Show Menu
Cheatography

CCIE Data Center Cheat Sheet by [deleted]

VDC

system hap-reset
vdc resource template otv-te­mplate
limit-­res­ource VRF min 8 max 16

vdc N7K1 id 1
no limit-­res­ource module­-type
allocate interface ethernet 3/1-8
ha-policy single-sup reload
template otv-te­mplate
Verifi­cation:
sh vdc internal pss
sh int e3/1 capabi­lities >>>­>> It will show the port-g­roup.

VLAN

vlan dot1Q tag native
!
vlan 2
name VLAN2
Verifi­cation:
sh int switchport

SVI (Switch Virtual Interface)

feature interf­ace­-vlan
!
interface vlan 41
no shutdown
ip address 10.1.4­1.2­52/24

VRF

vrf context vpc-ke­epalive
!
interface Vlan888
vrf member vpc-ke­epalive
ip address 8.8.8.1/30

VPC

feature vpc
vpc domain 100
role priority 1
system­-pr­iority 1
peer-k­eep­alive destin­ation 8.8.8.2 source 8.8.8.1 vrf vpc-ke­epalive
dual-a­ctive exclude interf­ace­-vlan 10
!
interface port-c­han­nel100
vpc peer-link
Verifi­cation:
show vpc consis­ten­cy-­par­ameters global

VPC+

vpc domain 200
fabricpath switch-id 200
!
interface port-c­han­nel100
switchport mode fabricpath
vpc peer-link

Fabricpath

install featur­e-set fabricpath
featur­e-set fabricpath
!
fabricpath switch-id 300
!
fabricpath timers linkup­-delay 20
!
fabricpath domain default
root-p­riority 255
maximu­m-paths 2
!
vlan 34
mode fabricpath
!
interface Ethern­et1/1
switchport mode fabricpath
fabricpath isis metric 50

VRRP

feature vrrp
!
interface Vlan31
no shutdown
ip address 10.1.31.2
vrrp 1
priority 254
address 10.1.31.1
no shutdown

HSRP

feature hsrp
!
interface Vlan41
no shutdown
ip address 10.1.4­1.2­52/24
hsrp version 2
hsrp 1
ip 10.1.4­1.254
authen­tic­ation md5 key-­chain mychain
timers 1 3
preempt
priority 255
!
key chain mychain
key 1
key­‐s­tring CCIEDC
Verifi­cation:
sh hsrp brief
sh hsrp group 1*

HSRP Locali­sation

! VACL Filter:
ip access­-list ALL_IPs
10 permit ip any any
!
ip access­-list HSRP_IP
10 permit udp any 224.0.0.2/32 eq 1985
20 permit udp any 224.0.0.1­02/32 eq 1985
!
vlan access-map HSRP_L­oca­liz­ation 10
match ip address HSRP_IP
action drop
vlan access-map HSRP_L­oca­liz­ation 20
match ip address ALL_IPs
action forward
!
vlan filter HSRP_L­oca­liz­ation vlan-list 3001-3002
!
! OTV MAC route filter:
mac-list OTV_HS­RP_­VMA­C_deny seq 10 deny 0000.0­c07.ac00 ffff.f­fff.ff00
mac-list OTV_HS­RP_­VMA­C_deny seq 20 deny 0000.0­c9f.f000 ffff.f­fff.f000
mac-list OTV_HS­RP_­VMA­C_deny seq 30 permit 0000.0­000.0000 0000.0­000.0000
!
route-map OTV_HS­RP_­filter permit 10
match mac-list OTV_HS­RP_­VMA­C_deny
!
otv-isis default
vpn Overlay0
redist­ribute filter route-map OTV_HS­RP_­filter

Jumbo Frame

N7K:
system jumbomtu 9216
!
int e3/1
mtu 9216
!
N5K-1:
policy-map type networ­k-qos jumbo
class type networ­k-qos class-fcoe
pause no-drop
mtu 2158
!
class type networ­k-qos class-­default
mtu 9216
!
system qos
servic­e-p­olicy type networ­k-qos jumbo
 

Netflow

feature netflow
!
flow exporter nf_col­lector
destin­ation 10.1.1.1 use-vrf management
source mgmt 0
version 9
!
flow monitor nf_monitor
record netflo­w-o­riginal
exporter nf_col­lector
!
interface Vlan1
ip flow monitor nf_monitor input
Verifi­cation:
show run netflow
show flow exporter
show flow monitor
show flow interface

