Visit here for our full Cisco 350-601 exam dumps and practice test questions.

Question 46

A data center engineer is implementing QoS policies in a Cisco Nexus environment to prioritize storage traffic over standard data traffic. Which QoS component classifies traffic into different service levels?

A) Queuing

B) Marking

C) Policing

D) Classification

Answer: D

Explanation:

Classification is the QoS component that identifies and categorizes traffic into different service levels based on various criteria. This is the foundational step in any QoS implementation because all subsequent QoS actions depend on correctly identifying which traffic belongs to which service class. Classification examines packet headers and matches traffic against defined criteria such as IP addresses, port numbers, protocols, DSCP values, CoS markings, or access control lists. Once traffic is classified, appropriate QoS policies can be applied including marking, queuing, policing, or shaping based on the traffic class.

In data center environments, classification is particularly important because multiple types of traffic with vastly different requirements share the same physical infrastructure. Storage traffic requires low latency and lossless delivery, voice traffic needs minimal jitter and delay, management traffic must remain accessible even during congestion, and standard data traffic can tolerate some delay and loss. Classification enables the network to distinguish between these traffic types by examining packet characteristics. For storage traffic specifically, classification might identify FCoE by matching the EtherType value 0x8906, iSCSI by matching TCP port 3260, or already-marked storage traffic by matching specific DSCP or CoS values.

The classification process typically occurs at network edges where traffic enters the data center fabric or at access layers where endpoints connect. Trust boundaries define where the network trusts existing markings versus where it reclassifies traffic. In untrusted scenarios, the network ignores any existing QoS markings and classifies based on packet inspection. In trusted scenarios, such as between data center switches, existing markings are honored. Classification policies are defined using class maps that specify match criteria and policy maps that associate class maps with QoS actions.

Marking applies QoS values to packets after they have been classified but is not the classification process itself. Queuing determines how classified packets are scheduled for transmission but requires prior classification to assign packets to appropriate queues. Policing enforces rate limits on traffic but operates on already-classified traffic flows. Classification is the prerequisite step that enables all other QoS mechanisms to function correctly by identifying which traffic requires which treatment.

Question 47

An administrator needs to configure a Cisco Nexus switch to forward traffic based on both Layer 2 MAC addresses and Layer 3 IP addresses. Which switching mode enables this functionality?

A) Store-and-forward

B) Cut-through

C) Routing

D) Fabric forwarding

Answer: C

Explanation:

Routing mode enables the Cisco Nexus switch to forward traffic based on both Layer 2 MAC addresses and Layer 3 IP addresses, providing integrated switching and routing functionality. Modern data center switches like the Nexus family are designed as Layer 3 switches that perform both traditional Layer 2 switching for traffic within the same subnet and Layer 3 routing for traffic between different subnets. This convergence of switching and routing capabilities eliminates the need for separate router devices and enables efficient traffic flow patterns typical in modern data center architectures.

When routing is enabled on a Nexus switch, it maintains both a MAC address table for Layer 2 forwarding decisions and a routing table for Layer 3 forwarding decisions. For traffic destined to MAC addresses within the same VLAN, the switch performs Layer 2 forwarding by looking up the destination MAC in its MAC address table and forwarding out the appropriate port. For traffic destined to different subnets, the switch acts as the default gateway, receiving frames addressed to its MAC address, examining the destination IP address, performing a routing table lookup, determining the next hop, and forwarding the packet accordingly after appropriate MAC address rewrites.

Layer 3 switching capabilities are essential in spine-leaf data center architectures where leaf switches typically serve as the default gateways for their attached servers and route traffic toward spine switches for inter-leaf communication. This distributed routing model keeps traffic patterns optimal by routing at the first opportunity rather than forcing all inter-subnet traffic through centralized routers. Features like anycast gateway further enhance this model by allowing multiple leaf switches to share the same gateway IP and MAC address, enabling hosts to communicate with any leaf switch as their gateway.

