 Pod 3 and 4 Pod 5 and 6
Ethernet 7/C Ethernet 7/7 Ethernet 7/9 Ethernet 7/11
N7K-Y-podP# conf
N7K-Y-podP (config)# interface e 7/C
N7K-Y-podP (config-if-range)# shutdown
Step 4 Verify that the proper interfaces are in the correct state.
N7K-Y-podP # show interface brief
---------------------------------------------------------------------------
---------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 1000 1500
---------------------------------------------------------------------------
Interface Ch#
---------------------------------------------------------------------------
Eth7/A 1 eth access up none 40G(D) --
Eth7/B 1 eth access up none 40G(D) --
Eth7/C 1 eth access down Administratively down auto(D) --
Eth7/D 1 eth access up none 40G(D) --
Step 5 Configure all the Layer 2 interfaces from the previous step as trunks and verify
that the change was successful.
N7K-Y-podP (config)# interface eth 7/A-B, eth 7/D
N7K-Y-podP (config-if-range)# switchport mode trunk
N7K-Y-podP (config-if-range)# show interface brief
---------------------------------------------------------------------------
---------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 1000
1500
---------------------------------------------------------------------------
Interface Ch#
---------------------------------------------------------------------------
Eth7/A 1 eth trunk up none 40G(D) --
Eth7/B 1 eth trunk up none 40G(D) --
Eth7/D 1 eth trunk up none 40G(D) --
Step 6 Examine spanning-tree operation for VLAN 1 using the show spanning-tree
vlan 1 command. Output can vary depending on the installed hardware.
N7K-Y-podP # show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 64a0.e742.6e42
Cost 1
Port 925 (Ethernet7/D)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 64a0.e743.03c2
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -----------------------------
Eth7/A Desg FWD 1 128.897 P2p
Eth7/B Desg FWD 1 128.901 P2p
Eth7/D Root FWD 1 128.925 P2p
Q1) Which PVRST+ path cost method is being used?
Q2) Which switch or VDC is the root bridge for VLAN 1 in your pod pair?
Step 7 Examine which VLANs are available to you and that are used internally.
N7K-Y-podP # show vlan internal usage
VLAN DESCRIPTION
--------- -------------------------------------------------------
3968-4031 Multicast
4032-4035,4048-4059 Online Diagnostic
4036-4039,4060-4087 ERSPAN
4042 Satellite
4044 Native VLAN to enable/disable tagging
4040 Fabric scale
4041 Fabric Multicast vpc (FP)
4045 Fabric Multicast vpc (CE)
4043 FCF vlans
3968-4095 Current
Step 8 On both devices in your pod, create VLAN 10 and give it the name “TEST.”
Verify that the Cisco Nexus 5000 Switches and the Cisco Nexus 7000 VDCs in
both your pod and your peer pod contain VLANs 1 and 10.
N7K-Y-podP (config)# vlan 10
N7K-Y-podP (config-vlan)# name TEST
N5K-P(config)# vlan 10
N5K-P(config-vlan)# name TEST
Step 9 Examine spanning-tree operation for all VLANs. Output can vary depending on
the installed hardware.
N7K-Y-podP # show spanning-tree
VLAN0001
Cost 1


---------------- ---- --- --------- -------- ------------------------------
VLAN0010
Cost 1


---------------- ---- --- --------- -------- ------------------------------
Q3) Which switch or VDC is the root bridge for the spanning-tree instance for VLAN
10? Is it the same or different from VLAN 1?
Step 10 Create additional VLANs 11 through 13 and 111 through 113 on both your
Cisco Nexus 7000 VDC and your Cisco Nexus 5000 Switch.
N7K-Y-podP(config)# vlan 11-14, 111-113
N5K-P(config)# vlan 11-14, 111-113

Step 11 Examine the spanning-tree instances that are running in your pod. Output can
vary depending on the spanning-tree topology.
N7K-Y-podP# show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: none
Port Type Default is disable
Edge Port [PortFast] BPDU Guard Default is disabled
Edge Port [PortFast] BPDU Filter Default is disabled
Bridge Assurance is enabled
Loopguard Default is disabled
Pathcost method used is short
STP-Lite is enabled
Name Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 3 3
VLAN0010 0 0 0 3 3
VLAN0011 0 0 0 3 3
VLAN0012 0 0 0 3 3
VLAN0013 0 0 0 3 3
VLAN0014 0 0 0 3 3
VLAN0111 0 0 0 3 3
VLAN0112 0 0 0 3 3
VLAN0113 0 0 0 3 3
---------------------- -------- --------- -------- ---------- ----------
9 vlans 0 0 0 27 27
Q4) Is there a separate spanning-tree instance for each VLAN?
Step 12 Pods 1, 3, and 5 should configure the VDC of switch N7K-1 as the primary root
bridge for the odd VLANs (VLAN 11, 13, 111, and 113) and as the secondary
root bridge for the even VLANs (VLAN 10, 12, 14, and112).
N7K-Y-podP(config-vlan)# spanning-tree vlan 11, 13, 111, 113 root primary
N7K-Y-podP(config)# spanning-tree vlan 10, 12, 14, 112 root secondary
Step 13 Pods 2, 4, and 6 should configure the VDC of switch N7K-2 as the primary root
bridge for the even VLANs (VLAN 10, 12, 14, and112) and as the secondary
root bridge for the odd VLANs (VLAN 11, 13, 111, and 113).
N7K-2-podP(config-vlan)# spanning-tree vlan 10, 12, 14, 112 root primary

N7K-2-podP(config)# spanning-tree vlan 11, 13, 111, 113 root secondary
Step 14 Verify that the spanning tree for VLANs 10 through 13 and 111 through 113 is
behaving as expected.
N7K-Y-podP# show spanning-tree root
Root Hello Max Fwd

Vlan Root ID Cost Time Age Dly Root Port
------------ -------------------- ----- ----- --- --- ----------------
VLAN0001 32769 64a0.e742.6e42 1 2 20 15 Ethernet7/D
VLAN0011 24587 64a0.e743.03c2 0 2 20 15 This bridge is root
N7K-2-podQ# show spanning-tree root
Root Hello Max Fwd

Vlan Root ID Cost Time Age Dly Root Port
------------ -------------------- ----- ----- --- --- ----------------
VLAN0001 32769 64a0.e742.6e42 0 2 20 15 This bridge is root
VLAN0011 24587 64a0.e743.03c2 1 2 20 15 Ethernet7/D
Step 15 Save the configurations on the switches in your pod.
 You have configured the interface leading to the peer Cisco Nexus 7000 VDC as rate-
mode dedicated.
 You have verified basic interface operation and settings on your Cisco Nexus 7000
VDC and Cisco Nexus 5000 Switch.
 You have configured the links between the switches in your pod and your peer pod as
802.1Q trunks.
 You have created VLANs 10 through 13.
 You have configured the odd VDC as the root for the odd VLANs and the even VDC as
the backup root for the odd VLANs.
 You have configured the even VDC as the root for the even VLANs and the odd VDC
as the backup root for the even VLANs.
 You have verified spanning-tree operation for VLANs 10 through 13.
Task 4: Using STP Enhancements

During this exercise, you will configure some of the spanning-tree optimization and
protection features and verify their operation.
Activity Procedure
Step 1 It is a best practice to configure ports that are connected to end devices, such as
servers, as spanning-tree edge ports. Configure the ports on your Cisco Nexus
5000 Switch that connect to the lab servers as spanning-tree edge ports.
N5K-P(config)# interface e 1/3-4
N5K-P(config-if-range)# spanning-tree port type edge
Warning: edge port type (portfast) should only be enabled on ports
connected
to a single host. Connecting hubs, concentrators, switches, bridges,
etc...
to this interface when edge port type (portfast) is enabled, can cause
temporary bridging loops.
Use with CAUTION
Edge Port Type (Portfast) will be configured in 2 interfaces due to the

range
command but will only have effect when the interfaces are in a non-
trunking
mode.
Note The spanning-tree edge port feature is also known as PortFast. However, the Cisco NX-
OS Software does not support the spanning-tree PortFast command.
Step 2 Enable UDLD in aggressive mode on the devices and all necessary ports in your
pod and peer pod to protect your switches against unidirectional link failures.
N7K-Y-podP(config)# feature udld
N7K-Y-podP(config)# udld aggressive
N7K-Y-podP(config)# show cdp neighbors
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute
Device-ID Local Intrfce Hldtme Capability Platform Port ID

N5K-P(FOC1843R54E)
Eth7/A 150 R S I s N5K-C5672UP Eth2/1
N5K-Q(FOC1841R063)
Eth7/B 150 R S I s N5K-C5672UP Eth2/2
N7K-Y-podQ(JAF1540BLJK)
Eth7/D 147 R S I s N7K-C7010 Eth7/D
N7K-Y-podP(config)# interface e 7/A-B, e 7/D

N7K-Y-podP(config-if-range)# udld enable
N7K-Y-podP(config-if-range)# udld aggressive
N5K-P(config)# feature udld

N5K-P(config)# udld aggressive
N5K-P(config)# interface e 2/1 - 2
N5K-P(config-if-range)# udld aggressive
Step 3 Use the show udld neighbors command to verify UDLD operation.
N7K-Y-podP# show udld neighbors
Port Device Name Device ID Port ID Neighbor State
--------------------------------------------------------------------------
Ethernet7/A FOC1843R54E 1 Ethernet2/1 bidirectional
Ethernet7/B FOC1841R063 1 Ethernet2/2 bidirectional
Ethernet7/D JAF1540BLJK 1 Ethernet7/D bidirectional
Step 4 UDLD can protect against bridging loops that are caused by physical problems,
but it cannot protect against software-caused spanning-tree failures. The bridge
assurance feature can help protect against bridging loops that are caused by
software failures. Enable bridge assurance on the link between the Cisco Nexus
7000 VDC in your pod and the VDC in your peer pod.
Ethernet 7/D Ethernet 7/8 Ethernet 7/10 Ethernet 7/12
N7K-Y-podP(config)# int e 7/D

N7K-Y-podP(config-if)# spanning-tree port type network
Step 5 Verify that bridge assurance is enabled on the link between the VDCs using the
show spanning-tree command.
N7K-Y-podP# show spanning-tree vlan 10
VLAN0010
Cost 1


---------------- ---- --- --------- -------- ------------------------------
Eth7/D Root FWD 1 128.925 Network P2p
Q5) Which keyword indicates that bridge assurance is enabled on the port?
Step 6 On your Cisco Nexus 7000 VDC, enable terminal monitor to see the logging
messages.
N7K-Y-podP(config)# terminal monitor
Step 7 On your Cisco Nexus 7000 VDC, enable bridge assurance on the ports that are
connected to the Cisco Nexus 5000 Switches in your pod and peer pod.
Ethernet 7/A Ethernet 7/1, Ethernet 7/3, Ethernet 7/5,

Ethernet 7/B Ethernet 7/2 Ethernet 7/4 Ethernet 7/6
N7K-Y-podP(config)# int e 7/A, e 7/B

N7K-Y-podP(config-if-range)# spanning-tree port type network
Step 8 Wait a moment and observe the log messages on the Cisco Nexus 7000 VDC.
N7K-Y-podP(config-if-range)# 2015 Jan 21 11:53:00 N7K-Y-podP %$ VDC-2 %$
%STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port Ethernet7/B
VLAN0001.
2015 Jan 21 11:53:00 N7K-Y-podP %$ VDC-2 %$ %STP-2-BRIDGE_ASSURANCE_BLOCK:
Bridge Assurance blocking port Ethernet7/A VLAN0001.
Bridge Assurance blocking port Ethernet7/B VLAN0010.
Q6) Can you explain what happened?
Step 9 Repair the misconfiguration by enabling bridge assurance on your Cisco Nexus
5000 Switch for the ports that connect to the Cisco Nexus 7000 VDCs.
N5K-P(config)# int e 2/1 - 2
N5K-P(config-if-range)# spanning-tree port type network
Step 10 Ensure that no spanning-tree problems remain in the network by executing the
show spanning-tree inconsistentports command. Issue the command on all
switches in your
Step 11 pod and peer pod and verify that no inconsistent ports remain.
N7K-Y-podP# show spanning-tree inconsistentports
N5K-P# show spanning-tree inconsistentports
 You have enabled, and later disabled, root guard on the ports on the Cisco Nexus 7000
VDC that lead to the Cisco Nexus 5000 Switches in your pod and peer pod.
 You have configured the ports leading to the servers in your pod and peer pod as
spanning-tree edge ports.
 You have successfully enabled UDLD in aggressive mode between the switches in your
pod and peer pod.
 You have successfully enabled bridge assurance between the switches in your pod and
peer pod.
 You have observed the spanning-tree behavior when bridge assurance is enabled on
only one side of a link.
Task 5: Implementing and Verifying MST

During this exercise, you will configure MST and verify that it is operating properly in your
pod and peer pod.
Activity Procedure
Step 1 Configure your Cisco Nexus 7000 VDC to participate in an MST region using
the following parameters (S is the SMALLER of the two peer pod numbers, and
T is the LARGER of the two peer pod numbers. Pods 5 and 6 will use 56 as the
domain identifier.)
N7K-1-pod1 Pod1and2 12
N7K-2-pod2
N7K-2-pod4
N7K-2-pod6
N7K-Y-podP(config)# spanning-tree mst configuration

N7K-Y-podP(config-mst)# name PodSandT
N7K-Y-podP(config-mst)# revision ST
N7K-Y-podP(config-mst)# exit
Step 2 Change the spanning-tree mode on your Cisco Nexus 7000 VDC to MST.
N7K-Y-podP(config)# spanning-tree mode mst
Step 3 Configure your Cisco Nexus 5000 Switch to participate in an MST region using
the following (S is the SMALLER of the two peer pod numbers, and T is the
LARGER of the two peer pod numbers. Pods 5 and 6 will use 56 as the domain
identifier.)
N5K-1 Pod1and2 12
N5K-2
N5K-3 Pod3and4 34
N5K-4
N5K-P Pod5and6 56
N5K-6
N5K-P(config)# spanning-tree mst configuration

N5K-P(config-mst)# name PodSandT
N5K-P(config-mst)# revision ST
N5K-P(config-mst)# exit
Step 4 Change the spanning-tree mode on your Cisco Nexus 5000 Switch to MST.
N5K-P(config)# spanning-tree mode mst
Step 5 Verify that MST is operating correctly between the VDCs and switches in your
pod and peer pod. Output can vary depending on the installed hardware.
N7K-Y-podP# show spanning-tree
MST0000
Spanning tree enabled protocol mstp
Cost 0

---------------- ---- --- --------- -------- ------------------------------
Eth7/A Desg FWD 500 128.897 Network P2p
Eth7/B Desg FWD 500 128.901 Network P2p
Note Be aware that MST configuration is not applied until you exit MST configuration mode.
Therefore, you should leave MST configuration mode before issuing any show
commands to verify MST operation.
Q7) Which spanning-tree path cost method does MST use by default?
Q8) How many MST instances are currently being used? Can you achieve VLAN load
balancing with this configuration?
Step 6 Change the MST configuration on your Cisco Nexus 7000 VDC to add two new
MST instances. Map VLANs 11, 13,111, and 113 to MST instance 1 and map
VLANs 10, 12, 14, and 112 to MST instance 2.
N7K-Y-podP(config)# spanning-tree mst configuration
N7K-Y-podP(config-mst)# instance 1 vlan 11,13,111,113
N7K-Y-podP(config-mst)# instance 2 vlan 10,12,14,112
N7K-Y-podP(config-mst)# exit
Step 7 Verify MST operation on the switches in your pod. Output can vary depending
on the installed hardware.
MST0000
Cost 0


---------------- ---- --- --------- -------- ------------------------------
MST0001
Cost 500


---------------- ---- --- --------- -------- ------------------------------
MST0002
Cost 500


---------------- ---- --- --------- -------- ------------------------------
N5K-P# show spanning-tree
MST0000
Cost 500
Port 258 (Ethernet2/2)

Address 8c60.4f22.ad7c

---------------- ---- --- --------- -------- ------------------------------
Eth1/3 Desg FWD 2000 128.131 Edge P2p
Eth1/9 Desg FWD 2000 128.137 P2p
Eth1/10 Desg FWD 2000 128.138 P2p
Eth1/11 Desg FWD 2000 128.139 P2p
Eth2/1 Altn BLK 500 128.257 Network P2p Bound(RSTP)
Eth2/2 Root FWD 500 128.258 Network P2p Bound(RSTP)
Step 8 Change the MST configuration on your Cisco Nexus 5000 Switch to match the
configuration on your VDC by mapping VLANs 11 and 13 to MST instance 1
and mapping VLANs 10 and 12 to MST instance 2.
N5K-P(config)# spanning-tree mst configuration
N5K-P(config-mst)# instance 1 vlan 11,13,111,113
N5K-P(config-mst)# instance 2 vlan 10,12,14,112
N5K-P(config-mst)# exit
Step 9 Verify that MST is now operating properly on all devices in your pod and peer
pod. Output can vary depending on the installed hardware.
MST0000
Cost 0


---------------- ---- --- --------- -------- ------------------------------
MST0001
Cost 500


---------------- ---- --- --------- -------- ------------------------------
MST0002
Cost 500


---------------- ---- --- --------- -------- ------------------------------
N5K-P# show spanning-tree
MST0000
Cost 0


---------------- ---- --- --------- -------- ------------------------------
Eth1/9 Desg FWD 2000 128.137 P2p
Eth1/10 Desg FWD 2000 128.138 P2p
Eth1/11 Desg FWD 2000 128.139 P2p
Eth2/1 Altn BLK 500 128.257 Network P2p
Eth2/2 Root FWD 500 128.258 Network P2p
MST0001
Cost 500

---------------- ---- --- --------- -------- ------------------------------
MST0002
Cost 500


---------------- ---- --- --------- -------- ------------------------------
Note You should not see any boundary ports in the output of the show spanning-tree
commands.
Q9) Which switches or VDCs are the root bridges for each of the MST instances? Are
they the same or different?
Step 10 Students working on pod 1, pod 3 and pod 5 will configure the VDCs of switch
N7K-1 as the root bridge for MST instances 0 and 1 and as the backup root
bridge for MST instance 2.
N7K-Y-podP(config)# spanning-tree mst 0 root primary
N7K-Y-podP(config)# spanning-tree mst 1 root primary
N7K-Y-podP(config)# spanning-tree mst 2 root secondary
Step 11 Students working on pod 2, pod 4 and pod 6 will configure the VDCs of switch
N7K-2 as the root bridge for MST instance 2 and as the backup root bridge for
MST instance 1.
N7K-2-podP(config)# spanning-tree mst 0 root secondary
N7K-2-podP(config)# spanning-tree mst 1 root secondary
N7K-2-podP(config)# spanning-tree mst 2 root primary
Step 12 Verify that the root bridges are selected as expected.
N7K-Y-podP(config)# show spanning-tree root
Root Hello Max Fwd

MST Instance Root ID Cost Time Age Dly Root Port
--------- ------------------- --- ------ --- --- ------
MST0000 24576 64a0.e743.03c2 0 2 20 15 This bridge is
root
MST0001 24577 64a0.e743.03c2 0 2 20 15 This bridge is
root
MST0002 24578 64a0.e742.6e42 500 2 20 15 Ethernet7/D
N7K-2-podP(config)# show spanning-tree root
Root Hello Max Fwd
------------ ---------------- ----- ---- -- --- ----------
MST0000 24576 64a0.e743.03c2 0 2 20 15 Ethernet7/D
MST0001 24577 64a0.e743.03c2 500 2 20 15 Ethernet7/D
MST0002 24578 64a0.e742.6e42 0 2 20 15 This bridge is
root
Step 13 Ensure that you have no spanning-tree inconsistent ports or boundary ports on
the switches in your pod and peer pod.
N7K-Y-podP(config)# show spanning-tree | include Bound
N7K-Y-podP(config)# show spanning-tree inconsistentports
N5K-P# show spanning-tree | include Bound

N5K-P# show spanning-tree inconsistentports
 You have successfully enabled MST on all switches in your pod.
 You have configured the odd VDC as the root for the MST instance that contains the
odd VLANs and the even VDC as the backup root for this MST instance.
 You have configured the even VDC as the root for the MST instance that contains the
even VLANs and the odd VDC as the backup root for this MST instance.
Lab 2-2: Configure vPCs
Complete this lab activity to practice what you have learned in the related module.
Activity Objective
In this activity, you will configure a virtual port channel (vPC) between the Cisco Nexus
7000 Series switch and the Cisco Nexus 5600 Platform switch at the access layer of the
network and configure a Cisco Nexus 2000 Fabric Extender. After completing this activity,
you will be able to meet these objectives:
 Create and verify a vPC domain on a Cisco Nexus switch
 Create a vPC peer keepalive link between two Cisco Nexus switches and verify proper
operation
 Create a vPC peer link between two Cisco Nexus switches and verify proper operation
 Configure a vPC on a Cisco Nexus switch and verify proper operation
 Configure a Cisco Nexus 2000 Fabric Extender for operation with a Cisco Nexus 7000
Series switch VDC
Visual Objective
Job Aids
These job aids are available to help you complete this lab activity.
 Virtual port channel (vPC)-related configuration and values
Pod vPC Domain vPC Peer Link vPC
Pod P XY Po7 Po5P
Required Resources
 Two Cisco Nexus 7000 Series switches VDCs
 Two Cisco Nexus 2000 Fabric Extenders
Command List
This table describes the commands that are used in this activity.
Command Description
show license usage Displays the usage of licensed features
feature vpc Enables the vPC feature
vpc domain 56 Creates a vPC domain
peer-gateway Enables the peer-gateway feature
peer-switch Enables the peer switch feature
spanning-tree mst <mst- Changes the spanning-tree priority for a set of Multiple
instances> priority Spanning Tree (MST) instances
<priority>
ping <ip-address> vrf Verifies IP connectivity to an IP address in a virtual routing
<vrf> and forwarding (VRF) by using Internet Control Message
Protocol (ICMP) echo messages
peer-keepalive destination Enables the vPC peer keepalive link to the vPC peer IP
<vpc-peer-ip-address> address
show vpc peer-keepalive Displays status information for the vPC peer keepalive link
show interface <intf> Displays summarized status information for an interface.

brief
show running-config <intf> Displays the current configuration for an interface
channel-group <nr> Adds an interface to a port channel
vpc peer-link Defines a port channel interface as the vPC peer link
show vpc consistency- Displays global vPC consistency status

parameters global
show vpc Displays vPC operational parameters
feature lacp Enables the use of the Link Aggregation Control Protocol
(LACP)
channel-group <nr> mode Adds an interface to a port channel that is dynamically

active negotiated through LACP
show port-channel summary Displays a summarized view of port channel operation
show lacp neighbor Displays a list of LACP neighbors and their operational
parameters
vpc <nr> Adds a port channel interface to a vPC
show vpc brief Displays a brief overview of vPC status
show spanning-tree Displays information related to the STP
show version Displays the software version running on the switch
feature-set fex Enables the features that are necessary to support fabric
extenders in a Cisco Nexus 7000 Series switch VDC
fex <instance> Creates an FEX instance
switchport mode fex-fabric Changes a switch port into a fabric interface that can be
used to connect to an FEX
fex associate <instance> Associates a fabric interface with an FEX instance
show fex Displays summarized status information for FEXs that are
connected to the switch
show fex detail Displays detailed status information for FEXs that are
connected to the switch
show interface fex-fabric Shows the FEX fabric interfaces on the switch
reload fex <instance> Reloads an FEX
show inventory fex Displays the hardware inventory for an FEX

<instance>
show module fex <instance> Displays the FEX modules, including basic hardware and
software information
switchport mode access Configures a switch port as an access port
switchport access vlan Sets the access VLAN when the interface is in access mode
<vlan>
no spanning-tree bpduguard Disables the spanning-tree BPDU Guard feature on a switch
port
spanning-tree port type Changes a port to normal spanning-tree mode

normal
Task 1 (Optional): Management Connectivity and Preparation
In this task, you will use a Telnet or terminal utility to establish a connection to your VDC
and your Cisco Nexus 5000 Switch. The next step is to revert to the checkpoint LAB-MST
configurations on the VDC and Nexus 5000.
Activity Procedure
Step 1 Connect to the Cisco Nexus 7000 VDC in your pod.
Step 2 Roll back to the configuration checkpoint LAB-MST on your VDC.
N7K-Y-podP# rollback running-config file bootflash:DCUFX/MST best-effort
Note: Applying config parallelly may fail Rollback verification
Collecting Running-Config
#Generating Rollback Patch
Executing Rollback Patch
Generating Running-config for verification
Generating Patch for verification
Rollback Patch is Empty
Rollback completed successfully.

