Test ast 2
ACI and UCS Troubleshooting Quiz
Test your knowledge on ACI fabric, UCS integration, and various networking concepts with our comprehensive quiz. Designed for professionals in the field, this quiz covers real-world scenarios and technical challenges.
Challenge yourself with questions on:
- Failure testing in ACI fabric
- UCS server integration
- NTP configurations
- vPC and vPC+ troubleshooting
1) Customer is failure-testing ACI fabric before going into production. During the failure testing some interesting and unexpected behaviour was seen. The issue is escalated to you now.
None expected behaviour on current version of customer software ISSU and hot standby came out later in version
Expected behaviour on current version of customer software ISSU and hot standby came out in earlier version
Expected behaviour on current version of customer software ISSU and hot standby came out in later version
Expected behaviour on old version of customer software ISSU and hot standby came out in later version
2) Why did both the spine supervisors show the (config)# prompt?
APIC spines have active/active supervisor and will store configuration regardless of APIC cluster status
APIC clusters determines which supervisor becomes active by round robin
ACI spines download configuration from previously active supervisor through EOBC
Since new active supervisor could not download configuration from degraded APIC Cluster
3) What is the proper sequent to power up ACI fabric?
Power up Spine >> Apic >> Leaf
Power up Leaf >> Spine >> APIC
Power up APIC >> Spine >> Leaf
Power up APIC >> Leaf >>Spine
4) Why did NTP being misconfigured on NTP cluster cause the APIC Cluster not to form? What command must be used to verify?
With NTP wrong, the APIC Certificates are not valid and services fail to start.
With NTP wrong, the APIC Certificates are valid and services start.
‘acidiag verifyapic’ can be used to verify APIC Certificate date.
‘acidiag verifyapic’ cannot be used to verify APIC Certificate date.
5) What happens when Spine failover
Leaf standby supervisor is warm standby and will need to download configuration from APIC after active goes down
Spine standby supervisor is warm standby and will need to download configuration from APIC after active goes down
Spine standby supervisor is warm standby and don’t need to download configuration from APIC after active goes down
Leaf standby supervisor is warm standby and will need to download configuration from APIC after active goes down
You are working in the ACME Corporation support team, and one of your responsibilities is to provide second-level support to the ACME helpdesk. The ACME helpdesk just opened a case with your team and needs help with UCS C series rack server integration with UCSM. Use the resources provided below and make a choice for each question.
1) What is the type of C series integration customer is implementing?
Single Connect (1 wire from UCS-C to FEX)
Single wire to FEX and dual wire management to FI
Dual wire management
Direct connect
2) What is the next action plan you will propose so the server completes discovery? Or which option to choose to resolve the connection issue?
Reset server CIMC and reconnect to UCSM
Unconfigure port and reconfigure as server port
Unseat the server CIMC and reconnect to UCSM
Reconfigure port then unconfigure as server port
3) Which log file on UCS would you refer to check when CIMC is assigned an IP address?
/isan/etc/ipaddr
/CIMC/dhcp.leases
/san/etc/cimc/ipaddr
/isan/etc/dhcp.leases
4) Which SAM process log would you look into to find if DHCP request is received from the CIMC/BMC of the reck server?
svc_sam_bladeAG.log
svc_sam_nicAG.log
svc_sam_rsdAG.log
svc_sam_portAG.log
2) What is the next action plan you will propose so the server completes discovery? Or which option to choose to resolve the connection issue?
Reset the vic card or re-seat the card on the ucs c 240M4
Reset the vic card or re-seat the card on the ucs c 240M4
Unseat the server CIMC and reconnect to UCSM
Reconfigure port then unconfigure as server port
5) The customer can’t find the UCSM when he attached 3rd party fc card to the UCS-C server.
3rd party FC cards are not supported with UCS-C series integrated with UCSM.