Store-and-forward and cut-through are switching methods that describe how switches handle frame forwarding at Layer 2 but do not relate to Layer 3 routing capabilities. Store-and-forward receives the entire frame before forwarding while cut-through begins forwarding as soon as the destination address is read. Fabric forwarding refers to forwarding mechanisms within fabric architectures like ACI but does not specifically describe the integration of Layer 2 and Layer 3 forwarding. Only routing mode provides the combined Layer 2 and Layer 3 forwarding capabilities described.

Question 48

A network engineer is troubleshooting a VXLAN overlay network and needs to verify the mapping between VLANs and VNIs. Which configuration component defines this relationship?

A) VRF instance

B) Bridge domain

C) VLAN-to-VNI mapping under NVE interface

D) Routing protocol adjacency

Answer: C

Explanation:

The VLAN-to-VNI mapping configured under the NVE interface defines the relationship between local VLANs and VXLAN Network Identifiers in the overlay network. This mapping is fundamental to VXLAN operation because it determines how Layer 2 traffic in local VLANs is encapsulated into VXLAN segments for transport across the Layer 3 underlay network. Each VLAN that needs to be extended across the VXLAN fabric must be explicitly mapped to a corresponding VNI through configuration under the NVE interface, which represents the VXLAN Tunnel Endpoint functionality on the switch.

The NVE interface configuration acts as the central point for all VXLAN-related settings on a VTEP. Beyond VLAN-to-VNI mappings, it specifies the source interface whose IP address will be used as the VTEP identifier, defines which VNIs are active, configures multicast groups for BUM traffic handling in multicast-based VXLAN, and establishes EVPN control plane associations when using EVPN. The VLAN-to-VNI mapping specifically tells the VTEP that when it receives a frame on a particular VLAN, it should encapsulate that frame in a VXLAN packet with the corresponding VNI value in the VXLAN header.

Multiple VLANs across different sites can map to the same VNI, enabling VLAN ID flexibility across the data center fabric. For example, VLAN 100 at site A and VLAN 200 at site B can both map to VNI 10000, allowing hosts in these different local VLANs to communicate as if they were in the same Layer 2 domain. This decoupling of local VLAN IDs from the overlay network identifier is one of VXLAN’s key benefits, overcoming the 4096 VLAN ID limitation and enabling flexible network design. When troubleshooting VXLAN connectivity, verifying these mappings with commands like show nve vni ensures that VLANs are correctly associated with VNIs.

VRF instances provide Layer 3 routing isolation but do not define VLAN-to-VNI mappings, though VRFs work alongside VXLAN for Layer 3 overlay services. Bridge domains in some architectures provide Layer 2 forwarding domains but in standard VXLAN implementations, VLAN-to-VNI mappings serve this purpose. Routing protocol adjacencies establish control plane relationships but do not define the VLAN-to-VNI relationship. Only the mapping configured under the NVE interface establishes this critical relationship.

Question 49

An administrator is implementing redundancy for a Cisco UCS system. Which component provides management redundancy and should be deployed in pairs?

A) Fabric Extender

B) Fabric Interconnect

C) I/O Module

D) Blade Server

Answer: B

Explanation:

Fabric Interconnects provide management redundancy in Cisco UCS systems and should be deployed in pairs to ensure high availability. The Fabric Interconnects serve as the central management and connectivity point for the entire UCS domain, running UCS Manager and providing network connectivity for all chassis and servers. Deploying two Fabric Interconnects in a redundant configuration ensures that if one Fabric Interconnect fails, the other continues providing management access and network connectivity without interruption to server operations.

The redundant Fabric Interconnect configuration in UCS creates a highly available architecture where each server connects to both Fabric Interconnects through separate fabric paths labeled A and B. This dual-homing provides both link-level and device-level redundancy. Each chassis contains redundant I/O Modules that connect to their respective Fabric Interconnects, and server adapters have connections to both fabrics. If one Fabric Interconnect fails, traffic automatically continues through the other fabric. UCS Manager running on the Fabric Interconnects operates in a primary-subordinate model where one instance is primary for management while both handle traffic forwarding.