Step 3 Verify that SSH access is still possible otherwise connect via telnet and re-
enable it.
Step 4 Verify that the MST instances are present otherwise rerun the rollback
command.
Step 5 Connect to your pod Cisco Nexus 5000 Switch console.
come online

?(yes/no)[n]: yes
N5K-P login: admin
Password:
N5K-P# write erase

N5K-P# reload
come online

?(yes/no)[n]: yes
to continue.


of the system.
support services.

switch login: admin
Password:
Step 13 Verify that all modules are online before continuing to the next step.
switch# show module

Mod Ports Module-Type Model Status
--- ----- ----------------------------------- ---------------------- ------
1 48 Nexus 5672UP Supervisor N5K-C5672UP-SUP active
*
2 6 Nexus 6xQSFP Ethernet Module N5K-C5672UP-M6Q ok
Step 14 Roll back to configuration checkpoint LAB-MST on your pod Cisco Nexus 5000
Switch.
N5K-P# rollback running-config file bootflash:DCUFX/MST
Generating Rollback patch for switch profile
 You have connected to your assigned pod VDC and your assigned Cisco Nexus 5000
Switch.
 You have successfully loaded the configuration from checkpoint LAB-MST.
Task 2: vPC Domain

In this task, you will configure the vPC domain ID.
Activity Procedure
Step 1 Enable the vPC feature on your VDC.
N7K-Y-podP(config)# feature vpc
N7K-Y-podP(config)#
Q1) Check the licensing. Do you require a license for the vPC?
Step 2 Configure a vPC domain using the domain identifier XY. (X is the SMALLER
of the two peer pod numbers, and Y is the LARGER of the two peer pod
numbers. Pods 5 and 6 will use 56 as the domain identifier.)
Device vPC Domain ID
N7K-Y-podP 12
N7K-2-pod2
N7K-1-pod3 34
N7K-2-pod4
N7K-1-pod5 56
N7K-2-pod6
N7K-Y-podP(config)# vpc domain XY

N7K-Y-podP(config-vpc-domain)#
N7K-Y-podP(config-vpc-domain)# show vpc

Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : XY
Peer status : peer link not configured
vPC keep-alive status : Disabled
Configuration consistency status : failed
Configuration inconsistency reason: vPC peer-link does not exist
Per-vlan consistency status : failed
Type-2 consistency status : failed
Type-2 inconsistency reason : vPC peer-link does not exist
vPC role : none established
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer-router : Disabled
Self-isolation : Disabled
 You have used the show commands on the Cisco Nexus 7000 Switch to verify that the
vPC domain ID is configured correctly.
Task 3: vPC Keepalive Link

In this task, you will configure the vPC keepalive link between the Cisco Nexus 7000
Switches.
Activity Procedure
Step 1 You are going to use the management port as the peer keepalive-link. Ping your
peer pod mgmt0 IP (192.168.0.20Q, Q is your peer pod number) to make sure IP
connectivity works.
N7K-Y-podP(config-vpc-domain)# ping 192.168.0.20Q vrf management
PING 192.168.0.20Q (192.168.0.202): 56 data bytes
Request 0 timed out
64 bytes from 192.168.0.20Q: icmp_seq=1 ttl=254 time=0.959 ms
--- 192.168.0.20Q ping statistics ---
5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.598/0.703/0.959 ms
Step 2 Configure the vPC keepalive link destination as your peer mgmt0 IP
(192.168.0.20Q, Q is your peer pod number).
N7K-Y-podP(config-vpc-domain)# peer-keepalive destination 192.168.0.20Q

Note:
--------:: Management VRF will be used as the default VRF ::--------
N7K-Y-podP(config-vpc-domain)#
Step 3 Check the vPC keepalive link. Do not continue to the next task before you verify
that the vPC peer keepalive status is alive.
N7K-Y-podP(config-vpc-domain)# show vpc

Legend:
vPC domain id : XY
vPC keep-alive status : Suspended (Destination IP not
reachable)
After your peer pod is configured and alive:
N7K-Y-podP (config-vpc-domain)# show vpc

Legend:
vPC domain id : XY
vPC keep-alive status : peer is alive
 You have used the show commands to verify that the vPC keepalive link is up.
Task 4: vPC Peer Link

In this task, you will configure the vPC peer link between the Cisco Nexus 7000 Switches.
Activity Procedure
Step 1 Create a static port-channel interface 7 containing the link between the Cisco
Nexus 7000 Switches.
N7K-Y-podP(config-vpc-domain)# interface ethernet 7/D

N7K-Y-podP(config-if)# channel-group 7 mode on
N7K-Y-podP(config-if)#
Step 2 Verify port channel status.
N7K-Y-podP(config-if)# show port-channel summary

Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
---------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
---------------------------------------------------------------------------
7 Po7(SU) Eth NONE Eth7/D(P)
Step 3 Make this port channel your peer link.
N7K-Y-podP(config-if)# interface port-channel 7

N7K-Y-podP(config-if)# vpc peer-link
Please note that spanning tree port type is changed to "network" port
type on vPC peer-link. This will enable spanning tree Bridge
Assurance on vPC peer-link provided the STP Bridge Assurance
(which is enabled by default) is not disabled.
Step 4 Check the global vPC consistency parameters.
N7K-Y-podP# show vpc consistency-parameters global
Legend:
Type 1 : vPC will be suspended in case of mismatch
Name Type Local Value Peer Value

------------- ---- ---------------------- ------------------
STP MST Simulate PVST 1 Enabled Enabled
STP Port Type, Edge 1 Normal, Disabled, Normal, Disabled,
BPDUFilter, Edge BPDUGuard Disabled Disabled
STP MST Region Name 1 PodXandY PodXandY
STP Disabled 1 None None
STP Mode 1 MST MST
STP Bridge Assurance 1 Enabled Enabled
STP Loopguard 1 Disabled Disabled
STP MST Region Instance to 1
VLAN Mapping
STP MST Region Revision 1 XY XY
Allowed VLANs - 1,10-14,111-113 1,10-14,111-113
Local error VLANs - - -
Step 5 Check the vPC status. Do not continue to the next task before you verify that
peers have formed adjacency.
N7K-Y-podP# show vpc
Legend:
vPC domain id : XY
Peer status : peer adjacency formed ok
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 inconsistency reason : Consistency Check Not Performed
vPC role : secondary
vPC Peer-link status

---------------------------------------------------------------------------
id Port Status Active vlans Active BDs
-- ---- ------ --------------------------------------------------------
1 Po7 up 1,10-14,111-113 -
 You have used the show commands to verify that the vPC peer link is up and the VPC
status is OK.
Task 5: vPC Configuration and Optimization

In this task, you will configure the vPC between the Cisco Nexus 7000 Series Switches and
the Cisco Nexus 5000 Series Switches in your peer pod.
Activity Procedure
Step 1 Connect to your pod N5K. Create a port channel 7 using the LACP protocol, and
add e2/1 and 2/2 to this port channel.
N5K-P(config)# feature lacp

N5K-P(config-if-range)# channel-group 7 mode active
N5K-P(config-if-range)#
Step 2 Check the state of the port channel.

N5K-P(config-if-range)# show port-channel summary
S - Switched R - Routed
M - Not in use. Min-links not met
---------------------------------------------------------------------------
Channel
---------------------------------------------------------------------------
7 Po7(SD) Eth LACP Eth2/1(D) Eth2/2(D)
Step 3 Create LACP-based port channels on the Cisco Nexus 7000 Switches using the
port to your Cisco Nexus 5000 and to the peer Cisco Nexus 5000 (create two
port channels on each Cisco Nexus 7000). See the following table for
assignments:
Ethernet 7/A Ethernet 7/1 Ethernet 7/3 Ethernet 7/5
Channel (S) 51 53 55
Ethernet 7/B Ethernet 7/2 Ethernet 7/4 Ethernet 7/6
Channel (T) 52 54 56
N7K-Y-podP(config)# feature lacp

N7K-Y-podP(config)# interface ethernet 7/A
N7K-Y-podP(config-if)# channel-group S mode active
N7K-Y-podP(config-if)# interface ethernet 7/B
N7K-Y-podP(config-if)# channel-group T mode active
Step 4 Check the state of the port channels on the Cisco Nexus 5000.
S – Switched R - Routed
---------------------------------------------------------------------------
Channel
---------------------------------------------------------------------------
7 Po7(SU) Eth LACP Eth2/1(P) Eth2/2(s)
Step 5 Configure vPC IDs 5P and 5Q on the two port channel interfaces 5P and 5Q that
are connected to the Cisco Nexus 5000 Switches. Check with your partner to
make sure that the correct interfaces are configured.
N7K-Y-podP(config-if)# interface port-channel S

N7K-Y-podP(config-if)# vpc 5P
N7K-Y-podP(config-if)# interface port-channel T
N7K-Y-podP(config-if)# vpc 5Q
Step 6 Check the vPC status and consistency parameters for your vPC.

Legend:
vPC domain id : XY
Auto-recovery status : Enabled (timeout = 240 seconds
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po7 up 1,10-14,111-113
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
5P PoS up failed Peer does not have -
corresponding vPC
5Q PoT up failed Consistency Check Not -

Performed
After both Cisco Nexus 7000 Switches are configured correctly, your output should
look like this.
Legend:
vPC domain id : XY

---------------------------------------------------------------------------
id Port Status Active vlans Active BDs
-- ---- ------ --------------------------------------------------------
1 Po7 up 1,10-14,111-113 -
vPC status
Id : 51
Port : PoS
Status : up
Consistency : success
Reason : success
Active Vlans : 1,10-14,111-113
Id : 52
Port : PoT
Status : up
Consistency : success
Reason : success
Active Vlans : 1,10-14,111-113
Step 7 Check the port channel status on the Cisco Nexus 5000 Switch.
S – Switched R - Routed
---------------------------------------------------------------------------
Channel
---------------------------------------------------------------------------
7 Po7(SU) Eth LACP Eth2/1(P) Eth2/2(P)
Step 8 Check the spanning tree and spanning-tree root bridges on pod 1, 3 or 5:
N7K-Y-podP(config-if)# show spanning-tree root
Root Hello Max Fwd

------------ -------------------- ------ ----- --- --- ----------------
MST0000 24576 64a0.e743.03c2 0 2 20 15 This bridge is root
MST0001 24577 64a0.e743.03c2 0 2 20 15 This bridge is root
MST0002 24578 64a0.e742.6e42 500 2 20 15 port-channel 7
Step 9 Check the spanning tree and spanning-tree root bridges on pod 2, 4 or 6:
N7K-2-podQ(config-if)# show spanning-tree root

Root Hello Max Fwd
------------ -------------------- ------ ----- --- --- ----------------
MST0000 24576 64a0.e743.03c2 0 2 20 15 port-channel7
MST0002 24578 64a0.e742.6e42 0 2 20 15 This bridge is root
Step 10 Check the spanning tree and spanning-tree root bridges on the Cisco Nexus 5000
Switch.
N5K-P(config-if-range)# show spanning-tree root
Root Hello Max Fwd

-------------- -------------------- ------ ----- --- --- ---------------
MST0002 24578 64a0.e742.6e42 250 2 20 15 port-channel7
Q2) What is the root ID on MST 0, 1, and 2?
Step 11 Configure the peer switch feature on your pod VDC and change the bridge
priority to 8192. Ensure that your peer pod has also done these configurations.

N7K-Y-podP(config-vpc-domain)# spanning-tree mst 0-2 priority 8192
Step 12 Enable the vPC peer-gateway feature in order to allow your switch to forward
traffic for the peer switch router MAC addresses in order to support non-RFC
compliant devices.
N7K-Y-podP(config-vpc-domain)# peer-gateway
This peer-gateway config may cause traffic loss. Do you want to continue
(y/n)? [n] y
Step 13 Enable the peer-switch feature to optimize spanning-tree processing for the vPC
domain.
N7K-Y-podP(config-vpc-domain)# peer-switch
Step 14 Enable IPv4 ARP and IPv6 ND synchronization.

N7K-Y-podP(config-vpc-domain)# ip arp synchronize
N7K-Y-podP(config-vpc-domain)# ipv6 nd synchronize
Step 15 Verify the spanning-tree root bridges on the Cisco Nexus 5000 and your VDC:
N7K-Y-podP(config)# show spanning-tree root
Root Hello Max Fwd

---------------- -------------------- ------ ----- --- --- ---------------
MST0000 8192 0023.04ee.be0c 0 2 20 15 This bridge is
root
root
root
N7K-2-podQ(config)# show spanning-tree root
Root Hello Max Fwd

---------------- -------------------- ------ ----- --- --- ---------------
root
root
root
N5K-P(config)# show spanning-tree root
Root Hello Max Fwd

---------------- -------------------- ------ ----- --- --- ---------------
MST0000 8192 0023.04ee.be0c 0 2 20 15 port-channel7
Step 16 Verify the root ID and compare it with the root ID before you configure the peer
switch feature
Step 17 On the primary vPC switch only, simulate module hardware failure. Disable all
vPC member interfaces and the interface in the peer link.
Ethernet 7/A, Ethernet 7/1, Ethernet 7/3, Ethernet 7/5,

Ethernet 7/B, Ethernet 7/2, Ethernet 7/4, Ethernet 7/6,
N7K-Y-podP(config)# interface ethernet 7/A-B, ethernet 7/D

N7K-Y-podP(config-if-range)# shu
Step 18 Verify the interface status on the secondary vPC switch.
N7K-Y-podQ# show interface brief
---------------------------------------------------------------------------
---------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 1000 1500
---------------------------------------------------------------------------
Interface Ch#
---------------------------------------------------------------------------
Eth7/A 1 eth trunk down suspended by vpc auto(D) 51
Eth7/B 1 eth trunk down suspended by vpc auto(D) 52
Eth7/D 1 eth trunk down Link not connected auto(D) 7
---------------------------------------------------------------------------
Port-channel VLAN Type Mode Status Reason Speed Protocol
Interface
---------------------------------------------------------------------------
Po7 1 eth trunk down No operational members auto(D)
none
Po51 1 eth trunk down suspended by vpc auto(D)
lacp
Po52 1 eth trunk down suspended by vpc auto(D)
lacp
Q3) Why are the vPC member interfaces on the secondary vPC switch disabled?
Step 19 Enable the interfaces again.
 You have used the show commands to verify that the vPC appears in the port channel
database and that traffic is passing over the different physical interfaces.
Task 6: FEX Configuration

In this task, you will configure your Cisco Nexus 2000 Fabric Extender for use with your
Cisco Nexus 5600 Series Switches by using dynamic pinning.
Note You will not configure static pinning because of its redundancy and load-balancing
limitations. You will also not configure active-active FEX using vPC, because in this lab
you will not configure another vPC on the Nexus 5600 Platform switches in addition to
the one you configured on the Nexus 7000 Series Switches.
Activity Procedure
Step 1 Enable the FEX feature on your Cisco Nexus 5600 Series Switch.
N5K-P(config)# feature fex
Step 2 Create an FEX instance with the number 10P, where P is your assigned pod
number. Set the maximum number of links for pinning at 1.
N5K-P(config)# fex 10P
N5K-P(config)# pinning max-links 1
Step 3 Disable the port downlink port toward the peer pod Cisco Nexus 2000 Fabric
Extender since it is not used in this lab.
N5K-P(config)# interface ethernet 1/11
N5K-P(config-if)# shutdown
Step 4 Configure the two downlinks to your Cisco Nexus 2000 Fabric Extender as the
Layer 2 switch port, and configure it as an FEX fabric interface.
N5K-P(config-if)# switchport
N5K-P(config-if)# switchport mode fex-fabric
Step 5 Assign the FEX fabric port to a channel group in order to create a port channel.
Use 1P as the channel group number, where P is your pod number.
N5K-P(config-if)# channel-group 10P
Step 6 Associate the newly created port channel interface 1P with your FEX instance.
N5K-P(config)# interface port-channel 10P
N5K-P(config-if)# fex associate 10P
Step 7 Enable the FEX fabric interface.
Step 8 Wait until your FEX is online. The state may remain as “image download” for
up to 10 minutes if the FEX is running a lower software version than the switch.
N5K-P(config-if)# show fex
FEX FEX FEX FEX Fex
Number Description State Model Serial
------------------------------------------------------------------------
10P FEX010P Connected N2K-C2248TP-E-1GE SSI18170BDF
N5K-P(config-if)#
Note You may need to wait several minutes for FEX to become available. If the FEX software
image differs from the Cisco Nexus 5600 Series Switch software image, an automatic
upgrade will occur. Check FEX availability for five minutes; it should then be ready for
you to continue with the lab.
Step 9 Examine the FEX parameters.
N5K-P# show fex detail

FEX: 10P Description: FEX010P state: Online
FEX version: 7.2(0)N1(1) [Switch version: 7.2(0)N1(1)]
FEX Interim version: 7.2(0)N1(1)
Switch Interim version: 7.2(0)N1(1)
Extender Serial: SSI181801VX
Extender Model: N2K-C2248TP-E-1GE, Part No: 73-13671-02
Card Id: 149, Mac Addr: bc:16:f5:d0:52:02, Num Macs: 64
Module Sw Gen: 12594 [Switch Sw Gen: 21]
post level: complete
pinning-mode: static Max-links: 1
Fabric port for control traffic: Eth1/9
FCoE Admin: false
FCoE Oper: true
FCoE FEX AA Configured: false
Fabric interface state:
Po10P - Interface Up. State: Active
Eth1/9 - Interface Up. State: Active
Eth1/10 - Interface Up. State: Active
Fex Port State Fabric Port
Eth10P/1/1 Down Po10P
Eth10P/1/2 Up Po10P
Eth10P/1/3 Down Po10P
... output omitted ...
Step 10 Examine the FEX fabric ports.
N5K-P# show interface fex-fabric
Fabric Fabric Fex FEX Fex
Fex Port Port State Uplink Model Serial
---------------------------------------------------------------
10P Eth1/9 Active 1 N2K-C2248TP-E-1GE SSI181801VX
10P Eth1/10 Active 2 N2K-C2248TP-E-1GE SSI181801VX
N5K-P#
Step 11 View the hardware inventory for the FEX.
N5K-P# show inventory fex 10P
NAME: "FEX 10P CHASSIS", DESCR: "N2K-C2248TP-E-1GE CHASSIS"
PID: N2K-C2248TP-E-1GE , VID: V02 , SN: SSI181801VX
NAME: "FEX 10P Module 1", DESCR: "Fabric Extender Module: 48x1GE, 4x10GE
Supervi
sor"
PID: N2K-C2248TP-E-1GE , VID: V02 , SN: FOC18373N8U
NAME: "FEX 10P Fan 1", DESCR: "Fabric Extender Fan module"
PID: N2K-C2248-FAN-B , VID: N/A , SN: N/A
NAME: "FEX 10P Power Supply 1", DESCR: "Fabric Extender AC power supply"
PID: N2200-PAC-400W-B , VID: V02 , SN: LIT183217M7
NAME: "FEX 10P Power Supply 2", DESCR: "Fabric Extender AC power supply"
PID: N2200-PAC-400W-B , VID: V02 , SN: LIT18320B4Z
N5K-P#
Step 12 Examine the modules on the FEX.

N5K-P# show module fex 10P
FEX Mod Ports Card Type Model Status
--- --- ----- ---------------------------------- ------------------ -------
---
10P 1 48 Fabric Extender 48x1GE + 4x10G Module N2K-C2248TP-E-1GE
present
FEX Mod Sw Hw World-Wide-Name(s) (WWN)

--- --- -------------- ------ -------------------------------------------
10P 1 7.2(0)N1(1) 2.0 --
FEX Mod MAC-Address(es) Serial-Num

--- --- -------------------------------------- ----------
10P 1 bc16.f5d0.5200 to bc16.f5d0.522f SSI181801VX
N5K-P#
Step 13 Configure interface Ethernet 1/1 on your FEX as an access port in VLAN 10,
and then enable it.
N5K-P(config)# interface ethernet 10P/1/1
N5K-P(config-if)# switchport mode access
N5K-P(config-if)# switchport access vlan 10
Note There is no server connected to port Ethernet 10P/1/1.
Step 14 Try to disable the BPDU Guard and spanning-tree edge port features on the
interface.
N5K-P(config-if)# no spanning-tree bpduguard
ERROR: Command not supported on FEX interfaces. BPDUGuard is enabled by
default for FEX interfaces
N5K-P(config-if)# spanning-tree port type normal
ERROR: Command not supported on fex port
Note FEX ports are intended to connect servers only. BPDU Guard and spanning-tree port
type edge are enabled by default and cannot be disabled.
 You have successfully enabled a Cisco Nexus 2000 Fabric Extender on your Cisco
Nexus 5600 Platform switch.
 You have configured a port on the FEX and examined the spanning-tree capabilities for
the FEX ports.
Lab 2-3: Configure Cisco FabricPath
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will configure and verify Cisco FabricPath on the Cisco Nexus 5600
and 7000 Series switches. After completing this activity, you will be able to meet these
objectives:
 Analyze spanning-tree load balancing
 Implement Cisco FabricPath
 Verify Cisco FabricPath
 Analyze Cisco FabricPath load balancing
Visual Objective
Required Resources
These are the resources and equipment that are required in order to complete this activity:
 Two Cisco Nexus 2000 Fabric Extenders
Command List
Command Description
install feature-set Installs the FabricPath feature set on a Cisco Nexus 7000
fabricpath Series switch
feature-set fabricpath Enables the FabricPath feature set
fabricpath switch-id Sets the FabricPath switch identifier (Note: The same
command configured the virtual switch ID for vPC+ in the
vPC domain configuration mode.)
switchport mode fabricpath Configures the FabricPath mode on an interface (This

command is available in interface configuration mode.)
mode fabricpath Changes a VLAN to a Cisco FabricPath VLAN
show mac address-table Displays the MAC address table for a VLAN
vlan <vlan>
show spanning-tree vlan Displays the spanning-tree topology for a VLAN
<vlan>
fabricpath load-balance Configures the load-balancing method for unicast traffic
unicast
show fabricpath switch-id Displays the FabricPath switch ID table
show fabricpath isis route Displays the FabricPath Intermediate System-to-