Connect the FC card directly to SAN outside the UCS
Connect the FC card to FEX for SAN connectivity
Connect the FC card to fabric interconnect for SAN connectivity
Use the cisco vic and create vHBA for SAN connectivity through FI.
1) Based on provided information what could be the possible reason for connection failure?
HTTP proxy required to reach Internet but is not configured
DNS is not configured
NTP is not configured
NO valid CA-Signed certificate
2) Based on given information, UCSM firmware version is NOT supported for Device Connection Intersight.
True
False
3) If you use an HTTP proxy to route traffic out of your premises and if you have made changes to HTTP proxy servers configuration, Intersight will automatically detect HTTP proxy server?
True
False
4) What are the 4 necessary things (and steps) when starting implementing Intersight?
Resolve svc.ucs-connect.cisco.com >>> (look for these key word in your answer) aka the Browser
Cisco Account (Cisco ID)
Use required license
Single account for all platform
Have connectivity with devices
Not necessary license
server with correct instalation
use browser supported
Based on given information, UCSM firmware version is supported for Device Connection Intersight.
True
False
1) ‘show nve peer data-plane’ command. Which would be shown on VTEP’s?
Output will be empty
Output will be full
Nothing will be shown
Output will have BGP configs
2) Question
Admin PC in vlan 401 won’t be able to reach any networks connected to remote VTEP.
Admin PC in vlan 301 won’t be able to reach any networks connected to remote VTEP.
Admin PC in vlan 601 won’t be able to reach any networks connected to remote VTEP.
Admin PC in vlan 501 won’t be able to reach any networks connected to remote VTEP.
3) Which command to see all learned hosts addresess information on VTEP (MAC, IP, Next-hop VTEP)
Show l2route evpn all
show mac l2route evpn all
show evpn l2route all
show l2route evpn mac-ip all
show l2route evpn mac all
4) Which command on VTEPs would be the best to help TAC engineer confirm his findings from the collected captures?
Debug nve error
show nve vxlan-params
show vxlan interface
show nve vni interface nve1 detail
5) Which VTEP device should be fixed to add new users in the future (one is not working)
N9K4
N7K2
N7K4
N9K3
1. When Looking at the “Show npv flogi-table’ output on both fabric interconnects we see that the tables are empty. This behaviour is consistent while the service profile is booting and we seem to be unable to perform a flogi. What is the cause of this?
The NPV feature is not enabled on the bdsol-n5548-51 and bdsol-n5548-52 switch.
VSAN 1 is configured with an incorrect fcoe-vlan
We need to enable FC Uplink Trunking
When using FCoE no flogies are used, this is only seen when doing FC.
2. After Correcting the Previous Question, the Customer is seeing flogies on bdsol-n5548-02. What is the cause of this?
We are using interface 1/4 on FI-B where we should be using interface 1/3.
Int vrf 112 on bdsol-n5548-02 should be configured with vsan 980
Bdsol-n5548-02 eth 1/12 is not configured with vlan 980
Interface 1/4 should be using FCoE VLAN 80
3. After correctly the previous question, we can see the correct flogies happening but now we are unable to discover the targets. What is causing this?
The SAN administer forgot to activate the zoneset, the provide output is not from “show zoneset activate” but from “show zoneset”
There is mistake in the boot policy, we should be using wwn 56:69:CE:90:4F:A6:B7:02 and 56:C9:CE:90:4F:A6:B7:04
There is a mistake in the device-alias database on bdsol-n5548-02, we should be using 56:69:CE:90:4F:A6:B7:01 and 56:C9:CE:90:4F:A6:B7:03
The storage device is not logged into the fabric and hence it cannot be discovered by the blades
4. After having booted the first two blades with service profiles, the customer now would like to install 6 more blades in the UCS chassis. Although he can see these blades booting by checking the flogi tables on the switches, he cannot connect to the KVMs. How can he correct the KVM connection issue?
The customer should shut down the first 2 blades which will allow the UCSM to re-use these IPs on the new blades.
