Interview Questions & Answers Complete Guide for Nexus

What exactly is NEXUS?

NEXUS is a bi-national Canada-United States programme that allows pre-approved, low-risk travellers to enter Canada or the United States (US) at designated air, land, and sea ports of entry.

Members of the programme can enter either country more quickly and easily by using automated self-serve kiosks in the air, dedicated lanes in the land, and calling Telephone Reporting Centres (TRCs) prior to arrival in the maritime mode of travel.

What are orphan ports?
Single-attached devices that are not connected to a vPC but still carry vPC VLANs are known as orphan ports. An orphan port’s connectivity may be tied to the vPC failure or restoration process in the event of a peer-link shutdown or restoration. To identify the impacted VLANs, use the show vpc orphan-ports command.

On a Nexus 7000 Series Switch, what command is used to verify the “HSRP Active State”?
Show hsrp active or show hsrp brief is the command.

show hsrp br Nexux 7K#

show hsrp standb br Nexus 7K#

When enabling “switchport Mode Fex-fabric,” how can I avoid receiving the error message “configuration Does Not Match The Port Capability”?

Because the port is not FEX capable, this error message is displayed:

N7K-2(config)#interface ethernet 9/5 N7K-2(config)#interface ethernet

N7K-2(config-if)#switchport mode fex-fabric N7K-2(config-if)#switchport mode fex-fabric

ERROR: Ethernet9/5: The port capability does not match the configuration.

How Can I Tell If Xl Mode Is On A Nexus 7000 Device?
The Scalable Feature License is a new Nexus 7000 system license that enables the M-Series L Modules to support incremental table sizes. If you don’t have a license, the system will run in standard mode, which means you won’t be able to use any of the larger table sizes. It is possible to mix non-XL and XL modules in a system, but to run in XL mode, all modules must be XL capable, and the Scalable Feature license must be installed. When the system is in non-XL mode, mixing modules is possible. If the modules are part of the same system, the system as a whole defaults to the smallest value. If VDCs are used to isolate the XL and non-XL, each VDC is treated as a separate system that can operate in different modes.

You must first check if the Scalable Feature License is installed on the Nexus 7000 to see if the XL option is enabled. In addition, a system can have both non-XL and XL modules, but in order for the system to run in XL mode, all modules must be XL capable.

How do I set up VTP on a Nexus 7000 Series Switch with manually configured VLANs?
VTP is not recommended for use in data centres, according to Cisco. If a switch with a higher revision number is added to the network without changing the VTP mode on the server, the switch’s VLAN configuration will be overridden.

On a Nexus 7000 Series Switch, how do I check the Network Time Protocol (NTP) status?
Issue the show ntp peer-status command to display the status of the NTPpeers:

switch#show ntp peer-status

Total peers : 1

* – selected for sync, + – peer mode(active),

– – peer mode(passive), = – polled in client mode

remote local st poll reach delay vrf

*10.1.10.5 0.0.0.0 1 64 377 0.00134 default.

My routes are being learned via Ospf and Bgp when I issue the “show Ip Route Bgp” command. How can I tell which one will always be used and which one is a backup on the Nx-os?

The following is what was received:

Nexus_7010#show ip route bgp

IP Route Table for VRF “default”

‘*’ denotes best ucast next-hop

‘**’ denotes best mcast next-hop

‘[x/y]’ denotes [preference/metric]

 172.20.62.0/23, ubest/mbest: 1/0

    *via 10.194.160.2, [20/0], 18:53:35, bgp-[AS-Number], internal, tag [Number]

     via 10.194.16.5, Vlan116, [110/1043], 18:43:51, ospf-1, intra

172.20.122.0/23, ubest/mbest: 1/0

    *via 10.194.160.2, [20/0], 18:53:35, bgp-[AS-Number], internal, tag [Number]

     via 10.194.16.5, Vlan116, [110/1041], 18:43:51, ospf-1, intra

By default, BGP selects only a single best path and does not perform load balancing. As a result, the route marked with the * will always be used, unless it goes down, at which point any remaining routes will become the preferred path.