Intermediate System (IS-IS paths
show fabricpath route Displays the FabricPath routing table
Job Aids
 FabricPath switch IDs:
Device FabricPath Switch ID
N7K-podP P
 Nexus 5600 SVI IP addressing:
Pod Device VLAN 10 SVI IP
Pod P N5K-P 172.16.10.5P/24
Task 1: Examine Spanning Tree Load Balancing
In this task, you will configure and examine the spanning-tree forwarding within the
network.
Activity Procedure
Step 1 Log into the lab and connect to your VDC on the Cisco Nexus 7000 switch.
Restore the configuration from Lab2-1.
N7K-Y-podP# rollback running-config file bootflash:/DCUFX/MST best-effort
.Generating Running-config for verification
Verification is Sucessful.
Step 2 If the rollback is failing, copy the configuration from bootflash into the running-
config.
N7K-Y-podP# copy bootflash:/DCUFX/MST running-config
Step 3 Shutdown the interfaces connecting to your peer pod N5K switch (P is your Pod
number, Q is your peer Pod number).
Pod Peer Pod N5K Connection
Pod P Ethernet 7/Q
N7K-Y-podP# configure
N7K-Y-podP(config)# interface Eth7/Q
N7K-Y-podP(config-if)# shutdown
Step 4 Examine the state of the interface connecting to your Nexus 5600 access switch:
N7K-Y-podP(config-if)# show int status
---------------------------------------------------------------------------
Port Name Status Vlan Duplex Speed Type
---------------------------------------------------------------------------
mgmt0 -- connected routed full a-1000 --
Eth7/A To N5K-P connected trunk full 40G QSFP-40G-AO
Eth7/B To N5K-Q disabled trunk auto auto QSFP-40G-AO
Eth7/C To N7K-Q disabled 1 auto auto QSFP-40G-AO
Eth7/D To N7K-Q connected trunk full 40G QSFP-40G-AO
Step 5 Verify that the interfaces between the Nexus 7000 and 5600 switches are
configured as trunks.
N7K-Y-podP(config)# interface Eth7/A
N7K-Y-podP(config-if-range)# switchport mode trunk
Note Use the correct interface numbering for your pod.
Step 6 Connect to your Nexus 5600 switch. Restore the configuration from Lab 2-1.
N5K-P# rollback running-config file bootflash:/DCUFX/MST

Step 7 Deactivate the interface connecting to your partner N7K I/O module.
N5K-P(config-if-range)# interface e2/2
Step 8 Configure an SVI on your Cisco Nexus 5000 switch for VLAN 10. Assign IP
address 172.16.10.5P/24 to it where P is your pod number.
N5K-P(config-vlan)# feature interface-vlan
N5K-P(config-vlan)# interface vlan 10
N5K-P(config-if)# ip address 172.16.10.5P/24
Step 9 Ping the IP address of your peer pod 172.16.10.5Q, where Q is your peer pod
number, to confirm IP connectivity between the two pods.
N5K-P# ping 172.16.10.5Q
PING 172.16.10.5Q (172.16.10.5Q): 56 data bytes

Note Although vPC+ is a Cisco FabricPath feature that combines the FabricPath functionality
with vPC, you will not be able to test it due to the lab topology constraints. Do not
remove the port channels on your Cisco Nexus 5600 Platform switch that are pointing to
the Nexus 2000 Series FEXs.
Note Make sure that you are able to ping the peer IP address. A successful ping will prove
that all wiring and configurations so far are correct.
Step 10 Examine the spanning-tree topology on the Cisco Nexus 5600 Platform switch
and identity the links that are in a blocking state.
N5K-P# show spanning-tree vlan 10
N5K-P# show spanning-tree blockedports
Step 11 Examine the spanning-tree topology on the Cisco Nexus 7000 Series switch and
identity the links that are in a blocking state.
N7K-Y-podP# show spanning-tree blockedports
Note Check spanning-tree topology together with your peer. Blocked ports may be present on
the peer devices.
 You have removed the vPC configuration from your Cisco Nexus 7000 Series switch
and 5600 Platform switches.
 You have verified that the spanning-tree topology does not allow several active links
between two switches or Layer 2 loops in the topology.
Task 2: Implement Cisco FabricPath
In this task, you will implement Cisco FabricPath technology in your Cisco Nexus 7000
Series switch VDC and on your Cisco Nexus 5600 Platform switch.
Activity Procedure
Step 1 Connect to your assigned Cisco Nexus 7000 Series switch VDC.
Step 2 Examine the license usage on your Cisco Nexus 7000 Series switch VDC.
N7K-Y-podP(config-if)# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
---------------------------------------------------------------------------
MPLS_PKG Yes - Unused never -
STORAGE-ENT No - Unused -
VDC_LICENSES No 0 Unused -
ENTERPRISE_PKG No - Unused -
FCOE-N7K-F132XP No 0 Unused -
FCOE-N7K-F312FQ No 0 Unused -
ENHANCED_LAYER2_PKG Yes - Unused never -
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG Yes - Unused never -
LAN_ADVANCED_SERVICES_PKG Yes - Unused never -
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused never -
---------------------------------------------------------------------------
Step 3 Determine which license is required to enable Cisco FabricPath.
Step 4 Enable the Cisco FabricPath feature set.

N7K-Y-podP(config)# feature-set fabricpath
Step 5 Examine the Cisco FabricPath switch ID of your Cisco Nexus 7000 Series
switch VDC.
N7K-Y-podP# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: '*' - this system
=========================================================================
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED
----------+----------------+------------+-----------+--------------------
*775 0026.51cc.de44 Primary Confirmed No No
Total Switch-ids: 1
Note The switch ID may be different than in the example.
Step 6 Configure the switch ID of your VDC to be 7P, where P is your pod number
N7K-Y-podP(config)# fabricpath switch-id 7P
Step 7 Verify the configured Cisco FabricPath switch ID.
N7K-Y-PodP(config)# show fabricpath switch-id
'[E]' - local Emulated Switch-id
'[A]' - local Anycast Switch-id
Total Switch-ids: 1
===========================================================================
==
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED/
ANYCAST
--------------+----------------+------------+-----------+------------------
--
* 72 64a0.e742.6e42 Primary Confirmed Yes No
N7K-Y-PodP(config)#
Step 8 Configure the interfaces that connect your VDC and your peer pod VDC as
FabricPath interfaces.
N7K-Y-podP(config)# interface e7/D

N7K-Y-podP(config-if)# switchport mode fabricpath
Step 9 Re-examine the FabricPath switch ID again. If your colleagues in your peer pod
have configured the interfaces for FabricPath, you should also see their switch:
N7K-Y-podP(config-if)# show fabricpath switch-id
'[E]' - local Emulated Switch-id
'[A]' - local Anycast Switch-id
Total Switch-ids: 2
===========================================================================
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED/
ANYCAST
--------------+----------------+------------+-----------+------------------
* 7P 64a0.e743.03c2 Primary Confirmed Yes No
7Q 64a0.e742.6e42 Primary Confirmed Yes No
Note Do not continue to the next step until you see your peer pod switch ID also listed in the
output of the show fabricpath switch-id command.
Step 10 Use the show fabricpath isis adjacency command to verify that Cisco
FabricPath IS-IS adjacencies have been formed on the F1 interface between your
VDC and your peer pod VDC.
N7K-Y-podP(config-if)# show fabricp isis ad
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
N7K-X-PodQ N/A 1 UP 00:00:29 Ethernet7/D
Step 11 Why you don’t see the adjacency with the Nexus 5600 switch?
Step 12 From your Cisco Nexus 5600 Platform switch, ping 172.16.10.5Q, the IP
address of your peer pod Cisco Nexus 5600 Platform switch, where Q is your
peer pod number, in order to confirm IP connectivity between the two pods.
Determine if the ping was successful and why.
N5K-P# ping 172.16.10.5Q

Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

Step 13 Connect to your VDC on the Cisco Nexus 7000 switch. Examine the Cisco
FabricPath routing table.
N7K-Y-podP# show fabricpath route
FabricPath Unicast Route Table
'a/b/c' denotes ftag/switch-id/subswitch-id
'[x/y]' denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id
FabricPath Unicast Route Table for Topology-Default
0/7P/0, number of next-hops: 0

via ---- , [60/0], 0 day/s 01:18:36, local
via sup-eth1, [81/0], 0 day/s 01:18:36, fpoam
1/7Q/0, number of next-hops: 1
via Eth7/D, [115/10], 0 day/s 01:13:46, isis_fabricpath-default
Note The Cisco FabricPath routing table does not list any remote switches until at least one
Cisco FabricPath VLAN has been configured.
Step 14 Convert VLAN 10 to a Cisco FabricPath VLAN on both VDC on the Cisco
Nexus 7000 switch.
N7K-Y-podP(config)# vlan 10
N7K-Y-podP(config-vlan)# mode fabricpath
N7K-Y-podP(config-vlan)# exit
Step 15 Configure each Cisco Nexus 7000 switch to be the root bridge for your VLAN.
N7K-Y-podP(config)# spanning-tree mst 0-4094 root primary
Step 16 Reexamine the Cisco FabricPath routing table.
N7K-Y-PodP(config-if-range)# show fabricpath route
FabricPath Unicast Route Table
'a/b/c' denotes ftag/switch-id/subswitch-id
'[x/y]' denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id
FabricPath Unicast Route Table for Topology-Default

via ---- , [60/0], 0 day/s 00:02:42, local
via sup-eth1, [81/0], 0 day/s 00:02:42, fpoam
1/7Q/0, number of next-hops: 2
via Eth7/D, [115/10], 0 day/s 00:01:08, isis_fabricpath-default
Step 17 From your Cisco Nexus 5600 Platform switch, ping 172.16.10.5Q, the IP
address of your peer pod Cisco Nexus 5600 Platform switch, where Q is your
peer pod number, in order to confirm IP connectivity between the two pods.
Determine if the ping was successful and why.
N5K-P# ping 172.16.10.5Q


Step 18 Examine the spanning-tree topology for VLAN 10.

MST0002
Address c84c.75fa.6000
This bridge is the root

Address c84c.75fa.6000

---------------- ---- --- --------- -------- ------------------------------
Eth7/X Desg FWD 500 128.897 Network P2p
Step 19 Examine the MAC address table for VLAN 10 on your VDC.
N7K-Y-podP(config)# show mac address-table
Note: MAC table entries displayed are getting read from software.
Use the 'hardware-age' keyword to get information related to 'Age'
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
E - EVPN entry
(T) - True, (F) - False , ~~~ - use 'hardware-age' keyword to
retrieve age info
VLAN/BD MAC Address Type age Secure NTFY
Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+----------------
G - 64a0.e743.03c2 static - F F sup-eth1(R)
* 1 000a.f71d.e3d0 dynamic ~~~ F F Eth7/X
* 1 000a.f71d.e3d1 dynamic ~~~ F F Eth7/X
* 1 000a.f71d.edc2 dynamic ~~~ F F Eth7/X
* 1 000a.f71d.edc3 dynamic ~~~ F F Eth7/X
10 8c60.4f18.9bbc dynamic ~~~ F F 7Q.0.4
* 10 8c60.4f22.ad7c dynamic ~~~ F F Eth7/X
Note Do not proceed to the next task until you succeed in pinging the peer pod Cisco Nexus
5600 Platform switch VLAN 10 IP address. Troubleshoot together with your peer as
necessary.
 You have implemented Cisco FabricPath on your Cisco Nexus 7000 Series switch
VDC and Nexus 5600 Platform switch.
 You have established a Cisco FabricPath cloud with your peer pod.
 You have verified IP connectivity between your Cisco Nexus 5600 Platform switch and
your peer pod Nexus 5600 Platform switch in VLAN across the Cisco FabricPath
cloud.
 You have verified that spanning-tree protocol is not active for VLAN10.
Lab 2-4: Configure Layer 3 Switching
Activity Objective
In this activity, you will configure Layer 3 switching features between your Cisco Nexus
7000 Series switch VDC and your peer pod Cisco Nexus 7000 Series switch VDC switch.
After completing this activity, you will be able to meet these objectives:
 Configure RIP and verify the configuration
 Configure VRF instances with static routing and verify the configuration
 Configure VRF instances with OSPFv2 and verify the configuration
 Configure VRF instances with EIGRP and verify the configuration
Visual Objective
Job Aids
Required Resources
Command List
Command Description
feature interface-vlan Enables the interface-vlan feature, which allows the creation
of switched virtual interfaces (SVI)
ip address Configures an IP address and prefix on an interface

<address>/<prefix>
feature rip Enables the Routing Information Protocol (RIP) feature
show license usage Displays the license usage in a VDC
ip router rip <tag> Activates a RIP process on an interface
show ip route Displays the IP routing table
show ip rip Displays basic parameters for a RIP process
router rip <tag> Starts a RIP routing process
show vrf Lists the virtual routing and forwarding (VRFs) that are
present in a VDC
show vrf detail Displays details for the VRFs in a VDC
show vrf <vrf> interface Lists the interfaces that are associated with a VRF
vrf member <vrf> Associates an interface with a VRF
vrf context <vrf> Creates a new VRF context
ip route <subnet>/<prefix> Creates a static route to a subnet using a specified next-hop

<next-hop> router
show ip route vrf <vrf> Displays the IP routing table for a VRF
routing-context vrf <vrf> Sets the scope for routing-related commands to a specific
VRF
feature ospf Enables the Open Shortest Path First (OSPF) feature
ip router ospf <tag> area Enables an OSPF process on an interface for a specific
<area> area
show ip ospf Displays basic parameters for an OSPF process
router ospf <tag> Starts an OSPF routing process
show ip ospf vrf <vrf> Displays basic parameters for an OSPF process in a VRF
show ip ospf neighbors vrf Displays the list of OSPF neighbors for a VRF
<vrf>
show ip ospf database vrf Lists the content of the OSPF database for a VRF
<vrf>
router-id <id> Sets the router ID for an OSPF process
vrf <vrf> Enters VRF configuration mode under a routing process
show ip ospf interface Displays OSPF interface parameters

<intf>
auto-cost reference- Changes the OSPF auto-cost reference bandwidth
bandwidth <bw> <unit>
show ip ospf interface Displays an overview of the interfaces that are enabled for
brief OSPF
feature eigrp Enables the Enhanced Interior Gateway Routing Protocol

(EIGRP) feature
router eigrp <tag> Starts an EIGRP routing process
ip router eigrp <tag> Activates an EIGRP routing process on an interface
show ip eigrp Displays basic EIGRP parameters
autonomous-system <as-nr> Sets the autonomous system (AS) number for EIGRP in a
VRF
show ip eigrp neighbors Displays the list of EIGRP neighbors
Task 1: Establish “default” VRF Connectivity between your
Cisco Nexus 7000 Series Switch VDC and Your Peer Pod
Cisco Nexus 7000 Series Switch
In this task, you will configure IP connections between your VDC and your peer pod VDC
Activity Procedure
Step 2 Change VLAN 10 back to Classic Ethernet (CE) mode, remove the entire Cisco
FabricPath configuration
N7K-Y-podP(config-vlan)# mode ce
N7K-Y-podP(config)# no feature-set fabricpath
Feature-set Operation may take up to 95 minutes depending on the size of
configuration.
Step 3 Enable the VLAN 10 SVI and change the IP address to 172.16.10.7P/24.
N7K-Y-podP(config)# feature interface-vlan
N7K-Y-podP(config)# interface vlan 10
N7K-Y-podP(config-if)# no ip address
Enabling IP Redirects on Vlan10
N7K-Y-podP(config-if)# ip address 172.16.10.7P/24
N7K-Y-podP(config-if)# no shutdown
Caution Do not skip over the “no ip address” which also removes the secondary IP
address.
Step 4 Configure the interfaces to your peer pod Cisco Nexus 7000 Series switch VDC
as a trunk and activate them.

N7K-Y-podP(config-if)# switchport mode trunk
Step 5 Verify that the interface on your Cisco Nexus 7000 Series switch VDC that leads
to your Cisco Nexus 5600 Platform switch as a trunk.
N7K-Y-podP(config-if)# show int status
---------------------------------------------------------------------------
Port Name Status Vlan Duplex Speed Type
---------------------------------------------------------------------------
mgmt0 -- connected routed full a-1000 --
Eth7/A To N5K-P connected trunk full 40G QSFP-40G-AO
Eth7/B To N5K-Q disabled trunk auto auto QSFP-40G-AO
Eth7/C To N7K-Q disabled 1 auto auto QSFP-40G-AO
Eth7/D To N7K-Q connected trunk full 40G QSFP-40G-AO
Vlan1 -- down routed auto auto --
Vlan10 -- connected routed auto auto --
Step 6 Check IP connectivity between your Cisco Nexus 7000 Series switch VDC and
your Cisco Nexus 5600 Platform switch, your peer pod N7K VCD and your Peer
Pod N5K.
N7K-Y-podP(config-if)# ping 172.16.10.5Q

36 bytes from 172.16.10.7P: Destination Host Unreachable
Request 0 timed out

N7K-Y-podP(config-if)# ping 172.16.10.5P

PING 172.16.10.5P (172.16.10.5P): 56 data bytes
Request 0 timed out
64 bytes from 172.16.10.5P: icmp_seq=1 ttl=254 time=20.052 ms
--- 172.16.10.5P ping statistics ---

N7K-Y-podP(config-if)# ping 172.16.10.7Q

Request 0 timed out

Note Do not proceed until you have confirmed IP connectivity on VLAN 10.
Step 7 Enable the RIP feature on both the Cisco Nexus 7000 Series switch VDC.
N7K-Y-podP(config)# feature rip
Step 8 Configure loopback interface 10 on your Cisco Nexus 7000 Series switch VDC.
Assign address 192.168.10.7P/32—where P is your assigned pod number—and
enable RIP on it.
N7K-Y-podP(config)# interface loopback 10
N7K-Y-podP(config-if)# ip router rip MYRIP
Step 9 Enable RIP on interface VLAN 10 as well.
N7K-Y-podP(config-if)# interface vlan 10
N7K-Y-podP(config-if)# ip router rip MYRIP
Step 10 Configure a default gateway on your Cisco Nexus 5600 Platform switch using
your N7K IP address in VLAN 10.
N5K-P(config)# ip route 0.0.0.0/0 172.16.10.7P
N5K-P(config)#
Step 11 Examine your routing table to determine if you received routes via the RIP
protocol.
N7K-Y-podP(config)# show ip route
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.10.0/24, ubest/mbest: 2/0, attached
*via 172.16.10.7, Vlan10, [0/0], 00:13:11, direct
172.16.10.7P/32, ubest/mbest: 1/0, attached

*via 172.16.10.7P, Vlan10, [0/0], 00:13:11, local
*via 192.168.10.7P, Lo10, [0/0], 00:06:41, local
*via 192.168.10.7P, Lo10, [0/0], 00:06:41, direct
N7K-Y-podP(config)#
N7K-Y-podP(config-if)# show ip route rip-MYRIP

Could not resolve "rip-MYRIP"

Step 12 Examine the RIP process.

N7K-Y-podP# show ip rip
Note: process currently not running
Step 13 Enable the RIP process by using the appropriate process tag on the Cisco Nexus
7000 Series switch VDC.
N7K-Y-podP(config)# router rip MYRIP
Step 14 Examine your routing table again.

N7K-Y-podP(config-router)# show ip route rip-MYRIP
192.168.10.7Q/32, ubest/mbest: 1/0

*via 172.16.10.7Q, Vlan10, [120/2], 00:00:02, rip-MYRIP, rip
N7K-Y-podP(config-router)#
Note You can use <TAB> to complete routing protocol names 
Step 15 Ping Cisco Nexus 7000 Series switch VDC loopback 10 IP addresses
192.168.10.7P by using your Cisco Nexus 700 VDC using your loopback
address as the source address
N7K-Y-podP# ping 192.168.10.7Q source 192.168.10.7P
PING 192.168.10.7Q (192.168.10.7Q) from 192.168.10.7P: 56 data bytes
Request 0 timed out

N7K-Y-podP#
Step 16 PING 192.168.1 Ping Cisco Nexus 7000 Series switch VDC loopback 10 IP
addresses 192.168.10.P1 by using the Cisco Nexus 5600 Platform
N5K-P(config)# ping 192.168.10.7P
PING 192.168.10.7P (192.168.10.7P): 56 data bytes
Request 0 timed out
--- 192.168.10.7P ping statistics ---

N5K-P(config)#
N5K-P(config)# ping 192.168.10.7Q

Request 0 timed out

N5K-P(config)#
 You have enabled Layer 3 connectivity over the trunk.
 You have configured RIP on your Cisco Nexus 7000 Series switch.
 You have verified that RIP is exchanging routing information.
 You have a working ping between loopback 10 interfaces.
Task 2: Static Routing

In this task, you will configure static routing within one of the VRFs.
Activity Procedure
Step 1 On your Cisco Nexus 7000 Series switch VDC, configure a VRF named
STATIC-VRF. Then create a loopback 11 interface. Assign it to the just-created
VRF and configure IP address 192.168.11.7P/32, where P is your assigned pod
number.
N7K-Y-podP(config)# vrf context STATIC-VRF
N7K-Y-podP(config-vrf)# interface loopback 11
N7K-Y-podP(config-if)# vrf member STATIC-VRF
Warning: Deleted all L3 config on interface loopback0
Note You can use <TAB> to complete VRF names 
Step 2 Examine the routing table for VRF STATIC-VRF.

N7K-Y-podP(config-if)# show ip route vrf all

*via 172.16.10.7P, Vlan10, [0/0], 00:20:03, direct
*via 172.16.10.7P, Vlan10, [0/0], 00:20:03, local
*via 192.168.10.7P, Lo10, [0/0], 00:15:13, local
*via 192.168.10.7P, Lo10, [0/0], 00:15:13, direct
IP Route Table for VRF "management"
0.0.0.0/0, ubest/mbest: 1/0

*via 192.168.0.1, [1/0], 02:38:15, static
*via 192.168.0.20P, mgmt0, [0/0], 02:38:15, direct
*via 192.168.0.20P, mgmt0, [0/0], 02:38:15, local
IP Route Table for VRF "STATIC-VRF"


*via 192.168.11.7P, Lo11, [0/0], 00:00:10, local
*via 192.168.11.7P, Lo11, [0/0], 00:00:10, direct
Step 3 Create VLAN 11 and a SVI for VLAN with the IP address 172.16.11.7P/24,
where P is your assigned pod number. Assign VLAN 11 interface to the VRF
STATIC-VRF.
N7K-Y-podP(config-if)# vrf member STATIC-VRF
% Deleted all L3 config on interface Vlan11
Step 4 On Cisco Nexus 7000 Series switch VDC, configure a static route for VRF
VRF-STATIC that points to the loopback 0 interface on Peer Pod Nexus 7000
VDC.
N7K-Y-podP(config)# vrf context STATIC-VRF
N7K-Y-podP(config-vrf)# ip route 192.168.11.7Q/32 172.16.11.7Q
Step 5 Examine the routing table.
N7K-Y-podP(config-vrf)# show ip route vrf STATIC-VRF
IP Route Table for VRF "STATIC-VRF"

*via 172.16.11.7P, Vlan11, [0/0], 00:00:52, direct
*via 172.16.11.7P, Vlan11, [0/0], 00:00:52, local
*via 192.168.11.7P, Lo11, [0/0], 00:02:34, local
*via 192.168.11.7P, Lo11, [0/0], 00:02:34, direct
192.168.11.7Q/32, ubest/mbest: 1/0
*via 172.16.11.7Q, [1/0], 00:00:06, static
N7K-Y-podP(config-vrf)#
Note If you do not specify the VRF, the default VRF is used for all IP routing-related
commands.
Step 6 Ping the IP address of the Loopback11 address on the peer pod Cisco Nexus
7000 Series switch VDC – DO NOT forget to specify the VRF!
N7K-Y-podP(config)# ping 192.168.11.7Q vrf STATIC-VRF source
192.168.11.7P

N7K-Y-podP(config)#
Step 7 Set the scope of all Cisco NX-OS IP routing-related commands to use the VRF
STATIC-VRF for your current session.
N7K-Y-podP(config)# routing-context vrf STATIC-VRF
N7K-Y-podP%STATIC-VRF(config)#
Step 8 Ping the IP address of the loopback 11 address on the peer pod Cisco Nexus
7000 Series switch VDC WITHOUT specifying the VRF!
N7K-Y-podP%STATIC-VRF(config)# ping 192.168.11.7Q source 192.168.11.7P
64 bytes from 192.168.11.7Q: icmp_seq=1 ttl=254 time=1 ms

round-trip min/avg/max = 1/1.055/1.256 ms
N7K-Y-podP%STATIC-VRF(config)#
Step 9 Reset the command scope to the default VRF.

