Ammar Ahmadi
CCNP Data Center Application Centric Infrastructure 300-620 Dcaci Official Cert Guide
Ammar Ahmadi
CCNP Data Center Application Centric Infrastructure 300-620 Dcaci Official Cert Guide
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Straight from Cisco: the official complete assessment, review, and practice for the new CCNP Data Center DCACI 300-620 exam! Authoritative coverage of every Implementing Cisco Application Centric Infrastructure (DCACI 300-620) exam topic, with all the context and practical examples you need to succeed Logical, well-organized, and practical coverage of Cisco Nexus 9000 in ACI mode: configuration, integration, management, monitoring, networking, interconnections, programmability, orchestration, and more Includes realistic practice tests, plus extensive proven features to help you review more…mehr
Andere Kunden interessierten sich auch für
- William RothwellComptia Linux+ Xk0-004 Cert Guide51,99 €
- Wendell OdomCCNA Routing and Switching ICND2 200-105 Official Cert Guide28,99 €
- Wendell OdomExam 65 Official Cert Guide Library41,99 €
- Rick McDonaldComptia A+ Core 1 (220-1001) and Core 2 (220-1002) Cert Guide52,99 €
- Wendell OdomCCENT/CCNA ICND1 100-105 Official Cert Guide27,99 €
- Todd LammleCCST Cisco Certified Support Technician Study Guide41,99 €
- Don PoultonMcSa 70-410 Cert Guide R252,99 €
-
-
-
Straight from Cisco: the official complete assessment, review, and practice for the new CCNP Data Center DCACI 300-620 exam! Authoritative coverage of every Implementing Cisco Application Centric Infrastructure (DCACI 300-620) exam topic, with all the context and practical examples you need to succeed Logical, well-organized, and practical coverage of Cisco Nexus 9000 in ACI mode: configuration, integration, management, monitoring, networking, interconnections, programmability, orchestration, and more Includes realistic practice tests, plus extensive proven features to help you review more efficiently Ideal for Cisco data center professionals pursuing CCNP Data Center certificationdcaci; 300-620; ccnp, cisco data center; ccnp data center; cisco nexus 9000; nexus 9000 + aci; nexus 9000 configuration; nexus 9000 integration; nexus 9000 management; nexus 9000 monitoring; nexus 9000 networking; nexus 9000 interconnections; nexus 9000 programmability; nexus 9000 orchestration; aci fabrics; aci tenant configuration, aci multi-pod, aci-multi-site; aci golf
This is Cisco's official, comprehensive self-study resource for preparing for the DCACI 300-620 exam, part of Cisco's modern pathway towards CCNP Data Center certification. Cisco technology experts cover every objective concisely and logically, with extensive teaching features designed to promote retention and understanding. You'll find: Pre-chapter quizzes to assess knowledge upfront and focus study more efficiently Foundation topics sections that explain concepts and configurations, and link theory to actual configuration commands Key topics sections calling attention to every figure, table, and list that candidates must know Exam preparation sections with additional chapter review features Final preparation chapter providing tools and a complete final study plan Customizable online practice testsThis guide presents comprehensive, current coverage of Cisco Nexus 9000 series switches in ACI mode. It presents a holistic picture of ACI design and configuration at an intermediate level, covering key skills for designing, configuring, and troubleshooting data center networks using Cisco ACI. Coverage includes Cisco ACI: Configuration Integration Management and monitoring Network resources Interconnections Programmability and orchestration
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
This is Cisco's official, comprehensive self-study resource for preparing for the DCACI 300-620 exam, part of Cisco's modern pathway towards CCNP Data Center certification. Cisco technology experts cover every objective concisely and logically, with extensive teaching features designed to promote retention and understanding. You'll find: Pre-chapter quizzes to assess knowledge upfront and focus study more efficiently Foundation topics sections that explain concepts and configurations, and link theory to actual configuration commands Key topics sections calling attention to every figure, table, and list that candidates must know Exam preparation sections with additional chapter review features Final preparation chapter providing tools and a complete final study plan Customizable online practice testsThis guide presents comprehensive, current coverage of Cisco Nexus 9000 series switches in ACI mode. It presents a holistic picture of ACI design and configuration at an intermediate level, covering key skills for designing, configuring, and troubleshooting data center networks using Cisco ACI. Coverage includes Cisco ACI: Configuration Integration Management and monitoring Network resources Interconnections Programmability and orchestration
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: Cisco Press / LAP Lambert Academic Publishing
- Seitenzahl: 550
- Erscheinungstermin: 11. Februar 2021
- Englisch
- Abmessung: 237mm x 198mm x 40mm
- Gewicht: 1g
- ISBN-13: 9780136602668
- ISBN-10: 0136602665
- Artikelnr.: 57562082
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
- Verlag: Cisco Press / LAP Lambert Academic Publishing
- Seitenzahl: 550
- Erscheinungstermin: 11. Februar 2021
- Englisch
- Abmessung: 237mm x 198mm x 40mm
- Gewicht: 1g
- ISBN-13: 9780136602668
- ISBN-10: 0136602665
- Artikelnr.: 57562082
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
Ammar Ahmadi, CCIE No. 50928, has nearly a decade of experience in data center design, implementation, optimization, and troubleshooting. He currently consults for Cisco Gold partner AHEAD INC, where he has been designing and supporting large-scale ACI fabrics since the early days of ACI. Occasionally, he breaks from design work to produce network modernization roadmaps or demonstrate the possibilities of software-defined networking (SDN) to customers. Ammar also owns and operates Networks Reimagined LLC, which focuses on SDN enablement and training. He can be reached at ammar.ahmadi@networksreimagined.com.
Introduction xxv
Part I Introduction to Deployment
Chapter 1 The Big Picture: Why ACI? 2
“Do I Know This Already?” Quiz 2
Foundation Topics 4
Understanding the Shortcomings of Traditional Networks 4
Network Management 4
Scalability and Growth 5
Network Agility 8
Security 8
Network Visibility 9
Recognizing the Benefits of Cisco ACI 9
Network Management Touchpoints 9
Traffic Flow Optimizations 10
Scalability Optimizations 10
Programmability 11
Stateless Network 11
Multitenancy 11
Zero-Trust Security 14
Cross-Platform Integrations 15
New Architectural Possibilities 15
Integrated Health Monitoring and Enhanced Visibility 16
Policy Reuse 16
Exam Preparation Tasks 16
Review All Key Topics 16
Complete Tables and Lists from Memory 17
Define Key Terms 17
Chapter 2 Understanding ACI Hardware and Topologies 18
“Do I Know This Already?” Quiz 18
Foundation Topics 21
ACI Topologies and Components 21
Clos Topology 21
Standard ACI Topology 22
ACI Stretched Fabric Topology 24
ACI Multi-Pod Topology 25
ACI Multi-Site Topology 26
ACI Multi-Tier Architecture 28
Remote Leaf Topology 30
APIC Clusters 32
APIC Cluster Scalability and Sizing 33
Spine Hardware 36
First-Generation Spine Switches 37
Second-Generation Spine Switches 37
Leaf Hardware 38
First-Generation Leaf Switches 38
Second-Generation Leaf Switches 39
Exam Preparation Tasks 41
Review All Key Topics 41
Complete Tables and Lists from Memory 41
Define Key Terms 41
Chapter 3 Initializing an ACI Fabric 42
“Do I Know This Already?” Quiz 42
Foundation Topics 44
Understanding ACI Fabric Initialization 44
Planning Fabric Initialization 45
Understanding Cabling Requirements 45
Connecting APICs to the Fabric 46
Initial Configuration of APICs 47
APIC OOB Configuration Requirements 47
Out-of-Band Versus In-Band Management 48
Configuration Information for Fabric Initialization 48
Switch Discovery Process 49
Fabric Discovery Stages 51
Switch Discovery States 51
Initializing an ACI Fabric 52
Changing the APIC BIOS Password 52
Configuring the APIC Cisco IMC 52
Initializing the First APIC 53
Discovering and Activating Switches 55
Understanding Graceful Insertion and Removal (GIR) 58
Initializing Subsequent APICs 59
Understanding Connectivity Following Switch Initialization 59
Basic Post-Initialization Tasks 63
Assigning Static Out-of-Band Addresses to Switches and APICs 63
Applying a Default Contract to Out-of-Band Subnet 64
Upgrading an ACI Fabric 66
Understanding Schedulers 73
Enabling Automatic Upgrades of New Switches 74
Understanding Backups and Restores in ACI 75
Making On-Demand Backups in ACI 76
Making Scheduled Backups in ACI 79
Taking Configuration Snapshots in ACI 80
Importing Configuration Backups from Remote Servers 80
Executing Configuration Rollbacks 82
Pod Policy Basics 83
Configuring Network Time Protocol (NTP) Synchronization 84
Configuring DNS Servers for Lookups 90
Verifying COOP Group Configurations 92
Exam Preparation Tasks 93
Review All Key Topics 93
Complete Tables and Lists from Memory 94
Define Key Terms 94
Chapter 4 Exploring ACI 96
“Do I Know This Already?” Quiz 96
Foundation Topics 98
ACI Access Methods 98
GUI 99
CLI 100
APIC CLI 100
Switch CLI 102
API 103
Management Access Modifications 103
Understanding the ACI Object Model 105
Learning ACI Through the Graphical User Interface 107
Exploring the Object Hierarchy by Using Visore 108
Why Understand Object Hierarchy Basics for DCACI? 110
Policy in Context 110
Integrated Health Monitoring and Enhanced Visibility 110
Understanding Faults 111
The Life of a Fault 113
Acknowledging Faults 115
Faults in the Object Model 116
Monitoring Policies in ACI 118
Customizing Fault Management Policies 120
Squelching Faults and Changing Fault Severity 121
Understanding Health Scores 124
Understanding Events 126
Squelching Events 127
Understanding Audit Logs 127
Exam Preparation Tasks 128
Review All Key Topics 128
Complete Tables and Lists from Memory 129
Define Key Terms 129
Part II ACI Fundamentals
Chapter 5 Tenant Building Blocks 130
“Do I Know This Already?” Quiz 130
Foundation Topics 132
Understanding the Basic Objects in Tenants 132
Tenants 133
Predefined Tenants in ACI 134
VRF Instances 135
Bridge Domains (BDs) 137
Endpoint Groups (EPGs) 137
Application Profiles 138
The Pain of Designing Around Subnet Boundaries 139
BDs and EPGs in Practice 141
Configuring Bridge Domains, Application Profiles, and EPGs 142
Classifying Endpoints into EPGs 146