What Does eem action-6-inform: Packets Dropped Due To Ids Check Length Consistent On Module Message Mean Percentage Mean?
Intrusion Detection System (IDS) checks in Cisco NX-OS ensure that IP packets are formatted correctly. This is a new feature that debuted in 5.x.

The EEM message is logged because the switch receives a packet with an Ethernet frame size that is less than the expected length (IP packet length plus Ethernet header). Because of this, the packet is dropped by the hardware.

Issue the show hardware forwarding ip verify module [#] command to see if the IDS drops have occurred since the last switch reboot.

Is The Nexus 7000 Compatible With Pim-sparse Mode? What Is The Equivalent Nx-os Command For The “ip Multicast-routing” Ios Command?
Feature pim is the command. Multicast is only enabled in NX-OS after you’ve enabled the PIM or PIM6 feature on each router and then enabled PIM or PIM6 sparse mode on each interface you want to participate in multicast on.

For example:

• switch(config)#feature pim
• switch(config)#interface Vlan[536]
• switch(config-if)#ip pim sparse-mode

What Is Virtual Private Networking (VPN) And What Are Its Advantages?
Virtual PortChannel (vPC) is a port-channeling concept that allows link aggregation to be extended to two separate physical switches.

The following are some of the advantages of vPC:

All available uplink bandwidth is used.

Allows resilient Layer 2 topologies to be built using link aggregation.

Removes the Layer 2 access distribution layer’s reliance on the Spanning Tree Protocol (s)

Allows for server mobility and high availability (HA) clusters to be transparent.

There are scales available. Bandwidth at Layer 2

Network design is made easier.

Active-active mode is possible with dual-homed servers.

Convergence is faster when a link fails.

When a single device fails, the convergence time is improved.

Capex and opex are reduced.

How do I get rid of the “failed To Process Kickstart Image” message? When upgrading the image on a Nexus 7000 Series Switch, do you get an error message that says “Pre-upgrade Check Failed”?
An incorrect file name is one possible cause for receiving this error message.

For example: switch#install all kickstart bootflash:n7000-sl-kickstart.5.1.1a.bin system

    bootflash:n7000-sl-dk9.5.1.1a.bin

In this example, the file name contains “sl” (lowercase letter l) instead of “s1” (number 1)

How do I record the show’s technical support output?
To redirect the output of the show tech command to a file, use the tac-pac bootflash:/ command, then gzip the file.

For example: switch#tac-pac bootflash://showtech.switch1

Issue the copy bootflash://showtech.switch1 tftp:// command in order to copy the file from bootflash to the TFTP server.

The X-bar module in slot 4 keeps powering off during the Nexus 7010 upgrade from 5.2.1 to 5.2.3 code. MODULE-2-XBAR DIAG FAIL: % MODULE-2-XBAR DIAG FAIL: % MODULE-2-XB Module asic(s) reported sync loss, causing Xbar 4 to fail (DevErr is LinkNum). The error message Trying to Resync in Device 88 (device error 0x0) is received?

Diagnostic failures on module 2 correspond to this error message. It could be that the linecard’s connection to the X-bar is bad, preventing the linecard from syncing. The first step in dealing with these errors is usually to reseat the module. If that doesn’t work, try reseating the fabric as well as the module separately.

What Does The Error Message “percent oc usd-slot18-2-rf crc: Oc2 Received Packets With Crc Error From Mod 6 Through Xbar Slot 5/inst 1” Mean?
The octopus engine received frames that failed the CRC error checks, as indicated by these errors. This can be due to a variety of factors.

For example:

Hardware problems:

• Bad links
• Backplane issues
• Sync losses
• Seating problems

Software problems:

Old fpga

Frames forwarded to LC that it is unable to understand.

Is it possible for a Nexus 7000 to act as a DHCP server and relay DHCP requests to different DHCP servers per VLAN?
Although the Nexus 7000 lacks a DHCP server, it does support DHCP relay. Use the ip dhcp relay address x.x.x.x interface command for relay.

