NEXUS INTERVIEW QUESTION

Question:
Q. What is the command is used to verify the "HSRP Active State" on a Nexus 7000 Series
Switch?
A. The command is show hsrp active or show hsrp brief .

Nexux_7K# show hsrp br

Nexus_7K# show hsrp standb br

Q. On a Nexus 7018, when trying to perform a 'no shut' on Ethernet 1/3, the ERROR:
Ethernet1/3: Config not allowed, as first port in the port-grp is dedicated error message is
received.
A. The device thinks that the first port in the port-grp is in dedicated mode instead of shared
mode. When the first port of a port-grp is in dedicated mode, the other ports of the port-grp
cannot be used.
.

Q. What is vPC and what are its benefits?

A. Virtual PortChannel (vPC) is a port-channeling concept that extends link aggregation

to two separate physical switches.
Benefits of vPC include:

Utilizes all available uplink bandwidth

Allows the creation of resilient Layer 2 topologies based on link

aggregation
Eliminates the dependence of Spanning Tree Protocol in Layer 2 access
distribution layer(s)

Enables transparent server mobility and server high availability (HA)

clusters
Scales available Layer 2 bandwidth
Simplifies network design
Dual-homed servers can operate in active-active mode
Faster convergence upon link failure
Improves convergence time when a single device fails
Reduces capex and opex

Q. Why does vPC not block either of the vPC uplinks?

A. Nexus 7000 has a loop prevention method that drops traffic traversing the peer link (destined for a vPC peer link)
when there are no failed vPC ports or links. The rule is simple: if the packet crosses the vPC peer link, it may not go
out any port in a vPC even if that vPC does not have the original VLAN.

Q. How do I verify the features enabled on Nexus 7000 Series Switch

with NX-OS 4.2?

A. Issue the show feature command in order to verify.

switch-N7K# show feature

Feature Name
Instance
-------------------- -------tacacs
1
scheduler
1
isis
2
isis
3
isis
4
ospf
1
ospf
2
ospf
3

State
-------enabled
enabled
disabled
disabled
disabled
enabled
disabled
disabled

switch-N7K# show run | I feature

feature vrrp
feature tacacs+
feature scheduler
feature ospf

Q. Is there a tool available for configuration conversion on Cisco 6500

series to the Nexus platform?

A. Cisco has developed the IOS-NXOS Migration Tool for quick configuration conversion on Cisco 6500 series to the
Nexus series OS.

Q. How many syslog servers can be added to a Nexus 7000 Series

Switch?

A. The maximum number of syslog servers configured is 3.

Q. Is Nexus 7010vPC feature (LACP enabled) compatible with the Cisco

ASA etherchannel feature and with ACE 4710 etherchannel?

A. With respect to vPC, any device that runs the LACP (which is a standard), is compatible with the Nexus 7000,
including ASA/ACE.

Q. What are orphan ports?

A. Orphan ports are single attached devices that are not connected via a vPC, but still carry vPC VLANs. In the
instance of a peer-link shut or restoration, an orphan port's connectivity may be bound to the vPC failure or
restoration process. Issue the show vpc orphan-ports command in order to identify the impacted VLANs.

Q. How many OSPF processes can be run in a virtual device context

(VDC)?

A. There can be up to four (4) instances of OSPFv2 in a VDC.

Q. Which Nexus 7000 modules support Fibre Channel over Ethernet

(FCoE)?

A. The Cisco Nexus 7000 Series 32-Port 1 and 10 Gigabit Ethernet Module support FCoE. The part number of the
product is N7K-F132XP-15.

Q. What is the minimum NX-OS release required to support FCoE in the

Nexus 7000 Series Switches?

A. FCoE is supported on Cisco Nexus 7000 Series systems running Cisco NX-OS Release 5.2 or later.

Q. On a Nexus, is the metric-type keyword not available in the "defaultinformation originate" command?

A. On a Nexus, use a route-map command with a set clause of metric-type type-[] in order to have the
same functionality as in IOS using the default-information originate always metric-type [] command.
For example:

switch(config)#route-map STAT-OSPF, permit, sequence 10

switch(config-route-map)#match interface ethernet 1/2
switch(config-route-map)#set metric-type {external | internal |
type-1 | type-2}

Q. How do I redistribute connected routes into an OSPF instance on a

Nexus 7010 with a defined metric?

A. In NX-OS, a route-map is always required when redistributing routes into an OSPF instance, and you will also use
this route-map to set the metric. Further, subnet redistribution is by default, so you do not have to add
the subnets keyword.
For example:

switch(config)#access-list 101 permit ip <connected network>

<wildcard> any
switch(config)#access-list 101 permit ip <connected network>
<wildcard> any
switch(config)#access-list 101 permit ip <connected network>
<wildcard> any
switch(config)#access-list 101 deny any
!
Router(config)# route-map direct2ospf permit 10
Router(config-route-map)# match ip address 101
Router(config-route-map)# set metric <100>
Router(config-route-map)# set metric-type type-1
!
switch(config)#router ospf 1
switch(config-router)#redistribute direct route-map direct2ospf

Q. What is the equivalent NX-OS command for the "ip multicast-routing"

IOS command, and does the Nexus 7000 support PIM-Sparse mode?