N7K-Y-podP%STATIC-VRF(config)# routing-context vrf default
N7K-Y-podP(config-vrf)#
 You have verified IP connectivity between the loopback IP addresses within the
STATIC-VRF.
Task 3: OSPFv2
In this task, you will configure OSPF routing within one of your VRFs.
Activity Procedure
Step 1 On your Cisco Nexus 7000 Series switch VDC, configure VLAN 12.
Step 2 Configure a VRF context named OSPF-VRF.
N7K-Y-podP(config)# vrf context OSPF-VRF
Step 3 Configure interface VLAN12, place it in OSPF-VRF, and assign IP address
172.16.12.7P/24, where P is your pod number.
N7K-Y-podP(config-if)# vrf member OSPF-VRF
Warning: Deleted all L3 config on interface Vlan12
Step 4 Configure loopback interface 12, assign it to VRF OSPF-VRF, and assign the
IP address 192.168.12.7P/32, where P is your assigned pod number.
N7K-Y-podP(config-if)# vrf member OSPF-VRF
Step 5 Check your interface state
N7K-Y-PodP(config-if)# show ip int brief vrf OSPF-VRF
IP Interface Status for VRF "OSPF-VRF"(4)
Interface IP Address Interface Status
Vlan12 172.16.12.7P protocol-up/link-up/admin-up
Lo12 192.168.12.7P protocol-up/link-up/admin-up
N7K-Y-PodP(config-if)#
Step 6 Enable the OSPF feature.

N7K-Y-podP(config)# feature ospf
Step 7 Verify the license usage on your Cisco Nexus 7000 Series switch VDC.
N7K-Y-PodP(config)# show license usage
Count
---------------------------------------------------------------------------
LAN_ENTERPRISE_SERVICES_PKG Yes - In use never -
---------------------------------------------------------------------------
--
N7K-Y-PodP(config)#
Step 8 Verify which feature will cause the LAN_ENTERPRISE_SERVICES_PKG to

be used.
N7K-Y-podP# show license usage LAN_ENTERPRISE_SERVICES_PKG
Application Vdc
---------------------------------------------------------------------------
ospf podP
---------------------------------------------------------------------------
Step 9 Configure the OSPF process with the process ID MYOSPF.
N7K-Y-podP(config)# router ospf MYOSPF
Step 10 Configure OSPF in area 0 on interface VLAN12 with the process ID MYOSPF.
N7K-Y-podP(config-if)# ip router ospf MYOSPF area 0
Step 11 Configure OSPF in area P on interface loopback 12, where P is your assigned
pod number and the process ID is MYOSPF.
N7K-Y-podP(config-if)# ip router ospf MYOSPF area P
Step 12 Examine the OSPF process.
N7K-Y-PodP(config-if)# show ip ospf vrf OSPF-VRF
Routing Process MYOSPF with ID 192.168.12.7P VRF OSPF-VRF

Routing Process Instance Number 1
Stateful High Availability enabled
Graceful-restart is configured
Grace period: 60 state: Inactive
Last graceful restart exit status: None
Supports only single TOS(TOS0) routes
Supports opaque LSA
This router is an area border
Administrative distance 10P
Reference Bandwidth is 40000 Mbps
SPF throttling delay time of 200.000 msecs,
SPF throttling hold time of 1000.000 msecs,
SPF throttling maximum wait time of 5000.000 msecs
LSA throttling start time of 0.000 msecs,
LSA throttling hold interval of 5000.000 msecs,
LSA throttling maximum wait time of 5000.000 msecs
Minimum LSA arrival 1000.000 msec
LSA group pacing timer 10 secs
Maximum paths to destination 8
Number of external LSAs 0, checksum sum 0
Number of opaque AS LSAs 0, checksum sum 0
Number of areas is 2, 2 normal, 0 stub, 0 nssa
Number of active areas is 2, 2 normal, 0 stub, 0 nssa
Install discard route for summarized external routes.
Install discard route for summarized internal routes.
Area BACKBONE(0.0.0.0)
Area has existed for 00:01:17
Interfaces in this area: 1 Active interfaces: 1
Passive interfaces: 0 Loopback interfaces: 0
No authentication available
SPF calculation has run 4 times
Last SPF ran for 0.000142s
Area ranges are
Number of LSAs: 5, checksum sum 0x21bcc
Area (0.0.0.P) (Inactive)
Area has existed for 00:00:59
Interfaces in this area: 1 Active interfaces: 1
Passive interfaces: 0 Loopback interfaces: 1
No authentication available
SPF calculation has run 3 times
Last SPF ran for 0.000044s
Area ranges are
Number of LSAs: 3, checksum sum 0x25f1c
Note Make sure that you specify the correct VRF. Otherwise, the default VRF information will
be presented.
Step 13 Check the routing table

N7K-Y-PodP(config-if)# show ip route vrf OSPF-VRF ospf-MYOSPF
IP Route Table for VRF "OSPF-VRF"
192.168.12.7P/32, ubest/mbest: 1/0

*via 172.16.12.7P, Vlan12, [10P/41], 00:01:27, ospf-MYOSPF, inter
Step 14 Ping the loopback 12 on your peer pod Cisco Nexus 7000 Series switch VDC.
As a source, use loopback 12 on your Cisco Nexus 7000 Series switch VDC.
N7K-Y-podP# ping 192.168.12.7Q source 192.168.12.7P vrf OSPF-VRF

Step 15 Examine the OSPF database.
N7K-Y-podP# show ip ospf database
OSPF Router with ID (192.168.10.7P) (Process ID MYOSPF VRF default)
Step 16 Examine the OSPF database for VRF OSPF-VRF.

N7K-Y-PodP(config-if)# show ip ospf database vrf OSPF-VRF
OSPF Router with ID (192.168.12.72) (Process ID MYOSPF VRF OSPF-
VRF)
Router Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# Checksum Link Count

192.168.12.7P 192.168.12.7P 118 0x80000004 0xa7e5 1
192.168.12.7Q 192.168.12.7Q 117 0x80000004 0xa5e4 1
Network Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# Checksum

172.16.12.7Q 192.168.12.7Q 117 0x80000002 0x0d03
Summary Network Link States (Area 0.0.0.0)

192.168.12.7P 192.168.12.7P 147 0x80000002 0x6879
192.168.12.7Q 192.168.12.7Q 138 0x80000002 0x5887
Router Link States (Area 0.0.0.2)
Link ID ADV Router Age Seq# Checksum Link Count

192.168.12.7Q 192.168.12.7Q 139 0x80000002 0x8c8a 1
Summary Network Link States (Area 0.0.0.2)

172.16.12.0 192.168.12.7Q 138 0x80000002 0xdece
192.168.12.7P 192.168.12.7Q 111 0x80000002 0xf3c4
 You have examined the OSPF topology information.
 You have verified IP connectivity within the OSPF-VRF.
Task 4: EIGRP
In this task, you will configure EIGRP routing within one of the VRFs.
Activity Procedure
Step 1 On your Cisco Nexus 7000 Series switch VDC, configure VLAN 13.
Step 2 Configure a VRF context named EIGRP-VRF.
N7K-Y-podP(config)# vrf context EIGRP-VRF
Step 3 Configure interface VLAN13, place it in EIGRP-VRF, and assign the IP
address 172.16.13.7P/24, where P is your pod number.
N7K-Y-podP(config-if)# vrf member EIGRP-VRF
Warning: Deleted all L3 config on interface Vlan13
Step 4 Configure loopback interface 13, assign it to VRF EIGRP-VRF, and assign IP
address 192.168.13.7P/32, where P is your assigned pod number.
N7K-Y-podP(config-if)# vrf member EIGRP-VRF
Step 5 Enable the EIGRP feature.
N7K-Y-podP(config)# feature eigrp
Step 6 Verify which feature will cause the LAN_ENTERPRISE_SERVICES_PKG to
be used.
N7K-Y-podP# show license usage LAN_ENTERPRISE_SERVICES_PKG
Application Vdc
---------------------------------------------------------------------------
ospf podP
eigrp podP
---------------------------------------------------------------------------
Step 7 Set the scope of all Cisco NX-OS IP routing-related commands to use the VRF
EIGRP-VRF for your current session.
N7K-Y-podP(config)# routing-context vrf EIGRP-VRF
N7K-Y-podP%EIGRP-VRF(config)#
Step 8 Check interface state
N7K-Y-podP%EIGRP-VRF(config)# show ip int brief
IP Interface Status for VRF "EIGRP-VRF"(6)
Interface IP Address Interface Status
Vlan13 172.16.13.7P protocol-up/link-up/admin-up
Lo13 192.168.13.7P protocol-up/link-up/admin-up
N7K-Y-podP%EIGRP-VRF(config)#
Step 9 Configure an EIGRP process with the process tag MYEIGRP.

N7K-Y-podP%EIGRP-VRF(config)# router eigrp MYEIGRP
Step 10 Activate EIGRP on interface VLAN13.
N7K-Y-podP%EIGRP-VRF(config)# interface vlan 13
N7K-Y-podP%EIGRP-VRF(config-if)# ip router eigrp MYEIGRP
Step 11 Activate EIGRP on interface loopback 13.

N7K-Y-podP%EIGRP-VRF(config-if)# interface loopback 13
N7K-Y-podP%EIGRP-VRF(config-if)# ip router eigrp MYEIGRP
Step 12 Examine the EIGRP process.
N7K-Y-podP%EIGRP-VRF(config-if)# show ip eigrp
IP-EIGRP AS 0 ID 172.16.10.72 VRF default
Process-tag: MYEIGRP
Instance Number: 1
Status: shutdown
Authentication mode: none
Authentication key-chain: none
Metric weights: K1=1 K2=0 K3=1 K4=0 K5=0
IP proto: 88 Multicast group: 224.0.0.10
Int distance: 90 Ext distance: 170
Max paths: 8
Number of EIGRP interfaces: 0 (0 loopbacks)
Number of EIGRP passive interfaces: 0
Number of EIGRP peers: 0
Graceful-Restart: Enabled
Stub-Routing: Disabled
NSF converge time limit/expiries: 120/0
NSF route-hold time limit/expiries: 240/0
NSF signal time limit/expiries: 20/0
Redistributed max-prefix: Disabled
Step 13 Determine why the EIGRP process shut down.
Step 14 Configure EIGRP autonomous system number 35 for the VRF EIGRP-VRF.
N7K-Y-podP%EIGRP-VRF(config)# router eigrp MYEIGRP
N7K-Y-podP%EIGRP-VRF(config-router)# vrf EIGRP-VRF
N7K-Y-podP%EIGRP-VRF(config-router-vrf)# autonomous-system 35
Step 15 Examine the EIGRP process once again.
N7K-Y-podP%EIGRP-VRF(config-router-vrf)# show ip eigrp
IP-EIGRP AS 35 ID 192.168.13.7P VRF EIGRP-VRF
Process-tag: MYEIGRP
Instance Number: 1
Status: running
Authentication mode: none
Authentication key-chain: none
Metric weights: K1=1 K2=0 K3=1 K4=0 K5=0
IP proto: 88 Multicast group: 224.0.0.10
Int distance: 90 Ext distance: 170
Max paths: 8
Number of EIGRP interfaces: 2 (1 loopbacks)
Number of EIGRP passive interfaces: 0
Number of EIGRP peers: 1
Graceful-Restart: Enabled
Stub-Routing: Disabled
NSF converge time limit/expiries: 120/0
NSF route-hold time limit/expiries: 240/0
NSF signal time limit/expiries: 20/0
Redistributed max-prefix: Disabled
N7K-Y-podP%EIGRP-VRF(config-router-vrf)#
Step 16 Verify that an EIGRP adjacency has been established between your Cisco Nexus
7000 Series switch VDC and your peer pod Cisco Nexus 7000 Series switch
VDC.
N7K-Y-podP%EIGRP-VRF(config-router-vrf)# show ip eigrp neighbors
IP-EIGRP neighbors for process 35 VRF EIGRP-VRF
H Address Interface Hold Uptime SRTT RTO Q
Seq
(sec) (ms) Cnt
Num
0 172.16.13.7Q Vlan13 12 00:01:59 6 50 0 4
Step 17 Examine the routing table for VRF EIGRP-VRF.

N7K-Y-podP%EIGRP-VRF(config-router-vrf)# show ip route
IP Route Table for VRF "EIGRP-VRF"

*via 172.16.13.7P, Vlan13, [0/0], 00:07:21, direct
*via 172.16.13.7P, Vlan13, [0/0], 00:07:21, local
*via 192.168.13.7P, Lo13, [0/0], 00:06:32, local
*via 192.168.13.7P, Lo13, [0/0], 00:06:32, direct
192.168.13.7Q/32, ubest/mbest: 1/0
*via 172.16.13.7Q, Vlan13, [90/130816], 00:02:13, eigrp-MYEIGRP,
internal
Step 18 Reset the command scope on both the Cisco Nexus 7000 Series switch VDC and
the Cisco Nexus 5600 Platform switch to the default VRF.
N7K-Y-podP%EIGRP-VRF(config-router-vrf))# routing-context vrf default
N7K-Y-podP(config-router-vrf))#
 You have examined the EIGRP topology information.
 You have verified IP connectivity within the EIGRP-VRF.
Lab 3-1: Configure OTV
Activity Objective
In this activity, you will configure OTV between your Cisco Nexus 7000 Series switch
VDC and your peer Cisco Nexus 7000 Series switch VDC. After completing this activity,
you will be able to meet these objectives:
 Configure a Cisco Nexus 7000 Series switch to support OTV
 Verify the OTV operation
Visual Objective
Job Aids
Required Resources
Command List
Command Description
feature interface-vlan Enables the interface-vlan feature, which allows SVIs to be

created
show license usage Displays the license usage in a VDC
feature otv Enables the Overlay Transport Virtualization (OTV) feature
otv site-vlan <vlan> Defines the OTV site VLAN
ip igmp version <version> Configures the Internet Group Management Protocol (IGMP)
version
interface overlay <nr> Creates an OTV overlay
otv join-interface <intf> Defines the OTV join interface for an overlay
otv control-group Defines the OTV control multicast group for an overlay
<multicast-group>
otv data-group <multicast- Defines the range of multicast groups to be used for
group-range> multicast forwarding on an overlay
otv extend-vlan <vlan- Defines the range of VLANs that are extended across an
range> overlay
show otv overlay <nr> Displays basic parameters and status information for an
OTV overlay
show otv adjacency Displays the list of OTV adjacencies on a VDC
show otv route Displays the OTV MAC routing table
show otv arp-nd-cache Displays the content of the OTV Address Resolution
Protocol (ARP) and neighbor discovery (ND) cache
show spanning-tree vlan Displays the spanning-tree state for a VLAN

<vlan>
Task 1: Configuring Basic OTV
During this task, you will configure OTV on the Cisco Nexus 7000 Series switch VDC in
your pod.
Activity Procedure
Step 2 Restore the configuration from Lab2-1.
N7K-Y-podP# rollback running-config file bootflash:/DCUFX/MST atomic
Verification is Sucessful.

Step 3 Connect to your assigned Cisco Nexus 5600 Platform switch.
N5K-P# rollback running-config file bootflash:/DCUFX/MST atomic
Step 5 Use CDP on your Nexus 7000 VDC to validate your only active connections are
the link to YOUR N5K and ONE LINK to the PEER POD N7K VDC.
N7K-Y-podP# show cdp neighbors


N5K-P(FOC1843R54E)
Eth7/P 164 R S I s N5K-C5672UP Eth2/1
N5K-Q(FOC1841R063)
Eth7/Q 176 R S I s N5K-C5672UP Eth2/2
N7K-X-PodQ(JAF1540BLJK)
Eth7/X 147 R S I s N7K-C7010 Eth7/X
Total entries displayed: 2

N7K-Y-podP#
Step 6 Shutdown the interfaces connecting to your peer pod N5K switch (P is your Pod
number, Q is your peer Pod number).
Pod Peer Pod N5K Connection
Pod P Ethernet 7/Q
N7K-Y-podP# configure
N7K-Y-podP(config)# interface Eth7/Q
Step 7 Ping the IP address of your peer pod, 172.16.10.5Q— where Q is your peer pod
number, to confirm IP connectivity between the two pods.
N5K-P# ping 172.16.10.5Q
Request 0 timed out

Note Do not proceed to the next step until you succeed in pinging the peer pod Cisco Nexus
5600 Platform switch VLAN10 IP address. Troubleshoot together with your peer pod
partner as necessary.
Step 8 Change the interface on your Cisco Nexus 7000 Series switch VDC that
connects to your peer Cisco Nexus 7000 Series switch VDC to a routed port.
N7K-Y-podP(config)# interface ethernet 7/D

N7K-Y-podP(config-if)# no switchport
Step 9 Configure IP address 10.7.7.P/24—where P is your pod number—on the routed
interface that connects to your peer Cisco Nexus 7000 Series switch VDC.
N7K-Y-podP(config-if)# ip address 10.7.7.P/24
Step 10 Ping the IP address of your peer pod, 10.7.7.Q—where Q is your peer pod
number—to confirm IP connectivity between the VDCs.
N7K-Y-podP# ping 10.7.7.Q
PING 10.7.7.Q (10.7.7.Q): 56 data bytes
64 bytes from 10.7.7.Q: icmp_seq=0 ttl=254 time=1.18 ms
--- 10.7.7.Q ping statistics ---

Note This interface will be used as the OTV join interface. Do not proceed to the next step
until you have verified IP connectivity between the VDCs for this link.
Step 11 Switch to your Cisco Nexus 5600 Platform switch.

Step 12 Verify that you can no longer ping from your Cisco Nexus 5600 Platform switch
to your peer pod Cisco Nexus 5600 Platform switch on VLAN 10.
N5K-P# ping 172.16.10.5Q
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

Step 13 Determine why you cannot ping between the Cisco Nexus 5600 Platform
switches any longer.
Note Verify that you have shut down the trunk from your Cisco Nexus 7000 Series switch
VDC to your peer pod Cisco Nexus 5600 Platform switch if you can still ping to the peer
Cisco Nexus 5600 Platform switch. You should not be able to ping between the Cisco
Nexus 5600 Platform switches in your pod and peer pod until OTV has been configured
to extend VLAN 10 between the pods.
Step 14 Examine the license usage on your Cisco Nexus 7000 Series switch VDC.
N7K-Y-podP(config-if)# show license usage
Count
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Step 15 Enable the OTV feature.

N7K-Y-podP(config)# feature otv
Step 16 Examine the license usage again.
N7K-Y-podP(config)# show license usage
Count
---------------------------------------------------------------------------
TRANSPORT_SERVICES_PKG Yes - In use never -
---------------------------------------------------------------------------
N7K-Y-podP(config)#
Determine which license the OTV feature requires.
Step 17 Configure the OTV site identifier, where P is your pod number.
N7K-Y-podP(config)# otv site-identifier P.P.P
% Site Identifier mismatch between edge devices within the same site will
prevent OTV local site adjacencies from coming up
Step 18 Configure VLAN 13 as the OTV site VLAN.
N7K-Y-podP(config-vlan)# otv site-vlan 13
N7K-Y-podP(config-site-vlan)# exit
Step 19 Configure the OTV join interface to use IGMP Version 3.
N7K-Y-podP(config-if)# ip igmp version 3
Step 20 Increase the maximum transmission unit (MTU) on this interface to the
maximum of 9216 bytes.
N7K-Y-podP(config-if)# mtu 9216
Step 21 Create an OTV overlay interface 1. Configure it to use the interface that
connects your Cisco Nexus 7000 Series switch VDC to your peer pod VDC as
the join interface.
N7K-Y-podP(config)# interface overlay 1
N7K-Y-podP(config-if-overlay)# otv join-interface ethernet 7/D
OTV needs join interfaces to be configured for IGMP version 3
Note A warning about using IGMPv3 on the join interface is displayed, regardless of the
actual configuration of the join interface.
Step 22 Configure multicast group 239.7.7.7 as the OTV control multicast group.
N7K-Y-podP(config-if-overlay)# otv control-group 239.7.7.7
Step 23 Configure the multicast range 232.7.7.0/24 as the Source Specific Multicast
(SSM) group range for OTV multicast data.
N7K-Y-podP(config-if-overlay)# otv data-group 232.7.7.0/24
Step 24 Extend VLANs 10–12 across the overlay.
N7K-Y-podP(config-if-overlay)# otv extend-vlan 10-12
Step 25 Examine the overlay interface.
N7K-Y-PodP(config-if-overlay)# show otv overlay 1
OTV Overlay Information

Site Identifier 000P.000P.000P
Encapsulation-Format ip - gre
Overlay interface Overlay1
VPN name : Overlay1

VPN state : DOWN (admin down)
Extended vlans : 10-12 (Total:3)
Control group : 239.7.7.7
Data group range(s) : 232.7.7.0/24
Broadcast group : 239.7.7.7
Join interface(s) : Eth7/D (10.7.7.P)
Site vlan : 13 (up)
AED-Capable : No (Overlay is Down)
Capability : Multicast-Reachable
N7K-Y-PodP(config-if-overlay)#
Step 26 Enable the overlay interface.

N7K-Y-podP(config)# interface overlay 1
N7K-Y-podP(config-if-overlay)# no shutdown
Note You should wait at least 30 seconds for OTV to form adjacency.
Step 27 Examine the overlay interface again.

N7K-Y-PodP(config-if-overlay)# show otv overlay 1
OTV Overlay Information

Site Identifier 000P.000P.000P
Encapsulation-Format ip - gre
Overlay interface Overlay1
VPN name : Overlay1

VPN state : UP
Extended vlans : 10-12 (Total:3)
Control group : 239.7.7.7
Data group range(s) : 232.7.7.0/24
Broadcast group : 239.7.7.7
Join interface(s) : Eth7/D (10.7.7.P)
Site vlan : 13 (up)
AED-Capable : Yes
Capability : Multicast-Reachable
Step 28 Verify that your VDC has established an OTV adjacency with the VDC in your
peer pod.
N7K-Y-PodP(config-if-overlay)# show otv adjacency
Overlay Adjacency database
Overlay-Interface Overlay1 :
Hostname System-ID Dest Addr Up Time
State
N7K-X-podQ 64a0.e743.03c2 10.7.7.Q 00:06:23
UP
Step 29 Examine the OTV MAC routing table to see if any MAC addresses were
learned.
N7K-Y-PodP(config-if-overlay)# show otv route
Determine if you see any MAC addresses in the OTV MAC routing table.
Step 30 Switch to your Cisco Nexus 5600 Platform switch.

Step 31 Ping the IP address of your peer pod, 172.16.10.5Q—where Q is your peer pod
number—from your Cisco Nexus 5600 Platform switch.
N5K-P# ping 172.16.10.5Q
Request 0 timed out
Request 1 timed out

Note Do not proceed to the next step until you succeed in pinging the peer pod Cisco Nexus
5600 Platform switch VLAN10 IP address. Troubleshoot together with your peer pod
partner as necessary.
Step 32 Switch back to your Cisco Nexus 7000 Series switch VDC.
Step 33 Examine the OTV MAC routing table again.
N7K-Y-PodP(config-if-overlay)# show otv route
OTV Unicast MAC Routing Table For Overlay1
VLAN MAC-Address Metric Uptime Owner Next-hop(s)

---- -------------- ------ -------- --------- -----------
10 8c60.4f18.9bbc 1 00:01:58 site Ethernet7/X
10 8c60.4f22.ad7c 42 00:02:07 overlay N7K-X-podQ
Step 34 Examine the OTV ARP cache.

