How to prepare for Cisco CCNA Data Center 640-911 DCICN

The Cisco Data Center certification track is quite new and I read that a lot of people fail on their first attempt(s). To get the CCNA-level of Data Center, you need to pass two exams: 640-911 DCICN and 640-916 DCICT. After giving a first look at the objectives for DCICN, it looked to me like CCNA Routing & Switching but on the Nexus platform. Well, after my first attempt to pass the exam, I realized that it requires a lot more studying and that the official books do not completely cover the exam objectives. In this post, I’ll try to explain what I studied to pass the exam.

About the exam

To prepare for the DCICN (640-911) exam, I bought the 640-911 Official Certification Guide from Cisco Press and went trough the book completely. To verify the topics and information, I also had a look at the book from Todd Lammle. Going trough both books made me think that the DCICN-exam is just CCNA R&S on the Nexus platform. Since I already have a CCNA Routing & Switching and passed from the first attempt on both exams, I just focused on studying the differences between IOS & Nexus and took some practice on that. Offcourse, I alos repeated details of basic networking concepts and did some practice exams supplied with the book.

As it turns out, both books really don’t prepare you enough for the exam. There is a whole list of topics that isn’t even briefly mentioned in the books. Probably the exam changed over time, became a lot more difficult and had some new topics introduced.

After finding out the above information the hard way, I decided to read a little more about the exam and it’s objectives. A lot of information and people that had the exact same experience as me can be found on the CCNA Data Center study group. This is the first place you should start, to my idea. Especially the posts about people that failed their 640-911 and learned what to do extra to pass, helped me a lot.

If you’re new to Cisco and have no prior experience on working with Cisco devices, the exam will be hard. I don’t really think it’s a good starting point. To my idea it’s like all contents of a CCNA R&S plus a lot of detailed information about Nexus (really detailed) and understanding most concepts (not detailed) of the 640-916 (DCICT) exam.

Exam theory preparation

To prepare for my second attempt, I created a summary of the information which I gathered everywhere around. Part of it comes out of both books which I mentioned above, part of it comes from what other people experienced and a lot of information I gathered by just searching on Google or the Cisco website. A good basic understanding of routing and switching concepts is required to use this information but I think it still can be valuable for people preparing for the exam.

By only studying the information in this post, you won’t get there. You really need to completely understand basic network concepts (switch/hub/router, collision domains/broadcast domains, VLAN, OSI layer differences, subnetting…). Knowing basic information about IOS and the differences between IOS and Nexus isn’t bad either.

Layer 1 (bits)

Ethernet standard distances:

name medium speed max distance
10BASE-2 coax (thinnet) 10 Mb/s 185 m
10BASE-5 coax (thicknet) 10 Mb/s 500 m
10BASE-T copper 10 Mb/s 100 m
100BASE-T copper 100 Mb/s 100 m
1000BASE-T copper 1 Gb/s 100 m
1000BASE-FX fiber 1 Gb/s 2 km
1000BASE-SX fiber 1 Gb/s 220 m
10GBASE-T copper 10 Gb/s 30 m
Passive Twinax fiber multiple 5 m
Active Twinax fiber multiple 10 m

If auto-negotiation is disabled at one side of a link, the slowest speed of both ends is used and when the speed is 10 or 100 Mb/s, half duplex is implied. On higher speed, full duplex is used.

SFP modules:

  • SFP(+): normal SFP-module (up to 10 Gb/s), requires 2 pairs
  • QSFP+: SPF for  40 Gb/s+, requires 4 pairs, can be converted to 4xSFP+ with a breakout cable
  • QSFP BiDi: allow 40G on 10G cabling (2 wire pairs)

Layer 2 (frames)

A Mac-address is 48 b (written as 6 times 2 hex characters) and the first half is the OUI (Organization Unique Identifier).

When the MAC-address table of a switch gets full, the switch will flood all new frames, for which the destination isn’t in the table, out of all ports. For entries that exist in the table, the switch behaves normal. The following message appears in the log: STM_LIMIT_REACHED.

When too many new MAC-addresses get learned in a short amount of time, the switch stops learning new MAC-addresses and the following message appears in the log: STM_LEARNING_OVERLOAD. After 120 seconds, learning should be automatically resumed.