Proper Fabric Interconnect redundancy configuration requires careful attention to several factors. Both Fabric Interconnects must run the same software version to maintain compatibility and consistent behavior. Chassis should connect to both fabrics through separate I/O Modules for complete redundancy. Network uplinks from each Fabric Interconnect should connect to different upstream switches to avoid single points of failure. The management and cluster configuration must be properly established so both Fabric Interconnects can synchronize configuration and maintain coordinated operations even when one is unavailable.

Fabric Extenders extend connectivity but are not management components and do not provide management redundancy. I/O Modules provide chassis-level connectivity to Fabric Interconnects and while they can be redundant, they do not provide UCS domain management. Blade servers are compute resources that benefit from but do not provide management redundancy. Only Fabric Interconnects serve as the management layer that should be deployed in redundant pairs to ensure continuous UCS domain management and operation.

Question 50

A data center engineer needs to configure a policy that allows specific applications to communicate while blocking others in a Cisco ACI fabric. Which ACI object defines the communication permissions between endpoint groups?

A) Bridge Domain

B) Contract

C) VRF

D) Application Profile

Answer: B

Explanation:

Contracts in Cisco ACI define the communication permissions between endpoint groups and serve as the policy enforcement mechanism that allows or denies traffic flows. Contracts are central to ACI’s policy-driven approach where connectivity between EPGs is not permitted by default unless explicitly allowed through contracts. This default-deny security model ensures that only authorized communication paths exist, significantly improving security posture compared to traditional networks where VLANs can communicate freely by default. Contracts specify the protocols, ports, and directions of traffic that are permitted between EPGs that provide or consume the contract.

The contract model in ACI uses provider and consumer relationships to establish communication policies. An EPG that provides a contract is offering certain services defined by the contract’s subjects and filters. An EPG that consumes a contract is requesting access to those services. Multiple EPGs can consume or provide the same contract, enabling scalable policy definition. Within a contract, subjects group related filters, and filters define the actual traffic matching criteria including protocols, port numbers, and Layer 4 through Layer 7 services. This hierarchical structure allows granular control over application communication while maintaining manageable policy definitions.

Contracts support sophisticated policy models including unidirectional and bidirectional communication, quality of service markings, service graph insertion for Layer 4 through Layer 7 services, and contract scopes that control where policies apply. The contract scope determines whether the contract applies within a VRF, between VRFs, or globally across the fabric. This flexibility enables implementations ranging from simple application-to-database communication rules to complex multi-tier application policies with load balancing and firewall insertion. Contracts can also specify taboo relationships that explicitly deny communication, overriding any permit rules from other contracts.

Bridge Domains provide Layer 2 forwarding domains and subnet associations but do not define communication policies between EPGs. VRFs provide Layer 3 routing isolation and can contain multiple bridge domains but do not directly control EPG-to-EPG communication. Application Profiles group related EPGs and contracts that comprise an application but are organizational containers rather than policy enforcement mechanisms. Only contracts provide the actual policy definitions that control which EPGs can communicate and under what conditions.

Question 51

An engineer is configuring Fibre Channel over Ethernet in a Cisco Nexus environment. Which feature must be enabled to ensure lossless transport for storage traffic?

A) Flow Control

B) Priority Flow Control

C) Spanning Tree

D) LACP

Answer: B

Explanation:

Priority Flow Control must be enabled to ensure lossless transport for storage traffic when implementing Fibre Channel over Ethernet. PFC is a critical component of the Data Center Bridging suite of standards that enables FCoE by providing selective pause functionality on a per-priority basis. Unlike traditional Ethernet flow control that pauses all traffic on a link when congestion occurs, PFC can pause specific priority classes while allowing other traffic to continue flowing. This selective pausing is essential for converged networks where storage and data traffic share the same physical infrastructure.

FCoE requires lossless behavior because the Fibre Channel protocol was designed for storage area networks where frame loss is unacceptable and the protocol has no built-in retransmission mechanisms. When Fibre Channel is encapsulated over Ethernet, the underlying network must guarantee frame delivery to maintain protocol integrity. PFC achieves this by monitoring queue depths for the no-drop class assigned to FCoE traffic. When buffers begin filling and risk overflow, the receiving switch sends a PFC pause frame to the upstream device specifically for the FCoE priority class, temporarily halting transmission of that class until buffer space becomes available.