N7K-Y-PodP(config-if-overlay)# show otv arp-nd-cache
OTV ARP/ND L3->L2 Address Mapping Cache
Overlay Interface Overlay1

VLAN MAC Address Layer-3 Address Age Expires In
10 0005.73f6.7d01 172.16.10.5Q 00:02:09 00:05:50
Step 35 Examine the spanning-tree topology for VLAN 10.
N7K-Y-podP(config-if-overlay)# show spanning-tree vlan 10
MST0002
This bridge is the root


---------------- ---- --- --------- -------- ------------------------------
--
Eth7/1 Desg FWD 500 128.897 Network P2p
N7K-Y-podP(config-if-overlay)#
Step 36 Determine which bridge is the root of the spanning tree for VLAN 10.
Step 37 Ask your lab partners in the peer pod which bridge is listed as the root of the
spanning tree on their VDCs. Is it the same? If not, can you explain why?
 You have completed this task when you attain these results:
 You have removed the unnecessary configurations from the previous lab.
 You have successfully established an OTV adjacency between your Cisco Nexus 7000
Series switch VDC and your peer pod VDC.
 You have successfully extended VLAN 10 across the OTV overlay.
 You have examined OTV and spanning-tree operation.
Lab 3-2: Configure QoS
Activity Objective
In this activity, you will configure QoS features on a link between the Cisco Nexus 7000
Series switch VDC in your pod and Cisco Nexus 7000 Series switch VDC in your peer pod.
 Generate some traffic against which the QoS configuration can be tested
 Configure type QoS class maps and verify the configuration
 Configure type QoS policy maps and verify the configuration
 Configure type QoS service policies and verify that the configuration has been applied
to the correct traffic stream and is performing as expected
Visual Objective
Job Aids
Required Resources
Command List
Command Description
ip access-list <name> Defines an IP access list
statistics per-entry Enables the gathering of statistics for an access list
class-map type qos <name> Creates a class map of type QoS
match access-group name Matches packets that are permitted by an access list
<name>
show class-map type qos Displays the class maps of type QoS
match cos <cos> Matches packets with a specific class of service (CoS) value
show class-map <name> Displays all class maps on the switch
show running-config ipqos Shows the elements of the running configuration that are
related to QoS
policy-map type qos <name> Creates a policy map of type QoS
class type qos <name> Enters class configuration mode for a class within the policy
map
set qos-group <nr> Sets the internal QoS group marker
show policy-map type qos Displays all policy maps of type QoS on the switch
class-map type network-qos Creates a class map of type network-qos

<name>
match qos-group <nr> Matches packets with a specific QoS group value
policy-map type network- Creates a policy map of type network-qos

qos <name>
class type network-qos Enters class configuration mode for a class within the policy
<name> map
set cos <cos> Sets the CoS value
show policy-map type Displays all policy maps of type network-qos on the switch
network-qos
set dscp <dscp> Sets the differentiated services code point (DSCP) value
system qos Enters system QoS configuration
service-policy type qos Associates an ingress policy map of type QoS with an
input <name> interface
service-policy type Associates a policy map of type network QoS with the
network-qos <name> system QoS target
show policy-map system Displays the policy maps that are associated with the
system QoS target
show policy-map interface Displays the policy map of type QoS that is associated with
<intf> type qos an interface, including packet statistics for that interface
Task 1: Verify Baseline Connectivity
In this task, you will verify baseline connectivity between the Cisco Nexus 5600 Platform
switch and the Cisco 7000 Series switch VDC in your pod.
Activity Procedure
Step 2 Remove the OTV configuration from the previous lab.
N7K-Y-podP(config)# no feature otv
Step 3 Configure a VRF named QOS-VRF. Then create a loopback 10 interface.
Assign it to the just-created VRF and configure IP address 192.168.10.P1/32,
where P is your assigned pod number.
N7K-Y-podP(config)# vrf context QOS-VRF
N7K-Y-podP(config-if)# vrf member QOS-VRF
% Deleted all L3 config on interface loopback10
N7K-Y-podP(config-if)# ip address 192.168.10.P1/32
N7K-Y-podP(config-if)# no shut
Step 4 Create loopback 1 interface. Assign it to VRF QOS-VRF, and configure IP

address 192.168.1.P1/32, where P is your assigned pod number.
% Deleted all L3 config on interface loopback1
Step 5 Configure interface the Ethernet-Interface toward your peer pod and assign IP
address 172.16.10.P1/24, where P is your pod number. Assign it to the VRF
context you just created.

% Deleted all L3 config on interface Ethernet7/D
Step 6 Create a default route for VRF QOS-VRF over IP address 172.16.10.Q1, where
Q is your peer pod number.
N7K-Y-podP(config)# vrf context QOS-VRF
N7K-Y-podP(config-vrf)# ip route 0.0.0.0/0 172.16.10.Q1
N7K-Y-podP(config-vrf)# end
Step 7 Verify connectivity between the loopback 10 IP addresses on your pod and a
peer Cisco Nexus 7000 Series switch VDC.
N7K-Y-podP# ping 192.168.10.Q1
PING 192.168.10.Q1 (192.168.10.Q1): 56 data bytes
ping: sendto 192.168.10.Q1 64 chars, No route to host
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out
--- 192.168.10.Q1 ping statistics ---

Determine why this ping was not successful.
Step 8 Change your routing context so that you have your execute commands placed in
the correct VRF context.
N7K-Y-podP# routing-context vrf QOS-VRF
N7K-Y-podP%QOS-VRF# ping 192.168.10.Q1
PING 192.168.10.Q1 (192.168.10.Q1): 56 data bytes
64 bytes from 192.168.10.Q1: icmp_seq=0 ttl=254 time=1.038 ms
--- 192.168.10.Q1 ping statistics ---

Step 9 Verify connectivity between the loopback 1 IP addresses on your VDC and a
peer Cisco Nexus 7000 Series switch VDC. Use appropriate ping options to
source the traffic from the loopback 1 IP address.
Note Later, you will apply differentiated treatment to the two traffic flows between the different
loopback interfaces. Do not proceed with the lab until you have established connectivity.
 You have verified IP connectivity between the loopback 1 and loopback 10 IP
addresses on your VDC and a peer Cisco Nexus 7000 Series switch VDC.
Task 2: Class Maps

In this task, you will configure type QoS class maps and verify the configuration.
Activity Procedure
Step 1 On the Cisco Nexus 7000 Series switch VDC, configure two access lists:
 An ACL named ACL01, which permits ICMP traffic between Loopback 1
interfaces
 An ACL named ACL10, which permits ICMP traffic between Loopback 10
interfaces
N7K-Y-podP%QOS-VRF# conf
N7K-Y-podP%QOS-VRF(config)# ip access-list ACL01
N7K-Y-podP%QOS-VRF(config-acl)# permit icmp 192.168.1.0/24 192.168.1.0/24
N7K-Y-podP%QOS-VRF(config)# ip access-list ACL10
N7K-Y-podP%QOS-VRF(config-acl)# permit icmp 192.168.10.0/24 192.168.10.0/24
Step 2 Configure two class maps:
 A class map named CMAP01 that matches ACL01
 A class map named CMAP10 that matches ACL10
N7K-Y-podP%QOS-VRF(config)# class-map type qos CMAP01
N7K-Y-podP%QOS-VRF(config-cmap-qos)# match access-group name ACL01
N7K-Y-podP%QOS-VRF(config)# class-map type qos CMAP10
N7K-Y-podP%QOS-VRF(config-cmap-qos)# match access-group name ACL10
Step 3 Verify the class maps.
N7K-Y-podP%QOS-VRF(config-cmap-qos)# show class-map CMAP01
Type qos class-maps

====================
class-map type qos match-all CMAP01

match access-group name ACL01
N7K-Y-podP%QOS-VRF(config-cmap-qos)# show class-map CMAP10
Type qos class-maps

====================
class-map type qos match-all CMAP10

match access-group name ACL10
 You have configured the access lists.
 You have configured and verified the class maps.
Task 3: Policy Maps

In this task, you will configure type QoS policy maps and verify the configuration.
Activity Procedure
Step 1 On your Cisco Nexus 7000 Series switch VDC, configure a policy map that
gives precedence of one traffic stream over the other.
N7K-Y-podP%QOS-VRF(config)# policy-map type qos PMAP
N7K-Y-podP%QOS-VRF(config-pmap-qos)# class type qos CMAP01
N7K-Y-podP%QOS-VRF(config-pmap-c-qos)# set precedence 5
N7K-Y-podP%QOS-VRF(config-pmap-c-qos)# class type qos CMAP10
N7K-Y-podP%QOS-VRF(config-pmap-c-qos)# set precedence 0
N7K-Y-podP%QOS-VRF(config-pmap-c-qos)# exit
N7K-Y-podP%QOS-VRF(config-pmap-qos)# exit
Step 2 Verify the policy map.
N7K-Y-podP%QOS-VRF(config)# show policy-map PMAP
Type qos policy-maps

====================
policy-map type qos PMAP

class type qos CMAP01
set prec 5
class type qos CMAP10
set prec 0
 You have configured and verified the policy map.
Task 4: Service Policies
In this task, you will configure type QoS service policies and verify that the configuration
has been applied to the correct traffic stream and is performing as expected.
Activity Procedure
Step 1 On your Cisco Nexus 7000 Series switch VDC, apply the policy map you have
created in input and output directions. The policy should be applied on the
interface toward the peer Cisco Nexus 7700 Series switch VDC.
N7K-Y-podP%QOS-VRF(config)# interface e7/D

N7K-Y-podP%QOS-VRF(config-if)# service-policy type qos input PMAP
N7K-Y-podP%QOS-VRF(config-if)# service-policy type qos output PMAP
Step 2 Verify the policy map.
N7K-Y-PodP(config-if)# show policy-map interface e7/D type qos
Global statistics status : disabled
Ethernet7/D
Service-policy (qos) input: PMAP

policy statistics status: disabled (current status: disabled)
SNMP Policy Index: 285212761
Class-map (qos): CMAP01 (match-all)

Match: access-group ACL01
set prec 5

set prec 0
Service-policy (qos) output: PMAP

policy statistics status: disabled (current status: disabled)
SNMP Policy Index: 285212768

set prec 5

set prec 0
Step 3 The even-numbered pods will start a continuous ping toward a peer Loopback 10
IP address, with a large packet size and large packet count. Use Loopback 10 IP
address as a source address.
N7K-Y-podP%QOS-VRF# ping 192.168.10.Q1 count 10000 packet-size 10000 source
192.168.10.P1 vrf QOS-VRF
Step 4 The odd-numbered pods will start a continuous ping toward a peer Loopback 1
IP address, with a large packet size and large packet count. Use Loopback 1 IP
address as a source address.
N7K-Y-podP%QOS-VRF# ping 192.168.1.Q1 count 10000 packet-size 10000 source
192.168.1.P1 vrf QOS-VRF
Step 5 By analyzing round-trip time (RTT), observe how two data flows require
different amounts of time to send ping packets.
Note Consult your peer workgroup for round-trip times they have recorded.
 You have configured and verified the service policy.
 You have examined the policy map counters.
 You have observed differentiated traffic treatment.
Lab 3-3: Configure Security Features
Activity Objective
In this activity, you will configure the Cisco NX-OS security features on your Cisco Nexus
5600 Platform switch and Cisco Nexus 7000 Series switch VDC. After completing this
activity, you will be able to meet these objectives:
 Configure port security
 Configure traffic storm control
 Configure ACL using atomic programming
Visual Objective
Job Aids
Required Resources
 Cisco Nexus 7000 Series switch VDC
 Cisco Nexus 5600 Platform switch
Command List
Command Description
switchport access vlan Configures the VLAN for an access port

<vlan>
spanning-tree port type Configures an interface as a spanning-tree edge port
edge
feature port-security Enables the port security feature
switchport port-security Enables port security on an interface
show running-config port- Shows the elements of the running configuration that are
security all related to port security, including default values
show port-security address Shows the static and dynamic port security addresses in the
system
switchport port-security Configures a static port security MAC address for an

mac-address <address> interface
show logging last <nr> Shows the last number of lines in the system log
storm-control broadcast Enables traffic storm control for broadcast traffic at the
level <percent> configured level
storm-control multicast Enables traffic storm control for multicast traffic at the
storm-control unicast Enables traffic storm control for unicast traffic at the
show interface <intf> Displays the operational traffic storm-control parameters and
counters storm-control statistics
Task 1: Port Security
In this task, you will configure port security on your Cisco Nexus 5600 Platform switch.
Activity Procedure
Step 1 Connect to your assigned Cisco Nexus 5600 Platform switch.
Step 2 Set the interface toward Cisco Nexus 7000 Series switch VDC as a Layer 2
access port in VLAN 11.
N5K-P(config)# interface e2/1
N5K-P(config-if)# switchport
N5K-P(config-if)# switchport mode access
N5K-P(config-if)# switchport access vlan 11
N5K-P(config-if)# no spanning-tree port type network
Step 3 Create an SVI interface for VLAN 11, and assign to it IP address
192.168.11.P2/24, where P is your pod number.
N5K-P(config)# feature interface-vlan
N5K-P(config)# interface vlan 11
Step 4 Record the MAC address of interface VLAN 11.
N5K-P(config-if)# show interface vlan 11
Vlan11 is up, line protocol is up
Hardware is EtherSVI, address is 0005.73f6.7e81
Internet Address is 192.168.11.P2/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
Determine what the MAC address of VLAN 11 is.
Step 6 Set the interface toward the Cisco Nexus 5600 Platform switch as a Layer 2
access port in VLAN 11.
Peer
Step Pod P Connection
7 N5K
o
d
Pod 1 Ethernet 7/1

Pod 2 Ethernet 7/2
Pod 3 Ethernet 7/3
Pod 4 Ethernet 7/4
Pod 5 Ethernet 7/5
Pod 6 Ethernet 7/6
N7K-Y-podP(config)# interface e7/Y

N7K-Y-podP(config-if)# switchport
N7K-Y-podP(config-if)# switchport mode access
N7K-Y-podP(config-if)# switchport access vlan 11
N7K-Y-podP(config-if)# no spanning-tree port type network
Step 7 Create an SVI interface for VLAN 11, and assign to it IP address
192.168.11.P1/24, where P is your pod number.
N7K-Y-podP(config)# feature interface-vlan
Step 8 Check the connectivity between VLAN 11 interfaces.
N7K-Y-podP(config-if)# ping 192.168.11.P2
PING 192.168.11.P2 (192.168.11.P2): 56 data bytes
Request 0 timed out
64 bytes from 192.168.11.P2: icmp_seq=1 ttl=254 time=1.158 ms
--- 192.168.11.P2 ping statistics ---

Step 9 On the Cisco Nexus 7000 Series switch VDC, enable the port-security feature.
N7K-Y-podP(config)# feature port-security
Step 10 Configure port security on the interface connecting your Cisco Nexus 5600
Platform switch and permit incoming traffic only from the MAC address of
VLAN 11 on the Cisco Nexus 5000 Series switch (recorded in the previous
steps).
N7K-Y-podP(config-if)# switchport port-security mac-address xxxx.xxxx.xxxx
N7K-Y-podP(config-if)# switchport port-security
N7K-Y-podP(config-if)# end
Step 11 On the Cisco Nexus 5000 Series switch, ping address 192.168.11.P1 vlan with a
large packet size and large packet count.
N5K-P# ping 192.168.11.P1 packet-size 512 count 5000
PING 192.168.11.51 (192.168.11.51): 512 data bytes
520 bytes from 192.168.11.51: icmp_seq=0 ttl=254 time=3.198 ms
<output omitted>
Step 12 While the pinging continues, on your Cisco Nexus 7000 Series switch VDC,
reconfigure port security so that the permitted MAC address is 0000.1111.1111.
N7K-Y-podP(config-if)# no switchport port-security
N7K-Y-podP(config-if)# no switchport port-security mac-address
xxxx.xxxx.xxxx
N7K-Y-podP(config-if)# switchport port-security mac-address 0000.1111.1111
N7K-Y-podP(config-if)# switchport port-security
What happened when port-security was enabled with different MAC address and why?
Step 13 Examine the port security status of the interface.

N7K-Y-podP(config)# show port-security
Total Secured Mac Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 8192
---------------------------------------------------------------------------
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Ethernet7/1 1 1 1 Shutdown
===========================================================================
N7K-Y-podP(config)#
N7K-Y-podP(config)# show port-security int e7/Y

Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Security violation count : 1
N7K-Y-podP(config)#
Step 14 Examine the interface status on the Cisco Nexus 5600 Platform switch.
N7K-Y-podP(config)# show int e7/Y br
---------------------------------------------------------------------------
Interface Ch#
---------------------------------------------------------------------------
Eth7/Y 11 eth access down Sec-violation errDisable auto(D)
--
N7K-Y-podP(config)#
Note On your output, the other port may be disabled due to security violation.
 You have removed the unnecessary configurations from the previous lab.
 You have successfully configured SVI interfaces for VLAN 11 on both devices.
 You have successfully configured access ports on both devices.
 You have examined port security configuration and operation.
Task 2: Traffic Storm Control

In this task, you will configure traffic storm control on a Cisco Nexus 5600 Platform
switch.
Activity Procedure
Step 1 Remove port security on the Cisco Nexus 7000 Series switch VDC.
N7K-Y-podP(config-if)# no switchport port-security
N7K-Y-podP(config-if)# no switchport port-security mac-address
0000.1111.1111
N7K-Y-podP(config-if)# exit
Step 2 Enable a directed broadcast on the VLAN11 interface on the Cisco Nexus 7000
Series switch VDC.
N7K-Y-podP(config)# ip directed-broadcast
Step 3 Enable a directed broadcast on the VLAN11 interface on the Cisco Nexus 5600
Platform switch.
N5K-P(config)# interface vlan 11
N5K-P(config-if)# ip directed-broadcast
Step 4 Configure Traffic Storm Control for broadcast traffic to a level of 0.01 percent
(on a 10-Gb link, 0.01 percent would be 1 Mb)
N5K-P(config)# interface e2/1
N5K-P(config-if)# storm-control broadcast level 0.01
Step 5 Verify that the broadcast Traffic Storm Control has a limited amount of
broadcast traffic.
N5K-P(config-if)# show interface e2/1 counters storm-control
---------------------------------------------------------------------------
Port UcastSupp % McastSupp % BcastSupp % TotalSuppDiscards
(bytes)
---------------------------------------------------------------------------
Eth2/1 100.00 100.00 0.01 0
 You have successfully configured broadcast Traffic Storm Control on the Cisco Nexus
5600 Platform switch.
 You have examined traffic storm control configuration and operation.
Task 3: Configuring Access Control List Using Atomic

Programming
In this task, you will configure ACL using atomic programming.
Activity Procedure
Step 1 On the Cisco Nexus 7000 Series switch VDC, initiate a configuration session,
and configure ACL that will block all ICMP traffic.
N7K-Y-podP# configure session ATOMIC
Config Session started, Session ID is 1
N7K-Y-podP(config-s)# ip access-list ATOMIC_ACL
N7K-Y-podP(config-s-acl)# deny icmp any any
Step 2 Apply ACL to interface VLAN11.
N7K-Y-podP(config-s-acl)# interface vlan 11
N7K-Y-podP(config-s-if)# ip access-group ATOMIC_ACL in
Step 3 Verify the configuration session to assure that ACL changes will fit into ternary
content addressable memory (TCAM) memory.
N7K-Y-podP(config-s-if)# verify
Verification Successful
Step 4 On the Cisco Nexus 5600 Platform switch, generate some ICMP traffic.
N5K-P# ping 192.168.11.P1

round-trip min/avg/max = 0.904/3.928/9.586 ms.
Determine why the ping is still working.
Note Configuration session verification only verifies ACL against TCAM. It does not apply
ACL to the traffic path.
Step 5 Commit ACL to TCAM memory.

N7K-Y-podP(config-s)# commit
Commit Successful
Step 6 Check to see if ICMP traffic is now flowing.
N5K-P# ping 192.168.11.P1
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

 You have successfully created ACL using a configuration session.
Lab 4-1: Configure FCoE
Activity Objective
In this activity, you will configure the Cisco Nexus 5600 Platform switch to support FCoE.
 Configure FCoE on the Cisco Nexus 5600 Platform switch
 Configure a basic Fibre Channel and FCoE on a Cisco MDS 9124 Switch
Visual Objective
LUN MDS 9124 Nexus 2248TP
Nexus UCS C200

5548
Legend:
Fibre Channel
10 GE with FCoE
10 GE
1 GE
© 2012 Cisco and/or its affiliates. All rights reserved. DCUFI v5.0—-14
Required Resources
 Cisco MDS 9124 switch
 Just a Bunch of Disks (JBOD)
 Windows Server
Command List
Command Description
show license usage Verify available licenses
show npv status Verify net present value (NPV) operational mode
[no] feature npv Disable/enable Fibre Channel NPV mode
show feature Examine enabled features
feature fcoe Enable Fibre Channel over Ethernet (FCoE)
[no] shutdown Disable/enable interface/port
show interface ethernet 7/Y Verify Ethernet interface status
switchport mode trunk Set the Ethernet interface mode to trunking
spanning-tree port type

Set the spanning-tree port type to edge
edge trunk
show interface Ethernet 7/Y
Examine the Layer 2 information for the Ethernet
switchport
Enter virtual storage area network (VSAN) database
vsan database configuration
vsan X Create VSAN with ID X
show vsan Examine VSAN database
vlan X Create VLAN with ID X
fcoe vsan X Set the VLAN to be used as FCoE VLAN for VSAN X
show vlan fcoe Examine the FCoE information for the given VLAN
show interface Ethernet 1/3 Examine the FCoE information for the Data Center
fcoe Bridging (DCB) Ethernet interface
show interface Ethernet 1/3 Examine the priority flow control for the given Ethernet
priority-flow-control interface
interface Ethernet 7/Y Enter Ethernet interface configuration mode
Bind the physical Ethernet interface to the logical virtual

bind interface ethernet 7/Y Fibre Channel (vFC) interface
interface vfc X Enter vFC interface configuration mode
vsan X interface vfc|fc X Associate vfc/fc interface to appropriate VSAN
show interface vfc X Examine the vFC interface status
show flogi database Examine the fabric login (FLOGI) database
show zone status vsan X Examine the zone operational mode for a given VSAN
zone mode enhanced vsan X Set the zone mode to enhanced
show device-alias status Examine the device-alias database mode
device-alias mode enhanced Set the device-alias database mode to enhanced
Commit the configuration changes for the device-alias

device-alias commit
database
show zone status vsan X Examine the zone configuration for a given VSAN
slot 1 Enter slot 1 Enter unified port configuration mode
port 21-32 type fc Set ports 21 to 32 to operate as Fibre Channel interfaces
show interface fc X/Y Examine the Fibre Channel interface status
speed 4000 Set the Fibre Channel interface speed to 4 Gb/s
switchport trunk mode off Set the Fibre Channel interface trunking mode to off
switchport mode E Set the Fibre Channel operational mode to E<
switchport trunk allowed

