Cisco Nexus Switches Interview Questions & Answers

  • Question 1. What Is Nexus?

    Answer :

    NEXUS is a bi-national, Canada-United States program for pre-approved, low-risk travellers entering Canada or the United States (U.S.) at designated air, land and marine ports of entry.

    The program enables its members to enter either country more quickly and easily by using automated self-serve kiosks in the air mode of travel, dedicated lanes in the land mode of travel, and by calling Telephone Reporting Centres (TRCs) prior to arrival in the marine mode of travel.

  • Question 2. What Are The Benefits Of Using Nexus?

    Answer :

    NEXUS members avoid long line-ups and save time using automated self-serve kiosks at nine Canadian international airports (NEXUS Air).

    As an added benefit, when travelling on domestic, U.S.-bound, and select international flights, NEXUS members can be expedited through Canadian Air Transport Security Authority (CATSA) airport security screening lanes located at 16 Canadian airports. Members must present their valid NEXUS card to access the Trusted Traveller CATSA Security Line.

    Members also enjoy a quick and simplified entry process using dedicated lanes at 21 designated land border crossings.

    When arriving by boat, members travelling to over 450 marine sites in Canada can report by phone to a TRC between 30 minutes and four hours before they arrive.

    NEXUS allows Canadian and U.S.  border officers to focus their efforts on unknown and potentially higher-risk travelers and their goods.

  • Networking Interview Questions

  • Question 3. What Is Iris Recognition Bio Metric Technology?

    Answer :

    Iris recognition biometric technology identifies the unique patterns of the iris (the coloured ring around the pupil of the eye). The technology reads each of the 266 unique characteristics in the human iris. It is safe, secure and non-invasive.

  • Question 4. What Is The Size Of A Nexus Card?

    Answer :

    A NEXUS card is approximately the same size as a standard credit card or driver’s licence.

  • Networking Tutorial

  • Question 5. How Does Nexus In The Air Mode Work?

    Answer :

    NEXUS members can use the automated kiosks located in the U.S. Preclearance area and the Canadian inspection services area at participating airports.

    Members can proceed directly to the NEXUS self-serve kiosk and do not need to go through the standard queue to speak to a border services officer or CBP officer.

    Members stand in front of the self-serve kiosk and look into the adjustable camera and follow the audio instructions so that their irises can be photographed using iris recognition biometric technology.

    Once the CBSA or CBP has confirmed that the photo of the irises matches the one on file, the member will use the touch screen to answer standard customs and immigration questions.

    NEXUS members residing in Canada can use a Traveller Declaration Card (TDC) to declare goods and pay for any duties or taxes when entering Canada. Members simply deposit a TDC in a secure TDC box conveniently located near a self-serve kiosk. Any duties or taxes owing will be collected through the credit card information provided on the TDC.

  • CCNA Interview Questions

  • Question 6. Where Is Nexus In The Air Mode Available?

    Answer :

    NEXUS in the air mode is available at 8 locations when entering Canada.

    In addition, please note that a trusted traveller kiosk is also available at Billy Bishop Toronto City Airport, for incoming flights only for use by members of NEXUS and CANPASS Air.

  • Question 7. Where Is Nexus In The Marine Mode Available?

    Answer :

    NEXUS in the marine mode is available at approximately 450 locations when entering Canada.

  • Dynamic Link Library (DLL) Tutorial Switching Interview Questions

  • Question 8. Why Does Vpc Not Block Either Of The Vpc Uplinks?

    Answer :

    Nexus 7000 has a loop prevention method that drops traffic traversing the peer link (destined for a vPC peer link) when there are no failed vPC ports or links. The rule is simple: if the packet crosses the vPC peer link, it may not go out any port in a vPC even if that vPC does not have the original VLAN.

  • Question 9. Is There A Tool Available For Configuration Conversion On Cisco 6500 Series To The Nexus Platform?

    Answer :

    Cisco has developed the IOS-NXOS Migration Tool for quick configuration conversion on Cisco 6500 series to the Nexus series OS.

  • Firewall Support Interview Questions

  • Question 10. What Are Orphan Ports?

