First I want to have my thanks to everyone in the team and of course the biggest will be given to Todd and Tom, without you guys’ help, I can’t believe I can get it. ϑ

My special Thanks to TOM, your video is precise, accurate and concrete, I used your video for all the section practice plus 5 times’ whole configuration.

Diag

ACI performance and OTV troubleshooting

Guys, don’t be shy to ask Todd of Diag, he has lots of mystery diag questions which is sent out in last minutes and saved me and else. ϑ

Config

Section 1:

All the pre-configuration are in place which include features supporting VxLAN, EVPN, Jumbo MTU. You just need to verify those by using the SHOW command

1. 1.1 Same

I have met a big problem for the vpc peer link (po10) at this point and it wasted me about 40 minutes or so for troubleshooting. If this can’t be fixed, you will be losing points for the part of phantom RP, VPC even the EVPN,etc. I reloaded both N5K1/2 to fix the problem eventually (I believe the SFP in either or both N5Ks have issue)

1. 1.2 same
2. 1.3 same
3. 1.4 same
4. 1.5 same
5. 1.6 same
6. 1.7 same OTV I used clear otv isis adj * to force the converge, it works pretty well

Section 2:

2.1-2.3 same (I didn’t touch ASAv and it’s in routed mode)

enabled L2 flooding in both BDs and changed service graph policy for inside from TRUE to FALES, applied the correct asav vm; adjusted appToDB filters config from IPV4 to IP

Verification: you can go to “DEPLOYED SERVICE GRAPH” and modify the ACL entries to see if new entries can be pushed to the asav or not, and then remove the entries.

1. 2.4 same

DHCP has no naming convention requirement so you can use whatever you want. The dhcp-client can’t get ip even I used command “systemctl restart network.service” and “reboot”. But “show ip dhcp relay” should give you details in leaf-3, so I leave it as is.

1. 2.5 same

OOB does have naming convention, so please follow the ask

1. 2.6 same

SPAN also has NO naming convention, just need to SHOW MONITOR SESSION ALL in leaf-3

Section 3:

1. 3.1 same

I enabled server port auto discovery, over the pre-check, I enabled port1/12 in FI-A as port1/12 in FI-B is enabled

1. 3.2 same

1. 3.3 same, please remove vsan 1 entry if there is any
2. 3.4 same
3. 3.5 same

1. 3.6 same
2. 3.7 same
3. 3.8 same

iSCSI booted smoothly with success for both 10.2.6.1 and 10.2.7.1 and vmware boots up eventually.

Section 4

4.1-2 same

For health score, I did two steps: first to enable ignore acknowledged faults and it give me score 100 but there are several raised faults in every EPG so second I used JingChun’s solution to apply the newly created physicaldomain to DC1 and added port1/33 into both leaf1/2 with policy-group Net1.

4.3-4.5 same

Don’t worry about login, I was thinking we will be mistakenly using other account log in but actually without correct tenant ID, you CAN’T login, so take it easy and just follow the request.

Section 5:

1. 5.1 same

modified subnet mask from /29 to /30, added all four missing loopback for BGP peer, changed OSPF profile,route-control enforcement, updated missing prefixes

1. 5.2 same
2. 5.3 same

I used label because the question is explicitly saying using different filter for different EPG. 5.4-6 same