OSPF

feature ospf
!
router ospf 1
router-id 1.1.1.1
!
interface Ethern­et4/1
ip router ospf 1 area 0
ip ospf network point-­to-­point
Verifi­cation:
sh ip ospf neighbors summary
sh ip ospf neighbors

EIGRP

feature eigrp
feature bfd
!
route-map SVI permit 10
match interface vlan 40 vlan 50
!
router eigrp 1
bfd
autono­mou­s-s­ystem 1
router-id 1.1.1.1
redist­ribute direct route-map SVI
!
interface Ethern­et4/1
ip router eigrp 1
no ip redirects
ip summar­y-a­ddress eigrp 1 10.1.4­0.0/22

PIM

feature pim
!
ip pim rp-address 20.0.0.1
!
interface Ethern­et4/1
ip pim sparse­-mode
no shutdown
Verifi­cation:
show run pim
show pim neighbor

OTV

feature otv
!
otv site-vlan 80
otv site-i­den­tifier 0x1
!
interface Overlay1
otv join-i­nte­rface Ethern­et4/1
otv contro­l-group 239.1.1.1
otv data-group 232.1.1.0/24
otv extend­-vlan 90
no shutdown
!
interface Ethern­et4/1
ip igmp version 3
no shutdown
Verifi­cation:
show ip igmp interface brief
show otv
show otv vlan
show otv adjacency
show otv route

Enhanced VPC

feature fex
!
fex 101
diag boot level bypass
!
inter eth 1/1-2
channe­l-group 101
no shut
!
inter po101
switchport
switchport mode fex
fex associate 101
vpc 101
no shut

ACL

ip access­-list WAN
10 permit ip any 10.1.4­0.0/24
20 permit tcp any 10.1.4­1.0/24 eq 23
30 deny ip any 10.1.4­1.0/24
40 permit ip any any
!
inter eth 4/1
ip access­-group WAN in

NTP

Default VDC:
clock protocol ntp vdc 3
!
VDC3:
ntp server 10.0.0.1 prefer
ntp source­-in­terface eth 4/1

Syslog

logging server 10.0.0.1
logging source­-in­terface lo0

MST

spanni­ng-tree mode mst
!
spanni­ng-tree mst config­uration
name ccie
revision 5
instance 1 vlan 41,42
!
spanni­ng-tree mst 1 root primary

STP

! SPT root primary
spanni­ng-tree vlan 1-4094 root primary
Verifi­cation:
sh spanni­ng-tree root
sh spanni­ng-tree summary
 

FCoE - Storage VDC

Default VDC:
!
install featur­e-set fcoe
!
license fcoe module 3
!
system qos
servic­e-p­olicy type networ­k-qos defaul­t-n­q-7­e-p­olicy
!
port-c­hannel load-b­alance src-dst ip-l4port module 3
!
vdc Storag­e_VDC id 2 type storage
allocate fcoe-v­lan­-range 100
!
Storage VDC:
featur­e-set fcoe
feature npiv
feature lacp
feature lldp
!
vsan database
vsan 100
!
vlan 100
fcoe vsan 100
Verifi­cation:
show vlan fcoe
show policy-map system
show run ipqos

vfc

interface Ethernet 3/1
switcport
switchport mode trunk
switchport trunk allowed vlan 200
spanni­ng-tree port type edge trunk
!
interface vfc 4
bind interface Ethernet 3/1
switchport mode F
switchport trunk allowed vsan 2
!
vlan 200
fcoe vsan 2
!
vsan database
vsan 2 interface vfc 4
Verifi­cation:
show int bri fcoe
show int vfc 4 trunk vsan

vfc-po­rtc­hannel

feature lacp
!
interface port-c­hannel1
switchport
switchport mode trunk
switchport trunk allowed vlan 100
no shutdown
!
interface Ethern­et4/1
channe­l-group 1 force mode active
!
interface vfc-po1
switchport mode F
switchport trunk allowed vsan 100
no shutdown
!
vsan database
vsan 100 interface vfc-po 1

F san-po­rtc­hannel

feature npiv
feature fport-­cha­nne­l-trunk
!
interface port-c­hannel 100
channel mode active
switchport mode f
switchport mode trunk on
switchport trunk allowed vsan 100
switchport rate-mode shared
!
interface fc1/9-12
channe­l-group 100 force
no shutdown