For more information on Dynamic Host Configuration Protocol (DHCP) on a Cisco NX-OS device, see Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.x.

Is It Possible To Bridge The Decnet On A Vlan On A Nexus 7000 Running Nx-os 5.1(3)?
From a layer-2 perspective, all Nexus platforms support passing DecNet frames through the device. On the Nexus, however, there is no support for routing DecNet.

On a Nexus 7000 Series Switch, how do I enable/disable logging link status per port?
By default, all interface link status (up/down) messages are logged. Link status events can be set up on a global or interface-by-interface basis. The interfacecommand enables a specific interface’s link status logging messages.

For example:

N7k(config)#interface ethernet x/x

N7k(config-if)#logging event port link-status.

Is there a best practice for balancing port-channel load on Nexus 1000V and Nexus 7000 Series switches?
Between the Nexus 1000V Series and Nexus 7000 Series Switches, there is no recommended best practice for load-balancing. Depending on the needs of the network, you can use either a flow-based or a source-based model.

How do I make a Vdc peer link and a Vdc keepalive link for each Vdc?
Ans: This example shows how to configure the vPC-peer-keepalive link’s destination, source IP address, and VRF:

• switch# configure terminal 
• switch(config)# feature vpc
• switch(config)# vpc domain 100
• switch(config-vpc-domain)# peer-keepalive destination 172.168.1.2 source 
• 172.168.1.1 vrf vpc-keepalive
• Create the vPC Peer Link
• This example demonstrates how to configure a vPC peer link:
• switch# configure terminal 
• switch(config)# interface port-channel 20
• switch(config-if)# vpc peer-link
• switch(config-vpc-domain)#

I see that one of the interfaces is consistently posting errors when I use the “show interface counters errors” command. What do the FCS-Err and Rcv-Err in the “show interface counters errors” command output mean?
The following is what was received:

Errors in the Nexus-7000#show interface counters.

When trying to perform a ‘no shut’ on Ethernet 1/3 on a Nexus 7018, do you get the ERROR: Ethernet1/3: Config not allowed, as the first port in the port-grp is dedicated error message?
The device incorrectly assumes that the first port in the port-grp is dedicated rather than shared. The other ports of a port-grp cannot be used when the first port of the port-grp is in dedicated mode.

Where can I use NEXUS in the air mode?
When entering Canada, NEXUS in the air mode is available at eight locations.

Please also keep in mind that at Billy Bishop Toronto City Airport, a trusted traveller kiosk is available for incoming flights only for NEXUS and CANPASS Air members.

Is the Nexus 7010vpc (lacp enabled) feature compatible with Cisco Asa Etherchannel and Ace 4710 Etherchannel?
In terms of vPC, the Nexus 7000 is compatible with any device that runs the LACP (which is a standard), including ASA/ACE.

In a Virtual Device Context (vdc), how many Ospf processes can be run?
In a VDC, there can be up to four (4) instances of OSPFv2.

What is the maximum number of Syslog Servers that can be added to a Nexus 7000 Series Switch?

Three syslog servers are the maximum number that can be configured.

What is the NEXUS card’s size?
At nine Canadian international airports, NEXUS members can avoid long lines and save time by using automated self-serve kiosks (NEXUS Air).

As an added bonus, NEXUS members can bypass the Canadian Air Transport Security Authority (CATSA) airport security screening lanes at 16 Canadian airports when flying domestically, to the United States, or on select international flights. To use the Trusted Traveller CATSA Security Line, members must show their valid NEXUS card.

• Members also benefit from dedicated lanes at 21 designated land border crossings, allowing them to enter quickly and easily.
• Members arriving by boat can call a TRC between 30 minutes and four hours before they arrive to report to one of Canada’s over 450 marine sites.
• NEXUS allows border officers in Canada and the United States to concentrate their efforts on unknown and potentially higher-risk travellers and their belongings.