Set the allowed VSAN for the Fibre Channel interface
vsan X
no shutdown Enable the interface
show zoneset active vsan X Examine the active zone set information
zone name zone-name vsan X Create new zone for given VSAN
member device-alias zone- Add device-alias as a zone member

name vsan X
zoneset name zoneset-name
Enter the zone set configuration mode
vsan X
zoneset activate name Activate the zone set for a given VSAN
zoneset-name vsan X
zone commit vsan X Commit zoning configuration changes
Job Aids
 Lab IP address plan
Task 1: Preparing Cisco Nexus 5548UP and 5596UP Switches
for Fibre Channel Services
In this task, you will prepare a Cisco Nexus 5600UP Series switch for the FCoE
deployment that includes verification of licenses, enabling proper features, and physical
interface towards the assigned C-Series rack server.
Activity Procedure
Step 1 Connect to the assigned Cisco Nexus 5600UP Series switch.
Step 2 Verify the license availability on the assigned Cisco Nexus 5600UP Series
switch. Use the command show license usage to verify that the
FC_FEATURES_PKG feature package is present and available for use. (The
Status should read either In use if FCoE is enabled or Unused if the FCoE is
disabled, and the Expiry should read Never).
N5K-P(config-if)# show license usage
Count
---------------------------------------------------------------------------
FCOE_NPV_PKG No - Unused -
FM_SERVER_PKG No - Unused -
ENTERPRISE_PKG Yes - Unused never -
FC_FEATURES_PKG Yes - Unused never -
VMFEX_FEATURE_PKG Yes - Unused never -
NETWORK_SERVICES_PKG No - Unused -
LAN_BASE_SERVICES_PKG Yes - In use never -
---------------------------------------------------------------------------
N5K-P(config-if)#
Step 3 Verify the current status of FCoE functionality using the show feature
command. Determine whether the FCoE functionality is enabled or disabled.
N5K-P# show feature
Feature Name Instance State
-------------------- -------- --------
Flexlink 1 disabled
adapter-fex 1 disabled
bgp 1 disabled
dhcp 1 disabled
eigrp 1 disabled
eigrp 2 disabled
eigrp 3 disabled
eigrp 4 disabled
fcoe 1 disabled
fcoe-npv 1 disabled
fex 1 enabled
hsrp_engine 1 disabled
interface-vlan 1 enabled
lacp 1 enabled
ldap 1 disabled
lldp 1 enabled
<output omitted>
Step 4 If the FCoE functionality is not enabled, enable it by using the feature fcoe
command.
N5K-P# conf
N5K-P(config)# feature fcoe
FC license checked out successfully
fc_plugin extracted successfully
FC plugin loaded successfully
FCoE manager enabled successfully
FC enabled on all modules successfully
Enabled FCoE QoS policies successfully
N5K-P(config)#
Note With older NX/OS images the QoS policies were not automatically enabled and had to
be enabled manually – Also if you have installed your own policies you need to integrate
the FCOE classes yourself.
Step 5 Verify that the feature is enabled with the show feature command.
N5K-P(config)# show feature
Feature Name Instance State
-------------------- -------- --------
Flexlink 1 disabled
adapter-fex 1 disabled
assoc_mgr 1 enabled
bgp 1 disabled
cimserver 1 disabled
dhcp 1 disabled
eigrp 1 disabled
eigrp 2 disabled
eigrp 3 disabled
eigrp 4 disabled
fabric-binding 1 disabled
fc-port-security 1 disabled
fcoe 1 enabled
fcoe-npv 1 disabled
fcsp 1 disabled
fex 1 enabled
fport-channel-trunk 1 disabled
hsrp_engine 1 disabled
interface-vlan 1 enabled
lacp 1 enabled
ldap 1 disabled
lldp 1 enabled
<output omitted>
Step 6 From the lab topology diagram for your pod, determine which 10 Gbp/s
interfaces on your assigned Cisco Nexus 5000 Switch connect to your assigned
servers.
Step 7 Enable the Ethernet1/3 interface, which is used to connect the assigned Cisco
UCS C-Series rack-mounted server, with the no shutdown command. Verify
that after enabling the interface, the status transitions to UP.
Note The server connected to the interface Ethernet 1/3 must be powered up for the
interface to come online. If the server is not powered up, consult your instructor.
N5K-P(config)# show interface e1/3

Ethernet1/3 is up
Dedicated Interface
Hardware: 1000/10000 Ethernet, address: 8c60.4f17.df8a (bia

8c60.4f17.df8a)
Description: To Windows-CNA-P
--- output omitted ---
Note If the server is not powered up, consult with your instructor.
Step 8 Set the Ethernet 1/3 interface to manual trunking mode in order to force it to
trunk 802.1q VLANs by using the command switchport mode trunk. Trunking
is required for FCoE since VSAN is carried in the FCoE-assigned VLAN. Set
the interface type to edge for the STP with the spanning-tree port type edge
trunk command. Verify that trunking is administratively enabled and
operational with the show interface Ethernet 1/3 switchport command.
N5K-P(config-if)# int e1/3
N5K-P(config-if)# switchport mode trunk
N5K-P(config-if)# spanning-tree port type edge trunk
Warning: Edge port type (portfast) should only be enabled on ports
connected to a single host. Connecting hubs, concentrators, switches,
bridges, etc... to this interface when edge port type (portfast) is
enabled, can cause temporary bridging loops.
Use with CAUTION
N5K-P(config-if)#
N5K-P(config-if)# switchport trunk native vlan 10
N5K-P(config-if)#
N5K-P(config-if)# show int e 1/3 switchport

Name: Ethernet1/3
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: trunk
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 10 (TEST)
Trunking VLANs Allowed: 1-4094
Voice VLAN: none
Extended Trust State : not trusted [COS = 0]
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
N5K-P(config-if)#
 Verified the presence of a Fibre Channel license.
 Enabled the FCoE feature.
 Configured the relevant Ethernet interface as a trunk edge port.
Task 2: Configuring FCoE on the Cisco Nexus 5548UP and

5596UP Switches
In this task, you will implement and configure FCoE functionality on a Cisco Nexus
5600UP Series switch towards the assigned Cisco UCS C-Series Rack-Mount server. This
includes enabling the FCoE feature, the creation of appropriate VSAN and FCoE VLAN,
enabling the physical server downlink, creating a vFC interface, and assigning it to the
proper VSAN.
Activity Procedure
Step 1 Create the assigned VSAN that will be used by the server to connect to the
remote storage.
Step 2 Enter the VSAN database with the vsan database command. Next, add the
assigned VSAN to the VSAN database with the vsan 200 command.
N5K-P(config)# vsan database
N5K-P(config-vsan-db)# vsan 200
N5K-P(config-vsan-db)# exit
N5K-P(config)#
Step 3 Verify the VSAN database with the show vsan command. Note that the
operational state of the VSAN will be down since there are no assigned or
operational interfaces.
N5K-P(config)# show vsan
vsan 1 information
name:VSAN0001 state:active
interoperability mode:default
loadbalancing:src-id/dst-id/oxid
operational state:down
vsan 200 information

name:VSAN0200 state:active
interoperability mode:default
loadbalancing:src-id/dst-id/oxid
operational state:down
vsan 4079:evfp_isolated_vsan
vsan 4094:isolated_vsan
Step 4 Create the FCoE VLAN for the VSAN by using the vlan 200 command. Set the
newly created VLAN to be the FCoE VLAN for the VSAN you created in the
previous step by using the fcoe vsan 200 command.
N5K-P(config)# vlan 200
N5K-P(config-vlan)# fcoe vsan 200
N5K-P(config-vlan)# exit
N5K-P(config)#
Step 5 Verify the configuration with the show vlan fcoe command. Note that the
Association State of the VLAN should be Operational.
Note Refer to the Pod-VSAN-VLAN table at the beginning of this task.
N5K-P(config)# show vlan fcoe
Original VLAN ID Translated VSAN ID Association State

---------------- ------------------ -----------------
200 200 Operational
N5K-P#
Step 6 Examine the status of the Ethernet 1/3 interface for the FCoE functionality with
the show interface Ethernet 1/3 fcoe command. You should see that the
interface is operational for the FCoE and has the status UP.
N5K-P# show interface ethernet 1/3 fcoe
Ethernet1/3 is FCoE UP
Step 7 Verify that the priority flow control is enabled for the Ethernet 1/3, which is
required by the FCoE traffic that will be carried over the physical interface, by
using the show interface Ethernet 1/3 priority-flow-control command.
N5K-P# show interface e1/3 priority-flow-control
============================================================
Port Mode Oper(VL bmap) RxPPP TxPPP
============================================================
Ethernet1/3 Auto On (8) 0 0

Step 8 Create the vFC interface vfc 3 that will be used to connect the assigned C-Series
server. The virtual interface will have its counterpart in the C-Series server
configuration: the virtual host bus adapter (vHBA) with the proper FCoE VLAN
and VSAN ID. Bind the created vcf 3 interface to the physical interface
Ethernet 1/3 to which the assigned C-Series server is connected by using the
bind interface ethernet 1/3 command.
N5K-P(config)# int vfc 3
N5K-P(config-if)# bind interface ethernet 1/3
N5K-P(config-if)#
Step 9 Configure trunking of only the assigned VSAN with the switchport trunk
allowed vsan 200 command (where X is the assigned VSAN), and enable it
with the no shutdown command.
N5K-P(config-if)# switchport trunk allowed vsan 200
N5K-P(config-if)# no shut
N5K-P(config-if)#
Step 10 Assign the newly created vfc 3 interface to the assigned VSAN. Enter the VSAN
database with the vsan database command.
N5K-P(config-if)# vsan database
Step 11 Assign the vfc 3 interface to the assigned VSAN by using the vsan 200
interface vfc 3 command (where X is the assigned VSAN).
N5K-P(config-vsan-db)# vsan 200 interface vfc 3
N5K-P(config)#
Step 12 Use the show interface vfc 3 command to verify that the created virtual
interface vfc 3 is operating for the assigned VSAN. The server vHBA interface
and the Cisco Nexus 5600UP Series switch vfc 3 interface will come up and the
assigned VSAN will be active on the connection. You can examine the status by
inspecting vfc 3 interface status with show interface vfc 3 command. You
should note that the assigned VSAN is now up.
N5K-P# show interface vfc 3
vfc3 is trunking
Bound interface is Ethernet1/3
Hardware is Ethernet
Port WWN is 20:02:8c:60:4f:17:df:bf
Admin port mode is F, trunk mode is on
snmp link state traps are enabled
Port mode is TF
Port vsan is 200
Trunk vsans (admin allowed and active) (200)
Trunk vsans (up) (200)
Trunk vsans (isolated) ()
Trunk vsans (initializing) ()
1 minute input rate 176 bits/sec, 22 bytes/sec, 0 frames/sec
1 minute output rate 184 bits/sec, 23 bytes/sec, 0 frames/sec
10 frames input, 1180 bytes
0 discards, 0 errors
10 frames output, 1248 bytes
last clearing of "show interface" counters Tue Nov 17 05:48:20 2015
Interface last changed at Tue Nov 17 05:48:20 2015

Step 13 Once the server is successfully connected to the Cisco Nexus 5600UP Series
switch (the Fibre Channel service), the server should log into the fabric and get
its Fibre Channel ID (FCID) after the FLOGI is finished. You can inspect the
fabric login by using the show flogi database command and see that the server
is logged into the fabric.
N5K-P# show flogi database

---------------------------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
---------------------------------------------------------------------------
vfc3 200 0x2a0000 21:00:00:c0:dd:11:2d:0d
20:00:00:c0:dd:11:2d:0d
Total number of flogi = 1.
Task 3: Implementing Fibre Channel Services

In this task, you will implement and configure the required Fibre Channel services in order
to enable communication between the assigned Cisco UCS C-Series Rack-Mount Server
and the storage target, which is the disk array. This will include enabling a proper interface
between the assigned Cisco Nexus 5600UP Series switch and the core MDS Fibre Channel
switch (thereby forcing the Fibre Channel Domain ID on the Cisco Nexus 5600UP Series
switch), configuring and activating proper Fibre Channel zoning configuration, and
verifying final FC configuration and operation.
Activity Procedure
Step 1 In preparation to configure FCoE the Unified Ports 47-48 have to be modified to
work as FC interfaces and default FCoE QoS classes have to be added.
Step 2 Set the operational mode of the Ethernet 1/47 unified port to Fibre Channel
mode. Enter the slot 1 configuration mode by using the slot 1 command.
N5K-P(config)# slot 1
Step 3 Set the port type to Fibre Channel for ports 47 to 48 by using the port 47-48
type fc command. To activate the configuration, you will need to reload the
assigned Nexus 5600 UP switch.
N5K-P(config-slot)# port 47-48 type fc
Port type is changed. Please reload the switch
Step 4 A reload will be necessary for the Unified Ports to accept the change.
N5K-P(config-slot)# copy running-config startup-config
[########################################] 100%
N5K-P(config-slot)# reload
Step 5 Once the Cisco Nexus 5600UP Series switch is back online, you must configure
the remainder of the Fibre Channel parameters for that interface. Verify that you
see port 1/48 as a Fibre Channel interface by using the show interface fc1/47-48
command. Ensure that you get an output for the interface that indicates that port
1/48 now operates as a Fibre Channel interface.
N5K-P# show int fc 1/47-48 br
---------------------------------------------------------------------------
Interface Vsan Admin Admin Status SFP Oper Oper Port
Mode Trunk Mode Speed Channel
Mode (Gbps)
---------------------------------------------------------------------------
fc1/47 1 auto on down swl -- --
N5K-P#
Step 6 Move the interface fc1/47-48 to VSAN 200 by entering the VSAN database by
using the vsan database command on the Cisco Nexus 5600UP Series switch.
Move the interface to the VSAN by using the vsan 200 interface fc1/47-48
command (where X is the assigned VSAN ID).
N5K-P# conf
N5K-P(config-vsan-db)# vsan 200 interface fc1/47-48
Step 7 Enable interface fc1/47-48 with no shutdown command.

N5K-P(config-vsan-db)# int fc 1/47-48
N5K-P(config-if)# no shut
N5K-P(config-if)#
Note The other side of the link (the port on the Cisco MDS 9124 Switch) will be configured
with the following parameters: Fibre Channel port mode is F, the allowed VSAN 200 and
Fibre Channel port trunking is disabled.
Step 8 Verify the interface status with the show interface fc1/21 command.
N5K-P# show interface fc1/47
fc1/21 is down (Link failure or not-connected)
Hardware is Fibre Channel, SFP is short wave laser w/o OFC (SN)
Port WWN is 20:2f:8c:60:4f:17:df:80
Admin port mode is auto, trunk mode is on
Port vsan is 200
Receive data field Size is 2112
Beacon is turned off
0 CRC, 0 unknown class
0 too long, 0 too short
0 input OLS, 0 LRR, 0 NOS, 0 loop inits
0 output OLS, 0 LRR, 0 NOS, 0 loop inits
last clearing of "show interface" counters never
Note Note that the interface still is down until you have configured your Cisco MDS 9124
Switch.
 Configured the Cisco Nexus 5600UP Series switch interface towards the MDS 9124 as
the FC interface.
 Applied proper FC configuration on the Cisco Nexus 5600UP Series switch interface
connecting to Cisco MDS 9124 Switch.
 Configured and activated zoning information in order to allow communication between
the assigned Cisco UCS C-Series Rack-Mount Server and the storage target.
Task 4: Basic Configuration on the Cisco MDS Switch
Activity Procedure
During this exercise, you will perform the initial configuration on the Cisco MDS 9000
Switch. Complete these steps:
Step 1 In the remote lab GUI, click on the blue Cisco MDS 9124 Switch.
Step 2 Log in with the user admin and the password 1234QWer.
192.168.0.P9 login: admin 
Password: 
Cisco Nexus Operating System (NX-OS) Software 
TAC support: http://www.cisco.com/tac 
The copyrights to certain works contained in this software are owned by
other third parties and used and distributed under license. Certain
components of this software are licensed under the GNU General Public
License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL)
Version 2.1. A copy of each such license is available at
MDS-P#
Step 3 Erase the startup configuration and reboot the switch.
MDS-P# write erase
MDS-P# reload
INIT: version 2.85 bootinghe system. (y/n)? [n] y
2011 Jan 24 15:08:00 switch last message repeated 2 times
2011 Jan 24 15:08:00 switch %PLATFORM-2-PFM_SYSTEM_RESET: Manual system
restart from Command Line Interface
Step 4 When the switch has reloaded, configure the admin password as 1234QWer and
select N to enter setup.
Step 5 Log in to the switch with admin and 1234QWer.
Step 6 Check available interfaces.
switch# show int brief
---------------------------------------------------------------------------
Mode (Gbps)
---------------------------------------------------------------------------
fc1/4 1 auto on sfpAbsent -- -- --
Step 7 Check the software version running on the Cisco MDS 9124 Switch.
switch# show version
Documents:
http://www.cisco.com/en/US/products/ps9372/tsd_products_support_serie
s_home.html
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
BIOS: version 1.0.19
loader: version N/A
kickstart: version 5.2(8e)
system: version 5.2(8e)
BIOS compile time: 02/01/10
kickstart image file is: bootflash:/m9100-s2ek9-kickstart-mz.5.2.8e.bin
kickstart compile time: 12/25/2020 12:00:00 [10/23/2014 06:33:48]
system image file is: bootflash:/m9100-s2ek9-mz.5.2.8e.bin
system compile time: 11/7/2014 5:00:00 [10/23/2014 06:57:06]
Hardware
cisco MDS 9124 (1 Slot) Chassis ("1/2/4 Gbps FC/Supervisor-2")
Motorola, e500 with 516128 kB of memory.
Processor Board ID JAF1321AQBD
Device name: switch

bootflash: 254464 kB
Kernel uptime is 10 day(s), 9 hour(s), 33 minute(s), 11 second(s)
Last reset at 59003 usecs after Fri Nov 6 12:09:12 2015
Reason: Reset Requested by CLI command reload

System version: 5.2(8e)
Service:
Step 8 Enter config mode and place interface FC 1/3 into VSAN 200.
switch# configure
switch(config)# vsan database
switch(config-vsan-db)# vsan 200
switch(config-vsan-db)# vsan 200 interface fc1/3
Step 9 Enable interfaces fc 1/1–3.
switch(config-vsan-db)# interface fc1/1-3
switch(config-if)# no shutdown
Step 10 Verify that the links have come up.
switch(config-if)# show int fc1/1-3 brief
---------------------------------------------------------------------------
Mode (Gbps)
---------------------------------------------------------------------------
fc1/1 1 auto on trunking swl TE 4 --
fc1/2 1 auto on trunking swl TE 4 --
fc1/3 200 auto on up swl FL 1 --
Step 11 Check the Fibre Channel login database.

switch(config-if)# show flogi database
---------------------------------------------------------------------------
---------------------------------------------------------------------------
fc1/3 200 0xd1009b 21:00:00:0c:50:a3:c7:1f 20:00:00:0c:50:a3:c7:1f
fc1/3 200 0xd100b3 21:00:00:0c:50:a3:b4:31 20:00:00:0c:50:a3:b4:31
switch(config-if)#
Note The FLOGI database shows local devices only.
Step 12 Check the Fibre Channel name server database.
switch(config-if)# show fcns database
VSAN 200:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0xd1009b NL 21:00:00:0c:50:a3:c7:1f (Seagate) scsi-fcp
0xd100b3 NL 21:00:00:0c:50:a3:b4:31 (Seagate) scsi-fcp
0xda0000 N 20:00:00:0a:f7:1d:e3:d1 scsi-fcp:init
Total number of entries = 3

switch(config-if)#
Note The FCNS database shows all devices in the VSAN.
Step 13 Verify connectivity to your assigned server with the help of the fcping.
switch(config-if)# fcping fcid 0xda0000 vsan 200
28 bytes from 0xda0000 time = 992 usec
5 frames sent, 5 frames received, 0 timeouts

Round-trip min/avg/max = 929/952/992 usec
switch(config-if)#
 Performed an initial configuration on the Cisco MDS switch.
 Created a VSAN and associated it with the correct Fibre Channel interfaces.
 Verified that the interfaces between the Cisco MDS switch and the Cisco
Nexus 5000 Switch are enabled.
 Enabled the interface to the JBOD.
 Used the show commands to verify that the JBOD has been able to perform
an FLOGI into   the switch.
 Used the show commands to verify successful registration in the fabric of
the host and JBOD.
 Used the fcping command to verify connectivity between the Cisco MDS
switch and the assigned Cisco UCS C-Series rack-mounted server.
Lab 4-2: Configuring NPV
Activity Objective
In this activity, you will configure the Cisco Nexus 5600 Platform switch in NPV mode and
verify the configuration by using the CLI. After completing this activity, you will be able to
meet these objectives:
 Enable the NPV mode on the Cisco Nexus 5600 Platform switch
 Configure the Cisco Nexus 5600 Platform switch server-facing and fabric switch-facing
interfaces for NPV
 Configure the Cisco MDS 9124 Switch to support NPIV
 Verify NPV and Fibre Channel operation
Visual Objective
LUN MDS 9124 Nexus 2248TP
NPIV switch
Nexus UCS C200

5548
NPV switch
Legend:
Fibre Channel
10 GE with FCoE
10 GE
1 GE
Job Aids
Required Resources
 Cisco MDS 9124 Switch
 JBOD or a storage array
 Windows Server
Command List
Command Description
bind interface ethernet <x/y> Bind the vFC interface to an Ethernet interface
copy bootflash:temp running- Copy a saved configuration from bootflash to the

config running configuration
copy running-config Copy the running configuration to a file in bootflash

bootflash:temp
dir bootflash: Display the contents of bootflash
feature fcoe Enable the FCoE feature
interface ethernet <x/y> Enter configuration mode for an Ethernet interface
interface fc<x/y> Enter configuration mode for a Fibre Channel

interface
interface vfc<x> Enter configuration mode for a vFC interface
no shutdown Enable an interface
feature npiv Enable NPIV
npv auto-load-balance Enable NPV load balancing

disruptive
feature npv Enable NPV
npv traffic-map server- Configure traffic mapping for a server interface to an

interface vfc<x> external- external interface
interface fc<x/y>
show fcns database Display the FCNS database
show fcoe Display the FCoE global details
show flogi database Display the FLOGI database
show interface fc<x/y> Display the Fibre Channel interface details
show interface vfc <x> Display the vFC interface details
show npv flogi-table Display the FLOGI table on the NPV-enabled switch
show npv status Display the NPV status
Show npv traffic-map Display the traffic mappings that have been
configured
show vlan fcoe Display the VLAN-to-VSAN mapping and status
show vsan membership Display the VSAN membership details
spanning-tree port type edge Configure an interface as a spanning-tree trunk port

trunk at the edge
switchport mode F Configure an interface in F Port mode.
switchport mode NP Configure an interface in proxy N port (NP) port

mode
switchport mode trunk Configure an interface for trunking
vlan <id> Configure a VLAN
vsan <id> Configure a VSAN
vsan <id> interface fc<x/y> Associate a VSAN with a Fibre Channel interface
vsan <id> interface vfc <x> Associate a VSAN with a vFC interface
vsan database Enter VSAN database configuration mode
Task 1: Configure NPV Mode on the Cisco Nexus 5600
Platform Switch
In this task, you will back up the current configuration and then configure the Cisco Nexus
5600 Platform switch to operate in NPV mode.
Activity Procedure
Step 1 Connect to your assigned Cisco Nexus 5600 Platform switch. For IP address and
user credentials, consult the Job Aids at the beginning of the Lab Guide.
Step 2 Configuring the N Port Virtualization (NPV) feature will initiate a write erase
and a system reboot. Save your running configuration to the bootflash memory
before proceeding. Once the reboot is complete, you may retrieve your running
configuration in order to complete the lab exercise.
N5K-P# copy running-config bootflash:temp
Copy complete, now saving to disk (please wait)...
N5K-P# dir bootflash: | include temp
4816 Nov 17 06:36:50 2015 temp
Step 3 Enable the NPV feature.
N5K-P(config)# feature npv
Verify that boot variables are set and the changes are saved.
Changing to npv mode erases the current configuration and reboots
the switch in npv mode. Do you want to continue? (y/n):y
writing reset reason 90,
INIT: Sending processes the TERM signal

2011 Jan 25 03:40:53 N5K-P %$ VDC-1 %$ %KERN-0-SYSTEM_MSG:
writing reset reason 90, - kernel
Jan 25 03:40:53 %LIBSYSMGR-3-SIGTERM_FORCE_EXIT Service
"statsclient" (PID 3833) is forced exit.
Jan 25 03:40:53 %LIBSYSMGR-3-SIGTERM_FORCE_EXIT Service "smm" (PID

3756) is forced exit.
Jan 25 03:40:53 %LIBSYSMGR-3-SIGTERM_FORCE_EXIT Service "rib" (PID

10878) is forced exit.
Jan 25 03:40:53 %LIBSYSMGR-3-SIG usdk_sse: mts_send failed:-32
sending to 0xfe000000.25e errno 32
Step 4 Once the switch has reloaded, log in to your Cisco Nexus 5000 Switch using the
username admin and password 1234QWer.
Step 5 Use interface Ethernet 1/3 and Ethernet 1/4 for FCoE.
N5K-P(config-if-range)# switchport mode trunk
N5K-P(config-if-range)# spanning-tree port type edge trunk
Warning: Edge port type (portfast) should only be enabled on ports
connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when edge port type (portfast) is enabled, can cause temporary
bridging loops.
Use with CAUTION
N5K-P(config-if-range)# no shutdown
Step 6 Create the vFC interfaces, and bind them to the Ethernet interfaces.
N5K-P(config-if-range)# interface vfc 3
N5K-P(config-if)# no shutdown 
N5K-P(config-if)# interface vfc 4
Step 7 Verify that the vFC interfaces are bound correctly to the Ethernet interfaces.
N5K-P(config-if)# show int vfc 3-4
vfc3 is down (NPV upstream port not available)
Port WWN is 20:02:8c:60:4f:22:ad:7f
Port vsan is 1
last clearing of "show interface" counters Fri Jun 26 16:04:47 2015
vfc4 is down (NPV upstream port not available)

Port vsan is 1
N5K-P(config-if)#
Step 8 Create a VLAN-to-VSAN assignment, and bind the vFC interface to the VSAN.
N5K-P(config-if)# vlan 200
N5K-P(config-vlan)# fcoe vsan 200
N5K-P(config-vlan)# exit
N5K-P(config-vsan-db)# vsan 200
N5K-P(config-vsan-db)# vsan 200 interface vfc 3-4
Step 9
Step 10 Display the interface membership for all VSANs.