ARP operates at layer 2 (it is used to find the L2-address that matches a given L3-address)

CDP operates at layer 2

Nexus commands related to basic L2:

Show the MAC-addres table:

switch1# show mac address-table
   VLAN     MAC Address      Type      age  Secure NTFY   Ports
---------+-----------------+--------+------+------+----+------------
* 1        000c.29c6.b255    dynamic   10      F    F     Eth2/1

Add a static entry to the table:

switch1# con
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# mac address-table static 000c.2946.8dff vlan 1 interface ethernet 2/2

Clear the dynamic entries (solution when the table got full):

switch1# clear mac address-table dynamic

VLAN:

  • 1 to 4094, >1005= extended VLAN (nit in the VLAN DB)
  • VLAN IDs 1 and 1002 to 1005 (=default, not removable)
  • PVID=default VLAN ID (default: VLAN ID 1)
  • VLAN-configuration is always in running/start-up config, except for a VTP client
  • bootflash::/vlan.dat contains (in some cases) a copy of the VLAN-information (not sure why)

Show vlan information:

switch1# show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Eth2/3, Eth2/4
10   test                             active    Eth2/2, Eth2/3, Eth2/4
1002 fddi-default                     act/lshut Eth2/3, Eth2/4
1003 token-ring-default               act/lshut Eth2/3, Eth2/4
1004 fddinet-default                  act/lshut Eth2/3, Eth2/4
1005 trnet-default                    act/lshut Eth2/3, Eth2/4

switch1# show vlan summary
Number of existing VLANs           : 6
Number of existing user VLANs      : 6
Number of existing extended VLANs  : 0

switch1# show vlan internal usage

VLANs                   DESCRIPTION
-------------------     -----------------
3968-4031               Multicast
4032-4035,4048-4059     Online Diagnostic
4036-4039,4060-4087     ERSPAN
4042                    Satellite
4040                    Fabric scale
3968-4095               Current

Configure SVI (routing between VLAN’s):

switch1# con
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# feature interface-vlan
switch1(config)# interface vlan 200
switch1(config-if)# ip address 192.168.99.10/24
switch1(config-if)# show ip int brief
IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Vlan200              192.168.99.10   protocol-down/link-down/admin-down
Eth2/1               192.168.100.10  protocol-up/link-up/admin-up

Trunking:

  • ISL is not supported on nexus
  • 802.1Q is the default encapsulation (no need to configure it)

Configure a trunk:

switch1(config)# int e2/3
switch1(config-if)# switchport
switch1(config-if)# switchport mode trunk
switch1(config-if)# switchport trunk native vlan 200
switch1(config-if)# switchport trunk allowed vlan ?
  <1-4094>  VLAN IDs of the allowed VLANs when this port in trunking mode
  add       Add VLANs to the current list
  all       All VLANs
  except    All VLANs except the following
  none      No VLANs
  remove    Remove VLANs from the current list
switch1# show int e2/3 switchport
Name: Ethernet2/3
  Switchport: Enabled
  Switchport Monitor: Not enabled
  Operational Mode: trunk
  Access Mode VLAN: 1 (default)
  Trunking Native Mode VLAN: 200 (Vlan not created)
  Trunking VLANs Allowed: 1-4094
  Pruning VLANs Enabled: 2-1001
  Administrative private-vlan primary host-association: none
  Administrative private-vlan secondary host-association: none
  Administrative private-vlan primary mapping: none
  Administrative private-vlan secondary mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk private VLANs: none
  Operational private-vlan: non

VTP (VLAN Trunking Protocol):

  • disabled by default (feature vtp needed)
  • domain name and password are case sensitive
  • by default there is an update (same revision) every 5 minutes
  • does not support extended VLAN’s
  • VTP pruning: limit broadcasts to switches that have ports in a VLAN

Configure VTP:

switch1(config)# feature vtp
switch1(config)# vtp mode server
switch1(config)# vtp domain jensd
switch1(config)# vtp password jensd.be
switch1(config)# vtp version 2
switch1(config)# show vtp status
VTP Status Information
----------------------
VTP Version                     : 2 (capable)
Configuration Revision          : 2
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 6
VTP Operating Mode              : Server
VTP Domain Name                 : jensd
VTP Pruning Mode                : Disabled (Operationally Disabled)
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 Digest                      : 0x92 0x81 0x5E 0x8B 0x81 0x4A 0x12 0xFD
Configuration last modified by 0.0.0.0 at 11-11-15 21:26:24

Local updater ID is 0.0.0.0 (no valid interface found)
Preferred interface name is  (mandatory)
VTP version running             : 2

switch1(config)# show vtp password
VTP password: jensd.be

Spanning tree (STP):

More information: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html

name IEEE VLAN aware remark
STP 802.1D no oldest implementation
RSTP 802.1W no faster
MSTP 802.1S yes one instance for all VLAN's
(R)PVST+ Cisco yes one instance per VLAN

default on IOS: 802.1d PVST+
default on NX-OS: 802.1w RPVST+

Terminology:

  • Root bridge: lowest bridge ID
  • Root port: port with the lowest cost to the rood bridge for a bridge (if equal: lowest portnumber)
  • Designated port: lowest cost to the root bridge for a segment
  • Edge port: port to an end-user (no BPDU expected)
  • Network port: port to another switch (BPDU expected)
  • BPDU: Bridge Protocol Data Unit (by default: every 2 seconds)
  • Bridge ID: 8 B (priority + MAC)
  • Priority: default 32768 on Cisco, must be a multiple of 4096  + VLAN ID (sys-id-ext)

STP status:

STP RSTP default time purpose
Disabled Discarding - disabled
Blocking Discarding - only BDPU's are allowed
Listening Discarding 15 s transition state
Learning Learning 15 s only learning MAC-addresses
Forwarding Forwarding - normal behavior

STP port costs:

  • 10G = 2
  • 1G = 4
  • 100M = 19
  • 10M = 100

Configure STP:

switch1# con
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# spanning-tree vlan 200 priority 4096
switch1(config)# spanning-tree mode
mst          rapid-pvst
switch1(config)# int e2/3
switch1(config-if)# spanning-tree port type
edge      network   normal
switch1(config)# show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0001, VLAN0010
Port Type Default                        is disable
Edge Port [PortFast] BPDU Guard Default  is disabled
Edge Port [PortFast] BPDU Filter Default is disabled
Bridge Assurance                         is enabled
Loopguard Default                        is disabled
Pathcost method used                     is short
STP-Lite                                 is enabled

Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001                     0         0        0          1          1
VLAN0010                     0         0        0          1          1
---------------------- -------- --------- -------- ---------- ----------
2 vlans                      0         0        0          2          2
switch1(config)# show spanning-tree root

                                        Root  Hello Max Fwd
Vlan                   Root ID          Cost  Time  Age Dly  Root Port
---------------- -------------------- ------- ----- --- ---  ----------------
VLAN0001         32769 000c.2946.8d23       0    2   20  15  This bridge is root
VLAN0010         32778 000c.2946.8d23       0    2   20  15  This bridge is root

Portchannel:

  • All ports in a portchannel must be in the same VDC
  • All ports in a portchannel must be configured similar (speed/duplex)
  • LACP (802.1ax):
    • dynamic active: self-initiate LACP
    • dynamic passive: listen for LACP on the other side
    • static on: no LACP
    • on + active = no link

Configure port-channel:

switch1# con
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# interface port-channel 1
switch1(config-if)# int e2/6-7
switch1(config-if-range)# switchport
switch1(config-if-range)# switchport mode trunk
switch1(config-if-range)# channel-group 1 mode ?
  active   Set channeling mode to ACTIVE
  on       Set channeling mode to ON
  passive  Set channeling mode to PASSIVE
switch1# show port-channel
switch1# show int port-channel 1

Layer 3 (packets)

An IPv4 header is 20 B

IPv4 classes:

class range binary start default subnet mask private range (RFC 1918) remark
A 1-126 0 /8 10.0.0.0/8 -
A 127 0 /8 - loopback and diagnostics
B 128-191 10 /16 172.16.0.0/12 -
C 192-223 110 /24 192.168.0.0/24 -
D 224-239 1110 - - IPv4 multicast
E 240-254 1111 - - unused (experimental)

An IPv6 header is 40 B

IPv6 address types:

name adresses purpose
Global 2000::/3 public (RFC 3587)
Unique-local FC00::/7 not routable over the internet (RFC 4193)
Link-local FE80::/10 not routable (RFC 3927)
Multicast FF00::/8 multicast

IPv6 doesn’t have broadcast, only multicast and anycast (multiple devices with the same IP, the closest will respond).

Nexus commands related to L3 addressing:

Show IP-addresses:

switch1# show ip int
IP Interface Status for VRF "default"
Ethernet2/1, Interface status: protocol-up/link-up/admin-up, iod: 36,
  IP address: 192.168.100.10, IP subnet: 192.168.100.0/24
  IP broadcast address: 255.255.255.255
  IP multicast groups locally joined: none
  IP MTU: 1500 bytes (using link MTU)
  IP primary address route-preference: 0, tag: 0
  IP proxy ARP : disabled
  IP Local Proxy ARP : disabled
  IP multicast routing: disabled
  IP icmp redirects: enabled
  IP directed-broadcast: disabled
  IP Forwarding: disabled
  IP icmp unreachables (except port): disabled
  IP icmp port-unreachable: enabled
  IP unicast reverse path forwarding: none
  IP load sharing: none
  IP interface statistics last reset: never
  IP interface software stats: (sent/received/forwarded/originated/consumed)
    Unicast packets    : 4/18/0/4/4
    Unicast bytes      : 408/1730/0/408/336
    Multicast packets  : 0/72/0/0/10
    Multicast bytes    : 0/11434/0/0/400
switch1# show ip int brief
IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Eth2/1               192.168.100.10  protocol-up/link-up/admin-up