APIC CLI Configuration of Tenant Objects 147
Contract Security Enforcement Basics 148
Contracts, Subjects, and Filters 148
Contract Direction 149
Contract Scope 150
Zero-Trust Using EPGs and Contracts 151
Objects Enabling Connectivity Outside the Fabric 151
External EPGs 151
Layer 3 Outside (L3Out) 153
Tenant Hierarchy Review 153
Exam Preparation Tasks 154
Review All Key Topics 154
Complete Tables and Lists from Memory 154
Define Key Terms 154
Chapter 6 Access Policies 156
“Do I Know This Already?” Quiz 156
Foundation Topics 158
Pools, Domains, and AAEPs 158
VLAN Pools 159
Domains 160
Common Designs for VLAN Pools and Domains 161
Challenges with Overlap Between VLAN Pools 164
Attachable Access Entity Profiles (AAEPs) 165
Policies and Policy Groups 169
Interface Policies and Interface Policy Groups 169
Planning Deployment of Interface Policies 173
Switch Policies and Switch Policy Groups 174
Profiles and Selectors 176
Configuring Switch Profiles and Interface Profiles 179
Stateless Networking in ACI 182
Bringing It All Together 183
Access Policies Hierarchy in Review 183
Access Policies and Tenancy in Review 184
Exam Preparation Tasks 184
Review All Key Topics 184
Complete Tables and Lists from Memory 185
Define Key Terms 185
Chapter 7 Implementing Access Policies 186
“Do I Know This Already?” Quiz 186
Foundation Topics 188
Configuring ACI Switch Ports 188
Configuring Individual Ports 188
Configuring Port Channels 196
Configuring Virtual Port Channel (vPC) Domains 201
Configuring Virtual Port Channels 204
Configuring Ports Using AAEP EPGs 208
Implications of Initial Access Policy Design on Capabilities 210
Configuring Access Policies Using Quick Start Wizards 211
The Configure Interface, PC, and VPC Wizard 211
The Configure Interface Wizard 211
Additional Access Policy Configurations 212
Configuring Fabric Extenders 212
Configuring Dynamic Breakout Ports 215
Configuring Global QoS Class Settings 217
Configuring DHCP Relay 219
Configuring MCP 221
Configuring Storm Control 223
Configuring CoPP 225
Modifying BPDU Guard and BPDU Filter Settings 230
Modifying the Error Disabled Recovery Policy 231
Configuring Leaf Interface Overrides 232
Configuring Port Channel Member Overrides 232
Exam Preparation Tasks 235
Review All Key Topics 235
Complete Tables and Lists from Memory 236
Define Key Terms 236
Chapter 8 Implementing Tenant Policies 238
“Do I Know This Already?” Quiz 238
Foundation Topics 241
ACI Endpoint Learning 241
Lookup Tables in ACI 241
Local Endpoints and Remote Endpoints 242
Understanding Local Endpoint Learning 243
Unicast Routing and Its Impact on Endpoint Learning 243
Understanding Remote Endpoint Learning 244
Understanding the Use of VLAN IDs and VNIDs in ACI 245
Endpoint Movements Within an ACI Fabric 247
Understanding Hardware Proxy and Spine Proxy 247
Endpoint Learning Considerations for Silent Hosts 248
Where Data Plane IP Learning Breaks Down 249
Endpoint Learning on L3Outs 249
Limiting IP Learning to a Subnet 249
Understanding Enforce Subnet Check 250
Disabling Data Plane Endpoint Learning on a Bridge Domain 250
Disabling IP Data Plane Learning at the VRF Level 251
Packet Forwarding in ACI 251
Forwarding Scenario 1: Both Endpoints Attach to the Same Leaf 251
Understanding Pervasive Gateways 252
Forwarding Scenario 2: Known Destination Behind Another Leaf 254
Verifying the Traffic Path Between Known Endpoints 254
Understanding Learning and Forwarding for vPCs 256
Forwarding Scenario 3: Spine Proxy to Unknown Destination 258
Forwarding Scenario 4: Flooding to Unknown Destination 261
Understanding ARP Flooding 262
Deploying a Multi-Tier Application 263
Configuring Application Profiles, BDs, and EPGs 264
Assigning Domains to EPGs 267
Policy Deployment Following BD and EPG Setup 267
Mapping EPGs to Ports Using Static Bindings 267
Verifying EPG-to-Port Assignments 269
Policy Deployment Following EPG-to-Port Assignment 270
Mapping an EPG to All Ports on a Leaf 270
Enabling DHCP Relay for a Bridge Domain 271
Whitelisting Intra-VRF Communications via Contracts 272
Planning Contract Enforcement 272
Configuring Filters for Bidirectional Application 273
Configuring Subjects for Bidirectional Application of Filters 275
Understanding Apply Both Directions and Reverse Filter Ports 277
Verifying Subject Allocation to a Contract 278
Assigning Contracts to EPGs 278
Understanding the TCP Established Session Rule 279
Creating Filters for Unidirectional Application 280
Configuring Subjects for Unidirectional Application of Filters 280
Additional Whitelisting Examples 282
Verifying Contract Enforcement 283
Understanding the Stateful Checkbox in Filter Entries 284
Contract Scopes in Review 284
Exam Preparation Tasks 285
Review All Key Topics 285
Complete Tables and Lists from Memory 287
Define Key Terms 287
Part III External Connectivity
Chapter 9 L3Outs 288
“Do I Know This Already?” Quiz 288
Foundation Topics 291
L3Out Fundamentals 291
Stub Network and Transit Routing 291
Types of L3Outs 292
Key Functions of an L3Out 293
The Anatomy of an L3Out 293
Planning Deployment of L3Out Node and Interface Profiles 295
Understanding L3Out Interface Types 296
Understanding L3Out Bridge Domains 296
Understanding SVI Encap Scope 298
Understanding SVI Auto State 299
Understanding Prerequisites for Deployment of L3Outs 301
L3 Domain Implementation Examples 301
Understanding the Need for BGP Route Reflection 303
Implementing BGP Route Reflectors 304
Understanding Infra MP-BGP Route Distribution 305
Deploying L3Outs 307
Configuring an L3Out for EIGRP Peering 307
Deploying External EPGs 310
Verifying Forwarding Out an L3Out 312
Advertising Subnets Assigned to Bridge Domains via an L3Out 314
Enabling Communications over L3Outs Using Contracts 316
Deploying a Blacklist EPG with Logging 318
Advertising Host Routes Out an ACI Fabric 321
Implementing BFD on an EIGRP L3Out 321
Configuring Authentication for EIGRP 324
EIGRP Customizations Applied at the VRF Level 324
Configuring an L3Out for OSPF Peering 325
A Route Advertisement Problem for OSPF and EIGRP L3Outs 328
Implementing BFD on an OSPF L3Out 328
OSPF Customizations Applied at the VRF Level 329
Adding Static Routes on an L3Out 329
Implementing IP SLA Tracking for Static Routes 330
Configuring an L3Out for BGP Peering 334
Implementing BGP Customizations at the Node Level 337
Implementing Per-Neighbor BGP Customizations 339
Implementing BFD on a BGP L3Out 341
Implementing BGP Customizations at the VRF Level 342
Implementing OSPF for IP Reachability on a BGP L3Out 343
Implementing Hot Standby Router Protocol (HSRP) 344
IPv6 and OSPFv3 Support 344
Implementing Route Control 344
Route Profile Basics 344
Modifying Route Attributes to All Peers Behind an L3Out 346
Modifying Route Attributes to a Specific Peer Behind an L3Out 349
Assigning Different Policies to Routes at the L3Out Level 351
Configuring Inbound Route Filtering in ACI 352
Exam Preparation Tasks 353
Review All Key Topics 353
Complete Tables and Lists from Memory 356
Define Key Terms 356
Chapter 10 Extending Layer 2 Outside ACI 358
“Do I Know This Already?” Quiz 358
Foundation Topics 361
Understanding Network Migrations into ACI 361
Understanding Network-Centric Deployments 361
Understanding Full-Mesh Network-Centric Contracts 362
Understanding Any EPG 364
Understanding Preferred Group Members 365
Disabling Contract Enforcement at the VRF Instance Level 367
Flooding Requirements for L2 Extension to Outside Switches 368
Understanding GARP-Based Detection 370
Understanding Legacy Mode 371
Endpoint Learning Considerations for Layer 2 Extension 371
Preparing for Network-Centric Migrations 372
Implementing Layer 2 Connectivity to Non-ACI Switches 372
Understanding EPG Extensions 372
Understanding Bridge Domain Extensions 374
Comparing EPG Extensions and BD Extensions 374
Implementing EPG Extensions 375
Implementing L2Outs 380
Migrating Overlapping VLANs into ACI 385
Understanding ACI Interaction with Spanning Tree Protocol 386
Remediating Against Excessive Spanning Tree Protocol TCNs 386
Configuring MST Instance Mappings in ACI 387
Understanding Spanning Tree Protocol Link Types 388
Using MCP to Detect Layer 2 Loops 388
Exam Preparation Tasks 389
Review All Key Topics 389
Complete Tables and Lists from Memory 390
Define Key Terms 390
Part IV Integrations
Chapter 11 Integrating ACI into vSphere Using VDS 392
“Do I Know This Already?” Quiz 392
Foundation Topics 394
Understanding Networking in VMware vSphere 394
Understanding vSphere Standard Switches 395
Understanding vSphere Distributed Switches 397
Understanding vSphere System Traffic 397
Impact of vCenter Failure on Production Traffic 399
Understanding Port Bindings in vSphere 400
Understanding Teaming and Failover Policies 400
Understanding VMM Integration 403
Planning vCenter VMM Integrations 403
What Happens After VDS Deployment? 405
Understanding Immediacy Settings 405
Connecting ESXi Servers to the Fabric 407
Configuring Connectivity to ESXi in UCS Domains 407
Integrating ACI into vSphere Using VDS 407
Prerequisites for VMM Integration with vSphere VDS 408
Configuring a VMM Domain Profile 408
Adding ESXi Hosts to a VDS 411
Pushing EPGs to vCenter as Distributed Port Groups 415
Assigning VMs to Distributed Port Groups 417
Less Common VMM Domain Association Settings 418
Enhanced LACP Policy Support 419
Exam Preparation Tasks 422
Review All Key Topics 422
Complete Tables and Lists from Memory 423
Define Key Terms 423
Chapter 12 Implementing Service Graphs 424
“Do I Know This Already?” Quiz 424
Foundation Topics 426
Service Graph Fundamentals 426
Service Graphs as Concatenation of Functions 427
Service Graph Management Models 428
Understanding Network Policy Mode 428
Understanding Service Policy Mode 430
Understanding Service Manager Mode 432
When to Use Service Graphs 434
Choosing an L4–L7 Services Integration Method 435
Understanding Deployment Modes and the Number of BDs Required 435
Deploying Service Graphs for Devices in GoTo Mode 436
Deploying Service Graphs for Devices in GoThrough Mode 437
Deploying Service Graphs for One-Arm Load Balancers 437
Understanding Route Peering 438
Understanding Dynamic Endpoint Attach 439
Understanding Bridge Domain Settings for Service Graphs 439
Understanding Service Graph Rendering 440
Service Graph Implementation Workflow 441
Importing Device Packages 441
Identifying L4–L7 Devices to the Fabric 443
Creating Custom Function Profiles 444
Configuring a Service Graph Template 445
Configuring Device Selection Policies 446
Applying a Service Graph Template 446
Configuring Additional Service Graph Parameters 447
Monitoring Service Graphs and Devices 447
Service Graph Implementation Examples 447
