CCIE Data Center Cheat Sheet

VDC

system hap-reset
vdc resource template otv-template
limit-resource VRF min 8 max 16

vdc N7K1 id 1
no limit-resource module-type
allocate interface ethernet 3/1-8
ha-policy single-sup reload
template otv-template

Verification:
sh vdc internal pss
sh int e3/1 capabilities >>>>> It will show the port-group.

VLAN

vlan dot1Q tag native
!
vlan 2
name VLAN2

Verification:
sh int switchport

SVI (Switch Virtual Interface)

feature interface-vlan
!
interface vlan 41
no shutdown
ip address 10.1.41.252/24

VRF

vrf context vpc-keepalive
!
interface Vlan888
vrf member vpc-keepalive
ip address 8.8.8.1/30

VPC

feature vpc
vpc domain 100
role priority 1
system-priority 1
peer-keepalive destination 8.8.8.2 source 8.8.8.1 vrf vpc-keepalive
dual-active exclude interface-vlan 10
!
interface port-channel100
vpc peer-link

Verification:
show vpc consistency-parameters global

VPC+

vpc domain 200
fabricpath switch-id 200
!
interface port-channel100
switchport mode fabricpath
vpc peer-link

Fabricpath

install feature-set fabricpath
feature-set fabricpath
!
fabricpath switch-id 300
!
fabricpath timers linkup-delay 20
!
fabricpath domain default
root-priority 255
maximum-paths 2
!
vlan 34
mode fabricpath
!
interface Ethernet1/1
switchport mode fabricpath
fabricpath isis metric 50

VRRP

feature vrrp
!
interface Vlan31
no shutdown
ip address 10.1.31.2
vrrp 1
priority 254
address 10.1.31.1
no shutdown

HSRP

feature hsrp
!
interface Vlan41
no shutdown
ip address 10.1.41.252/24
hsrp version 2
hsrp 1
ip 10.1.41.254
authentication md5 key-chain mychain
timers 1 3
preempt
priority 255
!
key chain mychain
key 1
key‐string CCIEDC

Verification:
sh hsrp brief
sh hsrp group 1*

HSRP Localisation

! VACL Filter:
ip access-list ALL_IPs
10 permit ip any any
!
ip access-list HSRP_IP
10 permit udp any 224.0.0.2/32 eq 1985
20 permit udp any 224.0.0.102/32 eq 1985
!
vlan access-map HSRP_Localization 10
match ip address HSRP_IP
action drop
vlan access-map HSRP_Localization 20
match ip address ALL_IPs
action forward
!
vlan filter HSRP_Localization vlan-list 3001-3002
!
! OTV MAC route filter:
mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00
mac-list OTV_HSRP_VMAC_deny seq 20 deny 0000.0c9f.f000 ffff.ffff.f000
mac-list OTV_HSRP_VMAC_deny seq 30 permit 0000.0000.0000 0000.0000.0000
!
route-map OTV_HSRP_filter permit 10
match mac-list OTV_HSRP_VMAC_deny
!
otv-isis default
vpn Overlay0
redistribute filter route-map OTV_HSRP_filter

Jumbo Frame

N7K:
system jumbomtu 9216
!
int e3/1
mtu 9216
!
N5K-1:
policy-map type network-qos jumbo
class type network-qos class-fcoe
pause no-drop
mtu 2158
!
class type network-qos class-default
mtu 9216
!
system qos
service-policy type network-qos jumbo

Netflow

feature netflow
!
flow exporter nf_collector
destination 10.1.1.1 use-vrf management
source mgmt 0
version 9
!
flow monitor nf_monitor
record netflow-original
exporter nf_collector
!
interface Vlan1
ip flow monitor nf_monitor input

Verification:
show run netflow
show flow exporter
show flow monitor
show flow interface

OSPF

feature ospf
!
router ospf 1
router-id 1.1.1.1
!
interface Ethernet4/1
ip router ospf 1 area 0
ip ospf network point-to-point