Show ARP-table:

switch1# show ip arp

Flags: * - Adjacencies learnt on non-active FHRP router
       + - Adjacencies synced via CFSoE
       # - Adjacencies Throttled for Glean
       D - Static Adjacencies attached to down interface

IP ARP Table for context default
Total number of entries: 1
Address         Age       MAC Address     Interface
192.168.100.20  00:08:22  000c.29c6.b255  Ethernet2/1

switch1# show ip arp detail

Flags: * - Adjacencies learnt on non-active FHRP router
       + - Adjacencies synced via CFSoE
       # - Adjacencies Throttled for Glean

IP ARP Table for context default
Total number of entries: 1
Address         Age       MAC Address     Interface        Physical Interface
192.168.100.20  00:08:25  000c.29c6.b255  Ethernet2/1      Ethernet2/1

Show routing table (see further for more specific info):

switch1# show ip route
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

192.168.100.0/24, ubest/mbest: 1/0, attached
    *via 192.168.100.10, Eth2/1, [0/0], 00:28:11, direct
192.168.100.10/32, ubest/mbest: 1/0, attached
    *via 192.168.100.10, Eth2/1, [0/0], 00:28:11, local

Routing:

More information: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/8651-21.html

Two similar routes: lowest AD wins
More specific route: AD is not important

Administrative distance:

type AD
direct 0
static 1
EIGRP summary 5
EIGRP 90
OSPF 110
RIP 120
EIGRP external 170

RIP:

  • Distance vector RP
  • Uses split horizon
  • Distributes the complete routing table every 30 seconds
  • Uses route poisoning (hop count of 16=invalid)
  • on Nexus: only RIPv2 (IPv4) and RIPng (IPv6), auto-summarization is disabled
  • RIPv1:
    • clasfull
    • uses broadcasts
    • no authentication
  • RIPv2
    • classless
    • uses multicast (224.0.0.9)
    • MD5 authentication is supported
  • RIPng
    • supports prefixes
    • uses multicast (FF02::9)
    • uses IPsec as authentication

Configure RIP:

switch1# con
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# feature rip
switch1(config)# router rip testRIP
switch1(config-router)# address-family ipv4 unicast
switch1(config-router-af)# int e2/2
switch1(config-if)# no switchport
switch1(config-if)# ip router rip testRIP
switch1(config-if)# show ip rip
Process Name "rip-testRIP" VRF "default"
RIP port 520, multicast-group 224.0.0.9
Admin-distance: 120
Updates every 30 sec, expire in 180 sec
Collect garbage in 120 sec
Default-metric: 1
Max-paths: 8
Process is up and running
  Interfaces supported by ipv4 RIP :
    Ethernet2/2

EIGRP:

  • Advanced Distance Vector RP
  • Classless
  • Max hopcount is 255 (default:100)
  • Metric is determined by K-values:
    • bandwidth (default)
    • delay (default)
    • reliability
    • load
  • Communication over RTP
  • Multicast on 224.0.0.10
  • Path selection; DUAL (Diffusing Update Algorithm)
  • Needs to form a neighbor relationship:
    • receive a hello from the neighbor
    • AS matches
    • K-values match
  • EIGRPv6 uses FF02::A as multicast address

EIGRP terminology:

  • AD: Advertised Distance: metric received from the neighbor
  • FD: Feasible Distance: metric from neighbor + own metric/cost to the neighbor
  • Successor: best route to a network
  • FS: Feasible Successor: backup route (AD<FD)