E san-po­rtc­hannel

N5K:
feature fcoe
!
vsan database
vsan 200
vsan 200 loadba­lancing src-dst-id
! SID/DID
port-c­hannel load-b­alance ethernet source­-de­st-ip
!
fcdomain domain 0x1 static vsan 200
fcdomain restart vsan 200
!
interface san-po­rt-­channel 22
channel mode active
switchport mode E
switchport trunk mode on
switchport trunk allowed vsan add 200
swit­c­hport rate-mode dedicated

FCIP with FCSP

feature fcip
feature fcsp
!
fcsp dhchap password CCIEDC
fcsp dhchap devicename Neighb­orS­wit­chWWN password CCIEDC
!
int Gi1/1
ip address 10.3.1.1 255.25­5.2­55.252
switchport mtu 2300
no shutdown
!
fcip profile 1
ip address 10.3.1.1
!
vsan database
vsan 100
!
interface port-c­hannel 1
channel mode active
fcsp on
switchport mode e
switchport trunk allowed vsan add 100
!
interface fcip1
use-pr­ofile 1
peer-info ipaddr 10.3.1.2
channe­l-group 1 force
no shutdown
show wwn switch
show fcsp dhchap database
show fcsp interface port-c­hannel 1
 

FCIP via Firewall

MDS-1:
feature fcip
int gi1/1
ip addr 10.3.1.1 255.25­5.2­55.252
switchport mtu 2300
no shut
!
fcip profile 10
ip add 10.3.1.1
port 3005
!
int fcip 10
use-pr­ofile 10
peer-info ipadd 10.3.1.2
passiv­e-mode
switchport mode e
switchport trunk allowed vsan 100
no shut
!
MDS-2:
int gi1/1
ip add 10.3.1.2 255.25­5.2­55.252
switchport mtu 2300
no shut
!
fcip profile 10
ip add 10.3.1.2
!
int fcip 10
use-pr­ofile 10
peer-info ipadd 10.3.1.1 port 3005
switchport mode e
switchport trunk allowed vsan 100
no shut
Verifi­cation:
show fcip profile
show fcip summary

NPV

feature fcoe
feature npv
!
slot 2
port 1-16 type fc
poweroff module 2
no poweroff module 2
!
npv auto-l­oad­-ba­lance disruptive

FC Zone

Creating zone:
zoneset name zs_vsan_100 vsan 100
zone name zone_vsan_100
member pwwn 20:00:­00:­25:­b5:­00:­00:01
member pwwn 50:00:­00:­00:­00:­00:­00:01
!
zoneset activate name zs_vsa­n_100 vsan 100
! No zone (useful for troubl­esh­ooting but not for produc­tion):
zone defaul­t-zone permit vsan 100
! Basic mode - manual full zone database distri­bution:
zoneset distribute vsan 100
! Enhanced mode - Automatic full zone database distri­bution:
zone mode enhanced
!
show zone status vsan 100

Shortcuts

sh cli history config­-mode unform­atted
cli alias name v2 switchto vdc N7K-2

FCoE Host

int eth1/20
switchport
switchport mode trunk
switchport trunk allowed vlan 1,100
spanni­ng-tree port type edge trunk
no shut

int vfc 20
bind interface eth1/20
switchport mode F
switchport trunk allowed vsan 100
no shut

N1KV - manual subgroup

port-p­rofile type ethernet system­-uplink
channe­l-group auto mode on sub-group manual
!
interface e3/1
sub-gr­oup-id 0
To find the interface number:
module vem 3 execute vemcmd show port

N1KV - iSCSI Multipath

port-p­rofile type vethernet iscsi
capability iscsi-­mul­tipath
system vlan 30
!
port-p­rofile type ethernet system­-uplink
system vlan 1,30,40*

N1KV - QoS

policy-map type qos silver
class class-­default
set cos 2
!
port-p­rofile type vethernet iscsi
servic­e-p­olicy type qos input silver
!
system jumbomtu 9000
!
port-p­rofile type ethernet system­-uplink
mtu 9000

N1KV - Setup

! Maximum number of ports in a non-uplink port-p­rofile
port-p­rofile default max-ports 8
! dv Port ID persists for the life of veth
port-p­rofile default port-b­inding static

N1KV - relative subgroup

! Subgroup ID should start from 0 and increase by 1 for each additional uplink
port-p­rofile type ethernet system­-uplink
channe­l-group auto mode on mac-pi­nning relative
 

Comments

No more CCIE Data Center Cheat Sheet.If you are searching CCIE Data Center Lab Dumps or any other study material then visit:http://lab4ccie.livejournal.com/386.html.Here on this link you can find very helpful article for your preparation.

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.