Deploying an Unmanaged Firewall Pair in a Service Graph 447
Deploying Service Graphs for a Firewall in Managed Mode 453
Exam Preparation Tasks 460
Review All Key Topics 460
Complete Tables and Lists from Memory 461
Define Key Terms 461
Part V Management and Monitoring
Chapter 13 Implementing Management 462
“Do I Know This Already?” Quiz 462
Foundation Topics 464
Configuring Management in ACI 464
Understanding Out-of-Band Management Connectivity 464
Understanding In-Band Management Connectivity 465
Deploying In-Band and OOB Management Side by Side 467
Configuring In-Band Management 467
Configuring Access Policies for APIC In-Band Interfaces 468
Configuring the In-Band Management Bridge Domain 469
Configuring In-Band Management IP Addressing 470
Optionally Extending the In-Band Network Out of the Fabric 474
Optionally Setting Up Additional Connectivity 476
Whitelisting Desired Connectivity to and from an In-Band EPG 476
Evaluating APIC Connectivity Preferences 478
Out-of-Band Management Contracts in Review 479
Exam Preparation Tasks 481
Review All Key Topics 481
Memory Tables 481
Define Key Terms 481
Chapter 14 Monitoring ACI Using Syslog and SNMP 482
“Do I Know This Already?” Quiz 482
Foundation Topics 485
Understanding System Messages 485
Forwarding System Messages to Syslog Servers 487
Apply Necessary Contracts to Allow Syslog Forwarding 487
Configuring Syslog Monitoring Destination Groups 492
Configuring Syslog Sources for Desired Monitoring Policies 494
Verify Syslog Forwarding to Desired Syslog Servers 498
Using SNMP in ACI 500
ACI Support for SNMP 501
ACI SNMP Configuration Caveats 502
Configuring ACI for SNMP 502
Apply Necessary Contracts for SNMP 503
Associate an SNMP Policy with a Pod Policy 504
Associate SNMP Contexts with Desired VRF Instances 506
Configure SNMP Monitoring Destination Groups 507
Configure SNMP Sources for All Desired Monitoring Policies 508
Verify SNMP Forwarding to Desired SNMP Servers 509
Exam Preparation Tasks 511
Review All Key Topics 511
Complete Tables and Lists from Memory 512
Define Key Terms 512
Chapter 15 Implementing AAA and RBAC 514
“Do I Know This Already?” Quiz 514
Foundation Topics 516
Implementing Role-Based Access Control (RBAC) 516
Understanding Security Domains 517
Understanding Privileges and Roles 519
Creating Local Users and Assigning Access 521
Tweaking Roles and User Access 525
Custom RBAC Rules 528
A Common RBAC Pitfall 531
Integrating with External AAA Servers 532
Configuring ACI for TACACS+ 532
Configuring ISE to Authenticate and Authorize Users for ACI 536
Expected Cisco AV Pair Formatting for ACI 538
Configuring ACI for RADIUS 540
Configuring ACI for LDAP 541
AAA Authentication Policy Settings 547
Regaining Access to the Fabric via Fallback Domain 550
Exam Preparation Tasks 550
Review All Key Topics 550
Complete Tables and Lists from Memory 551
Define Key Terms 551
Part VI Operations
Chapter 16 ACI Anywhere 552
“Do I Know This Already?” Quiz 552
Foundation Topics 555
ACI Multi-Site Fundamentals 555
Interconnecting ACI Fabrics with ACI Multi-Site 555
New ACI Multi-Site Constructs and Configuration Concepts 557
Locally Governed Versus MSO-Governed Configurations 557
Schemas and Templates in Practice 557
Building Primary and Disaster Recovery
Data Centers with ACI 558
Centralized Orchestration and Management of Multiple Fabrics 559
Tweaking Broadcast and Stretch Settings on a Per-BD Basis 560
Cross-Data Center Ingress Routing Optimizations 561
Simultaneous or Independent Policy Deployment to Sites 561
Building Active/Active Data Centers with ACI 562
VMM Integrations Applicable to Multiple Data Centers 563
Stateful-Services Integration in ACI Multi-Pod and Multi-Site 563
Extending ACI to Remote Locations and Public Clouds 564
Extending ACI into Public Clouds with ACI Multi-Site 564
Extending ACI into Bare-Metal Clouds with vPod 564
Integrating Remote Sites into ACI Using Remote Leaf Switches 564
Exam Preparation Tasks 565
Review All Key Topics 565
Memory Tables 565
Define Key Terms 565
Part VII Final Preparation
Chapter 17 Final Preparation 566
Getting Ready 566
Tools for Final Preparation 567
Pearson Cert Practice Test Engine and Questions on the Website 567
Accessing the Pearson Test Prep Software Online 567
Accessing the Pearson Test Prep Software Offline 568
Customizing Your Exams 568
Updating Your Exams 569
Premium Edition 569
Suggested Plan for Final Review/Study 570
Summary 570
Appendix A Answers to the “Do I Know This Already?” Questions 572
Appendix B CCNP Data Center Application Centric Infrastructure DCACI
300-620 Exam Updates 586
Glossary 589
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary
9780136602668 TOC 12/15/2020
Part I Introduction to Deployment
Chapter 1 The Big Picture: Why ACI? 2
“Do I Know This Already?” Quiz 2
Foundation Topics 4
Understanding the Shortcomings of Traditional Networks 4
Network Management 4
Scalability and Growth 5
Network Agility 8
Security 8
Network Visibility 9
Recognizing the Benefits of Cisco ACI 9
Network Management Touchpoints 9
Traffic Flow Optimizations 10
Scalability Optimizations 10
Programmability 11
Stateless Network 11
Multitenancy 11
Zero-Trust Security 14
Cross-Platform Integrations 15
New Architectural Possibilities 15
Integrated Health Monitoring and Enhanced Visibility 16
Policy Reuse 16
Exam Preparation Tasks 16
Review All Key Topics 16
Complete Tables and Lists from Memory 17
Define Key Terms 17
Chapter 2 Understanding ACI Hardware and Topologies 18
“Do I Know This Already?” Quiz 18
Foundation Topics 21
ACI Topologies and Components 21
Clos Topology 21
Standard ACI Topology 22
ACI Stretched Fabric Topology 24
ACI Multi-Pod Topology 25
ACI Multi-Site Topology 26
ACI Multi-Tier Architecture 28
Remote Leaf Topology 30
APIC Clusters 32
APIC Cluster Scalability and Sizing 33
Spine Hardware 36
First-Generation Spine Switches 37
Second-Generation Spine Switches 37
Leaf Hardware 38
First-Generation Leaf Switches 38
Second-Generation Leaf Switches 39
Exam Preparation Tasks 41
Review All Key Topics 41
Complete Tables and Lists from Memory 41
Define Key Terms 41
Chapter 3 Initializing an ACI Fabric 42
“Do I Know This Already?” Quiz 42
Foundation Topics 44
Understanding ACI Fabric Initialization 44
Planning Fabric Initialization 45
Understanding Cabling Requirements 45
Connecting APICs to the Fabric 46
Initial Configuration of APICs 47
APIC OOB Configuration Requirements 47
Out-of-Band Versus In-Band Management 48
Configuration Information for Fabric Initialization 48
Switch Discovery Process 49
Fabric Discovery Stages 51
Switch Discovery States 51
Initializing an ACI Fabric 52
Changing the APIC BIOS Password 52
Configuring the APIC Cisco IMC 52
Initializing the First APIC 53
Discovering and Activating Switches 55
Understanding Graceful Insertion and Removal (GIR) 58
Initializing Subsequent APICs 59
Understanding Connectivity Following Switch Initialization 59
Basic Post-Initialization Tasks 63
Assigning Static Out-of-Band Addresses to Switches and APICs 63
Applying a Default Contract to Out-of-Band Subnet 64
Upgrading an ACI Fabric 66
Understanding Schedulers 73
Enabling Automatic Upgrades of New Switches 74
Understanding Backups and Restores in ACI 75
Making On-Demand Backups in ACI 76
Making Scheduled Backups in ACI 79
Taking Configuration Snapshots in ACI 80
Importing Configuration Backups from Remote Servers 80
Executing Configuration Rollbacks 82
Pod Policy Basics 83
Configuring Network Time Protocol (NTP) Synchronization 84
Configuring DNS Servers for Lookups 90
Verifying COOP Group Configurations 92
Exam Preparation Tasks 93
Review All Key Topics 93
Complete Tables and Lists from Memory 94
Define Key Terms 94
Chapter 4 Exploring ACI 96
“Do I Know This Already?” Quiz 96
Foundation Topics 98
ACI Access Methods 98
GUI 99
CLI 100
APIC CLI 100
Switch CLI 102
API 103
Management Access Modifications 103
Understanding the ACI Object Model 105
Learning ACI Through the Graphical User Interface 107
Exploring the Object Hierarchy by Using Visore 108
Why Understand Object Hierarchy Basics for DCACI? 110
Policy in Context 110
Integrated Health Monitoring and Enhanced Visibility 110
Understanding Faults 111
The Life of a Fault 113
Acknowledging Faults 115
Faults in the Object Model 116
Monitoring Policies in ACI 118
Customizing Fault Management Policies 120
Squelching Faults and Changing Fault Severity 121
Understanding Health Scores 124
Understanding Events 126
Squelching Events 127
Understanding Audit Logs 127
Exam Preparation Tasks 128
Review All Key Topics 128
Complete Tables and Lists from Memory 129
Define Key Terms 129
Part II ACI Fundamentals
Chapter 5 Tenant Building Blocks 130
“Do I Know This Already?” Quiz 130
Foundation Topics 132
Understanding the Basic Objects in Tenants 132
Tenants 133
Predefined Tenants in ACI 134
VRF Instances 135
Bridge Domains (BDs) 137
Endpoint Groups (EPGs) 137
Application Profiles 138
The Pain of Designing Around Subnet Boundaries 139
BDs and EPGs in Practice 141
Configuring Bridge Domains, Application Profiles, and EPGs 142
Classifying Endpoints into EPGs 146
APIC CLI Configuration of Tenant Objects 147
Contract Security Enforcement Basics 148
Contracts, Subjects, and Filters 148
Contract Direction 149
Contract Scope 150
Zero-Trust Using EPGs and Contracts 151
Objects Enabling Connectivity Outside the Fabric 151
External EPGs 151
Layer 3 Outside (L3Out) 153
Tenant Hierarchy Review 153
Exam Preparation Tasks 154
Review All Key Topics 154
Complete Tables and Lists from Memory 154
Define Key Terms 154
Chapter 6 Access Policies 156
“Do I Know This Already?” Quiz 156
Foundation Topics 158
Pools, Domains, and AAEPs 158
VLAN Pools 159
Domains 160
Common Designs for VLAN Pools and Domains 161
Challenges with Overlap Between VLAN Pools 164
Attachable Access Entity Profiles (AAEPs) 165
Policies and Policy Groups 169
Interface Policies and Interface Policy Groups 169
Planning Deployment of Interface Policies 173
Switch Policies and Switch Policy Groups 174
Profiles and Selectors 176
Configuring Switch Profiles and Interface Profiles 179
Stateless Networking in ACI 182
Bringing It All Together 183
Access Policies Hierarchy in Review 183
Access Policies and Tenancy in Review 184
Exam Preparation Tasks 184
Review All Key Topics 184
Complete Tables and Lists from Memory 185
Define Key Terms 185
Chapter 7 Implementing Access Policies 186
“Do I Know This Already?” Quiz 186
Foundation Topics 188
Configuring ACI Switch Ports 188
Configuring Individual Ports 188
Configuring Port Channels 196
Configuring Virtual Port Channel (vPC) Domains 201
Configuring Virtual Port Channels 204
Configuring Ports Using AAEP EPGs 208