Configure EIGRP:

switch1# con
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# feature eigrp
LAN_ENTERPRISE_SERVICES_PKG license not installed. eigrp feature will be shutdow
n after grace period of approximately 120 day(s)
switch1(config)# router eigrp testEIGRP
switch1(config-router)# autonomous-system 100
switch1(config-router)# int e2/2
switch1(config-if)# no switchport
switch1(config-if)# ip router eigrp testEIGRP
switch1(config-if)# show ip eigrp
IP-EIGRP AS 100 ID 192.168.100.10 VRF default
  Process-tag: testEIGRP
  Instance Number: 1
  Status: running
  Authentication mode: none
  Authentication key-chain: none
  Metric weights: K1=1 K2=0 K3=1 K4=0 K5=0
  IP proto: 88 Multicast group: 224.0.0.10
  Int distance: 90 Ext distance: 170
  Max paths: 8
  Number of EIGRP interfaces: 1 (0 loopbacks)
  Number of EIGRP passive interfaces: 0
  Number of EIGRP peers: 0
  Graceful-Restart: Enabled
  Stub-Routing: Disabled
  NSF converge time limit/expiries: 120/0
  NSF route-hold time limit/expiries: 240/0
  NSF signal time limit/expiries: 20/0
  Redistributed max-prefix: Disabled
switch1(config-if)# show ip eigrp topology
IP-EIGRP Topology Table for AS(100)/ID(192.168.100.10) VRF default

OSPF:

  • Link-state RP
  • Classless
  • Max hopcount is unlimited
  • Metric is determined by bandwidth
  • OSPFv2 (IPv4): multicast on 224.0.0.5 and 224.0.0.6
  • OSPFv3 (IPv6): multicast on FF02::5 and FF02::6

OSPF terminology:

  • Backbone area (0): all other areas need to connect to this ear
  • ABR: Area Border Router: connection between area and area 0
  • ASBR: Autonomous System Border Router: connection to different AS
  • RID: Router ID: highest IP of all interfaces (can be force by using a loopback interface)
  • LSA: Link State Advertisements: updates between adjacencies
  • DR: Designated Router: distributes the updates (LSA), has the highest priority or the highest RID if priority is a tie
  • BDR: Backup Designated Router: standby for DR

Configure OSPF:

switch1# con
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# feature ospf
LAN_ENTERPRISE_SERVICES_PKG license not installed. ospf feature will be shutdown
 after grace period of approximately 120 day(s)
switch1(config)# router ospf testOSPF
switch1(config-router)# int e2/2
switch1(config-if)# no switchport
switch1(config-if)# ip router ospf testOSPF area 0
switch1(config-if)# show ip ospf

 Routing Process testOSPF with ID 192.168.100.10 VRF default
 Routing Process Instance Number 1
 Stateful High Availability enabled
 Graceful-restart is configured
   Grace period: 60 state: Inactive
   Last graceful restart exit status: None
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Administrative distance 110
 Reference Bandwidth is 40000 Mbps
 SPF throttling delay time of 200.000 msecs,
   SPF throttling hold time of 1000.000 msecs,
   SPF throttling maximum wait time of 5000.000 msecs
 LSA throttling start time of 0.000 msecs,
   LSA throttling hold interval of 5000.000 msecs,
   LSA throttling maximum wait time of 5000.000 msecs
 Minimum LSA arrival 1000.000 msec
 LSA group pacing timer 10 secs
 Maximum paths to destination 8
 Number of external LSAs 0, checksum sum 0
 Number of opaque AS LSAs 0, checksum sum 0
 Number of areas is 1, 1 normal, 0 stub, 0 nssa
 Number of active areas is 0, 0 normal, 0 stub, 0 nssa
 Install discard route for summarized external routes.
 Install discard route for summarized internal routes.
   Area BACKBONE(0.0.0.0) (Inactive)
        Area has existed for 00:00:03
        Interfaces in this area: 1 Active interfaces: 0
        Passive interfaces: 0  Loopback interfaces: 0
        No authentication available
        SPF calculation has run 0 times
         Last SPF ran for 0.000000s
        Area ranges are
        Number of LSAs: 0, checksum sum 0
switch1(config-if)# show ip ospf neighbors

ACL:

  • ACL’s have an implicit deny at the end
  • Nexus supports only named extended ACL

Configure ACL:

switch1# con
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# ip access-list denyftp
switch1(config-acl)# deny tcp any host 10.10.1.1 eq ftp
switch1(config-acl)# permit ip any any
switch1(config-acl)# int e2/2
switch1(config-if)# ip access-group denyftp in
switch1(config-if)# ip access-list denytelnet
switch1(config-acl)# deny tcp any 192.168.100.0 0.0.0.255 eq 23
sswitch1(config-acl)# deny tcp any 10.10.25.0/22 eq 23
switch1(config-acl)# permit ip any any
switch1(config-acl)# int e2/2
switch1(config-if)# ip access-group denytelnet in
switch1(config-if)# show run | begin access-list
ip access-list denyftp
  10 deny tcp any 10.10.1.1/32 eq ftp
  20 permit ip any any
ip access-list denytelnet
  10 deny tcp any 192.168.100.0/24 eq telnet
  20 deny tcp any 10.10.25.0/22 eq telnet
  30 permit ip any any
...
switch1(config)# exit
switch1# show access-lists denyftp
IP access list denyftp
        10 deny tcp any 10.10.1.1/32 eq ftp
        20 permit ip any any