Implementing PFC requires coordination across multiple configuration elements. Quality of service policies must classify FCoE traffic and assign it to a specific priority class, typically using CoS value 3. That priority class must be configured as a no-drop class in the QoS policy. PFC must be enabled on all interfaces carrying FCoE traffic. Network design must account for buffer sizing to handle the pause propagation delays without causing deadlocks. DCBX protocol exchanges between adjacent devices help negotiate and verify consistent PFC configuration automatically, reducing configuration complexity and preventing mismatches.

Traditional flow control pauses all traffic on a link and would impact data traffic unacceptably in a converged network, making it unsuitable for FCoE deployments. Spanning Tree prevents loops but does not provide lossless behavior. LACP enables link aggregation for bandwidth and redundancy but does not ensure lossless delivery. Only Priority Flow Control provides the selective, per-priority lossless behavior required for FCoE to function correctly on Ethernet infrastructure.

Question 52

A network administrator needs to configure multiple VLANs on a trunk port connecting to an upstream switch. Which command enables trunk mode on a Cisco Nexus interface?

A) switchport mode access

B) switchport mode trunk

C) switchport trunk encapsulation dot1q

D) switchport trunk native vlan

Answer: B

Explanation:

The switchport mode trunk command enables trunk mode on a Cisco Nexus interface, allowing it to carry traffic for multiple VLANs simultaneously. Trunk ports are essential in data center networks for interconnecting switches, connecting to servers with multiple VLANs, and establishing vPC peer links. When an interface is configured as a trunk, it tags frames with VLAN identifiers using 802.1Q encapsulation, allowing the receiving device to determine which VLAN each frame belongs to and forward it appropriately. This enables a single physical link to logically carry traffic for many VLANs.

On Cisco Nexus switches, trunk configuration is straightforward because 802.1Q is the only supported trunking encapsulation protocol, unlike some older Catalyst switches that also supported ISL. After configuring an interface as a trunk with switchport mode trunk, additional trunk-related commands control which VLANs are allowed on the trunk, which VLAN is designated as native for untagged traffic, and whether dynamic trunk negotiation protocols are used. The switchport trunk allowed vlan command specifies which VLANs can traverse the trunk, with options to add, remove, or explicitly list VLANs for security and traffic management purposes.

Trunk port configuration must match on both ends of a link to function correctly. Both sides should agree on trunk mode, allowed VLANs, and native VLAN configuration to prevent VLAN mismatches and potential security vulnerabilities. The native VLAN carries untagged traffic and should typically be changed from the default VLAN 1 for security reasons, with both ends configured identically. Best practices include explicitly configuring trunk mode rather than relying on auto-negotiation, pruning unnecessary VLANs from trunks to reduce unnecessary broadcast traffic, and carefully managing native VLAN configuration.

The switchport mode access command configures an interface for access mode, which assigns it to a single VLAN and is used for end-device connections rather than trunking. The switchport trunk encapsulation dot1q command is used on switches that support multiple trunking protocols but is not needed on Nexus switches where 802.1Q is implicit. The switchport trunk native vlan command configures which VLAN is native but does not enable trunk mode itself. Only switchport mode trunk actually enables the trunk mode operation.

Question 53

An administrator is troubleshooting a vPC configuration where traffic is not load balancing as expected. Which command verifies the vPC consistency parameters between peer switches?

A) show vpc brief

B) show vpc consistency-parameters

C) show vpc peer-keepalive

D) show spanning-tree

Answer: B

Explanation:

The show vpc consistency-parameters command verifies the vPC consistency parameters between peer switches and identifies any mismatches that could cause operational issues including traffic forwarding problems. Consistency parameters are critical configuration elements that must match identically on both vPC peer switches for proper operation. These parameters include settings like port channel mode, VLAN configuration, spanning tree settings, MTU, port speeds, and various other attributes that affect how traffic is processed. When inconsistencies exist, vPC may not form correctly, or traffic may not be load balanced properly between the peers.