Implications of Initial Access Policy Design on Capabilities 210
Configuring Access Policies Using Quick Start Wizards 211
The Configure Interface, PC, and VPC Wizard 211
The Configure Interface Wizard 211
Additional Access Policy Configurations 212
Configuring Fabric Extenders 212
Configuring Dynamic Breakout Ports 215
Configuring Global QoS Class Settings 217
Configuring DHCP Relay 219
Configuring MCP 221
Configuring Storm Control 223
Configuring CoPP 225
Modifying BPDU Guard and BPDU Filter Settings 230
Modifying the Error Disabled Recovery Policy 231
Configuring Leaf Interface Overrides 232
Configuring Port Channel Member Overrides 232
Exam Preparation Tasks 235
Review All Key Topics 235
Complete Tables and Lists from Memory 236
Define Key Terms 236
Chapter 8 Implementing Tenant Policies 238
“Do I Know This Already?” Quiz 238
Foundation Topics 241
ACI Endpoint Learning 241
Lookup Tables in ACI 241
Local Endpoints and Remote Endpoints 242
Understanding Local Endpoint Learning 243
Unicast Routing and Its Impact on Endpoint Learning 243
Understanding Remote Endpoint Learning 244
Understanding the Use of VLAN IDs and VNIDs in ACI 245
Endpoint Movements Within an ACI Fabric 247
Understanding Hardware Proxy and Spine Proxy 247
Endpoint Learning Considerations for Silent Hosts 248
Where Data Plane IP Learning Breaks Down 249
Endpoint Learning on L3Outs 249
Limiting IP Learning to a Subnet 249
Understanding Enforce Subnet Check 250
Disabling Data Plane Endpoint Learning on a Bridge Domain 250
Disabling IP Data Plane Learning at the VRF Level 251
Packet Forwarding in ACI 251
Forwarding Scenario 1: Both Endpoints Attach to the Same Leaf 251
Understanding Pervasive Gateways 252
Forwarding Scenario 2: Known Destination Behind Another Leaf 254
Verifying the Traffic Path Between Known Endpoints 254
Understanding Learning and Forwarding for vPCs 256
Forwarding Scenario 3: Spine Proxy to Unknown Destination 258
Forwarding Scenario 4: Flooding to Unknown Destination 261
Understanding ARP Flooding 262
Deploying a Multi-Tier Application 263
Configuring Application Profiles, BDs, and EPGs 264
Assigning Domains to EPGs 267
Policy Deployment Following BD and EPG Setup 267
Mapping EPGs to Ports Using Static Bindings 267
Verifying EPG-to-Port Assignments 269
Policy Deployment Following EPG-to-Port Assignment 270
Mapping an EPG to All Ports on a Leaf 270
Enabling DHCP Relay for a Bridge Domain 271
Whitelisting Intra-VRF Communications via Contracts 272
Planning Contract Enforcement 272
Configuring Filters for Bidirectional Application 273
Configuring Subjects for Bidirectional Application of Filters 275
Understanding Apply Both Directions and Reverse Filter Ports 277
Verifying Subject Allocation to a Contract 278
Assigning Contracts to EPGs 278
Understanding the TCP Established Session Rule 279
Creating Filters for Unidirectional Application 280
Configuring Subjects for Unidirectional Application of Filters 280
Additional Whitelisting Examples 282
Verifying Contract Enforcement 283
Understanding the Stateful Checkbox in Filter Entries 284
Contract Scopes in Review 284
Exam Preparation Tasks 285
Review All Key Topics 285
Complete Tables and Lists from Memory 287
Define Key Terms 287
Part III External Connectivity
Chapter 9 L3Outs 288
“Do I Know This Already?” Quiz 288
Foundation Topics 291
L3Out Fundamentals 291
Stub Network and Transit Routing 291
Types of L3Outs 292
Key Functions of an L3Out 293
The Anatomy of an L3Out 293
Planning Deployment of L3Out Node and Interface Profiles 295
Understanding L3Out Interface Types 296
Understanding L3Out Bridge Domains 296
Understanding SVI Encap Scope 298
Understanding SVI Auto State 299
Understanding Prerequisites for Deployment of L3Outs 301
L3 Domain Implementation Examples 301
Understanding the Need for BGP Route Reflection 303
Implementing BGP Route Reflectors 304
Understanding Infra MP-BGP Route Distribution 305
Deploying L3Outs 307
Configuring an L3Out for EIGRP Peering 307
Deploying External EPGs 310
Verifying Forwarding Out an L3Out 312
Advertising Subnets Assigned to Bridge Domains via an L3Out 314
Enabling Communications over L3Outs Using Contracts 316
Deploying a Blacklist EPG with Logging 318
Advertising Host Routes Out an ACI Fabric 321
Implementing BFD on an EIGRP L3Out 321
Configuring Authentication for EIGRP 324
EIGRP Customizations Applied at the VRF Level 324
Configuring an L3Out for OSPF Peering 325
A Route Advertisement Problem for OSPF and EIGRP L3Outs 328
Implementing BFD on an OSPF L3Out 328
OSPF Customizations Applied at the VRF Level 329
Adding Static Routes on an L3Out 329
Implementing IP SLA Tracking for Static Routes 330
Configuring an L3Out for BGP Peering 334
Implementing BGP Customizations at the Node Level 337
Implementing Per-Neighbor BGP Customizations 339
Implementing BFD on a BGP L3Out 341
Implementing BGP Customizations at the VRF Level 342
Implementing OSPF for IP Reachability on a BGP L3Out 343
Implementing Hot Standby Router Protocol (HSRP) 344
IPv6 and OSPFv3 Support 344
Implementing Route Control 344
Route Profile Basics 344
Modifying Route Attributes to All Peers Behind an L3Out 346
Modifying Route Attributes to a Specific Peer Behind an L3Out 349
Assigning Different Policies to Routes at the L3Out Level 351
Configuring Inbound Route Filtering in ACI 352
Exam Preparation Tasks 353
Review All Key Topics 353
Complete Tables and Lists from Memory 356
Define Key Terms 356
Chapter 10 Extending Layer 2 Outside ACI 358
“Do I Know This Already?” Quiz 358
Foundation Topics 361
Understanding Network Migrations into ACI 361
Understanding Network-Centric Deployments 361
Understanding Full-Mesh Network-Centric Contracts 362
Understanding Any EPG 364
Understanding Preferred Group Members 365
Disabling Contract Enforcement at the VRF Instance Level 367
Flooding Requirements for L2 Extension to Outside Switches 368
Understanding GARP-Based Detection 370
Understanding Legacy Mode 371
Endpoint Learning Considerations for Layer 2 Extension 371
Preparing for Network-Centric Migrations 372
Implementing Layer 2 Connectivity to Non-ACI Switches 372
Understanding EPG Extensions 372
Understanding Bridge Domain Extensions 374
Comparing EPG Extensions and BD Extensions 374
Implementing EPG Extensions 375
Implementing L2Outs 380
Migrating Overlapping VLANs into ACI 385
Understanding ACI Interaction with Spanning Tree Protocol 386
Remediating Against Excessive Spanning Tree Protocol TCNs 386
Configuring MST Instance Mappings in ACI 387
Understanding Spanning Tree Protocol Link Types 388
Using MCP to Detect Layer 2 Loops 388
Exam Preparation Tasks 389
Review All Key Topics 389
Complete Tables and Lists from Memory 390
Define Key Terms 390
Part IV Integrations
Chapter 11 Integrating ACI into vSphere Using VDS 392
“Do I Know This Already?” Quiz 392
Foundation Topics 394
Understanding Networking in VMware vSphere 394
Understanding vSphere Standard Switches 395
Understanding vSphere Distributed Switches 397
Understanding vSphere System Traffic 397
Impact of vCenter Failure on Production Traffic 399
Understanding Port Bindings in vSphere 400
Understanding Teaming and Failover Policies 400
Understanding VMM Integration 403
Planning vCenter VMM Integrations 403
What Happens After VDS Deployment? 405
Understanding Immediacy Settings 405
Connecting ESXi Servers to the Fabric 407
Configuring Connectivity to ESXi in UCS Domains 407
Integrating ACI into vSphere Using VDS 407
Prerequisites for VMM Integration with vSphere VDS 408
Configuring a VMM Domain Profile 408
Adding ESXi Hosts to a VDS 411
Pushing EPGs to vCenter as Distributed Port Groups 415
Assigning VMs to Distributed Port Groups 417
Less Common VMM Domain Association Settings 418
Enhanced LACP Policy Support 419
Exam Preparation Tasks 422
Review All Key Topics 422
Complete Tables and Lists from Memory 423
Define Key Terms 423
Chapter 12 Implementing Service Graphs 424
“Do I Know This Already?” Quiz 424
Foundation Topics 426
Service Graph Fundamentals 426
Service Graphs as Concatenation of Functions 427
Service Graph Management Models 428
Understanding Network Policy Mode 428
Understanding Service Policy Mode 430
Understanding Service Manager Mode 432
When to Use Service Graphs 434
Choosing an L4–L7 Services Integration Method 435
Understanding Deployment Modes and the Number of BDs Required 435
Deploying Service Graphs for Devices in GoTo Mode 436
Deploying Service Graphs for Devices in GoThrough Mode 437
Deploying Service Graphs for One-Arm Load Balancers 437
Understanding Route Peering 438
Understanding Dynamic Endpoint Attach 439
Understanding Bridge Domain Settings for Service Graphs 439
Understanding Service Graph Rendering 440
Service Graph Implementation Workflow 441
Importing Device Packages 441
Identifying L4–L7 Devices to the Fabric 443
Creating Custom Function Profiles 444
Configuring a Service Graph Template 445
Configuring Device Selection Policies 446
Applying a Service Graph Template 446
Configuring Additional Service Graph Parameters 447
Monitoring Service Graphs and Devices 447
Service Graph Implementation Examples 447
Deploying an Unmanaged Firewall Pair in a Service Graph 447
Deploying Service Graphs for a Firewall in Managed Mode 453
Exam Preparation Tasks 460
Review All Key Topics 460
Complete Tables and Lists from Memory 461
Define Key Terms 461
Part V Management and Monitoring
Chapter 13 Implementing Management 462
“Do I Know This Already?” Quiz 462
Foundation Topics 464
Configuring Management in ACI 464
Understanding Out-of-Band Management Connectivity 464
Understanding In-Band Management Connectivity 465
Deploying In-Band and OOB Management Side by Side 467
Configuring In-Band Management 467
Configuring Access Policies for APIC In-Band Interfaces 468
Configuring the In-Band Management Bridge Domain 469
Configuring In-Band Management IP Addressing 470
Optionally Extending the In-Band Network Out of the Fabric 474
Optionally Setting Up Additional Connectivity 476
Whitelisting Desired Connectivity to and from an In-Band EPG 476
Evaluating APIC Connectivity Preferences 478
Out-of-Band Management Contracts in Review 479
Exam Preparation Tasks 481
Review All Key Topics 481
Memory Tables 481
Define Key Terms 481
Chapter 14 Monitoring ACI Using Syslog and SNMP 482
“Do I Know This Already?” Quiz 482
Foundation Topics 485
Understanding System Messages 485
Forwarding System Messages to Syslog Servers 487
Apply Necessary Contracts to Allow Syslog Forwarding 487
Configuring Syslog Monitoring Destination Groups 492
Configuring Syslog Sources for Desired Monitoring Policies 494
Verify Syslog Forwarding to Desired Syslog Servers 498
Using SNMP in ACI 500