 

Layer 4 (frames)

TCP header: 20 B
UDP header: 8 B

Nexus platform

Abbreviations:

short full meaning
VRF Virtual Routing and Forwarding Multiple routing tables in one device (default VRF and management VRF)
ISSU In-Service Software Upgrades Non-disruptive software upgrade (requires dual supervisors)
PSS Persistent Storage Services Saves the state/condition of running services on a regular basis = checkpoint for recovery
MTS Message and Transaction Service
SVI Switch Virtual Interface  Virtual L3-interface per VLAN – Allows inter-vlan communication
VDC Virtual Device Context allow separate instances on one device (VLAN's are VDC unique)
UDLD UniDirectional Link Detection Monitors physical connections and detects one-way traffic (Layer 2)
PIM Protocol Independent Multicast Layer 3
CDP Cisco Discovery Protocol Layer 2
FEX Fabric Extender Kind of an remote line card (see further)
NFE Network Forwarding Engine
GOLD Generic Online Diagnostics
POAP PowerOn Auto Provisioning Possibility to deploy device configuration

Ports:

No more speed in the portname as in IOS. All ports are Ethernet <slot>/<port>

Unified ports (UP-switches) can be used for Ehternet or Fibre Channel

A port on a Nexus switch can be in L2 or L3 mode (depending on the Nexus model) to put a port in L2-mode (let’s the port behave like a port on IOS) and optionally put the port in a VLAN:

switch1# con
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# interface ethernet 2/2
switch1(config-if)# switchport
switch1(config-if)# switchport mode access
switch1(config-if)# switchport access vlan 10

Users and roles:

Default roles:

  • network-admin: full read-write on the switch
  • network-operator: read-only

Add a user:

switch1(config)# username test ?
  <CR>
  expire       Expiry date for this user account(in YYYY-MM-DD format)
  keypair      Generate SSH User Keys
  password     Password for the user
  role         Role which the user is to be assigned to
  ssh-cert-dn  Update cert dn
  sshkey       Update ssh key for the user for ssh authentication

switch1(config)# username test password test role network-admin

Features:

Certain features (or processes) on the switch need to be explicitly enable before they can be used.

Show status of a feature:

switch1(config)# show feature | i rip
rip                   1         disabled
rip                   2         disabled
rip                   3         disabled
rip                   4         disabled

Enable a feature:

switch1(config)# feature rip
switch1(config)# show feature | i rip
rip                   1         enabled (not-running)
rip                   2         enabled (not-running)
rip                   3         enabled (not-running)
rip                   4         enabled (not-running)

Disable a feature:

switch1(config)# no feature rip
switch1(config)# show feature | i rip
rip                   1         disabled
rip                   2         disabled
rip                   3         disabled
rip                   4         disabled

Processes:

Different processes are running on the switch. To monitor the status:

switch1(config)# show processes

PID    State  PC        Start_cnt    TTY   Process
-----  -----  --------  -----------  ----  -------------
    1      S  41520eb8            1     - init
    2      S         0            1     - kthreadd
    3      S         0            1     - migration/0
    4      S         0            1     - ksoftirqd/0
    5      S         0            1     - watchdog/0
    6      S         0            1     - events/0
    7      S         0            1     - khelper
    8      S         0            1     - netns
    9      S         0            1     - kblockd/0
...

Status can be S=started or NR (not ready)

Boot-process:

More information:

  1. Golden BIOS (9600baud)
  2. Check check-sum of the upgradable BIOS
    1. If 2 is ok -> go to 3
    2. if 2 is not ok -> boot the golden BIOS
    3. if Ctrl Shift 6 is received within 2 seconds -> boot the golden BIOS
    4. if Ctrl C is received -> go to BIOS config
  3. Boot the upgradable BIOS
  4. Start the loader
    1. if Ctrl Shift R (of Ctrl Shift L) is received -> go to the loader prompt
  5. Boot the kickstart image
    1. if Ctrl ] is received -> go to the switch (boot) prompt
  6. Load the system image
  7. CLI and operations are ready

Start a kickstart-image from the loader prompt:

                Loader Version 1.2(2)

loader> dir
bootflash:
  lost+found
  n5000-uk9-kickstart.5.0.2.N2.1.bin
  n5000-uk9.5.0.2.N2.1.bin
  mts.log
  scripts
  20151006_174658_poap_2393_init.log
  vlan.dat
  20151027_185542_poap_2746_init.log
  S1-running-config

loader> boot n5000-uk9-kickstart.5.0.2.N2.1.bin
Booting kickstart image: n5000-uk9-kickstart.5.0.2.N2.1.bin....
...............................................................................
.......Image verification OK
...