The consistency check mechanism in vPC operates continuously to ensure configuration synchronization between peers. vPC categorizes consistency parameters into two types. Type 1 parameters are critical for vPC operation and will prevent vPC from coming up if they mismatch. Examples include STP mode, STP region configuration for MST, and port-channel mode. Type 2 parameters are important but will not prevent vPC formation; instead, they generate warnings that administrators should address. Examples include STP global settings, STP interface settings, and MTU configuration. The show vpc consistency-parameters command displays both types and clearly identifies any mismatches.

When troubleshooting vPC issues, examining consistency parameters is essential because mismatches often explain unexpected behavior. If vPC member ports are not load balancing traffic correctly, consistency parameters might reveal that the port-channel load balancing configuration differs between peers, or that interface settings like MTU or speed are inconsistent. If some VLANs work while others do not, VLAN consistency parameters might show which VLANs have configuration mismatches. Resolving these inconsistencies by making configurations match on both peers typically resolves the operational issues.

The show vpc brief command provides overall vPC status and which vPCs are configured but does not detail consistency parameter status. The show vpc peer-keepalive command shows the status of the peer keepalive link used for dual-active detection but not configuration consistency. The show spanning-tree command displays spanning tree operation but does not compare consistency between vPC peers. Only show vpc consistency-parameters provides the detailed comparison of configuration parameters between peers needed for troubleshooting.

Question 54

A data center engineer needs to implement a stretched Layer 2 network across two geographically separated data centers. Which technology provides Layer 2 extension over a Layer 3 network?

A) VLAN Trunking

B) VXLAN

C) VTP

D) STP

Answer: B

Explanation:

VXLAN provides Layer 2 extension over a Layer 3 network, enabling stretched Layer 2 networks across geographically separated data centers connected by IP networks. VXLAN encapsulates Layer 2 Ethernet frames inside Layer 3 UDP packets, allowing Layer 2 segments to be extended across routed networks without requiring Layer 2 connectivity between sites. This overlay approach solves the fundamental challenge of data center interconnect where Layer 2 adjacency is needed for workload mobility and clustering, but Layer 2 protocols like spanning tree do not scale across geographic distances.

VXLAN operates by having VTEPs at each site that perform encapsulation and decapsulation. When a server at one site sends a frame, the local VTEP encapsulates it in a VXLAN packet with a 24-bit VNI that identifies the Layer 2 segment, wraps it in a UDP packet with the remote VTEP IP as the destination, and sends it across the IP network. The remote VTEP receives the packet, decapsulates the original frame, and delivers it to the destination server. This process is transparent to the endpoints which believe they are on the same Layer 2 network despite being separated by routed infrastructure.

The benefits of VXLAN for data center interconnect are substantial. It enables seamless VM migration between sites because VMs maintain their IP and MAC addresses when moving between locations that share the same VXLAN segment. It scales to 16 million segments compared to the 4096 VLAN limit, supporting massive multi-tenant environments. It leverages existing IP network infrastructure including ECMP for load balancing and standard routing protocols for path selection. When combined with EVPN as a control plane, VXLAN provides optimized forwarding, reduced flooding, and sophisticated features like distributed gateway functionality.

VLAN Trunking extends VLANs between switches but requires Layer 2 connectivity and does not work across Layer 3 boundaries or geographic distances. VTP propagates VLAN configuration between switches but does not provide Layer 2 extension over Layer 3. STP prevents loops in Layer 2 networks but does not enable Layer 2 extension across Layer 3 infrastructure. Only VXLAN provides the Layer 2 overlay over Layer 3 underlay capability required for stretched Layer 2 networks across geographic locations.

Question 55

An administrator needs to configure a Cisco Nexus switch to automatically negotiate port speed and duplex. Which command enables this functionality?

A) speed auto

B) duplex auto

C) negotiate auto

D) Both speed auto and duplex auto

Answer: D

Explanation:

Both the speed auto and duplex auto commands must be configured to enable complete automatic negotiation of port speed and duplex on a Cisco Nexus switch. These two parameters are negotiated separately through the IEEE 802.3u auto-negotiation protocol, which allows connected devices to automatically determine the best common speed and duplex mode supported by both ends of the link. Auto-negotiation improves operational efficiency by eliminating manual configuration requirements and reduces errors from speed or duplex mismatches that cause poor performance or link failures.

