Tweet

The Cisco Data Center certification track is quite new and I read that a lot of people fail on their first attempt(s). To get the CCNA-level of Data Center, you need to pass two exams: 640-911 DCICN and 640-916 DCICT. After giving a first look at the objectives for DCICN, it looked to me like CCNA Routing & Switching but on the Nexus platform. Well, after my first attempt to pass the exam, I realized that it requires a lot more studying and that the official books do not completely cover the exam objectives. In this post, I’ll try to explain what I studied to pass the exam.

About the exam

To prepare for the DCICN (640-911) exam, I bought the 640-911 Official Certification Guide from Cisco Press and went trough the book completely. To verify the topics and information, I also had a look at the book from Todd Lammle. Going trough both books made me think that the DCICN-exam is just CCNA R&S on the Nexus platform. Since I already have a CCNA Routing & Switching and passed from the first attempt on both exams, I just focused on studying the differences between IOS & Nexus and took some practice on that. Offcourse, I alos repeated details of basic networking concepts and did some practice exams supplied with the book.

As it turns out, both books really don’t prepare you enough for the exam. There is a whole list of topics that isn’t even briefly mentioned in the books. Probably the exam changed over time, became a lot more difficult and had some new topics introduced.

After finding out the above information the hard way, I decided to read a little more about the exam and it’s objectives. A lot of information and people that had the exact same experience as me can be found on the CCNA Data Center study group. This is the first place you should start, to my idea. Especially the posts about people that failed their 640-911 and learned what to do extra to pass, helped me a lot.

If you’re new to Cisco and have no prior experience on working with Cisco devices, the exam will be hard. I don’t really think it’s a good starting point. To my idea it’s like all contents of a CCNA R&S plus a lot of detailed information about Nexus (really detailed) and understanding most concepts (not detailed) of the 640-916 (DCICT) exam.

Exam theory preparation

To prepare for my second attempt, I created a summary of the information which I gathered everywhere around. Part of it comes out of both books which I mentioned above, part of it comes from what other people experienced and a lot of information I gathered by just searching on Google or the Cisco website. A good basic understanding of routing and switching concepts is required to use this information but I think it still can be valuable for people preparing for the exam.

By only studying the information in this post, you won’t get there. You really need to completely understand basic network concepts (switch/hub/router, collision domains/broadcast domains, VLAN, OSI layer differences, subnetting…). Knowing basic information about IOS and the differences between IOS and Nexus isn’t bad either.

Layer 1 (bits)

Ethernet standard distances:

If auto-negotiation is disabled at one side of a link, the slowest speed of both ends is used and when the speed is 10 or 100 Mb/s, half duplex is implied. On higher speed, full duplex is used.

SFP modules:

• SFP(+): normal SFP-module (up to 10 Gb/s), requires 2 pairs
• QSFP+: SPF for  40 Gb/s+, requires 4 pairs, can be converted to 4xSFP+ with a breakout cable
• QSFP BiDi: allow 40G on 10G cabling (2 wire pairs)

Layer 2 (frames)

A Mac-address is 48 b (written as 6 times 2 hex characters) and the first half is the OUI (Organization Unique Identifier).

When the MAC-address table of a switch gets full, the switch will flood all new frames, for which the destination isn’t in the table, out of all ports. For entries that exist in the table, the switch behaves normal. The following message appears in the log: STM_LIMIT_REACHED.

When too many new MAC-addresses get learned in a short amount of time, the switch stops learning new MAC-addresses and the following message appears in the log: STM_LEARNING_OVERLOAD. After 120 seconds, learning should be automatically resumed.

ARP operates at layer 2 (it is used to find the L2-address that matches a given L3-address)

CDP operates at layer 2

Nexus commands related to basic L2:

Show the MAC-addres table:

Add a static entry to the table:

Clear the dynamic entries (solution when the table got full):

VLAN:

• 1 to 4094, >1005= extended VLAN (nit in the VLAN DB)
• VLAN IDs 1 and 1002 to 1005 (=default, not removable)
• PVID=default VLAN ID (default: VLAN ID 1)
• VLAN-configuration is always in running/start-up config, except for a VTP client
• bootflash::/vlan.dat contains (in some cases) a copy of the VLAN-information (not sure why)

Show vlan information:

Configure SVI (routing between VLAN’s):