A. The command is feature pim. In NX-OS, multicast is enabled only after enabling the PIM or PIM6 feature on each
router and then enabling PIM or PIM6 sparse mode on each interface that you want to participate in multicast.
For example:

switch(config)#feature pim
switch(config)#interface Vlan[536]
switch(config-if)#ip pim sparse-mode
See Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide, Release 5.x for a complete configuration
guide.

Q. When I issue the "show ip route bgp" command, I see my routes

being learned via OSPF and BGP. How can I verify on the NX-OS which
one will always be used and which one is a backup?

A. Here is what is received:

Nexus_7010#show ip route bgp
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
172.20.62.0/23, ubest/mbest: 1/0
*via 10.194.160.2, [20/0], 18:53:35, bgp-[AS-Number], internal, tag [Number]
via 10.194.16.5, Vlan116, [110/1043], 18:43:51, ospf-1, intra
172.20.122.0/23, ubest/mbest: 1/0
*via 10.194.160.2, [20/0], 18:53:35, bgp-[AS-Number], internal, tag [Number]
via 10.194.16.5, Vlan116, [110/1041], 18:43:51, ospf-1, intra
By default, BGP selects only a single best path and does not perform load balancing. As a result, the route marked
with the * will always be used, unless it goes down, at which point any remaining routes will become the preferred
path.

Q. How do I avoid receiving the "Failed to process kickstart image. PreUpgrade check failed" error message when upgrading the image on a
Nexus 7000 Series Switch?

A. One potential reason for receiving this error message is if the file name specified is not correct.
For example:
switch#install all kickstart bootflash:n7000-sl-kickstart.5.1.1a.bin system
bootflash:n7000-sl-dk9.5.1.1a.bin
In this example, the file name contains "sl" (lowercase letter l) instead of "s1" (number 1).

Q. How can I avoid receiving the "Configuration does not match the port
capability" error message when enabling "switchport mode fex-fabric"?

A. This error message is generated because the port is not FEX capable:

N7K-2(config)#interface ethernet 9/5

N7K-2(config-if)#switchport mode fex-fabric
ERROR: Ethernet9/5: Configuration does not match the port
capability
In order to resolve this problem, check the port capabilities by using the show interface ethernet command.
For example:

N7K-2#show interface ethernet 9/5 capabilities

Ethernet9/5
Model:
N7K-M132XP-12
Type (SFP capable):
10Gbase-(unknown)
Speed:
10000
Duplex:
full

Trunk encap. type:

Channel:
Broadcast suppression:
Flowcontrol:
Rate mode:
QOS scheduling:
CoS rewrite:
ToS rewrite:
SPAN:
UDLD:
Link Debounce:
Link Debounce Time:
MDIX:
Pvlan Trunk capable:
Port Group Members:
TDR capable:
FabricPath capable:
Port mode:
FEX Fabric:
dot1Q-tunnel mode:

802.1Q
yes
percentage(0-100)
rx-(off/on),tx-(off/on)
shared
rx-(8q2t),tx-(1p7q4t)
yes
yes
yes
yes
yes
yes
no
no
1,3,5,7
no
no
Routed,Switched
no
yes

From this output of the show interface ethernet 9/5 capabilities command, you can see FEX Fabric: no. This
verifies that the port is not FEX capable. In order to resolve this problem, upgrade the EPLD images to Cisco NX-OS
Release 5.1(1) or later.

Q. When I issue the "show interface counters errors" command, I see

that one of the interfaces is consistently posting errors. What are the
FCS-Err and Rcv-Err in the output of the "show interface counters
errors" command?

A. Here is what is received:

Nexus-7000#show interface counters errors
---------------------------------------------------------------------------Port
Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize OutDiscards
---------------------------------------------------------------------------Eth1/1
0
26
0
26
0
0
With FCS-Err and Rcv-Err, it is usually an indication that you are receiving corrupt packets.