    Answer :

    Orphan ports are single attached devices that are not connected via a vPC, but still carry vPC VLANs. In the instance of a peer-link shut or restoration, an orphan port’s connectivity may be bound to the vPC failure or restoration process. Issue the show vpc orphan-ports command in order to identify the impacted VLANs.

  • Question 11. What Is The Minimum Nx-os Release Required To Support Fcoe In The Nexus 7000 Series Switches?

    Answer :

    FCoE is supported on Cisco Nexus 7000 Series systems running Cisco NX-OS Release 5.2 or later.

  • Routing Protcol Interview Questions

  • Question 12. On A Nexus, Is The Metric-type Keyword Not Available In The “default-information Originate” Command?

    Answer :

    On a Nexus, use a route-map command with a set clause of metric-type type-[½] in order to have the same functionality as in IOS using the default-information originate always metric-type [½] command.

    For example:

    switch(config)#route-map STAT-OSPF, permit, sequence 10switch(config-route-map) #match interface ethernet 1/2switch(config-route-map) #set metric-type {external | internal | type-1 | type-2}

  • Networking Interview Questions

  • Question 13. What Is Vpc And What Are Its Benefits?

    Answer :

    Virtual PortChannel (vPC) is a port-channeling concept that extends link aggregation to two separate physical switches.

    Benefits of vPC include:

    1. Utilizes all available uplink bandwidth
    2. Allows the creation of resilient Layer 2 topologies based on link aggregation
    3. Eliminates the dependence of Spanning Tree Protocol in Layer 2 access distribution layer(s)
    4. Enables transparent server mobility and server high availability (HA) clusters
    5. Scales available Layer 2 bandwidth
    6. Simplifies network design
    7. Dual-homed servers can operate in active-active mode
    8. Faster convergence upon link failure
    9. Improves convergence time when a single device fails
    10. Reduces capex and opex
  • Question 14. How Do I Create A Peer Link For Vdc And A Keepalive Link For Each Vdc?

    Answer :

    Configure the vPC Keepalive Link and Messages

    This example demonstrates how to configure the destination, source IP address, and VRF for the vPC-peer-keepalive link:

    switch# configure terminal 
    switch(config)# feature vpc
    switch(config)# vpc domain 100
    switch(config-vpc-domain)# peer-keepalive destination 172.168.1.2 source 
    172.168.1.1 vrf vpc-keepalive
    Create the vPC Peer Link
    This example demonstrates how to configure a vPC peer link:
    switch# configure terminal 
    switch(config)# interface port-channel 20
    switch(config-if)# vpc peer-link
    switch(config-vpc-domain)#

  • Question 15. What Does The %eem_action-6-inform: Packets Dropped Due To Ids Check Length Consistent On Module Message Mean?

    Answer :

    Cisco NX-OS supports Intrusion Detection System (IDS) checks that validate IP packets to ensure proper formatting. This is an enhancement beginning in 5.x.

    The EEM message is being logged because a packet is received by the switch where the Ethernet frame size is shorter than the expected length to include the IP packet length plus the Ethernet header. The packet is dropped by the hardware due to this condition.

    In order to verify that the IDS drops occurred since the last switch reboot, issue the show hardware forwarding ip verify module [#] “.

  • Cisco Interview Questions

  • Question 16. How Many Syslog Servers Can Be Added To A Nexus 7000 Series Switch?

    Answer :

    The maximum number of syslog servers configured is 3.

  • Question 17. Is Nexus 7010vpc Feature (lacp Enabled) Compatible With The Cisco Asa Etherchannel Feature And With Ace 4710 Etherchannel?

    Answer :

    With respect to vPC, any device that runs the LACP (which is a standard), is compatible with the Nexus 7000, including ASA/ACE.

  • Firewall (computing) Interview Questions

  • Question 18. How Many Ospf Processes Can Be Run In A Virtual Device Context (vdc)?

    Answer :

    There can be up to four (4) instances of OSPFv2 in a VDC.

  • CCNA Interview Questions

  • Question 19. Which Nexus 7000 Modules Support Fibre Channel Over Ethernet (fcoe)?

