How to prepare for Cisco CCNA Data Center 640-911 DCICN

The Cisco Data Center certification track is quite new and I read that a lot of people fail on their first attempt(s). To get the CCNA-level of Data Center, you need to pass two exams: 640-911 DCICN and 640-916 DCICT. After giving a first look at the objectives for DCICN, it looked to me like CCNA Routing & Switching but on the Nexus platform. Well, after my first attempt to pass the exam, I realized that it requires a lot more studying and that the official books do not completely cover the exam objectives. In this post, I’ll try to explain what I studied to pass the exam.

About the exam

To prepare for the DCICN (640-911) exam, I bought the 640-911 Official Certification Guide from Cisco Press and went trough the book completely. To verify the topics and information, I also had a look at the book from Todd Lammle. Going trough both books made me think that the DCICN-exam is just CCNA R&S on the Nexus platform. Since I already have a CCNA Routing & Switching and passed from the first attempt on both exams, I just focused on studying the differences between IOS & Nexus and took some practice on that. Offcourse, I alos repeated details of basic networking concepts and did some practice exams supplied with the book.

As it turns out, both books really don’t prepare you enough for the exam. There is a whole list of topics that isn’t even briefly mentioned in the books. Probably the exam changed over time, became a lot more difficult and had some new topics introduced.

After finding out the above information the hard way, I decided to read a little more about the exam and it’s objectives. A lot of information and people that had the exact same experience as me can be found on the CCNA Data Center study group. This is the first place you should start, to my idea. Especially the posts about people that failed their 640-911 and learned what to do extra to pass, helped me a lot.

If you’re new to Cisco and have no prior experience on working with Cisco devices, the exam will be hard. I don’t really think it’s a good starting point. To my idea it’s like all contents of a CCNA R&S plus a lot of detailed information about Nexus (really detailed) and understanding most concepts (not detailed) of the 640-916 (DCICT) exam.

Exam theory preparation

To prepare for my second attempt, I created a summary of the information which I gathered everywhere around. Part of it comes out of both books which I mentioned above, part of it comes from what other people experienced and a lot of information I gathered by just searching on Google or the Cisco website. A good basic understanding of routing and switching concepts is required to use this information but I think it still can be valuable for people preparing for the exam.

By only studying the information in this post, you won’t get there. You really need to completely understand basic network concepts (switch/hub/router, collision domains/broadcast domains, VLAN, OSI layer differences, subnetting…). Knowing basic information about IOS and the differences between IOS and Nexus isn’t bad either.

Layer 1 (bits)

Ethernet standard distances:

name medium speed max distance
10BASE-2 coax (thinnet) 10 Mb/s 185 m
10BASE-5 coax (thicknet) 10 Mb/s 500 m
10BASE-T copper 10 Mb/s 100 m
100BASE-T copper 100 Mb/s 100 m
1000BASE-T copper 1 Gb/s 100 m
1000BASE-FX fiber 1 Gb/s 2 km
1000BASE-SX fiber 1 Gb/s 220 m
10GBASE-T copper 10 Gb/s 30 m
Passive Twinax fiber multiple 5 m
Active Twinax fiber multiple 10 m

If auto-negotiation is disabled at one side of a link, the slowest speed of both ends is used and when the speed is 10 or 100 Mb/s, half duplex is implied. On higher speed, full duplex is used.

SFP modules:

  • SFP(+): normal SFP-module (up to 10 Gb/s), requires 2 pairs
  • QSFP+: SPF for  40 Gb/s+, requires 4 pairs, can be converted to 4xSFP+ with a breakout cable
  • QSFP BiDi: allow 40G on 10G cabling (2 wire pairs)

Layer 2 (frames)

A Mac-address is 48 b (written as 6 times 2 hex characters) and the first half is the OUI (Organization Unique Identifier).

When the MAC-address table of a switch gets full, the switch will flood all new frames, for which the destination isn’t in the table, out of all ports. For entries that exist in the table, the switch behaves normal. The following message appears in the log: STM_LIMIT_REACHED.

When too many new MAC-addresses get learned in a short amount of time, the switch stops learning new MAC-addresses and the following message appears in the log: STM_LEARNING_OVERLOAD. After 120 seconds, learning should be automatically resumed.