Verification:
sh ip ospf neighbors summary
sh ip ospf neighbors

EIGRP

feature eigrp
feature bfd
!
route-map SVI permit 10
match interface vlan 40 vlan 50
!
router eigrp 1
bfd
autonomous-system 1
router-id 1.1.1.1
redistribute direct route-map SVI
!
interface Ethernet4/1
ip router eigrp 1
no ip redirects
ip summary-address eigrp 1 10.1.40.0/22

PIM

feature pim
!
ip pim rp-address 20.0.0.1
!
interface Ethernet4/1
ip pim sparse-mode
no shutdown

Verification:
show run pim
show pim neighbor

OTV

feature otv
!
otv site-vlan 80
otv site-identifier 0x1
!
interface Overlay1
otv join-interface Ethernet4/1
otv control-group 239.1.1.1
otv data-group 232.1.1.0/24
otv extend-vlan 90
no shutdown
!
interface Ethernet4/1
ip igmp version 3
no shutdown

Verification:
show ip igmp interface brief
show otv
show otv vlan
show otv adjacency
show otv route

Enhanced VPC

feature fex
!
fex 101
diag boot level bypass
!
inter eth 1/1-2
channel-group 101
no shut
!
inter po101
switchport
switchport mode fex
fex associate 101
vpc 101
no shut

ACL

ip access-list WAN
10 permit ip any 10.1.40.0/24
20 permit tcp any 10.1.41.0/24 eq 23
30 deny ip any 10.1.41.0/24
40 permit ip any any
!
inter eth 4/1
ip access-group WAN in

NTP

Default VDC:
clock protocol ntp vdc 3
!
VDC3:
ntp server 10.0.0.1 prefer
ntp source-interface eth 4/1

Syslog

logging server 10.0.0.1
logging source-interface lo0

MST

spanning-tree mode mst
!
spanning-tree mst configuration
name ccie
revision 5
instance 1 vlan 41,42
!
spanning-tree mst 1 root primary

STP

! SPT root primary
spanning-tree vlan 1-4094 root primary

Verification:
sh spanning-tree root
sh spanning-tree summary

FCoE - Storage VDC

Default VDC:
!
install feature-set fcoe
!
license fcoe module 3
!
system qos
service-policy type network-qos default-nq-7e-policy
!
port-channel load-balance src-dst ip-l4port module 3
!
vdc Storage_VDC id 2 type storage
allocate fcoe-vlan-range 100
!
Storage VDC:
feature-set fcoe
feature npiv
feature lacp
feature lldp
!
vsan database
vsan 100
!
vlan 100
fcoe vsan 100

Verification:
show vlan fcoe
show policy-map system
show run ipqos

vfc

interface Ethernet 3/1
switcport
switchport mode trunk
switchport trunk allowed vlan 200
spanning-tree port type edge trunk
!
interface vfc 4
bind interface Ethernet 3/1
switchport mode F
switchport trunk allowed vsan 2
!
vlan 200
fcoe vsan 2
!
vsan database
vsan 2 interface vfc 4

Verification:
show int bri fcoe
show int vfc 4 trunk vsan

vfc-portchannel

feature lacp
!
interface port-channel1
switchport
switchport mode trunk
switchport trunk allowed vlan 100
no shutdown
!
interface Ethernet4/1
channel-group 1 force mode active
!
interface vfc-po1
switchport mode F
switchport trunk allowed vsan 100
no shutdown
!
vsan database
vsan 100 interface vfc-po 1

F san-portchannel

feature npiv
feature fport-channel-trunk
!
interface port-channel 100
channel mode active
switchport mode f
switchport mode trunk on
switchport trunk allowed vsan 100
switchport rate-mode shared
!
interface fc1/9-12
channel-group 100 force
no shutdown

E san-portchannel

N5K:
feature fcoe
!
vsan database
vsan 200
vsan 200 loadbalancing src-dst-id
! SID/DID
port-channel load-balance ethernet source-dest-ip
!
fcdomain domain 0x1 static vsan 200
fcdomain restart vsan 200
!
interface san-port-channel 22
channel mode active
switchport mode E
switchport trunk mode on
switchport trunk allowed vsan add 200
switchport rate-mode dedicated