ACI Support for SNMP 501
ACI SNMP Configuration Caveats 502
Configuring ACI for SNMP 502
Apply Necessary Contracts for SNMP 503
Associate an SNMP Policy with a Pod Policy 504
Associate SNMP Contexts with Desired VRF Instances 506
Configure SNMP Monitoring Destination Groups 507
Configure SNMP Sources for All Desired Monitoring Policies 508
Verify SNMP Forwarding to Desired SNMP Servers 509
Exam Preparation Tasks 511
Review All Key Topics 511
Complete Tables and Lists from Memory 512
Define Key Terms 512
Chapter 15 Implementing AAA and RBAC 514
“Do I Know This Already?” Quiz 514
Foundation Topics 516
Implementing Role-Based Access Control (RBAC) 516
Understanding Security Domains 517
Understanding Privileges and Roles 519
Creating Local Users and Assigning Access 521
Tweaking Roles and User Access 525
Custom RBAC Rules 528
A Common RBAC Pitfall 531
Integrating with External AAA Servers 532
Configuring ACI for TACACS+ 532
Configuring ISE to Authenticate and Authorize Users for ACI 536
Expected Cisco AV Pair Formatting for ACI 538
Configuring ACI for RADIUS 540
Configuring ACI for LDAP 541
AAA Authentication Policy Settings 547
Regaining Access to the Fabric via Fallback Domain 550
Exam Preparation Tasks 550
Review All Key Topics 550
Complete Tables and Lists from Memory 551
Define Key Terms 551
Part VI Operations
Chapter 16 ACI Anywhere 552
“Do I Know This Already?” Quiz 552
Foundation Topics 555
ACI Multi-Site Fundamentals 555
Interconnecting ACI Fabrics with ACI Multi-Site 555
New ACI Multi-Site Constructs and Configuration Concepts 557
Locally Governed Versus MSO-Governed Configurations 557
Schemas and Templates in Practice 557
Building Primary and Disaster Recovery
Data Centers with ACI 558
Centralized Orchestration and Management of Multiple Fabrics 559
Tweaking Broadcast and Stretch Settings on a Per-BD Basis 560
Cross-Data Center Ingress Routing Optimizations 561
Simultaneous or Independent Policy Deployment to Sites 561
Building Active/Active Data Centers with ACI 562
VMM Integrations Applicable to Multiple Data Centers 563
Stateful-Services Integration in ACI Multi-Pod and Multi-Site 563
Extending ACI to Remote Locations and Public Clouds 564
Extending ACI into Public Clouds with ACI Multi-Site 564
Extending ACI into Bare-Metal Clouds with vPod 564
Integrating Remote Sites into ACI Using Remote Leaf Switches 564
Exam Preparation Tasks 565
Review All Key Topics 565
Memory Tables 565
Define Key Terms 565
Part VII Final Preparation
Chapter 17 Final Preparation 566
Getting Ready 566
Tools for Final Preparation 567
Pearson Cert Practice Test Engine and Questions on the Website 567
Accessing the Pearson Test Prep Software Online 567
Accessing the Pearson Test Prep Software Offline 568
Customizing Your Exams 568
Updating Your Exams 569
Premium Edition 569
Suggested Plan for Final Review/Study 570
Summary 570
Appendix A Answers to the “Do I Know This Already?” Questions 572
Appendix B CCNP Data Center Application Centric Infrastructure DCACI
300-620 Exam Updates 586
Glossary 589
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary
9780136602668 TOC 12/15/2020
Introduction xxv
Part I Introduction to Deployment
Chapter 1 The Big Picture: Why ACI? 2
“Do I Know This Already?” Quiz 2
Foundation Topics 4
Understanding the Shortcomings of Traditional Networks 4
Network Management 4
Scalability and Growth 5
Network Agility 8
Security 8
Network Visibility 9
Recognizing the Benefits of Cisco ACI 9
Network Management Touchpoints 9
Traffic Flow Optimizations 10
Scalability Optimizations 10
Programmability 11
Stateless Network 11
Multitenancy 11
Zero-Trust Security 14
Cross-Platform Integrations 15
New Architectural Possibilities 15
Integrated Health Monitoring and Enhanced Visibility 16
Policy Reuse 16
Exam Preparation Tasks 16
Review All Key Topics 16
Complete Tables and Lists from Memory 17
Define Key Terms 17
Chapter 2 Understanding ACI Hardware and Topologies 18
“Do I Know This Already?” Quiz 18
Foundation Topics 21
ACI Topologies and Components 21
Clos Topology 21
Standard ACI Topology 22
ACI Stretched Fabric Topology 24
ACI Multi-Pod Topology 25
ACI Multi-Site Topology 26
ACI Multi-Tier Architecture 28
Remote Leaf Topology 30
APIC Clusters 32
APIC Cluster Scalability and Sizing 33
Spine Hardware 36
First-Generation Spine Switches 37
Second-Generation Spine Switches 37
Leaf Hardware 38
First-Generation Leaf Switches 38
Second-Generation Leaf Switches 39
Exam Preparation Tasks 41
Review All Key Topics 41
Complete Tables and Lists from Memory 41
Define Key Terms 41
Chapter 3 Initializing an ACI Fabric 42
“Do I Know This Already?” Quiz 42
Foundation Topics 44
Understanding ACI Fabric Initialization 44
Planning Fabric Initialization 45
Understanding Cabling Requirements 45
Connecting APICs to the Fabric 46
Initial Configuration of APICs 47
APIC OOB Configuration Requirements 47
Out-of-Band Versus In-Band Management 48
Configuration Information for Fabric Initialization 48
Switch Discovery Process 49
Fabric Discovery Stages 51
Switch Discovery States 51
Initializing an ACI Fabric 52
Changing the APIC BIOS Password 52
Configuring the APIC Cisco IMC 52
Initializing the First APIC 53
Discovering and Activating Switches 55
Understanding Graceful Insertion and Removal (GIR) 58
Initializing Subsequent APICs 59
Understanding Connectivity Following Switch Initialization 59
Basic Post-Initialization Tasks 63
Assigning Static Out-of-Band Addresses to Switches and APICs 63
Applying a Default Contract to Out-of-Band Subnet 64
Upgrading an ACI Fabric 66
Understanding Schedulers 73
Enabling Automatic Upgrades of New Switches 74
Understanding Backups and Restores in ACI 75
Making On-Demand Backups in ACI 76
Making Scheduled Backups in ACI 79
Taking Configuration Snapshots in ACI 80
Importing Configuration Backups from Remote Servers 80
Executing Configuration Rollbacks 82
Pod Policy Basics 83
Configuring Network Time Protocol (NTP) Synchronization 84
Configuring DNS Servers for Lookups 90
Verifying COOP Group Configurations 92
Exam Preparation Tasks 93
Review All Key Topics 93
Complete Tables and Lists from Memory 94
Define Key Terms 94
Chapter 4 Exploring ACI 96
“Do I Know This Already?” Quiz 96
Foundation Topics 98
ACI Access Methods 98
GUI 99
CLI 100
APIC CLI 100
Switch CLI 102
API 103
Management Access Modifications 103
Understanding the ACI Object Model 105
Learning ACI Through the Graphical User Interface 107
Exploring the Object Hierarchy by Using Visore 108
Why Understand Object Hierarchy Basics for DCACI? 110
Policy in Context 110
Integrated Health Monitoring and Enhanced Visibility 110
Understanding Faults 111
The Life of a Fault 113
Acknowledging Faults 115
Faults in the Object Model 116
Monitoring Policies in ACI 118
Customizing Fault Management Policies 120
Squelching Faults and Changing Fault Severity 121
Understanding Health Scores 124
Understanding Events 126
Squelching Events 127
Understanding Audit Logs 127
Exam Preparation Tasks 128
Review All Key Topics 128
Complete Tables and Lists from Memory 129
Define Key Terms 129
Part II ACI Fundamentals
Chapter 5 Tenant Building Blocks 130
“Do I Know This Already?” Quiz 130
Foundation Topics 132
Understanding the Basic Objects in Tenants 132
Tenants 133
Predefined Tenants in ACI 134
VRF Instances 135
Bridge Domains (BDs) 137
Endpoint Groups (EPGs) 137
Application Profiles 138
The Pain of Designing Around Subnet Boundaries 139
BDs and EPGs in Practice 141
Configuring Bridge Domains, Application Profiles, and EPGs 142
Classifying Endpoints into EPGs 146
APIC CLI Configuration of Tenant Objects 147
Contract Security Enforcement Basics 148
Contracts, Subjects, and Filters 148
Contract Direction 149
Contract Scope 150
Zero-Trust Using EPGs and Contracts 151
Objects Enabling Connectivity Outside the Fabric 151
External EPGs 151
Layer 3 Outside (L3Out) 153
Tenant Hierarchy Review 153
Exam Preparation Tasks 154
Review All Key Topics 154
Complete Tables and Lists from Memory 154
Define Key Terms 154
Chapter 6 Access Policies 156
“Do I Know This Already?” Quiz 156
Foundation Topics 158
Pools, Domains, and AAEPs 158
VLAN Pools 159
Domains 160
Common Designs for VLAN Pools and Domains 161
Challenges with Overlap Between VLAN Pools 164
Attachable Access Entity Profiles (AAEPs) 165
Policies and Policy Groups 169
Interface Policies and Interface Policy Groups 169
Planning Deployment of Interface Policies 173
Switch Policies and Switch Policy Groups 174
Profiles and Selectors 176
Configuring Switch Profiles and Interface Profiles 179
Stateless Networking in ACI 182
Bringing It All Together 183
Access Policies Hierarchy in Review 183
Access Policies and Tenancy in Review 184
Exam Preparation Tasks 184
Review All Key Topics 184
Complete Tables and Lists from Memory 185
Define Key Terms 185
Chapter 7 Implementing Access Policies 186
“Do I Know This Already?” Quiz 186
Foundation Topics 188
Configuring ACI Switch Ports 188
Configuring Individual Ports 188
Configuring Port Channels 196
Configuring Virtual Port Channel (vPC) Domains 201
Configuring Virtual Port Channels 204
Configuring Ports Using AAEP EPGs 208
Implications of Initial Access Policy Design on Capabilities 210
Configuring Access Policies Using Quick Start Wizards 211
The Configure Interface, PC, and VPC Wizard 211
The Configure Interface Wizard 211
Additional Access Policy Configurations 212
Configuring Fabric Extenders 212
Configuring Dynamic Breakout Ports 215
Configuring Global QoS Class Settings 217
Configuring DHCP Relay 219
Configuring MCP 221
Configuring Storm Control 223
Configuring CoPP 225
Modifying BPDU Guard and BPDU Filter Settings 230
Modifying the Error Disabled Recovery Policy 231
Configuring Leaf Interface Overrides 232
Configuring Port Channel Member Overrides 232
Exam Preparation Tasks 235
Review All Key Topics 235
Complete Tables and Lists from Memory 236
Define Key Terms 236
Chapter 8 Implementing Tenant Policies 238
“Do I Know This Already?” Quiz 238
Foundation Topics 241
ACI Endpoint Learning 241
Lookup Tables in ACI 241
Local Endpoints and Remote Endpoints 242
Understanding Local Endpoint Learning 243
Unicast Routing and Its Impact on Endpoint Learning 243
Understanding Remote Endpoint Learning 244
Understanding the Use of VLAN IDs and VNIDs in ACI 245
Endpoint Movements Within an ACI Fabric 247
Understanding Hardware Proxy and Spine Proxy 247
Endpoint Learning Considerations for Silent Hosts 248
Where Data Plane IP Learning Breaks Down 249
Endpoint Learning on L3Outs 249
Limiting IP Learning to a Subnet 249
Understanding Enforce Subnet Check 250
Disabling Data Plane Endpoint Learning on a Bridge Domain 250
Disabling IP Data Plane Learning at the VRF Level 251