ARP operates at layer 2 (it is used to find the L2-address that matches a given L3-address)

CDP operates at layer 2

Nexus commands related to basic L2:

Show the MAC-addres table:

Add a static entry to the table:

Clear the dynamic entries (solution when the table got full):

VLAN:

  • 1 to 4094, >1005= extended VLAN (nit in the VLAN DB)
  • VLAN IDs 1 and 1002 to 1005 (=default, not removable)
  • PVID=default VLAN ID (default: VLAN ID 1)
  • VLAN-configuration is always in running/start-up config, except for a VTP client
  • bootflash::/vlan.dat contains (in some cases) a copy of the VLAN-information (not sure why)

Show vlan information:

Configure SVI (routing between VLAN’s):

Trunking:

  • ISL is not supported on nexus
  • 802.1Q is the default encapsulation (no need to configure it)

Configure a trunk:

VTP (VLAN Trunking Protocol):

  • disabled by default (feature vtp needed)
  • domain name and password are case sensitive
  • by default there is an update (same revision) every 5 minutes
  • does not support extended VLAN’s
  • VTP pruning: limit broadcasts to switches that have ports in a VLAN

Configure VTP:

Spanning tree (STP):

More information: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html

name IEEE VLAN aware remark
STP 802.1D no oldest implementation
RSTP 802.1W no faster
MSTP 802.1S yes one instance for all VLAN's
(R)PVST+ Cisco yes one instance per VLAN

default on IOS: 802.1d PVST+
default on NX-OS: 802.1w RPVST+

Terminology:

  • Root bridge: lowest bridge ID
  • Root port: port with the lowest cost to the rood bridge for a bridge (if equal: lowest portnumber)
  • Designated port: lowest cost to the root bridge for a segment
  • Edge port: port to an end-user (no BPDU expected)
  • Network port: port to another switch (BPDU expected)
  • BPDU: Bridge Protocol Data Unit (by default: every 2 seconds)
  • Bridge ID: 8 B (priority + MAC)
  • Priority: default 32768 on Cisco, must be a multiple of 4096  + VLAN ID (sys-id-ext)

STP status:

STP RSTP default time purpose
Disabled Discarding - disabled
Blocking Discarding - only BDPU's are allowed
Listening Discarding 15 s transition state
Learning Learning 15 s only learning MAC-addresses
Forwarding Forwarding - normal behavior

STP port costs:

  • 10G = 2
  • 1G = 4
  • 100M = 19
  • 10M = 100

Configure STP:

Portchannel:

  • All ports in a portchannel must be in the same VDC
  • All ports in a portchannel must be configured similar (speed/duplex)
  • LACP (802.1ax):
    • dynamic active: self-initiate LACP
    • dynamic passive: listen for LACP on the other side
    • static on: no LACP
    • on + active = no link

Configure port-channel:

Layer 3 (packets)

An IPv4 header is 20 B

IPv4 classes:

class range binary start default subnet mask private range (RFC 1918) remark
A 1-126 0 /8 10.0.0.0/8 -
A 127 0 /8 - loopback and diagnostics
B 128-191 10 /16 172.16.0.0/12 -
C 192-223 110 /24 192.168.0.0/24 -
D 224-239 1110 - - IPv4 multicast
E 240-254 1111 - - unused (experimental)

An IPv6 header is 40 B

IPv6 address types:

name adresses purpose
Global 2000::/3 public (RFC 3587)
Unique-local FC00::/7 not routable over the internet (RFC 4193)
Link-local FE80::/10 not routable (RFC 3927)
Multicast FF00::/8 multicast

IPv6 doesn’t have broadcast, only multicast and anycast (multiple devices with the same IP, the closest will respond).

Nexus commands related to L3 addressing:

Show IP-addresses:

Show ARP-table:

Show routing table (see further for more specific info):

Routing:

More information: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/8651-21.html

Two similar routes: lowest AD wins
More specific route: AD is not important

Administrative distance:

type AD
direct 0
static 1
EIGRP summary 5
EIGRP 90
OSPF 110
RIP 120
EIGRP external 170

RIP:

  • Distance vector RP
  • Uses split horizon
  • Distributes the complete routing table every 30 seconds
  • Uses route poisoning (hop count of 16=invalid)
  • on Nexus: only RIPv2 (IPv4) and RIPng (IPv6), auto-summarization is disabled
  • RIPv1:
    • clasfull
    • uses broadcasts
    • no authentication
  • RIPv2
    • classless
    • uses multicast (224.0.0.9)
    • MD5 authentication is supported
  • RIPng
    • supports prefixes
    • uses multicast (FF02::9)
    • uses IPsec as authentication

Configure RIP:

EIGRP:

  • Advanced Distance Vector RP
  • Classless
  • Max hopcount is 255 (default:100)
  • Metric is determined by K-values:
    • bandwidth (default)
    • delay (default)
    • reliability
    • load
  • Communication over RTP
  • Multicast on 224.0.0.10
  • Path selection; DUAL (Diffusing Update Algorithm)
  • Needs to form a neighbor relationship:
    • receive a hello from the neighbor
    • AS matches
    • K-values match
  • EIGRPv6 uses FF02::A as multicast address

EIGRP terminology:

  • AD: Advertised Distance: metric received from the neighbor
  • FD: Feasible Distance: metric from neighbor + own metric/cost to the neighbor
  • Successor: best route to a network
  • FS: Feasible Successor: backup route (AD<FD)

Configure EIGRP:

OSPF:

  • Link-state RP
  • Classless
  • Max hopcount is unlimited
  • Metric is determined by bandwidth
  • OSPFv2 (IPv4): multicast on 224.0.0.5 and 224.0.0.6
  • OSPFv3 (IPv6): multicast on FF02::5 and FF02::6

OSPF terminology:

  • Backbone area (0): all other areas need to connect to this ear
  • ABR: Area Border Router: connection between area and area 0
  • ASBR: Autonomous System Border Router: connection to different AS
  • RID: Router ID: highest IP of all interfaces (can be force by using a loopback interface)
  • LSA: Link State Advertisements: updates between adjacencies
  • DR: Designated Router: distributes the updates (LSA), has the highest priority or the highest RID if priority is a tie
  • BDR: Backup Designated Router: standby for DR

Configure OSPF:

ACL:

  • ACL’s have an implicit deny at the end
  • Nexus supports only named extended ACL

Configure ACL:

 

Layer 4 (frames)

TCP header: 20 B
UDP header: 8 B

Nexus platform

Abbreviations:

short full meaning
VRF Virtual Routing and Forwarding Multiple routing tables in one device (default VRF and management VRF)
ISSU In-Service Software Upgrades Non-disruptive software upgrade (requires dual supervisors)
PSS Persistent Storage Services Saves the state/condition of running services on a regular basis = checkpoint for recovery
MTS Message and Transaction Service
SVI Switch Virtual Interface  Virtual L3-interface per VLAN – Allows inter-vlan communication
VDC Virtual Device Context allow separate instances on one device (VLAN's are VDC unique)
UDLD UniDirectional Link Detection Monitors physical connections and detects one-way traffic (Layer 2)
PIM Protocol Independent Multicast Layer 3
CDP Cisco Discovery Protocol Layer 2
FEX Fabric Extender Kind of an remote line card (see further)
NFE Network Forwarding Engine
GOLD Generic Online Diagnostics
POAP PowerOn Auto Provisioning Possibility to deploy device configuration

Ports:

No more speed in the portname as in IOS. All ports are Ethernet <slot>/<port>

Unified ports (UP-switches) can be used for Ehternet or Fibre Channel

A port on a Nexus switch can be in L2 or L3 mode (depending on the Nexus model) to put a port in L2-mode (let’s the port behave like a port on IOS) and optionally put the port in a VLAN:

Users and roles:

Default roles:

  • network-admin: full read-write on the switch
  • network-operator: read-only

Add a user:

Features:

Certain features (or processes) on the switch need to be explicitly enable before they can be used.

Show status of a feature:

Enable a feature:

Disable a feature:

Processes:

Different processes are running on the switch. To monitor the status:

Status can be S=started or NR (not ready)

Boot-process:

More information:

  1. Golden BIOS (9600baud)
  2. Check check-sum of the upgradable BIOS
    1. If 2 is ok -> go to 3
    2. if 2 is not ok -> boot the golden BIOS
    3. if Ctrl Shift 6 is received within 2 seconds -> boot the golden BIOS
    4. if Ctrl C is received -> go to BIOS config
  3. Boot the upgradable BIOS
  4. Start the loader
    1. if Ctrl Shift R (of Ctrl Shift L) is received -> go to the loader prompt
  5. Boot the kickstart image
    1. if Ctrl ] is received -> go to the switch (boot) prompt
  6. Load the system image
  7. CLI and operations are ready

Start a kickstart-image from the loader prompt:

Start a system image from the switch (boot) prompt:

Nexus switches (not sure if all of them) don’t have a power switch and start booting as soon as they receive power.

bootflash: consists of the following:

  • 2 MB flash: upgradable BIOS and golden BIOS image
  • 1 GB flash: configuration files, kickstart images, systems images, and other files.

Filesystem:

Directory navigation:

File management:

Zip:

Licenses:

Every Nexus device has a unique switch ID:

When a license is not available, a license grace-period can be activated and features can be tested for 120 days.

License management:

Licenses overview:

This table took me quite some time to make and probably it’s not 100% correct but at least it helped me to put 100’s of lines of information for every model/series in a small overview.

nexus_licenses

Nexus hardware:

I found this one of the hardest things to master. Probably because I don’t support learning all these hardware and feature details by heart. In a real life situation, you look these things up using Google or the Cisco website. Even if you know the details by heart, it’s a good thing to check if nothing has changed or a new type/version exists.

In order to be able to remember this huge pile of information, I tried to create some rules or overview because remembering all details for all models is almost impossible.