The auto-negotiation process exchanges information about capabilities between link partners during link establishment. Each device advertises which speeds and duplex modes it supports, and both sides select the highest common capability. The priority order generally favors higher speeds and full duplex over half duplex. For example, if one device supports 10/100/1000 Mbps at full duplex and the other supports 100/1000 Mbps at full duplex, they will negotiate to 1000 Mbps full duplex. Auto-negotiation also exchanges flow control capabilities and other link parameters beyond just speed and duplex.

While auto-negotiation is convenient and generally reliable, certain scenarios require manual configuration. When connecting to devices that do not support auto-negotiation or have it disabled, manual speed and duplex configuration is necessary on the Nexus side to match the other device’s fixed settings. High-speed data center links like 10 Gigabit Ethernet and faster typically operate at fixed speeds without negotiation since only one speed is supported. In some cases, interoperability issues between vendors may require disabling auto-negotiation and manually configuring both sides identically.

The speed auto command alone only configures speed negotiation while leaving duplex configuration unchanged. The duplex auto command only configures duplex negotiation while leaving speed configuration unchanged. The negotiate auto command is not a valid Cisco IOS or NX-OS command for interface configuration. Both speed auto and duplex auto must be configured to enable complete auto-negotiation functionality for both parameters, ensuring the link operates at optimal settings.

Question 56

A network engineer is implementing OSPF in a data center spine-leaf topology. Which OSPF network type is most appropriate for point-to-point links between spine and leaf switches?

A) Broadcast

B) Point-to-point

C) Non-broadcast

D) Point-to-multipoint

Answer: B

Explanation:

The point-to-point OSPF network type is most appropriate for links between spine and leaf switches in a data center topology because it accurately reflects the physical connectivity and provides optimal convergence characteristics. Point-to-point links connect exactly two OSPF routers without any other devices sharing the segment. This network type eliminates unnecessary overhead associated with DR and BDR election that occurs on broadcast and non-broadcast network types, reducing convergence time and simplifying OSPF operation. In spine-leaf architectures where each leaf connects to multiple spines through dedicated links, every spine-leaf connection is inherently point-to-point.

Configuring OSPF for point-to-point operation on Cisco Nexus switches involves setting the interface network type with the ip ospf network point-to-point command. This configuration prevents DR/BDR election processes and changes how OSPF hello and LSA flooding work. On point-to-point networks, routers form full adjacencies immediately without the two-way state that occurs on multi-access networks during DR election. Hello packets use multicast address 224.0.0.5 to reach the single neighbor, and LSAs flood directly between the two routers. This streamlined operation reduces convergence time, which is critical in data center environments where fast failure detection and recovery are essential.

The point-to-point network type also impacts how OSPF represents the topology in its database. Point-to-point links generate Type-1 Router LSAs that describe the connection between the two routers without involving network LSAs that multi-access networks require. This representation is more efficient and accurately models the actual physical connectivity. In spine-leaf designs, this clarity helps with troubleshooting and topology visualization. The absence of DR/BDR election also means that link failures are detected purely through hello timeouts rather than waiting for DR re-election, further improving convergence.

Broadcast network type is appropriate for Ethernet segments with multiple routers like traditional LAN environments but adds unnecessary DR/BDR election overhead for point-to-point links. Non-broadcast network type is used for non-broadcast multi-access environments like Frame Relay but requires manual neighbor configuration and DR/BDR election. Point-to-multipoint is designed for hub-and-spoke topologies and treats the segment as a collection of point-to-point links but with different LSA generation. Point-to-point network type provides the optimal OSPF operation for spine-leaf point-to-point connectivity.

Question 57

An administrator is configuring a service profile in Cisco UCS Manager. Which policy within the service profile defines how the server should boot?