Packet Forwarding in ACI 251
Forwarding Scenario 1: Both Endpoints Attach to the Same Leaf 251
Understanding Pervasive Gateways 252
Forwarding Scenario 2: Known Destination Behind Another Leaf 254
Verifying the Traffic Path Between Known Endpoints 254
Understanding Learning and Forwarding for vPCs 256
Forwarding Scenario 3: Spine Proxy to Unknown Destination 258
Forwarding Scenario 4: Flooding to Unknown Destination 261
Understanding ARP Flooding 262
Deploying a Multi-Tier Application 263
Configuring Application Profiles, BDs, and EPGs 264
Assigning Domains to EPGs 267
Policy Deployment Following BD and EPG Setup 267
Mapping EPGs to Ports Using Static Bindings 267
Verifying EPG-to-Port Assignments 269
Policy Deployment Following EPG-to-Port Assignment 270
Mapping an EPG to All Ports on a Leaf 270
Enabling DHCP Relay for a Bridge Domain 271
Whitelisting Intra-VRF Communications via Contracts 272
Planning Contract Enforcement 272
Configuring Filters for Bidirectional Application 273
Configuring Subjects for Bidirectional Application of Filters 275
Understanding Apply Both Directions and Reverse Filter Ports 277
Verifying Subject Allocation to a Contract 278
Assigning Contracts to EPGs 278
Understanding the TCP Established Session Rule 279
Creating Filters for Unidirectional Application 280
Configuring Subjects for Unidirectional Application of Filters 280
Additional Whitelisting Examples 282
Verifying Contract Enforcement 283
Understanding the Stateful Checkbox in Filter Entries 284
Contract Scopes in Review 284
Exam Preparation Tasks 285
Review All Key Topics 285
Complete Tables and Lists from Memory 287
Define Key Terms 287
Part III External Connectivity
Chapter 9 L3Outs 288
“Do I Know This Already?” Quiz 288
Foundation Topics 291
L3Out Fundamentals 291
Stub Network and Transit Routing 291
Types of L3Outs 292
Key Functions of an L3Out 293
The Anatomy of an L3Out 293
Planning Deployment of L3Out Node and Interface Profiles 295
Understanding L3Out Interface Types 296
Understanding L3Out Bridge Domains 296
Understanding SVI Encap Scope 298
Understanding SVI Auto State 299
Understanding Prerequisites for Deployment of L3Outs 301
L3 Domain Implementation Examples 301
Understanding the Need for BGP Route Reflection 303
Implementing BGP Route Reflectors 304
Understanding Infra MP-BGP Route Distribution 305
Deploying L3Outs 307
Configuring an L3Out for EIGRP Peering 307
Deploying External EPGs 310
Verifying Forwarding Out an L3Out 312
Advertising Subnets Assigned to Bridge Domains via an L3Out 314
Enabling Communications over L3Outs Using Contracts 316
Deploying a Blacklist EPG with Logging 318
Advertising Host Routes Out an ACI Fabric 321
Implementing BFD on an EIGRP L3Out 321
Configuring Authentication for EIGRP 324
EIGRP Customizations Applied at the VRF Level 324
Configuring an L3Out for OSPF Peering 325
A Route Advertisement Problem for OSPF and EIGRP L3Outs 328
Implementing BFD on an OSPF L3Out 328
OSPF Customizations Applied at the VRF Level 329
Adding Static Routes on an L3Out 329
Implementing IP SLA Tracking for Static Routes 330
Configuring an L3Out for BGP Peering 334
Implementing BGP Customizations at the Node Level 337
Implementing Per-Neighbor BGP Customizations 339
Implementing BFD on a BGP L3Out 341
Implementing BGP Customizations at the VRF Level 342
Implementing OSPF for IP Reachability on a BGP L3Out 343
Implementing Hot Standby Router Protocol (HSRP) 344
IPv6 and OSPFv3 Support 344
Implementing Route Control 344
Route Profile Basics 344
Modifying Route Attributes to All Peers Behind an L3Out 346
Modifying Route Attributes to a Specific Peer Behind an L3Out 349
Assigning Different Policies to Routes at the L3Out Level 351
Configuring Inbound Route Filtering in ACI 352
Exam Preparation Tasks 353
Review All Key Topics 353
Complete Tables and Lists from Memory 356
Define Key Terms 356
Chapter 10 Extending Layer 2 Outside ACI 358
“Do I Know This Already?” Quiz 358
Foundation Topics 361
Understanding Network Migrations into ACI 361
Understanding Network-Centric Deployments 361
Understanding Full-Mesh Network-Centric Contracts 362
Understanding Any EPG 364
Understanding Preferred Group Members 365
Disabling Contract Enforcement at the VRF Instance Level 367
Flooding Requirements for L2 Extension to Outside Switches 368
Understanding GARP-Based Detection 370
Understanding Legacy Mode 371
Endpoint Learning Considerations for Layer 2 Extension 371
Preparing for Network-Centric Migrations 372
Implementing Layer 2 Connectivity to Non-ACI Switches 372
Understanding EPG Extensions 372
Understanding Bridge Domain Extensions 374
Comparing EPG Extensions and BD Extensions 374
Implementing EPG Extensions 375
Implementing L2Outs 380
Migrating Overlapping VLANs into ACI 385
Understanding ACI Interaction with Spanning Tree Protocol 386
Remediating Against Excessive Spanning Tree Protocol TCNs 386
Configuring MST Instance Mappings in ACI 387
Understanding Spanning Tree Protocol Link Types 388
Using MCP to Detect Layer 2 Loops 388
Exam Preparation Tasks 389
Review All Key Topics 389
Complete Tables and Lists from Memory 390
Define Key Terms 390
Part IV Integrations
Chapter 11 Integrating ACI into vSphere Using VDS 392
“Do I Know This Already?” Quiz 392
Foundation Topics 394
Understanding Networking in VMware vSphere 394
Understanding vSphere Standard Switches 395
Understanding vSphere Distributed Switches 397
Understanding vSphere System Traffic 397
Impact of vCenter Failure on Production Traffic 399
Understanding Port Bindings in vSphere 400
Understanding Teaming and Failover Policies 400
Understanding VMM Integration 403
Planning vCenter VMM Integrations 403
What Happens After VDS Deployment? 405
Understanding Immediacy Settings 405
Connecting ESXi Servers to the Fabric 407
Configuring Connectivity to ESXi in UCS Domains 407
Integrating ACI into vSphere Using VDS 407
Prerequisites for VMM Integration with vSphere VDS 408
Configuring a VMM Domain Profile 408
Adding ESXi Hosts to a VDS 411
Pushing EPGs to vCenter as Distributed Port Groups 415
Assigning VMs to Distributed Port Groups 417
Less Common VMM Domain Association Settings 418
Enhanced LACP Policy Support 419
Exam Preparation Tasks 422
Review All Key Topics 422
Complete Tables and Lists from Memory 423
Define Key Terms 423
Chapter 12 Implementing Service Graphs 424
“Do I Know This Already?” Quiz 424
Foundation Topics 426
Service Graph Fundamentals 426
Service Graphs as Concatenation of Functions 427
Service Graph Management Models 428
Understanding Network Policy Mode 428
Understanding Service Policy Mode 430
Understanding Service Manager Mode 432
When to Use Service Graphs 434
Choosing an L4–L7 Services Integration Method 435
Understanding Deployment Modes and the Number of BDs Required 435
Deploying Service Graphs for Devices in GoTo Mode 436
Deploying Service Graphs for Devices in GoThrough Mode 437
Deploying Service Graphs for One-Arm Load Balancers 437
Understanding Route Peering 438
Understanding Dynamic Endpoint Attach 439
Understanding Bridge Domain Settings for Service Graphs 439
Understanding Service Graph Rendering 440
Service Graph Implementation Workflow 441
Importing Device Packages 441
Identifying L4–L7 Devices to the Fabric 443
Creating Custom Function Profiles 444
Configuring a Service Graph Template 445
Configuring Device Selection Policies 446
Applying a Service Graph Template 446
Configuring Additional Service Graph Parameters 447
Monitoring Service Graphs and Devices 447
Service Graph Implementation Examples 447
Deploying an Unmanaged Firewall Pair in a Service Graph 447
Deploying Service Graphs for a Firewall in Managed Mode 453
Exam Preparation Tasks 460
Review All Key Topics 460
Complete Tables and Lists from Memory 461
Define Key Terms 461
Part V Management and Monitoring
Chapter 13 Implementing Management 462
“Do I Know This Already?” Quiz 462
Foundation Topics 464
Configuring Management in ACI 464
Understanding Out-of-Band Management Connectivity 464
Understanding In-Band Management Connectivity 465
Deploying In-Band and OOB Management Side by Side 467
Configuring In-Band Management 467
Configuring Access Policies for APIC In-Band Interfaces 468
Configuring the In-Band Management Bridge Domain 469
Configuring In-Band Management IP Addressing 470
Optionally Extending the In-Band Network Out of the Fabric 474
Optionally Setting Up Additional Connectivity 476
Whitelisting Desired Connectivity to and from an In-Band EPG 476
Evaluating APIC Connectivity Preferences 478
Out-of-Band Management Contracts in Review 479
Exam Preparation Tasks 481
Review All Key Topics 481
Memory Tables 481
Define Key Terms 481
Chapter 14 Monitoring ACI Using Syslog and SNMP 482
“Do I Know This Already?” Quiz 482
Foundation Topics 485
Understanding System Messages 485
Forwarding System Messages to Syslog Servers 487
Apply Necessary Contracts to Allow Syslog Forwarding 487
Configuring Syslog Monitoring Destination Groups 492
Configuring Syslog Sources for Desired Monitoring Policies 494
Verify Syslog Forwarding to Desired Syslog Servers 498
Using SNMP in ACI 500
ACI Support for SNMP 501
ACI SNMP Configuration Caveats 502
Configuring ACI for SNMP 502
Apply Necessary Contracts for SNMP 503
Associate an SNMP Policy with a Pod Policy 504
Associate SNMP Contexts with Desired VRF Instances 506
Configure SNMP Monitoring Destination Groups 507
Configure SNMP Sources for All Desired Monitoring Policies 508
Verify SNMP Forwarding to Desired SNMP Servers 509
Exam Preparation Tasks 511
Review All Key Topics 511
Complete Tables and Lists from Memory 512
Define Key Terms 512
Chapter 15 Implementing AAA and RBAC 514
“Do I Know This Already?” Quiz 514
Foundation Topics 516
Implementing Role-Based Access Control (RBAC) 516
Understanding Security Domains 517
Understanding Privileges and Roles 519
Creating Local Users and Assigning Access 521
Tweaking Roles and User Access 525
Custom RBAC Rules 528
A Common RBAC Pitfall 531
Integrating with External AAA Servers 532
Configuring ACI for TACACS+ 532
Configuring ISE to Authenticate and Authorize Users for ACI 536
Expected Cisco AV Pair Formatting for ACI 538
Configuring ACI for RADIUS 540
Configuring ACI for LDAP 541
AAA Authentication Policy Settings 547
Regaining Access to the Fabric via Fallback Domain 550
Exam Preparation Tasks 550
Review All Key Topics 550
Complete Tables and Lists from Memory 551
Define Key Terms 551
Part VI Operations
Chapter 16 ACI Anywhere 552
“Do I Know This Already?” Quiz 552
Foundation Topics 555
ACI Multi-Site Fundamentals 555
Interconnecting ACI Fabrics with ACI Multi-Site 555
New ACI Multi-Site Constructs and Configuration Concepts 557