What NX-OS version is required for FCoE support in the Nexus 7000 Series Switches?
Cisco Nexus 7000 Series systems running Cisco NX-OS Release 5.2 or later support FCoE.

Is the Metric-type Keyword in the “default-information Originate” Command available on a Nexus?

Use a route-map command on a Nexus with a set clause of metric-type type-[12] to get the same functionality as the default-information originate always metric-type [12] command in IOS.

For example:switch(config)#route-map STAT-OSPF, permit, sequence 10switch(config-route-map) #match interface ethernet 1/2switch(config-route-map) #set metric-type {external | internal | type-1 | type-2}

What Is Nexus In The Air Mode and How Does It Work?
At participating airports, NEXUS members can use automated kiosks in the US Preclearance area and the Canadian inspection services area.

Members don’t have to wait in line to speak with a border services officer or a CBP officer because they can go straight to the NEXUS self-serve kiosk.

Members must stand in front of the self-serve kiosk, look into the adjustable camera, and listen to the audio instructions in order for their irises to be photographed using iris recognition biometric technology.

Where Can I Find Nexus In Marine Mode?
When entering Canada, NEXUS in the marine mode is available at approximately 450 locations.

Iris Recognition Bio Metric Technology: What Is It?

Iris recognition biometric technology recognises the iris’s distinct patterns (the coloured ring around the pupil of the eye). Each of the 266 distinct characteristics in the human iris is read by the technology. It’s completely safe, secure, and non-intrusive.

How do I check if the features on my Nexus 7000 Series Switch are enabled in NX-OS 4.2?

To double-check, use the show feature command.

• Feature Name Instance State
• tacacs 1 enabled
• scheduler 1 enabled
• isis 2 disabled
• isis 3 disabled
• isis 4 disabled
• ospf 1 enabled
• ospf 2 disabled
• ospf 3 disabled
•  feature tacacs+
• feature schedule
• feature ospf

Why is it that neither of the vPC uplinks is blocked by vPC?
When there are no failed vPC ports or links, the Nexus 7000 uses a loop prevention method that drops traffic traversing the peer link (destined for a vPC peer link). The rule is simple: if a packet crosses a vPC peer link, it may not be sent out any port in that vPC, even if that vPC lacks the original VLAN.

What is iris recognition biometric technology?

Iris recognition biometric technology recognizes the iris’s distinct patterns (the coloured ring around the pupil of the eye). Each of the 266 distinct characteristics in the human iris is read by the technology. It’s completely safe, secure, and non-intrusive.

What steps do I need to take to become a NEXUS member?
Applicants must meet the following requirements to join NEXUS:

fill out an application and complete the registration process;

meet the eligibility requirements;

be admissible to both Canada and the United States; and pass both countries’ risk assessments.

Is there a tool for converting Cisco 6500 series configurations to the Nexus platform?
Cisco has created the IOS-NXOS Migration Tool for converting Cisco 6500 series configurations to the Nexus series OS quickly.

Is there a cost associated with applying for NEXUS?
A $50 processing fee in Canadian or US dollars is non-refundable.

Where can I find NEXUS in land mode?
When entering Canada, NEXUS is available in land mode at 21 locations.

Fibre Channel Over Ethernet (fcoe) is supported by which Nexus 7000 modules?

FCoE is supported by the Cisco Nexus 7000 Series 32-Port 1 and 10 Gigabit Ethernet Module. The product’s part number is N7K-F132XP-15.

Where Can I Find Nexus In Marine Mode?

When entering Canada, NEXUS in the marine mode is available at approximately 450 locations.

Is The Nexus 7000 Compatible With Pim-sparse Mode? What Is The Equivalent Nx-os Command For The “ip Multicast-routing” Ios Command?

feature pim is the command. Multicast is only enabled in NX-OS after you’ve enabled the PIM or PIM6 feature on each router and then enabled PIM or PIM6 sparse mode on each interface you want to participate in multicast on.

For example:

• switch(config)#feature pim
• switch(config)#interface Vlan[536]
• switch(config-if)#ip pim sparse-mode.