FCIP with FCSP

feature fcip
feature fcsp
!
fcsp dhchap password CCIEDC
fcsp dhchap devicename NeighborSwitchWWN password CCIEDC
!
int Gi1/1
ip address 10.3.1.1 255.255.255.252
switchport mtu 2300
no shutdown
!
fcip profile 1
ip address 10.3.1.1
!
vsan database
vsan 100
!
interface port-channel 1
channel mode active
fcsp on
switchport mode e
switchport trunk allowed vsan add 100
!
interface fcip1
use-profile 1
peer-info ipaddr 10.3.1.2
channel-group 1 force
no shutdown

show wwn switch
show fcsp dhchap database
show fcsp interface port-channel 1

FCIP via Firewall

MDS-1:
feature fcip
int gi1/1
ip addr 10.3.1.1 255.255.255.252
switchport mtu 2300
no shut
!
fcip profile 10
ip add 10.3.1.1
port 3005
!
int fcip 10
use-profile 10
peer-info ipadd 10.3.1.2
passive-mode
switchport mode e
switchport trunk allowed vsan 100
no shut
!
MDS-2:
int gi1/1
ip add 10.3.1.2 255.255.255.252
switchport mtu 2300
no shut
!
fcip profile 10
ip add 10.3.1.2
!
int fcip 10
use-profile 10
peer-info ipadd 10.3.1.1 port 3005
switchport mode e
switchport trunk allowed vsan 100
no shut

Verification:
show fcip profile
show fcip summary

NPV

feature fcoe
feature npv
!
slot 2
port 1-16 type fc
poweroff module 2
no poweroff module 2
!
npv auto-load-balance disruptive

FC Zone

Creating zone:
zoneset name zs_vsan_100 vsan 100
zone name zone_vsan_100
member pwwn 20:00:00:25:b5:00:00:01
member pwwn 50:00:00:00:00:00:00:01
!
zoneset activate name zs_vsan_100 vsan 100

! No zone (useful for troubleshooting but not for production):
zone default-zone permit vsan 100
! Basic mode - manual full zone database distribution:
zoneset distribute vsan 100
! Enhanced mode - Automatic full zone database distribution:
zone mode enhanced
!
show zone status vsan 100

Shortcuts

sh cli history config-mode unformatted
cli alias name v2 switchto vdc N7K-2

FCoE Host

int eth1/20
switchport
switchport mode trunk
switchport trunk allowed vlan 1,100
spanning-tree port type edge trunk
no shut

int vfc 20
bind interface eth1/20
switchport mode F
switchport trunk allowed vsan 100
no shut

N1KV - manual subgroup

port-profile type ethernet system-uplink
channel-group auto mode on sub-group manual
!
interface e3/1
sub-group-id 0

To find the interface number:
module vem 3 execute vemcmd show port

N1KV - iSCSI Multipath

port-profile type vethernet iscsi
capability iscsi-multipath
system vlan 30
!
port-profile type ethernet system-uplink
system vlan 1,30,40*

N1KV - QoS

policy-map type qos silver
class class-default
set cos 2
!
port-profile type vethernet iscsi
service-policy type qos input silver
!
system jumbomtu 9000
!
port-profile type ethernet system-uplink
mtu 9000

N1KV - Setup

! Maximum number of ports in a non-uplink port-profile
port-profile default max-ports 8
! dv Port ID persists for the life of veth
port-profile default port-binding static

N1KV - relative subgroup

! Subgroup ID should start from 0 and increase by 1 for each additional uplink
port-profile type ethernet system-uplink
channel-group auto mode on mac-pinning relative

Created By

[deleted]

Metadata

Languages: English

Published: 23rd December, 2015
Last Updated: 6th January, 2016
Rated: 5 stars based on 2 ratings

Favourited By

Comments

AbigailRevan, 05:54 3 Jul 17

No more CCIE Data Center Cheat Sheet.If you are searching CCIE Data Center Lab Dumps or any other study material then visit:http://lab4ccie.livejournal.com/386.html.Here on this link you can find very helpful article for your preparation.