A) BIOS Policy

B) Boot Policy

C) Maintenance Policy

D) Power Control Policy

Answer: B

Explanation:

The Boot Policy within a Cisco UCS service profile defines how the server should boot by specifying the boot order and boot device configurations. Boot policies are essential components of service profiles that determine which devices the server attempts to boot from and in what sequence. This abstraction allows administrators to define boot configuration once as a policy and apply it consistently across multiple servers, enabling rapid server provisioning and ensuring standardized configurations. Boot policies can specify booting from local disks, SAN LUNs, virtual media, PXE network boot, or combinations of these options.

Boot policies support sophisticated configurations including primary and secondary boot options for redundancy. For SAN boot scenarios, the policy specifies the Fibre Channel or FCoE target information including WWPNs and LUNs. For local boot, it identifies which local disks or disk controllers to use. For PXE boot, it specifies which vNIC to use for network booting. The boot order determines the sequence in which the server tries each boot option until it successfully boots. This flexibility enables various use cases from traditional local disk boots to stateless computing where servers boot from SAN storage without local operating system installations.

The boot policy model provides powerful capabilities for server lifecycle management. If a server hardware fails, the service profile including its boot policy can be associated with a replacement server, and the new server will boot identically to the failed one. When infrastructure changes like moving from local boot to SAN boot are needed, updating the boot policy and reacknowledging the service profile changes the boot behavior without manual configuration at the server level. Templates enable creating boot policies that can be shared across many servers, ensuring consistency and simplifying management.

BIOS Policy configures BIOS settings like processor features, memory settings, and hardware parameters but does not define boot order or boot devices. Maintenance Policy controls when and how firmware upgrades and other maintenance tasks are applied but does not specify boot configuration. Power Control Policy defines power-on behavior like boot order priority after power loss but is not the primary boot configuration mechanism. Only Boot Policy provides the comprehensive boot device and boot order configuration required for server initialization.

Question 58

A data center network is experiencing suboptimal traffic flow due to spanning tree blocking redundant links. Which technology allows all links to be active for forwarding while preventing loops?

A) RSTP

B) VLAN Trunking

C) vPC

D) HSRP

Answer: C

Explanation:

Virtual Port Channel technology allows all links to be active for forwarding while preventing loops, eliminating the spanning tree blocked ports that cause suboptimal traffic utilization. vPC enables a downstream device to create a port channel with links distributed across two separate upstream switches, making those two switches appear as a single logical switch to the downstream device. This dual-homing provides both link-level and node-level redundancy while allowing all links to forward traffic simultaneously through active-active load balancing, overcoming the fundamental limitation of spanning tree which blocks redundant paths.

vPC architecture involves two peer switches that operate cooperatively through synchronized configuration and state information. The vPC peer link connects the two switches and carries both control plane messages for vPC coordination and data plane traffic when needed for forwarding. The vPC peer keepalive link provides out-of-band monitoring to detect peer failures and prevent split-brain scenarios. Downstream devices connect using standard port channels, unaware that the port channel members terminate on different physical switches. This transparency means no special configuration or awareness is required on downstream devices.

The benefits of vPC for data center design are substantial. It enables complete bandwidth utilization across all links rather than having spanning tree block half the links for redundancy. It provides fast convergence with subsecond failover when links or switches fail because the port channel on the downstream device simply redistributes traffic to remaining active links. It enables layer 2 multi-pathing improving overall fabric performance. It supports active-active designs where both paths forward traffic simultaneously rather than active-standby designs where backup paths remain idle. These characteristics make vPC fundamental to modern data center network architectures.

RSTP improves spanning tree convergence time compared to original STP but still blocks redundant links and does not enable active-active forwarding. VLAN Trunking carries multiple VLANs over links but does not address loop prevention or enable active-active multi-pathing. HSRP provides first-hop gateway redundancy but operates at Layer 3 and does not prevent spanning tree blocking at Layer 2. Only vPC provides the loop-free active-active link utilization required to overcome spanning tree limitations and enable optimal traffic flow in redundant topologies.

Question 59

An engineer needs to configure a Cisco Nexus switch to provide gateway functionality for multiple VLANs. Which command creates a Layer 3 interface for a VLAN?