The customer should move the IP addresss used for the DVMs by modifying the ext-mgmt ip pool.
The customer needs to enable in band management by creating an inband IP Pool, VLAN, VLAN group, inband profiles and then enable this on the CIMC of the blade.
The KVM IP space is only a /29 and hence has no space left. He should add 1 more /29 or bigger network to the UCS management interface.
5. The customer has added 2 different uplinks to the UCSM system (1 going to the legacy network and 1 going to the production network) and is using VLAN-groups to properly manage which VLAN is configured where (L2 disjoint). The morning however he received the error “ENM source pinning Failed” on all his service-profiles and he has lost all connectivity towards his production system. What is causing the “ENM source Pinning Failed” fault.
An administrator has deleted a VLAN on an uplink interface in the VLAN group hence causing the linked vnic-templates which was using this VLAN to go into “ENM source pinning failed”.
The switches managing the legacy network have been brought down and due to the “Action on uplink fail: linkdown” configured on the service-profile through the network control policy; the vnics go into “ENM source pinning failed”.
Not all the VLANs which are a member of the VLAN group legacy have been added on the Legacy vNIC on the Service profiles.
FI-6234-A failed hence causing the vNICs to loose the uplink connectivity which trigger the “ENM source pinning failed”.
You are working in the ACME corporate support team and one of your responsibilities is to provide second-level support to the ACME helpdesk. The ACME helpdesk just opened a case with your team and needs help with vPC and vPC+. Use the resources provided below and make a choice for each question that follows:
1. What did the TAC engineer spot on the ethanalyzer capture?
The ping request destination MAC address is not standard
The ping reply source MAC address is not standard
The data is wrong and the switch drop the packet cdab0000cdab000cdat000cdab000cdab000
The pcket has the wrong protocol in the frame eth ip icmp data
The ping request source MAC address is not standard
The packet destination MAC address is not standard
2. What is the source of the problem is how can the problem be fixed?
Configure the system mac to be different one
Routing issue configure a static ip route on the Nexus7k1 and Nexus7k2
Configure the feature peer gateway on both nexus 7000
Configure the feature peer switch on both nexus 7000
Replace the cable on the non working Nexus 7000
3. By looking at the configuration of the two nexus 7000 there is a security concern?
vPC Auto recovery sstatus needs to be disabled
Nexus7k1 has a Control Plane Policing simple profile
Control Plane Policing is not configured on Nexus7k2
vPC keepalive is wrongly configured and currently not working
4. Why the connection between the Nexus 7000 and the storage device were broken after enabling vPC+
The vPC+ switch id cannot be the same as the vPC domain id
There is a unidirectional link that caused the spanning tree interface to go into blocking
The Nexus7k1 and the Nexus7k2 are not the STP root for VLAN 10
The connection will go into forwarding soon because the spanning-tree output we see this bridge is the root
There is a protocol mismatch rSTP cannot be used with vPC+
5. After Fixing the issue what will happen with the link from the Spanning Tree point of view and how loops between the STP domain and the FP domain will be prevented
One link will be forwarding and one blocking this will prevent loops. The device with the lower MAC will put the link into forwarding
Both links will be forwarding but only Nexus7k1 will forwarding Broadcast Multicast Unknown Unicast
One link will be forwarding and one blocking this will prevent loops. The device with the Higher MAC will put the link into forwarding.
Both links will be forwarding fabricpath will take care of loops.
Both links will be forwarding but only Nexus7k2 will forward broadcast/multicast/unknown unicast
You are working in ACME corporate support team, and one of your representatives’ second level supports to the ACME helpdesk. The helpdesk just opened the case with your team and needs help to boot host from iSCI. Use the resources provided below and make a choice for each question that following.