Start a system image from the switch (boot) prompt:

switch(boot)# dir
      14027  Oct 06 2015 17:50:30  20151006_174658_poap_2393_init.log
          0  Oct 27 2015 18:55:42  20151027_185542_poap_2746_init.log
       1579  Nov 07 2015 12:04:10  S1-running-config
      16384  Oct 06 2015 17:45:48  lost+found/
       7909  Nov 11 2015 03:38:50  mts.log
       4096  Oct 06 2015 17:46:46  scripts/
   28248064  Jun 26 2014 00:17:35  n5000-uk9-kickstart.5.0.2.N2.1.bin
   87184240  Jun 26 2014 00:17:37  n5000-uk9.5.0.2.N2.1.bin
        664  Nov 11 2015 03:39:32  vlan.dat

Usage for bootflash: filesystem
149213184 bytes used
1364643840 bytes free
1594875904 bytes total
switch(boot)# load n5000-uk9.5.0.2.N2.1.bin
Uncompressing system image: bootflash:/n5000-uk9.5.0.2.N2.1.bin Wed Nov 11 04:51
:21 UTC 2015
...

Nexus switches (not sure if all of them) don’t have a power switch and start booting as soon as they receive power.

bootflash: consists of the following:

  • 2 MB flash: upgradable BIOS and golden BIOS image
  • 1 GB flash: configuration files, kickstart images, systems images, and other files.

Filesystem:

Directory navigation:

switch1# pwd
bootflash:
switch1# mkdir testdir
switch1# cd testdir
switch1# dir

Usage for bootflash://
  230240256 bytes used
 1364635648 bytes free
 1594875904 bytes total
switch1# cd ..
switch1# pwd
bootflash:
switch1# rmdir testdir
Do you want to delete "/testdir" ? (yes/no/abort)   [y] y

File management:

switch1# show ip int brief > testfile
switch1# show file testfile
IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Eth2/1               192.168.100.10  protocol-up/link-up/admin-up

switch1# delete testfile
Do you want to delete "/testfile" ? (yes/no/abort)   [y] y

Zip:

switch1# show running-config > runconf
switch1# gzip runconf
switch1# dir
        805    Nov 11 20:45:11 2015  runconf.gz

Usage for bootflash://
  230252544 bytes used
 1364623360 bytes free
 1594875904 bytes total
switch1# gunzip runconf.gz
switch1# dir
       1918    Nov 11 20:45:11 2015  runconf

Usage for bootflash://
  230252544 bytes used
 1364623360 bytes free
 1594875904 bytes total

Licenses:

Every Nexus device has a unique switch ID:

switch1# show license host-id

When a license is not available, a license grace-period can be activated and features can be tested for 120 days.

switch1# con
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)# license grace-period

License management:

switch1(config)# install license bootflash:license_file.lic
switch1# show license usage

Licenses overview:

This table took me quite some time to make and probably it’s not 100% correct but at least it helped me to put 100’s of lines of information for every model/series in a small overview.

nexus_licenses

Nexus hardware:

I found this one of the hardest things to master. Probably because I don’t support learning all these hardware and feature details by heart. In a real life situation, you look these things up using Google or the Cisco website. Even if you know the details by heart, it’s a good thing to check if nothing has changed or a new type/version exists.

In order to be able to remember this huge pile of information, I tried to create some rules or overview because remembering all details for all models is almost impossible.

LED’s generic rule:

  • No light = no power / no link
  • Green = status is good
  • Amber = booting or disabled
  • Amber blinking = fault
  • Blue = identification

More information:

Naming convention:

This naming convention is not documented but I noticed that you can more or less use it as a general rule. The letters are used in the line card names and switch model names.

Speed:

  • G = 1G
  • X = 10G
  • F = 40G
  • C = 100G

Connection type:

  • T = RJ45
  • S = SFP
  • P = SFP+
  • Q = QSFP+
  • K/L = CPAC
  • 2 = X2

Hardware overview:

As with the licenses, this overview also took me really a lot of time to complete. I’m actually surprised that such simple matrix is nowhere to find on the internet. Most of the information is verified but it is possible that there are some mistakes in the table.

nexus_models

More information:

Hopefully the above information helps somebody to study for the exam or to find some information that is related to Nexus/Data Center.