    Answer :

    The Cisco Nexus 7000 Series 32-Port 1 and 10 Gigabit Ethernet Module support FCoE. The part number of the product is N7K-F132XP-15.

  • Question 20. On A Nexus, Is The Metric-type Keyword Not Available In The “default-information Originate” Command?

    Answer :

    On a Nexus, use a route-map command with a set clause of metric-type type-[½] in order to have the same functionality as in IOS using the default-information originate always metric-type [½] command.

    For example:

    switch(config)#route-map STAT-OSPF, permit, sequence 10
    switch(config-route-map)#match interface ethernet 1/2
    switch(config-route-map)#set metric-type {external | internal | type-1 | type-2}

  • Cisco Unified Computing System Interview Questions

  • Question 21. How Do I Redistribute Connected Routes Into An Ospf Instance On A Nexus 7010 With A Defined Metric?

    Answer :

    In NX-OS, a route-map is always required when redistributing routes into an OSPF instance, and you will also use this route-map to set the metric. Further, subnet redistribution is by default, so you do not have to add the subnets keyword.

    For example:

    switch(config)#access-list 101 permit ip any
    switch(config)#access-list 101 permit ip any
    switch(config)#access-list 101 permit ip any
    switch(config)#access-list 101 deny any
    !
    Router(config)# route-map direct2ospf permit 10
    Router(config-route-map)# match ip address 101
    Router(config-route-map)# set metric <100>

    Router(config-route-map)# set metric-type type-1
    !
    switch(config)#router ospf 1
    switch(config-router)#redistribute direct route-map direct2ospf

  • Question 22. What Is The Equivalent Nx-os Command For The “ip Multicast-routing” Ios Command, And Does The Nexus 7000 Support Pim-sparse Mode?

    Answer :

    The command is feature pim. In NX-OS, multicast is enabled only after enabling the PIM or PIM6 feature on each router and then enabling PIM or PIM6 sparse mode on each interface that you want to participate in multicast.

    For example:

    switch(config)#feature pim
    switch(config)#interface Vlan[536]
    switch(config-if)#ip pim sparse-mode

  • Question 23. When I Issue The “show Ip Route Bgp” Command, I See My Routes Being Learned Via Ospf And Bgp. How Can I Verify On The Nx-os Which One Will Always Be Used And Which One Is A Backup?

    Answer :

    Here is what is received:

    1. Nexus_7010#show ip route bgp
    2. IP Route Table for VRF “default”
    3. ‘*’ denotes best ucast next-hop
    4. ‘**’ denotes best mcast next-hop
    5. ‘[x/y]’ denotes [preference/metric]

     

    1. 172.20.62.0/23, ubest/mbest: 1/0
    2.     *via 10.194.160.2, [20/0], 18:53:35, bgp-[AS-Number], internal, tag [Number]
    3.      via 10.194.16.5, Vlan116, [110/1043], 18:43:51, ospf-1, intra
    4. 172.20.122.0/23, ubest/mbest: 1/0
    5.     *via 10.194.160.2, [20/0], 18:53:35, bgp-[AS-Number], internal, tag [Number]
    6.      via 10.194.16.5, Vlan116, [110/1041], 18:43:51, ospf-1, intra

    By default, BGP selects only a single best path and does not perform load balancing. As a result, the route marked with the * will always be used, unless it goes down, at which point any remaining routes will become the preferred path.

  • Router Interview Questions

  • Question 24. How Do I Avoid Receiving The “failed To Process Kickstart Image. Pre-upgrade Check Failed” Error Message When Upgrading The Image On A Nexus 7000 Series Switch?

    Answer :

    One potential reason for receiving this error message is if the file name specified is not correct.

    For example:

    switch#install all kickstart bootflash:n7000-sl-kickstart.5.1.1a.bin system

        bootflash:n7000-sl-dk9.5.1.1a.bin

    In this example, the file name contains “sl” (lowercase letter l) instead of “s1” (number 1).

  • Switching Interview Questions

  • Question 25. How Can I Avoid Receiving The “configuration Does Not Match The Port Capability” Error Message When Enabling “switchport Mode Fex-fabric”?