N5K-P(config)# show vsan membership
vsan 1 interfaces:
vsan 200 interfaces:

vfc1 vfc2
vsan 4079(evfp_isolated_vsan) interfaces:
vsan 4094(isolated_vsan) interfaces:
Step 11 Confirm the VLAN-to-VSAN FCoE assignment.

N5K-P(config)# show vlan fcoe
Original VLAN ID Translated VSAN ID Association State

---------------- ------------------ -----------------
200 200 Operational

Step 12 Confirm the association of Ethernet-to-vFC interfaces.
N5K-P(config)# show int vfc 3-4
vfc3 is down (Error disabled)
Port vsan is 200
last clearing of "show interface" counters Fri Jun 26 16:04:47 2015
vfc4 is down (Error disabled)

Port vsan is 200
N5K-P(config)#
Step 13 Configure unified ports 1/47-48 to operate as Fibre Channel ports. Accept the
Fibre Channel enhanced form-factor pluggable (SFP+).
N5K-P(config)# slot 1
N5K-P(config-slot)# port 47-48 type fc
Port type is changed. Please reload the switch
N5K-P(config-slot)# exit
Step 14 In order for interfaces to change operational mode, write a configuration and
reload switch.
[########################################] 100%
N5K-P(config)# reload
Step 15 Once the switch has reloaded, log in to your Cisco Nexus 5000 Switch using the
Step 16 Assign to VSAN 200 the Fibre Channel interface that connects the Cisco Nexus
5600 Platform switch to the Cisco MDS 9124 fabric switch.
N5K-P(config-vsan-db)# vsan 200 interface fc1/47-48
N5K-P(config-vsan-db)# show vsan membership
vsan 1 interfaces:

fc1/47 fc1/48 vfc3 vfc4
N5K-P(config-vsan-db)#
Step 17 Configure the interfaces on your Cisco Nexus 5600 Platform switch for the
proper Fibre Channel port types.
N5K-P(config-vsan-db)# interface fc1/47-48
N5K-P(config-if)# switchport mode np
N5K-P(config-if)# interface vfc3-4
N5K-P(config-if)# switchport mode f
Step 18 View the NPV configuration details.
N5K-P(config)# show npv status
npiv is disabled
disruptive load balancing is enabled
External Interfaces:
====================
Interface: fc1/47, State: Failed(NPIV is not enabled in upstream switch)
Interface: fc1/48, State: Failed(NPIV is not enabled in upstream switch)
Number of External Interfaces: 2
Server Interfaces:
==================
Interface: vfc3, VSAN: 200, State: Waiting for External Interface
Interface: vfc4, VSAN: 200, State: Waiting for External Interface
Number of Server Interfaces: 2
 Enabled NPV mode on the Cisco Nexus 5600 Platform switch.
 Enabled FCoE and configured the server-facing interface as a trunk edge port.
 Created a VSAN.
 Created an FCoE VLAN and configured the VLAN-to-VSAN mapping.
 Configured the uplinks to the Cisco MDS 9124 Switch as NP ports.
 Enabled the uplinks to the Cisco MDS 9124 Switch.
Task 2: Configure NPIV on the Cisco MDS 9124 Switch

In this task, you will configure the Cisco MDS 9124 Switch to operate in NPIV mode.
Activity Procedure
Step 1 Log in to your assigned Cisco MDS 9124 Switch for your pod using the
username admin and the password 1234QWer.
Step 2 Enable the NPIV feature on the Cisco MDS 9124 Switch.
switch# conf
switch(config)# feature npiv
Note This feature might be already enabled as you are sharing the Cisco MDS 9124 Switch
with another pod.
Step 3 Configure the interfaces on the core switch to operate in fabric (F) mode.
switch(config)# interface fc 1/1-2
switch(config-if)# switchport mode F
switch(config-if)# no shutdown
Step 4 Configure VSAN 200 and assign the interfaces that connect the Cisco MDS
9124 Switch to the Cisco Nexus 5600 to VSAN 200.
switch(config)# vsan database
switch(config-vsan-db)# vsan 200
switch(config-vsan-db)# vsan 200 interface fc1/1-2
Traffic on fc1/1 may be impacted. Do you want to continue? (y/n) [n] y
Traffic on fc1/2 may be impacted. Do you want to continue? (y/n) [n] y
Step 5 Assign interface fc1/3 which connects to the JBOD to VSAN 200 and verify the
VSAN membership.
switch(config-vsan-db)# vsan 200 interface fc 1/3
Traffic on fc1/3 may be impacted. Do you want to continue? (y/n)[n] y
switch(config-vsan-db)# show vsan membership
vsan 1 interfaces:
fc1/4 fc1/5 fc1/6 fc1/7
fc1/8 fc1/9 fc1/10 fc1/11
fc1/12 fc1/13 fc1/14 fc1/15
fc1/16 fc1/17 fc1/18 fc1/19
fc1/20 fc1/21 fc1/22 fc1/23
fc1/24

fc1/1 fc1/2 fc1/3
Note Your output may look different depending on how far in the lab you and the other
students are.
Step 6 Display the Fibre Channel Name Server (FCNS) tables and the FLOGI database.
switch(config-vsan-db)# show fcns database
VSAN 200:
--------------------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------------------
0x3d009b NL 21:00:00:0c:50:1c:09:cc (Seagate) scsi-fcp
0x3d00b3 NL 21:00:00:00:87:41:09:40 scsi-fcp
0x3d0100 N 20:2f:8c:60:4f:17:df:80 (Cisco) npv
0x3d0101 N 20:00:00:0a:f7:1d:e3:61 scsi-fcp:init
0x3d0200 N 20:30:8c:60:4f:17:df:80 (Cisco) npv
0x3d0201 N 20:00:00:0a:f7:0b:a9:03 scsi-fcp:init

switch(config-vsan-db)#
Note Your output may look different depending on the number of devices connected to fabric.
Step 7 Reconnect to your assigned Cisco Nexus 5600 Platform switch, and then view
the FLOGI table.
N5K-P(config-if)# show npv flogi-table
---------------------------------------------------------------------------
SERVER
EXTERNAL
INTERFACE
---------------------------------------------------------------------------
vfc3 200 0xef0201 20:00:00:0a:f7:0b:a9:01 10:00:00:0a:f7:0b:a9:01
fc1/48
vfc4 200 0xef0101 20:00:00:0a:f7:1d:e3:63 10:00:00:0a:f7:1d:e3:63
fc1/47
N5K-P(config-if)#
Note Your output may look different depending on the status of your peer pod.
Step 8 Verify the NPV status.

N5K-P(config-if)# show npv status
npiv is disabled
disruptive load balancing is disabled
External Interfaces:
====================
Interface: fc1/47, VSAN: 200, FCID: 0xd10100, State: Up
Interface: fc1/48, VSAN: 200, FCID: 0xd10200, State: Up
Number of External Interfaces: 2
Server Interfaces:
==================
Interface: vfc3, VSAN: 200, State: Up
Interface: vfc4, VSAN: 200, State: Up
Number of Server Interfaces: 2
N5K-P(config-if)#
N5K-P(config-if)# show npv external-interface-usage
NPV Traffic Usage Information:

----------------------------------------
Server-If External-If
----------------------------------------
vfc3 fc1/47
vfc4 fc1/48
----------------------------------------
N5K-P(config-if)#
 Enabled NPIV on the Cisco MDS 9124 Switch.
 Configured the interfaces between the Cisco MDS 9124 Switch and the Cisco Nexus
5600 Platform Switch as F Ports.
 Associated the correct VSAN with the relevant interfaces.
 Confirmed that the hosts have successfully performed a FLOGI to the Cisco MDS 9124
Switch.
 Confirmed that the hosts and JBOD have successfully registered in the fabric.
Lab 5-1: Configure System Management
Activity Objective
In this activity, you will configure the system management features on the Cisco Nexus
7000 Series switch to support the implementation plan requirements. After completing this
activity, you will be able to meet these objectives:
 Configure Cisco Fabric Services on the Cisco Nexus 7000 Series switch and verify the
configuration
 Configure the scheduler to run a job periodically and on demand, and verify the job
runs automatically when required
 Configure Cisco Smart Call Home to send an email message when an event occurs, and
verify the configuration
Visual Objective
Management
N7010-C1 N7010-C2
Job Aids
Device Cisco Fabric Services Multicast Cisco Fabric Services Region

Address
Pod P 239.255.XY.XY XY
Required Resources
Command List
Command Description
cfs ipv4 mcast-address Changes the IP version 4 (IPv4) multicast address used for
<group-address> Cisco Fabric Services over IPv4
cfs ipv4 distribute Enables Cisco Fabric Services distribution over IPv4
show cfs peers Displays the active Cisco Fabric Services peers
cfs region <nr> Creates a Cisco Fabric Services region
role Assigns the role application to the Cisco Fabric Services

region
radius Assigns the RADIUS application to the Cisco Fabric

Services region
show cfs regions Displays the active Cisco Fabric Services regions
<application> distribute Enables Cisco Fabric Services distribution for an application
role name <name> Creates a user role
rule <nr> permit read Creates a rule that grants read access for a specific feature
feature <feature>
rule <nr> permit read- Creates a rule that grants read-write access for a specific
write feature <feature> feature
show role name <name> Displays a specific user role on the switch
show <application> Displays the pending Cisco Fabric Services changes for an
pending-diff application
show cfs lock Displays the Cisco Fabric Services locks in the fabric
<application> commit Commits the pending changes for an application to the

fabric
radius-server host <ip- Configures a RADIUS server and key

address> key <key>
show radius-server <ip- Displays the RADIUS servers on the switch
address>
show cli variables Displays the Cisco NX-OS system and user-defined CLI
variables
copy running-config Copies the current running configuration to a file in bootflash

bootflash:/<filename>
dir bootflash: Lists the files in bootflash
feature scheduler Enables the scheduler feature
scheduler job name <name> Creates a scheduler job
scheduler schedule name Creates a schedule

<name>
job name <name> Assigns a job to a schedule
time start +<time> Sets the start time for a schedule as an offset to the current
time
show scheduler schedule Displays the configured schedules on the switch
show scheduler logfile Displays the scheduler log
time weekly <day-and-time> Sets a weekly recurring time for a schedule
callhome Enters Cisco Smart Call Home configuration mode
email-contact <email- Sets the email contact for Cisco Smart Call Home
address>
phone-contact <phone- Sets the contact phone number for Cisco Smart Call Home
number>
streetaddress <address> Sets the contact address for Cisco Smart Call Home
destination-profile <name> Creates a Cisco Smart Call Home destination profile using
format <format> XML, short text, or full text format
destination-profile <name> Sets the Cisco Smart Call Home message level for a
message-level <level> destination profile
destination-profile <name> Sets the Cisco Smart Call Home alert groups for a
alert-group <groups> destination profile
destination-profile <name> Sets the email address to send Cisco Smart Call Home
email-addr <email-address> messages to a destination profile
show callhome destination- Displays the operational parameters for a Cisco Smart Call
profile profile <name> Home destination profile
destination-profile <name> Sets the maximum message size for a Cisco Smart Call
message-size <size> Home destination profile
transport email smtp- Sets the IP address for the Simple Mail Transfer Protocol
server <ip-address> use- (SMTP) server that is used to send Cisco Smart Call Home
vrf <vrf> messages
transport email from Sets the “from” email address used in Cisco Smart Call
<email-address> Home messages
transport email reply-to Sets the “reply-to” email address used in Cisco Smart Call
<email-address> Home messages
show callhome transport Displays the transport settings for Cisco Smart Call Home
messages
enable Enables Cisco Smart Call Home
snmp-server contact Sets the Simple Network Management Protocol (SNMP)

<contact-name> sysContact name
callhome test Generates a Cisco Smart Call Home message for testing
purposes
Task 1: Configure Cisco Fabric Services
During this task, you will configure Cisco Fabric Services on the Cisco Nexus 7000 Series
switch VDC in your pod.
Activity Procedure
Step 2 Change the multicast address used for Cisco Fabric Services over IPv4 according
to the table.
Pod Cisco Fabric Services Multicast Address CFS Region
Pod 1
239.255.12.12 12
Pod 2
Pod 3
239.255.34.34 34
Pod 4
Pod 5
239.255.56.56 56
Pod 6
N7K-Y-podP# conf
N7K-Y-podP(config)# cfs ipv4 mcast-address 239.255.XY.XY
Distribution over this IP type will be affected
Change multicast address for CFS-IP ?
Are you sure? (y/n) [n] y
N7K-Y-podP(config)#
Step 3 Enable Cisco Fabric Services distribution over IPv4 on your Cisco Nexus 7000
Series switch VDC.
N7K-Y-podP(config)# cfs ipv4 distribute
Step 4 Examine the Cisco Fabric Services peers that were discovered.
N7K-Y-podP(config)# show cfs peers
Physical Fabric
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:f0:25:72:a8:bf:44 192.168.0.20P [Local]
20:00:b4:14:89:dc:7a:44 192.168.0.20Q
N7K-Y-podP(config)#
Note Do not continue on to the next step until this command lists exactly two entries—your
own Cisco Nexus 7000 Series switch VDC and your peer pod Cisco Nexus 7000 Series
switch VDC. Each pair of peer pods uses a unique multicast address to separate them
from other pairs of peer pods within the same lab. In this lab task, you will be working
very closely with your peer pod, and it is important that you progress through the lab at
the same pace.
Step 5 Define a Cisco Fabric Services region on your Cisco Nexus 7000 Series switch
VDC according to the table in your Job Aids.
N7K-Y-podP(config)# cfs region XY
Step 6 Add the applications “role” and “radius” to the Cisco Fabric Services region.
N7K-Y-podP(config-cfs-region)# role
WARNING: If an Application is moved/assigned to a new region,
its scope is restricted to that region and it ignores all other regions
for distribution or merge.
N7K-Y-podP(config-cfs-region)# radius
WARNING: If an Application is moved/assigned to a new region,
its scope is restricted to that region and it ignores all other regions
for distribution or merge.
Step 7 Examine the Cisco Fabric Services region you have created.
N7K-Y-podP(config-cfs-region)# show cfs regions
Note Even though the applications have been assigned to the region, they have not been
activated for Cisco Fabric Services distribution yet. Therefore, they do not show up in
the output of the show cfs regions command.
Step 8 Enable Cisco Fabric Services distribution for the applications “role” and
“radius.”
N7K-Y-podP(config-cfs-region)# role distribute
N7K-Y-podP(config)# radius distribute
Step 9 Reexamine the Cisco Fabric Services region.
N7K-Y-podP(config)# show cfs regions
Region-ID : XY
Application: role
Scope : Physical-fc-ip
-------------------------------------------------------------------------
-------------------------------------------------------------------------
20:00:00:26:51:c9:78:c3 192.168.0.20P [Local]
20:00:6c:9c:ed:46:52:c3 192.168.0.20Q
Region-ID : XY
Application: radius
-------------------------------------------------------------------------
-------------------------------------------------------------------------
20:00:00:26:51:c9:78:c3 192.168.0.20P [Local]
20:00:6c:9c:ed:46:52:c3 192.168.0.20Q

Step 10 Define a user role named TIER-2-OPS. This can result in two possible
outcomes.
First possible result:
N7K-Y-podP(config)# role name TIER-2-OPS
N7K-Y-podP (config-role)#
Second possible result:

N7K-Y-podP(config)# role name TIER-2-OPS
ERROR: Operation failed. Fabric is already locked. Check cfs event-history
errors for details
Note The outcome of this command depends on who enters the role command first. Cisco
Fabric Services locks the fabric for the application as soon as you start configuring it.
Other switches cannot make changes as long as the lock remains.
Step 11 If you got the first result on the previous step, continue on to the next step. If
however you get the second result in the previous step, skip the next series of
steps and continue at Step 22.
Step 12 Add a rule to the role TIER-2-OPS that adds read access to the role for all
features.
N7K-Y-podP(config-role)# rule 1 permit read
Step 13 Add three more rules to add read-write rights for the “diagnostics,” “ping,” and
“vlan” features.
N7K-Y-podP(config-role)# rule 2 permit read-write feature diagnostics
N7K-Y-podP(config-role)# rule 3 permit read-write feature ping
N7K-Y-podP(config-role)# rule 4 permit read-write feature vlan
Step 14 Examine the role TIER-2-OPS.
N7K-Y-podP(config)# show role name TIER-2-OPS
^
% Invalid command at '^' marker.
Step 15 Determine why you get an error message.
Step 16 Examine the pending Cisco Fabric Services changes for the “role” application.
N7K-Y-podP(config-role)# show role pending-diff
+Role: TIER-2-OPS
+ Description: new role
+ Vsan policy: permit (default)
+ Vlan policy: permit (default)
+ Interface policy: permit (default)
+ Vrf policy: permit (default)
+ -------------------------------------------------------------------
+ Rule Perm Type Scope Entity
+ -------------------------------------------------------------------
+ 4 permit read-write feature vlan
+ 3 permit read-write feature ping
+ 2 permit read-write feature diagnostics
+ 1 permit read
Step 17 Examine the Cisco Fabric Services locks for the fabric.
N7K-Y-podP# show cfs lock
Application: role
---------------------------------------------------------------------------
Switch WWN IP Address User Name User
Type
---------------------------------------------------------------------------
20:00:00:26:51:c9:78:c3 192.168.0.20P admin CLI/SNMP
v3
Note Depending on the step that your peer pod is at during the exercise, you may also see a
lock for the “radius” application. Allow some time for peers to establish communication.
Step 18 Commit the pending Cisco Fabric Services changes for the “role” application to
the fabric.
N7K-Y-podP(config)# role commit
Step 19 Examine the role TIER-2-OPS again.
N7K-Y-podP(config)# show role name TIER-2-OPS
Role: TIER-2-OPS
Description: new role
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
4 permit read-write feature vlan
3 permit read-write feature ping
2 permit read-write feature diagnostics
1 permit read
Step 20 Ask your lab partners in the peer pod to execute the show role name TIER-2-
OPS command on their Cisco Nexus 7000 Series switch VDCs. Determine if
they see the newly created role in their VDCs.
Step 21 Skip the next series of steps and continue at Step 32.
N7K-Y-podP(config)# show cfs lock
N7K-Y-podP(config)#
Note You cannot configure anything for the “role” application until your peer pod releases the
lock by committing or aborting the configuration. Your output may be different.
Step 23 Configure a RADIUS server with the IP address 192.168.0.P1, where P is your
pod number. Configure Se3cr3t-K3y as the RADIUS server key.
N7K-Y-podP(config)# radius-server host 192.168.0.P1 key S3cr3t-K3y
Step 24 Add a second RADIUS server with the IP address 192.168.0.Q1, where Q is
your peer pod number. Again, configure S3cr3t-K3y as the RADIUS server key.
N7K-Y-podP(config)# radius-server host 192.168.0.Q1 key S3cr3t-K3y
Step 25 Examine the RADIUS servers that you configured.
N7K-Y-podP# show radius-server 192.168.0.P1
RADIUS server not found
N7K-Y-podP# show radius-server 192.168.0.Q1
RADIUS server not found
Step 26 Determine why you do not see the configured RADIUS servers.
Step 27 Examine the pending Cisco Fabric Services changes for the “radius” application.
N7K-Y-podP# show radius pending-diff
+radius-server host 192.168.0.P1 authentication accounting
+radius-server host 192.168.0.Q1 authentication accounting
N7K-Y-podP# show cfs lock
Application: radius
---------------------------------------------------------------------------
Switch WWN IP Address User Name User Type
---------------------------------------------------------------------------
20:00:00:26:51:c9:78:c3 192.168.0.20P admin CLI/SNMP v3
Note Depending on the step that your peer pod is at during the exercise, you may also see a
lock for the “role” application.
Step 29 Commit the pending Cisco Fabric Services changes for the “radius” application
to the fabric.
N7K-Y-podP(config)# radius commit
Step 30 Examine the RADIUS servers again.
N7K-Y-podP# show radius-server
retransmission count:1
timeout value:5
deadtime value:0
source interface:any available
total number of servers:2
following RADIUS servers are configured:

192.168.10.P1:
available for authentication on port:1812
available for accounting on port:1813
RADIUS shared secret:********
192.168.10.Q1:
available for authentication on port:1812
available for accounting on port:1813
RADIUS shared secret:********
Step 31 Ask your lab partners in the peer pod to execute the show radius-server
command on their Cisco Nexus 7000 Series switch VDCs. Determine if they see
the newly created RADIUS servers in their VDCs. Determine if the RADIUS
secret keys also exchanged through Cisco Fabric Services.
Caution The RADIUS server information is exchanged through Cisco Fabric Services, but the
RADIUS server keys are not included. The global radius-server key command can be
used to set a default key for all RADIUS servers.
Step 32 Verify with your peer pod that you see the role and RADIUS servers that were
distributed through Cisco Fabric Services in this exercise in both Cisco Nexus
7000 Series switch VDCs before moving on to the next task.
 You have enabled Cisco Fabric Services distribution using IPv4 and configured a Cisco
Fabric Services region and IPv4 multicast group.
 You have created a new role, distributed the role configuration through Cisco Fabric
Services between your pod and peer pod VDCs, and verified the operation of Cisco
Fabric Services.
 You have configured two RADIUS servers, distributed the RADIUS configuration
through Cisco Fabric Services between your pod and peer pod VDCs, and verified the
operation of Cisco Fabric Services.
Task 2: Configure the Scheduler

During this task, you will configure the Cisco NX-OS scheduler on the Cisco Nexus 7000
Series switch VDCs in your pod.
Activity Procedure
Step 1 Open 3CDaemon on your student PC.
Step 2 Verify 3CDamon listens to TFTP requests on IP Address 192.168.0.P1
Step 4 Examine the default CLI variables that are available on your VDC.
N7K-Y-podP(config)# show cli variables
VSH Variable List (* = session vars)
-----------------
SWITCHNAME="N7K-Y-podP"
TIMESTAMP="2015-11-18-06.29.09"
Step 5 Copy the running configuration to a file in bootflash on the supervisor module
that uses the SWITCHNAME and TIMESTAMP variables to create the
filename. Use “$(SWITCHNAME)-$(TIMESTAMP).cfg” as the name for the
file in bootflash.
N7K-Y-podP# copy running-config tftp://192.168.0.P1/$(SWITCHNAME)-
$(TIMESTAMP).cfg vrf management
Step 6 Check in 3CDaemon that the file was received.
Step 7 Enable the scheduler feature.