26 thoughts on “How to prepare for Cisco CCNA Data Center 640-911 DCICN

  1. Thanks for the info, this was extremely helpful! I had no idea about the boot-up process and config-register questions. There were about 15/65 questions on my exam related to those 2 topics….. And thanks for taking the time to create the license and product info charts. I printed those out and memorized them as best as I could, helped out big time!

  2. A million thanks, what you have done is amazing, it will really helpful who all are preparing for 640-911. Please post if you have for 640-916 too….

    • Hey please can you tell me , how many questions are there in 640-911 exam ? and all questions are objectives or it may contain any other labs like ccna routing & switching exam?

  3. On the “Start a kickstart-image from the loader prompt:” section,

    It shows you just type
    loader> n5000-uk9-kickstart.5.0.2.N2.1.bin

    You just type the .bin file name? you dont type Load or boot in front of it?

    I cant seem to find the proper info on this type of issue. Everything I pull down from Cisco says use the “install all” command followed by the kickstart.bin file then the sytem image.bin file all on the same line in that order.

    • Hi,

      Good catch. You need to type boot, followed by the kickstart image. I’ve corrected this in my post.

      To remember: boot an image at the loader prompt and load an image at the boot prompt :)

  4. Hey please can anyone tell me , how many questions are there in 640-911 exam ? and all questions are objectives or it may contain any other labs like ccna routing & switching?

    • Hi,

      There are 65 questions on the exam. All questions come from the objectives but as you can read in my post, you should take the objectives very broad. Knowledge of CCNA R&S is a plus but that’s because the objectives overlap broadly.

  5. Hi Jensd,

    Thanks for valuable information, I just like to confirm if any LAB Questions for 640-911 exam or all are Objective Type ?

  6. Thx Jens for the enhanced summary of the 640-911 exam. I noticed that there is a screenshot missing under the text: “Disable a feature:”

  7. Thanks,
    very useful i passed today

    u have to add Boot-process for 5000 series method, u have here 7000 method only but u put the useful links for that any way.

    Good luck

  8. hey Jens,

    I am preparing for my 640-911 exam this month. Does the exam include only multiple choices questions and sim-lets (Hotspot topologies) or it also includes labs where you have to enter Nx-Os command line and troubleshoot according to a scenario?

    Your blog is fantastic btw.

    Thanks,

    Kostas

  9. Great read. I’m due to take mine in three weeks. How much of the DCICT knowledge crosses over into the DCICN exam? Wherever I read, I see contradiction!

  10. Great Job! It is well done and planning to take my exam in 2 weeks. I am planning to take this exam in two weeks. Is there any hot spot or simulate questions or just multiple choice only?

  11. Fantastic job!….and nothing drives the information home like creating a page like this, Jensd!

    Many thanks for your guidance, and I hope to get your thoughts on the DCICT in time.

  12. Pingback: 640-911: Introducing Cisco Data Center Networking DCICN - Exam Resources - Chris Stark's Blog

  13. I believe that the ip address range of class c private network is 192.168.0.0/16 Please double check

    I am writing the exam today. Hope everything goes well. I have not taken much effort to study the hardware features. Fingers crossed

    Thanks a lot jens!!! I am going through this with 4 hours to the test.

    Again, Fantastic Job!!

  14. Any possibility of getting this in .pdf form. That way I can study when I don’t have internet access.

    Thanks,
    Jeff

  15. In Layer1 (bits), is “1000BASE-FX” accurate? Should it be “100BASE-FX” – Fiber @ 2km distance at 100Mb/s?

  16. Your study notes are fantastic, thank you so much! I am getting my CCNA Data Ctr certification completed before the new tests are required (4/11/17), and this was a tremendous help! I look forward to your notes for the 640-916 exam which I will take in 2 weeks. Thank you again! Awesome job!

    • Hi Paul,

      Please share your experiences.
      Did you meet new topics or questions?
      Could you give me an estimation for the current dump accurate?

      I learned a lot, but I am afraiding.

      I will attend on the next week to the 640-911.
      The new version of 640-916 is more useful with the ACI topics and I am waiting for that one.
      Thanks in advance.

  17. Hey please can anyone tell me , how many questions are there in 640-911 exam ? and all questions are objectives or it may contain any other labs like ccna routing & switching?

Leave a Reply

Your email address will not be published. Required fields are marked *