1. Where is the configuration problem most likely to be.
A. Other UCS configuration not in the service profile.
B. Server adapter does not support iSCI.
C. Service profile configuration
D. Additional licenses required to use iSCI or UCS.
E. Upstream network configuration.
2.Assigning MAC address to iSCI vNIC. What needs to be done to receive the configuration error?
A. There are no mac-address remaining in the pool.
B. The iSCI vNIC should not have a mac address assigned to it.
C. The overlay MAC address is using the wrong mac pool.
D. The mac address is already in use for another server.
3. What is causing the native vlan fault in the output. What was the cause of this configuration error?
A. The overlay vNIC does not have the same native vlans as the vNIC
B. The iSCI vNIC placement is wrong
C. There are multiple native vlans defined
D. There is an iSCI vNIC for each side of the fabric
5. What is cause for the failing to boot after installation. Why isn't the iscsi boot working
A. Wrong destination TCP port
B. Boot orders is not properly configured
C. LUN id is wrong
D. Authentication is not configured
You are working in ACME corporate support team, and one of your representatives is to provide second level support to the Acme Helpdesk. The ACME helpdesk just opened the case with your team and needs help with a Nexus 1000v. Use the resources provided below and make a choice for each question that follows.
1. Which device will provide the most information about why the VEMs cannot communicate with the VSM.
A. VSM
B. N5K-A
C. VEM
D. N5K-B
Which two profiles would most likely to have wrong configuration causing the problems (choose two answers).
A. ## Port Profiles
B. L2 Management Port Profile
D. – Ethernet Uplink
C. – Control L3 Port Profile
E. L2 ## port Profile
3. What is missing from the L3 control profile?
A. ## port-group
B. No shut command
C. Capacity L3 control
D. The VLAN is not added
E. Capacity L3 control not present
4. What is wrong with the ethernet uplink profile?
A. The L2 control, packet, management VLANs are not system VLANs.
B. Capability L3 controls is not enabled.
C. The L3 control VLAN is not system VLAN.
D. The L3 control VLAN isn't allowed on the uplink.
5. What are the best options to troubleshoot the 1000v. Which commands will help the most in finding the cause of problem?
A. ~vemcmd show port vlan
Vemcmd
C. Show vem cmd module
D. Show port profiles
You are working in the Layer 2/Layer 3 TAC support team for Cisco Nexus Support. The ACME helpdesk just opened a case with your team and needs help with OTV Connectivity problem between 2 sites. Use the resources provided below and make a choice for each question that follows:
1. What is possible solution for this problem?
Configure otv flood mac 0022:90d4:717f vlan 700
Configure the mac aging timer to the higher than the arp timer
Configure otv selective flood mac 0022:90d4.717f vlan 600
Configure otv selective flood mac 0022:90d4.717f vlan 700
Configure otv flood mac 0022:90d4.717f vlan 600
The customer is trying to configure two SVIs on the OTV device. One for vlan 650 and one for vlan 700, the svi for vlan 650 is fine, but the vlan 700 but he gets the following error.
OTV-West(config)# interface vlan 700
Error: invalid range Vlan 700
What is the reason for this error The feature interface-vlan is not configured
The OTV implementation on the Nexus 7000 enforces the separation between SVI routing and OTV encapsulation for a given VLAN.
The vlan is not created yet
The range is invalid
The SVI is not allowed because customer must specify a range.
3. What needs to be changed to bring up OTV at the South Site?
Add the multicast control group
Change site-identifer
Configured use-adjacency-server
Add the multicast data group
Change site-vlan
4. The new South site has a different VLAN numbering scheme. What command can be used to fix this issue?
OTV-South(config if-overlay)# otv vlan mapping [add | remove ] (vlan-range)
OTV-South(config)# otv vlan mapping [add | remove ] (vlan-range)
OTV-South(config-overlay)# otv vlan mapping [add | remove ] (vlan-range)
OTV-South(Config)# otv vlan translation [add | remove ] (vlan-range)
OTV-South(Config if-overlay)# otv vlan transition [add | remove ] (vlan-range)
HSRP can be configured at the West, East and South Site, but this can lead to suboptimal routing. FHRP isolation can be used in this case. The steps involved filtering the FHRP helloes filter and OTV mac advertisement and suppress possible the Gratuitous ARP (GARP). What is wrong with the configuration (output 4 FHRP).