Q. How do I enable/disable logging link status per port basis on a Nexus

7000 Series Switch?

A. All interface link status (up/down) messages are logged by default. Link status events can be configured globally
or per interface. The interfacecommand enables link status logging messages for a specific interface.
For example:

N7k(config)#interface ethernet x/x

N7k(config-if)#logging event port link-status

Q. How do I check the Network Time Protocol (NTP) status on a Nexus

7000 Series Switch?

A. In order to display the status of the NTP peers, issue the show ntp peer-status command:

switch#show ntp peer-status

Total peers : 1
* - selected for sync, + -

peer mode(active),

- - peer mode(passive), = - polled in client mode

remote
delay
vrf

local

st

poll

reach

-----------------------------------------------------------------------------*10.1.10.5
0.00134 default

0.0.0.0

64

377

Q. How do I capture the output of the show tech-support details?

A. Issue the tac-pac bootflash://<filename> command in order to redirect the output of the show tech command to a
file, and then gzip the file.
For example:

switch#tac-pac bootflash://showtech.switch1
Issue the copy bootflash://showtech.switch1 tftp://<server IP/<path> command in order to copy the file from
bootflash to the TFTP server.
For example:

switch#copy bootflash://showtech.switch1 tftp://<server IP/<path>

Q. Can a Nexus 7000 be a DHCP server and can it relay DHCP requests
to different DHCP servers per VLAN?

A. The Nexus 7000 does not support a DHCP server, but it does support DHCP relay. For relay, use the ip dhcp relay
address x.x.x.x interface command.
See Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.x for more information on Dynamic
Host Configuration Protocol (DHCP) on a Cisco NX-OS device.

Q. How do I implement VTP in a Nexus 7000 Series Switch where VLANs

are manually configured?

A. Cisco does not recommend running VTP in data centers. If someone attaches a switch to the network with a
higher revision number without changing the VTP mode from the server, it will override the VLAN configuration on the
switch.

Q. Is there a best practice for port-channel load balancing between

Nexus 1000V Series and Nexus 7000 Series Switches?

A. There is no recommended best practice for load-balancing between the Nexus 1000V Series and Nexus 7000
Series Switches. You can choose either a flow-based or a source-based model depending on the network's
requirement.

Q. During Nexus 7010 upgrade from 5.2.1 to 5.2.3 code, the X-bar module
in slot 4 keeps powering off. The %MODULE-2-XBAR_DIAG_FAIL: Xbar 4 reported
failure due to Module asic(s) reported sync loss (DevErr is LinkNum). Trying
to Resync in device 88 (device error 0x0)

error message is received.

A. This error message corresponds to diagnostic failures on module 2. It could be a bad connection to the X-bar from
the linecard, which is results in the linecard being unable to sync. Typically with these errors, the first step is to reseat
the module. If that does not resolve the problem, reseat the fabric as well as the module individually.

Posted 16th May 2012 by Nehal Akther

3
1. What is VDC in Cisco Nexus? and How many VDCs can be created when we have SUP1?
2. What is the command to check List of VDC? Command to allocate Interfaces to Non-Default
VDCs?
3. What is the reason that LACP does not work by default? How can we enable it?

LACP has to be enabled in Cisco Nexus Environment. You can use Show Feature command to
check the status of LACP.

4. How to find Unique Host ID of Nexus Device for Licensing?

Licenses in Cisco Nexus is issued on the Basis of Host id. Use Show license Host-ID
command to check the Host ID
5. How can we check the list of Feature-sets available?
Show Feature-set
Click here to get this course at 15$
6. Commands to check the list of Modules?

Show Module
7. What is the main Difference between M series Line Card and F Series?
F Series cards are for Layer 2 functionality Only ( Some advance F Series cards may have Layer
3 ). M series Modules support Layer 2 and Layer 3. M Series Module has to be in Your Chassis
to be able to do Routing. F series modules can use Proxy routing using M Series Modules present
in Device.
8. What is FEX? How to check the Version of FEX once it is discovered?
Its a kind of Line card which is brain less and non-configurable from its own console. It has to be
connected to Parent switch either 5K or 7K . Once configured well from Parent- It will appear as
Line Card. You can use Show Fex or Show fex detail for verifying configuration.
9. What is Static Pinning? What is the max limit of Pinning of Links can be set when we use Port
channel?
10. How many Fex can be connected on Nexus 5000?
11 What happens when FEX go offline due to some reasons? What happens to Config . Does it
get deleted?
Config remains in Parent however- not visible. Once Fex is reconnected- You will be able to see
configuration.
12. what is checkpoint? How many checkpoints can be set?
It is similar to windows checkpoint. You can save your configuration till any point, later compare
as well and if needed, rollback to checkpoints. You can also set multiple checkpoints.
Click here to get this course at 15$
13. How to compare checkpoint? How Global changes are impactful when checkpoint is set on
non-default VDC
14. What happens when device reloads- Does it retain Checkpoint files? How to rollback
configuration
Reload will delete checkpoints which you have set. Rollback command is to revert the
configuration

15. What are the Spanning Tree Modes available on Nexus 7K and 5K?
RPVST+ and MST
Click here to get this course at 15$
16. what is vPC? How it is different from VSS?
17. Does vPC work on Active Active ? If yes, then why do we have vPC Primary and
Secondary?
18. What is vPC Peer Link ? What happens when it go down?
19. what is vPC Peer Keepalive? What happens when this link goes down?
20. How many devices you can include in vPC Domain? What happens when you change the
domain Name or Number? Will it delete the configuration? Does domain name need to be Same
on Both vPC Peers?
21. What is vPC peer check? How does it stop loops?