Locally Governed Versus MSO-Governed Configurations 557
Schemas and Templates in Practice 557
Building Primary and Disaster Recovery
Data Centers with ACI 558
Centralized Orchestration and Management of Multiple Fabrics 559
Tweaking Broadcast and Stretch Settings on a Per-BD Basis 560
Cross-Data Center Ingress Routing Optimizations 561
Simultaneous or Independent Policy Deployment to Sites 561
Building Active/Active Data Centers with ACI 562
VMM Integrations Applicable to Multiple Data Centers 563
Stateful-Services Integration in ACI Multi-Pod and Multi-Site 563
Extending ACI to Remote Locations and Public Clouds 564
Extending ACI into Public Clouds with ACI Multi-Site 564
Extending ACI into Bare-Metal Clouds with vPod 564
Integrating Remote Sites into ACI Using Remote Leaf Switches 564
Exam Preparation Tasks 565
Review All Key Topics 565
Memory Tables 565
Define Key Terms 565
Part VII Final Preparation
Chapter 17 Final Preparation 566
Getting Ready 566
Tools for Final Preparation 567
Pearson Cert Practice Test Engine and Questions on the Website 567
Accessing the Pearson Test Prep Software Online 567
Accessing the Pearson Test Prep Software Offline 568
Customizing Your Exams 568
Updating Your Exams 569
Premium Edition 569
Suggested Plan for Final Review/Study 570
Summary 570
Appendix A Answers to the “Do I Know This Already?” Questions 572
Appendix B CCNP Data Center Application Centric Infrastructure DCACI
300-620 Exam Updates 586
Glossary 589
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary
9780136602668 TOC 12/15/2020
Part I Introduction to Deployment
Chapter 1 The Big Picture: Why ACI? 2
“Do I Know This Already?” Quiz 2
Foundation Topics 4
Understanding the Shortcomings of Traditional Networks 4
Network Management 4
Scalability and Growth 5
Network Agility 8
Security 8
Network Visibility 9
Recognizing the Benefits of Cisco ACI 9
Network Management Touchpoints 9
Traffic Flow Optimizations 10
Scalability Optimizations 10
Programmability 11
Stateless Network 11
Multitenancy 11
Zero-Trust Security 14
Cross-Platform Integrations 15
New Architectural Possibilities 15
Integrated Health Monitoring and Enhanced Visibility 16
Policy Reuse 16
Exam Preparation Tasks 16
Review All Key Topics 16
Complete Tables and Lists from Memory 17
Define Key Terms 17
Chapter 2 Understanding ACI Hardware and Topologies 18
“Do I Know This Already?” Quiz 18
Foundation Topics 21
ACI Topologies and Components 21
Clos Topology 21
Standard ACI Topology 22
ACI Stretched Fabric Topology 24
ACI Multi-Pod Topology 25
ACI Multi-Site Topology 26
ACI Multi-Tier Architecture 28
Remote Leaf Topology 30
APIC Clusters 32
APIC Cluster Scalability and Sizing 33
Spine Hardware 36
First-Generation Spine Switches 37
Second-Generation Spine Switches 37
Leaf Hardware 38
First-Generation Leaf Switches 38
Second-Generation Leaf Switches 39
Exam Preparation Tasks 41
Review All Key Topics 41
Complete Tables and Lists from Memory 41
Define Key Terms 41
Chapter 3 Initializing an ACI Fabric 42
“Do I Know This Already?” Quiz 42
Foundation Topics 44
Understanding ACI Fabric Initialization 44
Planning Fabric Initialization 45
Understanding Cabling Requirements 45
Connecting APICs to the Fabric 46
Initial Configuration of APICs 47
APIC OOB Configuration Requirements 47
Out-of-Band Versus In-Band Management 48
Configuration Information for Fabric Initialization 48
Switch Discovery Process 49
Fabric Discovery Stages 51
Switch Discovery States 51
Initializing an ACI Fabric 52
Changing the APIC BIOS Password 52
Configuring the APIC Cisco IMC 52
Initializing the First APIC 53
Discovering and Activating Switches 55
Understanding Graceful Insertion and Removal (GIR) 58
Initializing Subsequent APICs 59
Understanding Connectivity Following Switch Initialization 59
Basic Post-Initialization Tasks 63
Assigning Static Out-of-Band Addresses to Switches and APICs 63
Applying a Default Contract to Out-of-Band Subnet 64
Upgrading an ACI Fabric 66
Understanding Schedulers 73
Enabling Automatic Upgrades of New Switches 74
Understanding Backups and Restores in ACI 75
Making On-Demand Backups in ACI 76
Making Scheduled Backups in ACI 79
Taking Configuration Snapshots in ACI 80
Importing Configuration Backups from Remote Servers 80
Executing Configuration Rollbacks 82
Pod Policy Basics 83
Configuring Network Time Protocol (NTP) Synchronization 84
Configuring DNS Servers for Lookups 90
Verifying COOP Group Configurations 92
Exam Preparation Tasks 93
Review All Key Topics 93
Complete Tables and Lists from Memory 94
Define Key Terms 94
Chapter 4 Exploring ACI 96
“Do I Know This Already?” Quiz 96
Foundation Topics 98
ACI Access Methods 98
GUI 99
CLI 100
APIC CLI 100
Switch CLI 102
API 103
Management Access Modifications 103
Understanding the ACI Object Model 105
Learning ACI Through the Graphical User Interface 107
Exploring the Object Hierarchy by Using Visore 108
Why Understand Object Hierarchy Basics for DCACI? 110
Policy in Context 110
Integrated Health Monitoring and Enhanced Visibility 110
Understanding Faults 111
The Life of a Fault 113
Acknowledging Faults 115
Faults in the Object Model 116
Monitoring Policies in ACI 118
Customizing Fault Management Policies 120
Squelching Faults and Changing Fault Severity 121
Understanding Health Scores 124
Understanding Events 126
Squelching Events 127
Understanding Audit Logs 127
Exam Preparation Tasks 128
Review All Key Topics 128
Complete Tables and Lists from Memory 129
Define Key Terms 129
Part II ACI Fundamentals
Chapter 5 Tenant Building Blocks 130
“Do I Know This Already?” Quiz 130
Foundation Topics 132
Understanding the Basic Objects in Tenants 132
Tenants 133
Predefined Tenants in ACI 134
VRF Instances 135
Bridge Domains (BDs) 137
Endpoint Groups (EPGs) 137
Application Profiles 138
The Pain of Designing Around Subnet Boundaries 139
BDs and EPGs in Practice 141
Configuring Bridge Domains, Application Profiles, and EPGs 142
Classifying Endpoints into EPGs 146
APIC CLI Configuration of Tenant Objects 147
Contract Security Enforcement Basics 148
Contracts, Subjects, and Filters 148
Contract Direction 149
Contract Scope 150
Zero-Trust Using EPGs and Contracts 151
Objects Enabling Connectivity Outside the Fabric 151
External EPGs 151
Layer 3 Outside (L3Out) 153
Tenant Hierarchy Review 153
Exam Preparation Tasks 154
Review All Key Topics 154
Complete Tables and Lists from Memory 154
Define Key Terms 154
Chapter 6 Access Policies 156
“Do I Know This Already?” Quiz 156
Foundation Topics 158
Pools, Domains, and AAEPs 158
VLAN Pools 159
Domains 160
Common Designs for VLAN Pools and Domains 161
Challenges with Overlap Between VLAN Pools 164
Attachable Access Entity Profiles (AAEPs) 165
Policies and Policy Groups 169
Interface Policies and Interface Policy Groups 169
Planning Deployment of Interface Policies 173
Switch Policies and Switch Policy Groups 174
Profiles and Selectors 176
Configuring Switch Profiles and Interface Profiles 179
Stateless Networking in ACI 182
Bringing It All Together 183
Access Policies Hierarchy in Review 183
Access Policies and Tenancy in Review 184
Exam Preparation Tasks 184
Review All Key Topics 184
Complete Tables and Lists from Memory 185
Define Key Terms 185
Chapter 7 Implementing Access Policies 186
“Do I Know This Already?” Quiz 186
Foundation Topics 188
Configuring ACI Switch Ports 188
Configuring Individual Ports 188
Configuring Port Channels 196
Configuring Virtual Port Channel (vPC) Domains 201
Configuring Virtual Port Channels 204
Configuring Ports Using AAEP EPGs 208
Implications of Initial Access Policy Design on Capabilities 210
Configuring Access Policies Using Quick Start Wizards 211
The Configure Interface, PC, and VPC Wizard 211
The Configure Interface Wizard 211
Additional Access Policy Configurations 212
Configuring Fabric Extenders 212
Configuring Dynamic Breakout Ports 215
Configuring Global QoS Class Settings 217
Configuring DHCP Relay 219
Configuring MCP 221
Configuring Storm Control 223
Configuring CoPP 225
Modifying BPDU Guard and BPDU Filter Settings 230
Modifying the Error Disabled Recovery Policy 231
Configuring Leaf Interface Overrides 232
Configuring Port Channel Member Overrides 232
Exam Preparation Tasks 235
Review All Key Topics 235
Complete Tables and Lists from Memory 236
Define Key Terms 236
Chapter 8 Implementing Tenant Policies 238
“Do I Know This Already?” Quiz 238
Foundation Topics 241
ACI Endpoint Learning 241
Lookup Tables in ACI 241
Local Endpoints and Remote Endpoints 242
Understanding Local Endpoint Learning 243
Unicast Routing and Its Impact on Endpoint Learning 243
Understanding Remote Endpoint Learning 244
Understanding the Use of VLAN IDs and VNIDs in ACI 245
Endpoint Movements Within an ACI Fabric 247
Understanding Hardware Proxy and Spine Proxy 247
Endpoint Learning Considerations for Silent Hosts 248
Where Data Plane IP Learning Breaks Down 249
Endpoint Learning on L3Outs 249
Limiting IP Learning to a Subnet 249
Understanding Enforce Subnet Check 250
Disabling Data Plane Endpoint Learning on a Bridge Domain 250
Disabling IP Data Plane Learning at the VRF Level 251
Packet Forwarding in ACI 251
Forwarding Scenario 1: Both Endpoints Attach to the Same Leaf 251
Understanding Pervasive Gateways 252
Forwarding Scenario 2: Known Destination Behind Another Leaf 254
Verifying the Traffic Path Between Known Endpoints 254
Understanding Learning and Forwarding for vPCs 256
Forwarding Scenario 3: Spine Proxy to Unknown Destination 258
Forwarding Scenario 4: Flooding to Unknown Destination 261
Understanding ARP Flooding 262
Deploying a Multi-Tier Application 263
Configuring Application Profiles, BDs, and EPGs 264
Assigning Domains to EPGs 267
Policy Deployment Following BD and EPG Setup 267
Mapping EPGs to Ports Using Static Bindings 267
Verifying EPG-to-Port Assignments 269
Policy Deployment Following EPG-to-Port Assignment 270
Mapping an EPG to All Ports on a Leaf 270
Enabling DHCP Relay for a Bridge Domain 271
Whitelisting Intra-VRF Communications via Contracts 272
Planning Contract Enforcement 272
Configuring Filters for Bidirectional Application 273
Configuring Subjects for Bidirectional Application of Filters 275
Understanding Apply Both Directions and Reverse Filter Ports 277
Verifying Subject Allocation to a Contract 278
Assigning Contracts to EPGs 278
Understanding the TCP Established Session Rule 279
Creating Filters for Unidirectional Application 280
Configuring Subjects for Unidirectional Application of Filters 280
Additional Whitelisting Examples 282
Verifying Contract Enforcement 283
Understanding the Stateful Checkbox in Filter Entries 284
Contract Scopes in Review 284