Configure feature arp
Configure a different mac-list
Configure feature dhcp
The vlan filter is not correct
Configure feature arp-inspection.
You are working in the ACME corporate support team, the one of your responsibilities is to provide second-level support to the ACME helpdesk. The helpdesk just opened a case with your team and needs help with ACI performance issue. Uses the resources provided below and make a choice for each question that follows.
Question 1: Given the provided data what is the most likely cause performance issue for the directly attached server.
There is a mismatch between the load balancing use between the leaves and the ESXi host
No CDP policy has been configured on the DVS causing the ESXi ACI discovery to not properly function hence causing traffic drops
CDP has to be enabled on the ACI side as we are connecting to an ESXi server
The customer has duplicate IPs in the network causing a continuous flap of the related linked MAC addresses
Question 2: In the provided topology you can see the customer is also using a USB with 2 fabric interconnects. The customer is unable to perform dynamic learning on the ESXi server installed on the UCS B Blades. When the configures static paths the connectivity works perfect. Given the provided data what is the most likely cause causing dynamic learning is failing.
The QOS policy linked to the service profile does not have LLDP configured
With UCS B connectivity you have a use AVS to enable dynamic learning
For UCS B we only support CDP as a discovery protocol
FI A and FI B have an incorrect configured network control policy
Question 3: After getting connectivity working the customer implemented multiple EPGs with contracts in place. Between EPG A consumer and EPG B provider the customer has a contract, contract A in place with Subject with the option Apply both direction checded. The filter used is source 4915265535 and Dest 22 after configuring this the customer is unable to connect from a VM running window 2008R2 in EPG A to a VM running RHEL 7 in EPG B, why is the traffic now allowed.
You always need to create an extra consumer provider relationship for the return traffic
The source port needs to be defined as any
The filter needs to be configured with option stateful in order for SSH filter to work
Reverse filter ports should be checked when creating such a subject
Question 4: The customer is using an NFS based filter from NetApp and has configured as per the design advice in a FlexPOD all MTUs to be set to MTU 9000 to have the best performance. After migrating the vmk from DVS to AV. He sees however that the datastore disconnects when he powers on a VM. What is the cause of this disconnect.
There is most likely an issue with the Netapp filterand a support case needs to be urgently opened
NFS datastore traffic cannot run on vmk interface that is connected to an AVS DVS
The AVS tunnel generates and overhead and hence the maximum MTU that needs to be configured on the vmk interface is 8950
ACI does not support MTU 9000 and you need to decrease the MTU to 1500
Question 5: The customer has switched to fully inband management with his VC running a VM in the infrastructure and all ESXi server connected to EPGs with dynamic learning enabled. However he is unable to ping the VC and the ESXi servers and has lost all connectivity towards his VMs. What would be a potential fix to resolve this issue.
When using inband all EPGs used for the VMM integration need to be linked as a static path to all the servers
The ESXi servers management vmk0 needs to be connected to a port group that is linked to an EPG with a static path on the servers uplink port
The VC needs to run on a separate ESXi servers on a dedicated bare metal system with a static path configured
The ESXi server management vmk0 and the VC VM need to be connected to a port group that is linked to an EPG with a static path on the Servers uplink port
{"name":"Test ast 2", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on ACI fabric, UCS integration, and various networking concepts with our comprehensive quiz. Designed for professionals in the field, this quiz covers real-world scenarios and technical challenges.Challenge yourself with questions on:Failure testing in ACI fabricUCS server integrationNTP configurationsvPC and vPC+ troubleshooting","img":"https:/images/course6.png"}