N7K-Y-podP(config)# feature scheduler
Create a scheduler job named BACKUP-CONFIG and copy the running
configuration to bootflash using “$(SWITCHNAME)-$(TIMESTAMP).cfg” as
the filename.
N7K-Y-podP(config)# scheduler job name BACKUP-CONFIG
N7K-Y-podP(config-job)# copy running-config
tftp://192.168.0.P1/$(SWITCHNAME)-$(TIMESTAMP).cfg vrf management
N7K-Y-podP(config-job)# exit
Step 8 Create a schedule named TEST-BACKUP that runs the job BACKUP-CONFIG
once, starting one minute after you configure the schedule.
N7K-Y-podP(config)# scheduler schedule name TEST-BACKUP
N7K-Y-podP(config-schedule)# job name BACKUP-CONFIG
N7K-Y-podP(config-schedule)# time start +1
Step 9 Examine the schedule.
N7K-Y-podP# show scheduler schedule
Schedule Name : TEST-BACKUP
---------------------------------
User Name : admin
Schedule Type : Run once on Mon Jul 23 14:14:00 2012
Last Execution Time : Yet to be executed
-----------------------------------------------
Job Name Last Execution Status
-----------------------------------------------
BACKUP-CONFIG -NA-
===========================================================================
===
Step 10 After a moment, examine the schedule again.
N7K-Y-podP# show scheduler schedule
Schedule Name : TEST-BACKUP
---------------------------------
User Name : admin
Schedule Type : Run once on Mon Jul 23 14:14:00 2012
Last Execution Time : Mon Jul 23 14:14:00 2012
Last Completion Time: Mon Jul 23 14:14:04 2012
Execution count : 1
-----------------------------------------------
-----------------------------------------------
BACKUP-CONFIG Success (0)
===========================================================================
Step 11 Determine in 3CDaemon if the backup job succeeded.
Step 12 Examine the scheduler log.

N7K-Y-podP# show scheduler logfile
Job Name : BACKUP-CONFIG Job Status: Success (0)
Schedule Name : TEST-BACKUP User Name : admin
Completion time: Wed Nov 18 06:34:01 2015
--------------------------------- Job Output ------------------------------
---
`copy running-config tftp://192.168.0.P1/N7K-Y-podP-2015-11-18-06.34.00.cfg
vrf management`
Connection to Server Established.
[ ] 0.50KBTrying to connect to tftp
server......
TFTP put operation was successful

Copy complete.
Step 13 Remove the schedule TEST-BACKUP and create a new schedule named
WEEKLY-BACKUP, which runs the job BACKUP-CONFIG every Sunday at
10:00 p.m. (2200).
N7K-Y-podP(config)# no scheduler schedule name TEST-BACKUP
N7K-Y-podP(config)# scheduler schedule name WEEKLY-BACKUP
N7K-Y-podP(config-schedule)# job name BACKUP-CONFIG
N7K-Y-podP(config-schedule)# time weekly 1:22:00
Step 14 Examine the WEEKLY-BACKUP schedule.
N7K-Y-podP# show scheduler schedule name WEEKLY-BACKUP
Schedule Name : WEEKLY-BACKUP
-----------------------------------
User Name : admin
Schedule Type : Run on every Sunday at 22 Hrs 0 Mins
Last Execution Time : Yet to be executed
-----------------------------------------------
-----------------------------------------------
BACKUP-CONFIG -NA-
 You have created a manual backup of the configuration using the system CLI variables
in bootflash.
 You have created a scheduler job that creates a backup of the running configuration in
bootflash and successfully run the scheduler job as a one-time job.
 You have configured a weekly backup schedule for the backup scheduler job.
Task 3: Configure Cisco Smart Call Home
During this task, you will configure the Cisco Smart Call Home feature on the Cisco Nexus
7000 Series switch VDC in your pod.
Activity Procedure
Step 2 Enter Cisco Smart Call Home configuration mode and specify customer
information according to the following table:
Parameter Value
Email contact podP-admin@example.net, where P is your pod number
Phone contact +49-40-25334610
Street address Gasstrasse 4a, 22761 Hamburg, Germany
N7K-Y-podP(config)# callhome
N7K-Y-podP(config-callhome)# email-contact podP-admin@example.net
N7K-Y-podP(config-callhome)# phone-contact +49-40-25334610
N7K-Y-podP(config-callhome)# streetaddress Gasstrasse 4a, 22761 Hamburg.
Germany
Step 3 Verify the operational Cisco Smart Call Home parameters.
N7K-Y-podP(config-callhome)# show callhome
callhome disabled
Callhome Information:
contact person name(sysContact):
contact person's email:podP-admin@example.net
contact person's phone number:+49-40-25334610
street addr:Gasstrasse 4a, 22761 Hamburg. Germany
site id:
customer id:
contract id:
switch priority:7
duplicate message throttling : enabled
periodic inventory : enabled
periodic inventory time-period : 7 days
periodic inventory timeofday : 08:00 (HH:MM)
Distribution : Disabled
N7K-Y-podP(config-callhome)#
Step 4 Create a destination profile named NEXUS-LAB by using the information in the
following table.
Parameter Value
Profile name NEXUS-OPS
Message format Full text
Message level 2
Alert group All
Destination email address podP@cisco.com, where P is your pod number
N7K-Y-podP(config-callhome)# destination-profile NEXUS-OPS format full-txt
N7K-Y-podP(config-callhome)# destination-profile NEXUS-OPS message-level 2
N7K-Y-podP(config-callhome)# destination-profile NEXUS-OPS alert-group all
N7K-Y-podP(config-callhome)# destination-profile NEXUS-OPS email-addr
podP@cisco.com
Step 5 Examine the Cisco Smart Call Home destination profile NEXUS-LAB.
N7K-Y-podP(config-callhome)# show callhome destination-profile profile
NEXUS-OPS
NEXUS-OPS destination profile information
maximum message size:2500000
message format:full-txt
message-level:2
transport-method:email
email addresses configured:
podP@cisco.com
url addresses configured:
alert groups configured:

all
Step 6 Configure two more destination profiles according to the following table.
Parameter Value
Profile name SMS
Message format Short text
Message level 6
Message size 160 characters
Alert group All
Parameter Value
Profile name TICKETING-SYSTEM
Message format XML
Message level 1
Alert group All
Note The three destination profiles represent three different uses of Cisco Smart Call Home.
The NEXUS-OPS profile is used to send email to a group of network operators. The
SMS profile is used to send high-priority messages to a select group of users via an
email-to-SMS gateway. The TICKETING-SYSTEM profile is used to send messages to
a ticketing system that can parse XML-based messages. Normally, each of these
profiles would use a separate destination email address, but in this lab exercise, the
same email address is used for all three profiles.
N7K-Y-podP(config-callhome)# callhome
N7K-Y-podP(config-callhome)# destination-profile SMS format short-txt
N7K-Y-podP(config-callhome)# destination-profile SMS message-level 6
N7K-Y-podP(config-callhome)# destination-profile SMS message-size 160
N7K-Y-podP(config-callhome)# destination-profile SMS alert-group all
N7K-Y-podP(config-callhome)# destination-profile SMS email-addr
podP@cisco.com
N7K-Y-podP(config-callhome)# destination-profile TICKETING-SYSTEM format
XML
N7K-Y-podP(config-callhome)# destination-profile TICKETING-SYSTEM message-
level 1
N7K-Y-podP(config-callhome)# destination-profile TICKETING-SYSTEM alert-
group all
N7K-Y-podP(config-callhome)# destination-profile TICKETING-SYSTEM email-
addr podP@cisco.com
Step 7 Configure the global Cisco Smart Call Home email settings according to the
following table.
Parameter Value
SMTP server 192.168.0.10
VRF Management
From email address callhome@example.net
Reply-to email address podP-admin@example.net, where P is your pod number
N7K-Y-podP(config-callhome)# transport email smtp-server 192.168.0.10 use-

vrf management
N7K-Y-podP(config-callhome)# transport email from callhome@example.com
N7K-Y-podP(config-callhome)# transport email reply-to podP-
admin@example.com
Step 8 Examine the Cisco Smart Call Home transport parameters.
N7K-Y-podP(config-callhome)# show callhome transport
http vrf:default
from email addr:callhome@example.com

reply to email addr:podP-admin@example.com
smtp server:192.168.0.10
smtp server port:25
smtp server vrf:management
smtp server priority:0
http proxy server:

http proxy server port:
http proxy status:Disabled
Step 9 Enable Cisco Smart Call Home.
N7K-Y-podP(config-callhome)# callhome
N7K-Y-podP(config-callhome)# enable
sysContact is not configured
callhome can not be enabled on the switch,
because necessary configuration has not been done
Please check if all of following configuration is done
contact person name(sysContact)
contact person's email
contact person's phone number
street addr
To configure sysContact, please use snmp-server command
Note In addition to the Cisco Smart Call Home parameters, the Cisco Smart Call Home
feature also requires the SNMP sysContact ans contact emails variable to be set.
Step 10 Configure the SNMP sysContact to be “Pod P Administrator,” where P is your

pod number.
N7K-Y-podP(config-callhome)# snmp-server contact Pod P Administrator
Step 11 Enable Cisco Smart Call Home.
N7K-Y-podP(config-callhome)# enable
Step 12 Generate test messages to verify the operation of Cisco Smart Call Home.
N7K-Y-podP(config-callhome)# callhome test
trying to send test callhome message
Note Cisco Smart Call Home messages will only be sent successfully for the profiles NEXUS-
OPS and TICKETING-SYSTEM. No messages will be sent for the profile SMS, because
the inventory message that is sent by the test has a lower level (2) than the configured
Call Home level for the destination profile SMS (6). The other error messages are
related to destination profiles that are predefined but not configured.
Step 13 Connect to your assigned Windows server.

Step 14 Open a browser to the lab email server at http://192.168.0.10/mail. Log in to the
web mail on the server using „podP“, as the username and password, where P is
your pod number.
Note The lab that you are working on may use a different solution to view the Smart Call
Home email messages. If you cannot access the web mail using the method described
in this lab guide, ask the instructor for the appropriate procedure to access the email
messages.
Step 15 Verify that you have two new email messages in your inbox with content that is
similar to the content below.
Full text message for destination profile NEXUS-OPS
From:
callhome@example.com(+)
Reply-To:
podP-admin@cisco.com(+)
To:
podP@cisco.com(+)
Subject:
System Notification from N7K-Y-podP - test:test - 2015-06-26 18:37:18 GMT+00:00 Test Test
message
Severity Level:2
Series:Nexus7000 C7010 (10 Slot) Chassis
Switch Priority:7
Device Id:N7K-C7010@C@JAF1545CJAM
Server Id:N7K-C7010@C@JAF1545CJAM
Time of Event:2015-06-26 18:37:18 GMT+00:00
Message Name:test
Message Type:test
System Name:N7K-Y-podP
Contact Name:Pod 1 Administrator
Contact Email:pod1-admin@example.net
Contact Phone:+49-40-25334610
Street Address:Gasstrasse 4a, 22761 Hamburg. Germany
Event Description:Test Test message
start chassis information:
Affected Chassis:N7K-C7010
Affected Chassis Serial Number:JAF1441DHEB
Affected Chassis Hardware Version:2.0
Affected Chassis Software Version:7.2(0)D1(1)
Affected Chassis Part No:73-10900-06
end chassis information:
start attachment
name:show version
type:text
data:
Documents:
http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Software
BIOS: version N/A
kickstart: version 7.2(0)D1(1)
system: version 7.2(0)D1(1)
BIOS compile time:
kickstart image file is: bootflash:///n7000-s2-kickstart.7.2.0.D1.1.bin
kickstart compile time: 5/19/2015 11:00:00 [06/14/2015 21:46:33]
system image file is: bootflash:///n7000-s2-dk9.7.2.0.D1.1.bin
system compile time: 5/19/2015 11:00:00 [06/14/2015 23:40:32]
Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor Module-2";)
Intel(R) Xeon(R) CPU with 12224912 kB of memory.
Processor Board ID JAF1727ALNJ
Device name: N7K-Y-podP

bootflash: 2007040 kB
slot0: 0 kB (expansion flash)
Kernel uptime is 0 day(s), 23 hour(s), 44 minute(s), 38 second(s)
Last reset at 25298 usecs after Tue Nov 17 06:58:39 2015
Reason: Reset due to upgrade

System version: 6.2(10)
Service:
plugin
Core Plugin, Ethernet Plugin
end attachment
start attachment
name:show module
type:text
data:
Mod Ports Module-Type Model Status
--- ----- ----------------------------------- ------------------ ---------
-
5 0 Supervisor Module-2 N7K-SUP2 active *
7 12 10/40 Gbps Ethernet Module N7K-F312FQ-25 ok
Mod Sw Hw
--- --------------- ------
5 7.2(0)D1(1) 1.1
7 7.2(0)D1(1) 1.1
Mod MAC-Address(es) Serial-Num

--- -------------------------------------- ----------
5 84-78-ac-24-f6-ef to 84-78-ac-24-f7-01 JAF1727ALNJ
7 f4-cf-e2-7c-dc-68 to f4-cf-e2-7c-dc-a3 JAE184905MZ
Mod Online Diag Status

--- ------------------
5 Pass
7 Pass
Xbar Ports Module-Type Model Status

--- ----- ----------------------------------- ------------------ ---------
-
1 0 Fabric Module 1 N7K-C7010-FAB-1 ok
Xbar Sw Hw
--- --------------- ------
1 NA 1.1
2 NA 1.1
3 NA 1.1
4 NA 1.1
5 NA 1.1
Xbar MAC-Address(es) Serial-Num

--- -------------------------------------- ----------
1 NA JAF1508DCTE
2 NA JAF1508CLJM
3 NA JAF1508CLML
4 NA JAF1508CLSK
5 NA JAF1508BJGR
* this terminal session

end attachment
start attachment
name:show vdc current-vdc
type:text
data:
Current vdc is 2 - podP
end attachment
start attachment
name:show vdc membership
type:text
data:
Flags : b - breakout port
---------------------------------
vdc_id: 2 vdc_name: podP interfaces:

Ethernet7/A Ethernet7/B Ethernet7/C
Ethernet7/D
end attachment
XML message for destination profile TICKETING-SYSTEM

From:
callhome@example.com(+)
Reply-To:
pod1-admin@cisco.com(+)
To:
pod1@cisco.com(+)
Subject:
System Notification from N7K-Y-podP - test:test - 2015-06-26 18:37:18 GMT+00:00 Test Test message

</aml-block:Data>
</aml-block:Attachment>
</aml-block:Attachments>
</aml-block:Block>
</soap-env:Body>
</soap-env:Envelope>
 You have configured and tested Cisco Smart Call Home on your Cisco Nexus 7000
Series switch VDC.
Lab 5-2: Implement Cisco DCNM for LAN
Activity Objective
In this activity, you will use Cisco DCNM for LAN to perform network discovery and
network management of the Cisco Nexus product range. After completing this activity, you
will be able to meet these objectives:
 Use Cisco DCNM to perform a network discovery of the network infrastructure
 Use Cisco DCNM to perform a platform inventory of the Cisco Nexus product range
 Use Cisco DCNM to monitor and manage the discovered network
Visual Objective
Data Center Network Manager (DCNM)
Nexus 7000
Nexus 5500
Required Resources
 Cisco Nexus 7000 Series switch VDC
 DCNM server
Command List
NX-OS Commands
Command Description
show cdp neighbors Displays the list of Cisco Discovery Protocol neighbors
show diff rollback-patch Displays the differences between the running configuration
startup-config running- and startup configuration
config
show vlan id <vlan-id> Displays the properties of a specific VLAN
show running-config Displays the running configuration for a specific interface

interface <intf>
show startup-config vlan Displays the startup configuration for a specific VLAN
show logging last <nr> Displays the last number of lines in the system log file
show running-config vlan Displays the running configuration for a specific VLAN
<vlan-id>
copy bootflash:<filename> Merges the configuration in a file in bootflash with the
running-config current running configuration
checkpoint <name> Creates a configuration checkpoint
Job Aids
 Lab IP address plan
Task 1: Installing Cisco Prime Data Center Network Manager
In this task, you will install Cisco Prime Data Center Network Manager on your
Windows server.
Activity Procedure
Step 1 Connect to your assigned Windows server.
Step 2 Open the Internet Explorer, navigate to http://192.168.0.P7 and login using the
Task 2: Network Discovery

In this task, you will use Cisco DCNM for LAN to perform a network discovery of your
Nexus 7000 Series switch VDC and your Nexus 5600 Platform switch.
Activity Procedure
N7K-Y-podP# copy bootflash:/DCUFX/MST running-config
come online

?(yes/no)[n]: yes
N5K-P login: admin
Password:
N5K-P# write erase

N5K-P# reload
come online

?(yes/no)[n]: yes
to continue.


of the system.
support services.

switch login: admin
Password:
Step 10 Configure the hostname N5K-P (P is your pod number) and management
interface IP address and save the configuration.
switch# conf
switch(config)# hostname N5K-P
N5K-P(config)# interface mgmt 0
N5K-P(config-if)# interface e2/5-6
[########################################] 100%
Note You should see three devices in the output of this command: your Cisco Nexus 5600
Platform switch, your peer pod Cisco Nexus 5600 Platform switch, and your peer pod
Cisco Nexus 7000 Series switch VDC. If this is not the case, troubleshoot with your lab
partners in the peer pod until all three connections are operational.
Step 11 Use Cisco Discovery Protocol to verify that the links between the devices in
your pod and the peer pod are operational.
N7K-Y-podP# show cdp neighbors

N5K-P(FOC1838R2Y7)
Eth7/A 167 R S I s N5K-C5672UP Eth2/2
N5K-Q(FOC1843R584)
Eth7/B 168 R S I s N5K-C5672UP Eth2/1
N7K-Y-podQ(JAF1441DHEB)
Eth7/D 163 R S I s N7K-C7010 Eth7/8
Total entries displayed: 3

Step 12
Step 13 Back on the server desktop, wait for the DCNM server page to load the welcome
screen.
Step 14 Navigate to Admin > Data Sources. Under Admin > Data Sources > LAN,
click the “+” icon to add a data source.
Step 15 Add your Cisco Nexus 7000 Series switch VDC as seed switch:
 Discovery Type: Hops from Seed Switch
 Seed Switch: 192.168.0.20P
 Max Hops from Seed: 1
 User Name: admin
 Password: 1234QWer
Step 16 Select all the discovered Nexus switches and click “Add”.
Step 17 Wait for discovery to complete – Use the REFRESH Button on the top left hand
side of the Admin > Data Sources > LAN to refresh.
Step 18 Click the Inventory menu and click Switches.
Step 19 Select any Nexus switch and explore the collected information.
Step 20 Spend some time examining the various options in the Inventory and
Dashboard view of Cisco DCNM before moving on to the next task.
 You have logged in to your assigned Cisco DCNM server by using the Cisco DCNM
client.
 You have performed a device discovery using your Cisco Nexus 7000 Series switch
VDC as the seed device.
 You have discovered the Cisco Nexus 7000 Series switch VDCs, the Cisco Nexus 5000
Series switches, and the Cisco Nexus 2000 Fabric Extenders in your pod and in your
peer pod.
 You have examined the network map in the topology view of Cisco DCNM.
Task 3: Platform Inventory

In this task, you will use Cisco DCNM for LAN to perform a platform inventory of the
Cisco Nexus product range.
Activity Procedure
Step 1 Use the Inventory menu to answer the following questions:
Step 2 Open the inventory of your Cisco Nexus 7000 Series switch and your Cisco
Nexus 5600 Platform switch and examine the components.
Step 3 Determine how many fabric modules are installed in your assigned Cisco Nexus
7000 Series switch.
Step 4 Determine how many power supplies are present in your Cisco Nexus 7000
Series switch.
Step 5 Determine where you can find the Cisco Nexus 2000 Fabric Extender in the
inventory view and why it is displayed in this particular position.
Step 6 Determine the serial number of the Fan module in your Cisco Nexus 5600
Platform. Any exception?
Step 7 Open the Device Manager using the shortcut on the desktop.
Step 8 Connect to your Nexus 5600 series switch using the 192.168.0.P8 IP address,
Step 9 Spend some time examining the various options in the Physical menu of Cisco
Device Manager.
 You have reviewed the hardware inventory of the devices in your pod and the peer pod.
 You have created a chart of the memory usage on your Cisco Nexus 7000 Series
switch.
Tear-out Lab diagram

Implementing Cisco Data Center Unified Fabric

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Implementing Cisco Data Center Unified Fabric

Enviado por

Direitos autorais:

Formatos disponíveis

DCUFI

Fast Lane LAB Guide

Fast Lane Lab Guide 5.1.2

Nexus Lab Topology – Lab Aids

Physical topology and pod assignments

Device Interface Device Interface

N5K-1 Ethernet 1/3 Server 1 CNA port 1

Ethernet 1/4 Server 2 CNA port 2

Ethernet 1/9 N2K-1 Uplink port 1

Ethernet 1/10 N2K-1 Uplink port 2

Ethernet 1/11 N2K-2 Uplink port 3

Ethernet 2/1 N7K-1-pod1 Ethernet 7/1

Ethernet 2/2 N7K-2-pod2 Ethernet 7/1

Ethernet 2/5 N5K-2 Ethernet 2/5

Ethernet 2/6 N5K-2 Ethernet 2/6

Fibre Channel 1/47 MDS-1 Fibre Channel 1/1

Fibre Channel 1/48 MDS-1 Fibre Channel 1/2

N7K-1-pod1 Ethernet 7/1 N5K-1 Ethernet 2/1

Ethernet 7/2 N5K-2 Ethernet 2/2

Ethernet 7/7 N7K-2-pod2 Ethernet 7/7

Ethernet 7/8 N7K-2-pod2 Ethernet 7/8

N5K-2 Ethernet 1/3 Server 2 CNA port 1

Ethernet 1/4 Server 1 CNA port 2

Ethernet 1/9 N2K-2 Uplink port 1

Ethernet 1/10 N2K-2 Uplink port 2

Ethernet 1/11 N2K-1 Uplink port 3

Ethernet 2/1 N7K-2-pod2 Ethernet 7/2

Ethernet 2/2 N7K-1-pod1 Ethernet 7/2

Ethernet 2/5 N5K-1 Ethernet 2/5

Ethernet 2/6 N5K-1 Ethernet 2/6

Fibre Channel 1/47 MDS-2 Fibre Channel 1/1

Fibre Channel 1/48 MDS-2 Fibre Channel 1/2

N7K-2-pod2 Ethernet 7/1 N5K-1 Ethernet 2/2

Ethernet 7/2 N5K-2 Ethernet 2/1

Ethernet 7/7 N7K-1-pod1 Ethernet 7/7

Ethernet 7/8 N7K-1-pod1 Ethernet 7/8

N5K-3 Ethernet 1/3 Server 3 CNA port 1

Ethernet 1/4 Server 4 CNA port 2

Ethernet 1/9 N2K-3 Uplink port 1

Ethernet 1/10 N2K-3 Uplink port 2

Device Interface Device Interface

Ethernet 1/11 N2K-4 Uplink port 3

Ethernet 2/1 N7K-1-pod3 Ethernet 7/3

Ethernet 2/2 N7K-2-pod4 Ethernet 7/3

Ethernet 2/5 N5K-4 Ethernet 2/5

Ethernet 2/6 N5K-4 Ethernet 2/6

Fibre Channel 1/47 MDS-3 Fibre Channel 1/1

Fibre Channel 1/48 MDS-3 Fibre Channel 1/2

N7K-1-pod3 Ethernet 7/3 N5K-3 Ethernet 2/1

Ethernet 7/4 N5K-4 Ethernet 2/2

Ethernet 7/9 N7K-2-pod4 Ethernet 7/9

Ethernet 7/10 N7K-2-pod4 Ethernet 7/10

N5K-4 Ethernet 1/3 Server 4 CNA port 1

Ethernet 1/4 Server 3 CNA port 2

Ethernet 1/9 N2K-4 Uplink port 1

Ethernet 1/10 N2K-4 Uplink port 2

Ethernet 1/11 N2K-3 Uplink port 3

Ethernet 2/1 N7K-2-pod4 Ethernet 7/4

Ethernet 2/2 N7K-1-pod3 Ethernet 7/4

Ethernet 2/5 N5K-3 Ethernet 2/5

Ethernet 2/6 N5K-3 Ethernet 2/6

Fibre Channel 1/47 MDS-4 Fibre Channel 1/1

Fibre Channel 1/48 MDS-4 Fibre Channel 1/2

N7K-2-pod4 Ethernet 7/3 N5K-3 Ethernet 2/2