Exam Preparation Tasks 285
Review All Key Topics 285
Complete Tables and Lists from Memory 287
Define Key Terms 287
Part III External Connectivity
Chapter 9 L3Outs 288
“Do I Know This Already?” Quiz 288
Foundation Topics 291
L3Out Fundamentals 291
Stub Network and Transit Routing 291
Types of L3Outs 292
Key Functions of an L3Out 293
The Anatomy of an L3Out 293
Planning Deployment of L3Out Node and Interface Profiles 295
Understanding L3Out Interface Types 296
Understanding L3Out Bridge Domains 296
Understanding SVI Encap Scope 298
Understanding SVI Auto State 299
Understanding Prerequisites for Deployment of L3Outs 301
L3 Domain Implementation Examples 301
Understanding the Need for BGP Route Reflection 303
Implementing BGP Route Reflectors 304
Understanding Infra MP-BGP Route Distribution 305
Deploying L3Outs 307
Configuring an L3Out for EIGRP Peering 307
Deploying External EPGs 310
Verifying Forwarding Out an L3Out 312
Advertising Subnets Assigned to Bridge Domains via an L3Out 314
Enabling Communications over L3Outs Using Contracts 316
Deploying a Blacklist EPG with Logging 318
Advertising Host Routes Out an ACI Fabric 321
Implementing BFD on an EIGRP L3Out 321
Configuring Authentication for EIGRP 324
EIGRP Customizations Applied at the VRF Level 324
Configuring an L3Out for OSPF Peering 325
A Route Advertisement Problem for OSPF and EIGRP L3Outs 328
Implementing BFD on an OSPF L3Out 328
OSPF Customizations Applied at the VRF Level 329
Adding Static Routes on an L3Out 329
Implementing IP SLA Tracking for Static Routes 330
Configuring an L3Out for BGP Peering 334
Implementing BGP Customizations at the Node Level 337
Implementing Per-Neighbor BGP Customizations 339
Implementing BFD on a BGP L3Out 341
Implementing BGP Customizations at the VRF Level 342
Implementing OSPF for IP Reachability on a BGP L3Out 343
Implementing Hot Standby Router Protocol (HSRP) 344
IPv6 and OSPFv3 Support 344
Implementing Route Control 344
Route Profile Basics 344
Modifying Route Attributes to All Peers Behind an L3Out 346
Modifying Route Attributes to a Specific Peer Behind an L3Out 349
Assigning Different Policies to Routes at the L3Out Level 351
Configuring Inbound Route Filtering in ACI 352
Exam Preparation Tasks 353
Review All Key Topics 353
Complete Tables and Lists from Memory 356
Define Key Terms 356
Chapter 10 Extending Layer 2 Outside ACI 358
“Do I Know This Already?” Quiz 358
Foundation Topics 361
Understanding Network Migrations into ACI 361
Understanding Network-Centric Deployments 361
Understanding Full-Mesh Network-Centric Contracts 362
Understanding Any EPG 364
Understanding Preferred Group Members 365
Disabling Contract Enforcement at the VRF Instance Level 367
Flooding Requirements for L2 Extension to Outside Switches 368
Understanding GARP-Based Detection 370
Understanding Legacy Mode 371
Endpoint Learning Considerations for Layer 2 Extension 371
Preparing for Network-Centric Migrations 372
Implementing Layer 2 Connectivity to Non-ACI Switches 372
Understanding EPG Extensions 372
Understanding Bridge Domain Extensions 374
Comparing EPG Extensions and BD Extensions 374
Implementing EPG Extensions 375
Implementing L2Outs 380
Migrating Overlapping VLANs into ACI 385
Understanding ACI Interaction with Spanning Tree Protocol 386
Remediating Against Excessive Spanning Tree Protocol TCNs 386
Configuring MST Instance Mappings in ACI 387
Understanding Spanning Tree Protocol Link Types 388
Using MCP to Detect Layer 2 Loops 388
Exam Preparation Tasks 389
Review All Key Topics 389
Complete Tables and Lists from Memory 390
Define Key Terms 390
Part IV Integrations
Chapter 11 Integrating ACI into vSphere Using VDS 392
“Do I Know This Already?” Quiz 392
Foundation Topics 394
Understanding Networking in VMware vSphere 394
Understanding vSphere Standard Switches 395
Understanding vSphere Distributed Switches 397
Understanding vSphere System Traffic 397
Impact of vCenter Failure on Production Traffic 399
Understanding Port Bindings in vSphere 400
Understanding Teaming and Failover Policies 400
Understanding VMM Integration 403
Planning vCenter VMM Integrations 403
What Happens After VDS Deployment? 405
Understanding Immediacy Settings 405
Connecting ESXi Servers to the Fabric 407
Configuring Connectivity to ESXi in UCS Domains 407
Integrating ACI into vSphere Using VDS 407
Prerequisites for VMM Integration with vSphere VDS 408
Configuring a VMM Domain Profile 408
Adding ESXi Hosts to a VDS 411
Pushing EPGs to vCenter as Distributed Port Groups 415
Assigning VMs to Distributed Port Groups 417
Less Common VMM Domain Association Settings 418
Enhanced LACP Policy Support 419
Exam Preparation Tasks 422
Review All Key Topics 422
Complete Tables and Lists from Memory 423
Define Key Terms 423
Chapter 12 Implementing Service Graphs 424
“Do I Know This Already?” Quiz 424
Foundation Topics 426
Service Graph Fundamentals 426
Service Graphs as Concatenation of Functions 427
Service Graph Management Models 428
Understanding Network Policy Mode 428
Understanding Service Policy Mode 430
Understanding Service Manager Mode 432
When to Use Service Graphs 434
Choosing an L4–L7 Services Integration Method 435
Understanding Deployment Modes and the Number of BDs Required 435
Deploying Service Graphs for Devices in GoTo Mode 436
Deploying Service Graphs for Devices in GoThrough Mode 437
Deploying Service Graphs for One-Arm Load Balancers 437
Understanding Route Peering 438
Understanding Dynamic Endpoint Attach 439
Understanding Bridge Domain Settings for Service Graphs 439
Understanding Service Graph Rendering 440
Service Graph Implementation Workflow 441
Importing Device Packages 441
Identifying L4–L7 Devices to the Fabric 443
Creating Custom Function Profiles 444
Configuring a Service Graph Template 445
Configuring Device Selection Policies 446
Applying a Service Graph Template 446
Configuring Additional Service Graph Parameters 447
Monitoring Service Graphs and Devices 447
Service Graph Implementation Examples 447
Deploying an Unmanaged Firewall Pair in a Service Graph 447
Deploying Service Graphs for a Firewall in Managed Mode 453
Exam Preparation Tasks 460
Review All Key Topics 460
Complete Tables and Lists from Memory 461
Define Key Terms 461
Part V Management and Monitoring
Chapter 13 Implementing Management 462
“Do I Know This Already?” Quiz 462
Foundation Topics 464
Configuring Management in ACI 464
Understanding Out-of-Band Management Connectivity 464
Understanding In-Band Management Connectivity 465
Deploying In-Band and OOB Management Side by Side 467
Configuring In-Band Management 467
Configuring Access Policies for APIC In-Band Interfaces 468
Configuring the In-Band Management Bridge Domain 469
Configuring In-Band Management IP Addressing 470
Optionally Extending the In-Band Network Out of the Fabric 474
Optionally Setting Up Additional Connectivity 476
Whitelisting Desired Connectivity to and from an In-Band EPG 476
Evaluating APIC Connectivity Preferences 478
Out-of-Band Management Contracts in Review 479
Exam Preparation Tasks 481
Review All Key Topics 481
Memory Tables 481
Define Key Terms 481
Chapter 14 Monitoring ACI Using Syslog and SNMP 482
“Do I Know This Already?” Quiz 482
Foundation Topics 485
Understanding System Messages 485
Forwarding System Messages to Syslog Servers 487
Apply Necessary Contracts to Allow Syslog Forwarding 487
Configuring Syslog Monitoring Destination Groups 492
Configuring Syslog Sources for Desired Monitoring Policies 494
Verify Syslog Forwarding to Desired Syslog Servers 498
Using SNMP in ACI 500
ACI Support for SNMP 501
ACI SNMP Configuration Caveats 502
Configuring ACI for SNMP 502
Apply Necessary Contracts for SNMP 503
Associate an SNMP Policy with a Pod Policy 504
Associate SNMP Contexts with Desired VRF Instances 506
Configure SNMP Monitoring Destination Groups 507
Configure SNMP Sources for All Desired Monitoring Policies 508
Verify SNMP Forwarding to Desired SNMP Servers 509
Exam Preparation Tasks 511
Review All Key Topics 511
Complete Tables and Lists from Memory 512
Define Key Terms 512
Chapter 15 Implementing AAA and RBAC 514
“Do I Know This Already?” Quiz 514
Foundation Topics 516
Implementing Role-Based Access Control (RBAC) 516
Understanding Security Domains 517
Understanding Privileges and Roles 519
Creating Local Users and Assigning Access 521
Tweaking Roles and User Access 525
Custom RBAC Rules 528
A Common RBAC Pitfall 531
Integrating with External AAA Servers 532
Configuring ACI for TACACS+ 532
Configuring ISE to Authenticate and Authorize Users for ACI 536
Expected Cisco AV Pair Formatting for ACI 538
Configuring ACI for RADIUS 540
Configuring ACI for LDAP 541
AAA Authentication Policy Settings 547
Regaining Access to the Fabric via Fallback Domain 550
Exam Preparation Tasks 550
Review All Key Topics 550
Complete Tables and Lists from Memory 551
Define Key Terms 551
Part VI Operations
Chapter 16 ACI Anywhere 552
“Do I Know This Already?” Quiz 552
Foundation Topics 555
ACI Multi-Site Fundamentals 555
Interconnecting ACI Fabrics with ACI Multi-Site 555
New ACI Multi-Site Constructs and Configuration Concepts 557
Locally Governed Versus MSO-Governed Configurations 557
Schemas and Templates in Practice 557
Building Primary and Disaster Recovery
Data Centers with ACI 558
Centralized Orchestration and Management of Multiple Fabrics 559
Tweaking Broadcast and Stretch Settings on a Per-BD Basis 560
Cross-Data Center Ingress Routing Optimizations 561
Simultaneous or Independent Policy Deployment to Sites 561
Building Active/Active Data Centers with ACI 562
VMM Integrations Applicable to Multiple Data Centers 563
Stateful-Services Integration in ACI Multi-Pod and Multi-Site 563
Extending ACI to Remote Locations and Public Clouds 564
Extending ACI into Public Clouds with ACI Multi-Site 564
Extending ACI into Bare-Metal Clouds with vPod 564
Integrating Remote Sites into ACI Using Remote Leaf Switches 564
Exam Preparation Tasks 565
Review All Key Topics 565
Memory Tables 565
Define Key Terms 565
Part VII Final Preparation
Chapter 17 Final Preparation 566
Getting Ready 566
Tools for Final Preparation 567
Pearson Cert Practice Test Engine and Questions on the Website 567
Accessing the Pearson Test Prep Software Online 567
Accessing the Pearson Test Prep Software Offline 568
Customizing Your Exams 568
Updating Your Exams 569
Premium Edition 569
Suggested Plan for Final Review/Study 570
Summary 570
Appendix A Answers to the “Do I Know This Already?” Questions 572
Appendix B CCNP Data Center Application Centric Infrastructure DCACI
300-620 Exam Updates 586
Glossary 589
Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary
9780136602668 TOC 12/15/2020