Trunking:

• ISL is not supported on nexus
• 802.1Q is the default encapsulation (no need to configure it)

Configure a trunk:

VTP (VLAN Trunking Protocol):

• disabled by default (feature vtp needed)
• domain name and password are case sensitive
• by default there is an update (same revision) every 5 minutes
• does not support extended VLAN’s
• VTP pruning: limit broadcasts to switches that have ports in a VLAN

Configure VTP:

Spanning tree (STP):

More information: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html

default on IOS: 802.1d PVST+
default on NX-OS: 802.1w RPVST+

Terminology:

• Root bridge: lowest bridge ID
• Root port: port with the lowest cost to the rood bridge for a bridge (if equal: lowest portnumber)
• Designated port: lowest cost to the root bridge for a segment
• Edge port: port to an end-user (no BPDU expected)
• Network port: port to another switch (BPDU expected)
• BPDU: Bridge Protocol Data Unit (by default: every 2 seconds)
• Bridge ID: 8 B (priority + MAC)
• Priority: default 32768 on Cisco, must be a multiple of 4096  + VLAN ID (sys-id-ext)

STP status:

STP port costs:

• 10G = 2
• 1G = 4
• 100M = 19
• 10M = 100

Configure STP:

Portchannel:

• All ports in a portchannel must be in the same VDC
• All ports in a portchannel must be configured similar (speed/duplex)
• LACP (802.1ax):
  • dynamic active: self-initiate LACP
  • dynamic passive: listen for LACP on the other side
  • static on: no LACP
  • on + active = no link

Configure port-channel:

Layer 3 (packets)

An IPv4 header is 20 B

IPv4 classes:

An IPv6 header is 40 B

IPv6 address types:

IPv6 doesn’t have broadcast, only multicast and anycast (multiple devices with the same IP, the closest will respond).

Nexus commands related to L3 addressing:

Show IP-addresses:

Show ARP-table:

Show routing table (see further for more specific info):

Routing:

More information: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/8651-21.html

Two similar routes: lowest AD wins
More specific route: AD is not important

Administrative distance:

RIP:

• Distance vector RP
• Uses split horizon
• Distributes the complete routing table every 30 seconds
• Uses route poisoning (hop count of 16=invalid)
• on Nexus: only RIPv2 (IPv4) and RIPng (IPv6), auto-summarization is disabled
• RIPv1:
  • clasfull
  • uses broadcasts
  • no authentication
• RIPv2
  • classless
  • uses multicast (224.0.0.9)
  • MD5 authentication is supported
• RIPng
  • supports prefixes
  • uses multicast (FF02::9)
  • uses IPsec as authentication

Configure RIP:

EIGRP:

• Advanced Distance Vector RP
• Classless
• Max hopcount is 255 (default:100)
• Metric is determined by K-values:
  • bandwidth (default)
  • delay (default)
  • reliability
  • load
• Communication over RTP
• Multicast on 224.0.0.10
• Path selection; DUAL (Diffusing Update Algorithm)
• Needs to form a neighbor relationship:
  • receive a hello from the neighbor
  • AS matches
  • K-values match
• EIGRPv6 uses FF02::A as multicast address

EIGRP terminology:

• AD: Advertised Distance: metric received from the neighbor
• FD: Feasible Distance: metric from neighbor + own metric/cost to the neighbor
• Successor: best route to a network
• FS: Feasible Successor: backup route (AD<FD)

Configure EIGRP:

OSPF:

• Link-state RP
• Classless
• Max hopcount is unlimited
• Metric is determined by bandwidth
• OSPFv2 (IPv4): multicast on 224.0.0.5 and 224.0.0.6
• OSPFv3 (IPv6): multicast on FF02::5 and FF02::6

OSPF terminology:

• Backbone area (0): all other areas need to connect to this ear
• ABR: Area Border Router: connection between area and area 0
• ASBR: Autonomous System Border Router: connection to different AS
• RID: Router ID: highest IP of all interfaces (can be force by using a loopback interface)
• LSA: Link State Advertisements: updates between adjacencies
• DR: Designated Router: distributes the updates (LSA), has the highest priority or the highest RID if priority is a tie
• BDR: Backup Designated Router: standby for DR

Configure OSPF:

ACL:

• ACL’s have an implicit deny at the end
• Nexus supports only named extended ACL