LED’s generic rule:

  • No light = no power / no link
  • Green = status is good
  • Amber = booting or disabled
  • Amber blinking = fault
  • Blue = identification

More information:

Naming convention:

This naming convention is not documented but I noticed that you can more or less use it as a general rule. The letters are used in the line card names and switch model names.

Speed:

  • G = 1G
  • X = 10G
  • F = 40G
  • C = 100G

Connection type:

  • T = RJ45
  • S = SFP
  • P = SFP+
  • Q = QSFP+
  • K/L = CPAC
  • 2 = X2

Hardware overview:

As with the licenses, this overview also took me really a lot of time to complete. I’m actually surprised that such simple matrix is nowhere to find on the internet. Most of the information is verified but it is possible that there are some mistakes in the table.

nexus_models

More information:

Hopefully the above information helps somebody to study for the exam or to find some information that is related to Nexus/Data Center.

22 thoughts on “How to prepare for Cisco CCNA Data Center 640-911 DCICN

  1. Thanks for the info, this was extremely helpful! I had no idea about the boot-up process and config-register questions. There were about 15/65 questions on my exam related to those 2 topics….. And thanks for taking the time to create the license and product info charts. I printed those out and memorized them as best as I could, helped out big time!

  2. A million thanks, what you have done is amazing, it will really helpful who all are preparing for 640-911. Please post if you have for 640-916 too….

    • Hey please can you tell me , how many questions are there in 640-911 exam ? and all questions are objectives or it may contain any other labs like ccna routing & switching exam?

  3. On the “Start a kickstart-image from the loader prompt:” section,

    It shows you just type
    loader> n5000-uk9-kickstart.5.0.2.N2.1.bin

    You just type the .bin file name? you dont type Load or boot in front of it?

    I cant seem to find the proper info on this type of issue. Everything I pull down from Cisco says use the “install all” command followed by the kickstart.bin file then the sytem image.bin file all on the same line in that order.

    • Hi,

      Good catch. You need to type boot, followed by the kickstart image. I’ve corrected this in my post.

      To remember: boot an image at the loader prompt and load an image at the boot prompt :)

  4. Hey please can anyone tell me , how many questions are there in 640-911 exam ? and all questions are objectives or it may contain any other labs like ccna routing & switching?

    • Hi,

      There are 65 questions on the exam. All questions come from the objectives but as you can read in my post, you should take the objectives very broad. Knowledge of CCNA R&S is a plus but that’s because the objectives overlap broadly.

  5. Hi Jensd,

    Thanks for valuable information, I just like to confirm if any LAB Questions for 640-911 exam or all are Objective Type ?

  6. Thx Jens for the enhanced summary of the 640-911 exam. I noticed that there is a screenshot missing under the text: “Disable a feature:”

  7. Thanks,
    very useful i passed today

    u have to add Boot-process for 5000 series method, u have here 7000 method only but u put the useful links for that any way.

    Good luck

  8. hey Jens,

    I am preparing for my 640-911 exam this month. Does the exam include only multiple choices questions and sim-lets (Hotspot topologies) or it also includes labs where you have to enter Nx-Os command line and troubleshoot according to a scenario?

    Your blog is fantastic btw.

    Thanks,

    Kostas

  9. Great read. I’m due to take mine in three weeks. How much of the DCICT knowledge crosses over into the DCICN exam? Wherever I read, I see contradiction!

  10. Great Job! It is well done and planning to take my exam in 2 weeks. I am planning to take this exam in two weeks. Is there any hot spot or simulate questions or just multiple choice only?

  11. Fantastic job!….and nothing drives the information home like creating a page like this, Jensd!

    Many thanks for your guidance, and I hope to get your thoughts on the DCICT in time.

  12. Pingback: 640-911: Introducing Cisco Data Center Networking DCICN - Exam Resources - Chris Stark's Blog

  13. I believe that the ip address range of class c private network is 192.168.0.0/16 Please double check

    I am writing the exam today. Hope everything goes well. I have not taken much effort to study the hardware features. Fingers crossed

    Thanks a lot jens!!! I am going through this with 4 hours to the test.

    Again, Fantastic Job!!

  14. Any possibility of getting this in .pdf form. That way I can study when I don’t have internet access.

    Thanks,
    Jeff

  15. In Layer1 (bits), is “1000BASE-FX” accurate? Should it be “100BASE-FX” – Fiber @ 2km distance at 100Mb/s?

  16. Your study notes are fantastic, thank you so much! I am getting my CCNA Data Ctr certification completed before the new tests are required (4/11/17), and this was a tremendous help! I look forward to your notes for the 640-916 exam which I will take in 2 weeks. Thank you again! Awesome job!

Leave a Reply

Your email address will not be published. Required fields are marked *