A) interface vlan 10

B) vlan 10

C) ip address 10.1.1.1/24 vlan 10

D) switchport access vlan 10

Answer: A

Explanation:

The interface vlan 10 command creates a Layer 3 Switched Virtual Interface for VLAN 10, enabling the switch to provide gateway functionality for that VLAN. SVIs are logical Layer 3 interfaces associated with specific VLANs that allow the switch to route traffic between different VLANs and provide default gateway services for hosts in those VLANs. When an SVI is configured with an IP address, the switch can receive traffic from hosts in that VLAN destined to other subnets, perform routing table lookups, and forward the traffic toward appropriate destinations. This integration of Layer 2 switching and Layer 3 routing in a single device is fundamental to modern data center switch functionality.

Creating and configuring an SVI involves multiple steps. First, the VLAN must exist in the VLAN database created with the vlan command. Second, the SVI is created using interface vlan followed by the VLAN number. Third, an IP address is assigned to the SVI using the ip address command with the desired subnet. Fourth, the no shutdown command brings the SVI administratively up. The SVI will only reach an operational up state if the VLAN exists, is active, and has at least one active port assigned to it. These conditions ensure that SVIs only become operational when there are actually hosts that can use the gateway.

SVIs provide several advantages in data center networks. They enable distributed gateway functionality where leaf switches serve as the default gateway for their attached servers, keeping traffic patterns optimal by routing at the first opportunity. They support features like HSRP or VRRP for first-hop redundancy, allowing multiple switches to provide redundant gateway services. They can be used with anycast gateway configurations where multiple switches share the same gateway IP and MAC address, enabling active-active forwarding. They consume no physical ports since they are logical interfaces, making them efficient for providing Layer 3 services to many VLANs.

The vlan 10 command creates the VLAN in the VLAN database but does not create a Layer 3 interface. The ip address command with vlan specification is not valid syntax for creating or configuring an SVI. The switchport access vlan 10 command assigns a physical port to VLAN 10 but does not create gateway functionality. Only the interface vlan command creates the Layer 3 SVI that can be configured with an IP address to provide gateway services.

Question 60

A network administrator needs to verify which VLANs are currently active and operational on a Cisco Nexus switch. Which command displays this information?

A) show vlan

B) show vlan-switch

C) show interface switchport

D) show running-config vlan

Answer: A

Explanation:

The show vlan command displays comprehensive information about all VLANs configured on a Cisco Nexus switch including VLAN ID, name, status, and which ports are assigned to each VLAN. This command is the primary tool for verifying VLAN configuration and operational status, providing a complete view of the Layer 2 segmentation on the switch. The output shows active VLANs in the VLAN database, indicates whether each VLAN is active or suspended, and lists all switch ports that are assigned to each VLAN either as access ports or as allowed VLANs on trunk ports.

The show vlan output includes multiple columns providing detailed VLAN information. The VLAN column displays the VLAN ID number, Name shows the configured VLAN name or default name if not customized, Status indicates whether the VLAN is active or suspended, and Ports lists all interfaces associated with that VLAN. Additional information may include the VLAN type, whether it is a private VLAN with community or isolated characteristics, and the STP instance associated with the VLAN. The command can be modified with additional parameters like show vlan brief for summarized output or show vlan id to display information about a specific VLAN.

Understanding VLAN status and configuration is essential for troubleshooting connectivity issues. If hosts cannot communicate, verifying that they are in the correct VLAN using show vlan helps identify misconfiguration. If a VLAN appears in the output but shows no assigned ports, it indicates the VLAN exists but has no active members. If a VLAN is suspended, it will not forward traffic even if ports are assigned. The command helps verify that trunk ports include necessary VLANs in their allowed lists and that access ports are assigned to appropriate VLANs for their connected devices.

The show vlan-switch command exists on some Cisco platforms but not on Nexus switches which use show vlan. The show interface switchport command displays switchport configuration for specific interfaces including their VLAN assignments but does not provide a comprehensive VLAN-centric view across the switch. The show running-config vlan command displays VLAN configuration commands but does not show operational status or current port assignments in an easily readable format. Only show vlan provides the comprehensive, operational VLAN information needed for verification and troubleshooting.