    Answer :

    This error message is generated because the port is not FEX capable:

    • N7K-2(config)#interface ethernet 9/5
    • N7K-2(config-if)#switchport mode fex-fabric

    ERROR: Ethernet9/5: Configuration does not match the port capability

  • Question 26. How Do I Enable/disable Logging Link Status Per Port Basis On A Nexus 7000 Series Switch?

    Answer :

    All interface link status (up/down) messages are logged by default. Link status events can be configured globally or per interface. The interface command enables link status logging messages for a specific interface.

    For example:

    N7k(config)#interface ethernet x/x
    N7k(config-if)#logging event port link-status

  • Enhanced Interior Gateway Routing Protocol (EIGRP) Interview Questions

  • Question 27. On A Nexus 7000 Running Nx-os 5.1(3), Can The Decnet Be Bridged On A Vlan?

    Answer :

    All of the Nexus platforms support passing DecNet frames through the device from a layer-2 perspective. However, there is no support for routing DecNet on the Nexus.

  • Firewall Support Interview Questions

  • Question 28. Can A Nexus 7000 Be A Dhcp Server And Can It Relay Dhcp Requests To Different Dhcp Servers Per Vlan?

    Answer :

    The Nexus 7000 does not support a DHCP server, but it does support DHCP relay. For relay, use the ip dhcp relay address x.x.x.x interface command.

  • Question 29. How Do I Verify If Xl Mode Is Enabled On A Nexus 7000 Device?

    Answer :

    The Scalable Feature License is the new Nexus 7000 system license that enables the incremental table sizes supported on the M-Series L Modules. Without the license, the system will run in standard mode, meaning none of the larger table sizes will be accessible. Having non-XL and XL modules in a system is supported, but for the system to run in XL mode all modules need to be XL capable, and the Scalable Feature license needs to be installed. Mixing modules is supported, with the system running in the non-XL mode. If the modules are in the same system, the entire system falls back to the common smallest value. If the XL and non-XL are isolated using VDCs, then each VDC is considered a separate system and can be run in different modes.

    In order to confirm whether the Nexus 7000 has the XL option enabled, you first need to check if the Scalable Feature License is installed. Also, having non-XL and XL modules in a system is supported, but in order for the system to run in XL mode, all modules need to be XL capable.

  • Dynamic Link Library (DLL) Interview Questions

  • Question 30. How Do I Implement Vtp In A Nexus 7000 Series Switch Where Vlans Are Manually Configured?

    Answer :

    Cisco does not recommend running VTP in data centers. If someone attaches a switch to the network with a higher revision number without changing the VTP mode from the server, it will override the VLAN configuration on the switch.

  • Question 31. Is There A Best Practice For Port-channel Load Balancing Between Nexus 1000v Series And Nexus 7000 Series Switches?

    Answer :

    There is no recommended best practice for load-balancing between the Nexus 1000V Series and Nexus 7000 Series Switches. You can choose either a flow-based or a source-based model depending on the network’s requirement.

  • Question 32. During Nexus 7010 Upgrade From 5.2.1 To 5.2.3 Code, The X-bar Module In Slot 4 Keeps Powering Off. The %module-2-xbar_diag_fail: Xbar 4 Reported Failure Due To Module Asic(s) Reported Sync Loss (deverr Is Linknum). Trying To Resync In Device 88 (device Error 0x0) Error Message Is Received.?

    Answer :

    This error message corresponds to diagnostic failures on module 2. It could be a bad connection to the X-bar from the linecard, which is results in the linecard being unable to sync. Typically with these errors, the first step is to reseat the module. If that does not resolve the problem, reseat the fabric as well as the module individually.


  • XLink Interview Questions

  • Question 33. What Does The %oc_usd-slot18-2-rf_crc: Oc2 Received Packets With Crc Error From Mod 6 Through Xbar Slot 5/inst 1 Error Message Mean?

    Answer :

    These errors indicate that the octopus engine received frames that failed the CRC error checks. This can be caused by multiple reasons.
    For example:
    Hardware problems:

    • Bad links
    • Backplane issues
    • Sync losses
    • Seating problems
    • Software problems:
    • Old fpga

    Frames forwarded to LC that it is unable to understand.

  • Routing Protcol Interview Questions