Configure ACL:

 

Layer 4 (frames)

TCP header: 20 B
UDP header: 8 B

Nexus platform

Abbreviations:

Ports:

No more speed in the portname as in IOS. All ports are Ethernet <slot>/<port>

Unified ports (UP-switches) can be used for Ehternet or Fibre Channel

A port on a Nexus switch can be in L2 or L3 mode (depending on the Nexus model) to put a port in L2-mode (let’s the port behave like a port on IOS) and optionally put the port in a VLAN:

Users and roles:

Default roles:

• network-admin: full read-write on the switch
• network-operator: read-only

Add a user:

Features:

Certain features (or processes) on the switch need to be explicitly enable before they can be used.

Show status of a feature:

Enable a feature:

Disable a feature:

Processes:

Different processes are running on the switch. To monitor the status:

Status can be S=started or NR (not ready)

Boot-process:

More information:

• http://docwiki.cisco.com/wiki/Cisco_Nexus_7000_Series_NX-OS_Troubleshooting_Guide_–_Troubleshooting_Installs,_Upgrades,_and_Reboots
• http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/initconfig.html#pgfId-1051615
• http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/50421-config-register-use.html

1. Golden BIOS (9600baud)
2. Check check-sum of the upgradable BIOS
   1. If 2 is ok -> go to 3
   2. if 2 is not ok -> boot the golden BIOS
   3. if Ctrl Shift 6 is received within 2 seconds -> boot the golden BIOS
   4. if Ctrl C is received -> go to BIOS config
3. Boot the upgradable BIOS
4. Start the loader
   1. if Ctrl Shift R (of Ctrl Shift L) is received -> go to the loader prompt
5. Boot the kickstart image
   1. if Ctrl ] is received -> go to the switch (boot) prompt
6. Load the system image
7. CLI and operations are ready

Start a kickstart-image from the loader prompt:

Start a system image from the switch (boot) prompt:

Nexus switches (not sure if all of them) don’t have a power switch and start booting as soon as they receive power.

bootflash: consists of the following:

• 2 MB flash: upgradable BIOS and golden BIOS image
• 1 GB flash: configuration files, kickstart images, systems images, and other files.

Filesystem:

Directory navigation:

File management:

Zip:

Licenses:

Every Nexus device has a unique switch ID:

When a license is not available, a license grace-period can be activated and features can be tested for 120 days.

License management:

Licenses overview:

This table took me quite some time to make and probably it’s not 100% correct but at least it helped me to put 100’s of lines of information for every model/series in a small overview.

Nexus hardware:

I found this one of the hardest things to master. Probably because I don’t support learning all these hardware and feature details by heart. In a real life situation, you look these things up using Google or the Cisco website. Even if you know the details by heart, it’s a good thing to check if nothing has changed or a new type/version exists.

In order to be able to remember this huge pile of information, I tried to create some rules or overview because remembering all details for all models is almost impossible.

LED’s generic rule:

• No light = no power / no link
• Green = status is good
• Amber = booting or disabled
• Amber blinking = fault
• Blue = identification

More information:

• http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/hw/installation/guide/nexus_5000_hig/LEDs.html
• http://www.cisco.com/c/en/us/td/docs/switches/datacenter/hw/nexus7000/installation/guide/n7k_hig_book/n7k_LEDs.html

Naming convention:

This naming convention is not documented but I noticed that you can more or less use it as a general rule. The letters are used in the line card names and switch model names.

Speed:

• G = 1G
• X = 10G
• F = 40G
• C = 100G

Connection type:

• T = RJ45
• S = SFP
• P = SFP+
• Q = QSFP+
• K/L = CPAC
• 2 = X2

Hardware overview:

As with the licenses, this overview also took me really a lot of time to complete. I’m actually surprised that such simple matrix is nowhere to find on the internet. Most of the information is verified but it is possible that there are some mistakes in the table.

More information:

• http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration_limits/limits_521/nexus_5000_config_limits_521.html
• http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/Data_Sheet_C78-437762.html
• http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/guide_c07-673997.html
• http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/configuration_limits/b_N5500_Verified_Scalability_602N11/b_N5500_Config_Limits_602N11_chapter_01.html

Hopefully the above information helps somebody to study for the exam or to find some information that is related to Nexus/Data Center.