larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide Premium Edition and Practice Test

Premium Edition eBook

  • Your Price: $55.99
  • List Price: $69.99
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson Test Prep practice tests.

    Your purchase will deliver:

    • Link to download the Pearson Test Prep exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    PDF The popular standard, which reproduces the look and layout of the printed page.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    eBook FAQ

    eBook Download Instructions

  • Description
  • Sample Content
  • Updates
  • Copyright 2020
  • Pages: 850
  • Edition: 1st
  • Premium Edition eBook
  • ISBN-10: 0-13-658850-6
  • ISBN-13: 978-0-13-658850-4

The exciting new CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test features. The Premium Edition eBook and Practice Test contains the following items:

  • The CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide Premium Edition Practice Test, including four full practice exams and enhanced practice test features available for use both online and download.
  • PDF and EPUB formats of the CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide from Pearson IT Certification, which are accessible via your PC, tablet, and smartphone
  • More than two hours of personal video mentoring

About the Premium Edition Practice Test


This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package

  • Enables you to focus on individual topic areas or take complete, timed exams
  • Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
  • Provides unique sets of exam-realistic practice questions
  • Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most
  • Includes PDF, EPUB, and MOBI formats, which are accessible via your PC, tablet, and smartphone


Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512 MB RAM; 650 MB disc space plus 50 MB for each downloaded practice exam


About the Premium Edition eBook

Learn, prepare, and practice for CCNP/CCIE Data Center Core DCCOR 350-601 exam success with this Cert Guide from Cisco Press, a leader in IT certification learning.

  • Master CCNP and CCIE Data Center Core DCCOR 350-601 exam topics
  • Assess your knowledge with chapter-ending quizzes
  • Review key concepts with exam preparation tasks
  • Practice with realistic exam questions
  • Learn from more than two hours of video mentoring

CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide is the only self-study resource approved by Cisco. Expert authors Somit Maloo and Firas Ahmed share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.


CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.


The Premium Edition eBook contains access to more than two hours of personal video mentoring from the Pearson IT Certification Complete Video Course. Go to the back pages of your eBook for instructions on how to access the personal video mentoring content. 


Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

This official study guide helps you master all the topics on the CCNP/CCIE Data Center Core DCCOR 350-601 exam, including

  • Network
  • Compute
  • Storage Network
  • Automation
  • Security


Sample Pages

Download the sample pages (includes Chapter 3)

Table of Contents

Introduction xxx

Part I Networking

Chapter 1 Implementing Routing in the Data Center 2

“Do I Know This Already?” Quiz 2

Foundation Topics 5

OSPF 5

    OSPF Link-State Advertisements 6

        OSPF Areas 9

        Designated Routers and Backup Designated Routers 11

    OSPF Authentication 11

    OSPF Configurations and Verifications 12

Border Gateway Protocol 23

    BGP Peering 24

    BGP Path Selection 25

        Step 1: Comparing Pairs of Paths 25

        Step 2: Determining the Order of Comparisons 27

        Step 3: Determining the Best-Path Change Suppression 27

    Multiprotocol BGP 28

    BGP Configurations and Verifications 28

Bidirectional Forwarding Detection 36

    Rapid Detection of Failures 37

    BFD Configurations and Verifications 37

Multicast 41

    Internet Group Management Protocol 41

    Switch IGMP Snooping 44

    Multicast Listener Discovery 44

    Multicast Distribution Trees 45

    Protocol Independent Multicast 48

        PIM Rendezvous Points 52

        PIM Designated Routers/Forwarders 53

    Multicast Forwarding 53

    Multicast Configurations and Verifications 54

Hot Standby Router Protocol 68

Virtual Router Redundancy Protocol 72

    VRRP Operation 72

    VRRP Groups 74

    VRRP Router Priority and Preemption 74

    VRRP Authentication 75

    VRRP Tracking 75

    IPv6 First Hop Redundancy 76

    HSRP/VRRP Configurations and Verifications 77

Exam Preparation Tasks 86

Chapter 2 Implementing Data Center Switching Protocols 90

“Do I Know This Already?” Quiz 90

Foundation Topics 93

Spanning Tree Protocols 93

    STP Topology 93

    STP Port Types 94

    STP Extensions 94

        STP Bridge Assurance 95

        BPDU Guard 96

        BPDU Filter 96

        Loop Guard 96

        Root Guard 97

    Unidirectional Link Detection 97

    Rapid PVST+ 98

        Rapid PVST+ Ports 100

    Spanning Tree Configurations and Verifications 102

Port Channels 117

    Port Channel Load Balance 120

    Virtual Port Channel 121

    vPC Traffic Flows 124

    vPC Dual-Control Plane 125

    vPC Primary and Secondary Roles 126

    vPC Configuration Consistency 127

    vPC Duplicate Frames Prevention Mechanism 128

    vPC HSRP Gateway Considerations 130

    vPC ARP Synchronization 130

    vPC Peer Gateway 130

    Port Channel Configurations and Verifications 131

Exam Preparation Tasks 145

Chapter 3 Implementing Data Center Overlay Protocols 148

“Do I Know This Already?” Quiz 148

Foundation Topics 150

Overlay Transport Virtualization (OTV) 150

    OTV Terminology 150

    OTV Control Plane Function 151

        Multicast-Enabled Transport Infrastructure 151

        Unicast-Only Transport Infrastructure (Adjacency-Server Mode) 152

    OTV Data Plane Function 154

        Unicast Traffic over OTV 154

        Multicast Traffic over OTV 156

        Broadcast Traffic over OTV 156

    Failure Isolation 157

    STP Isolation 157

    Unknown Unicast Handling 157

    ARP Optimization 158

    Broadcast Policy Control 159

    Multihoming OTV 159

    FHRP Isolation 162

    OTV Configurations and Verifications 163

Virtual Extensible LAN (VXLAN) Overview 173

    VXLAN Encapsulation and Packet Format 173

    VXLAN Tunnel Endpoint 174

    Virtual Network Identifier 175

    VXLAN Control Plane 176

        VXLAN Flood and Learn Multicast-Based Control Plane 176

        VXLAN MPBGP EVPN Control Plane 178

    VXLAN Gateways 178

    VXLAN High Availability 179

    VXLAN Tenant Routed Multicast 180

    VXLAN Configurations and Verifications 182

Exam Preparation Tasks 191

Chapter 4 Describe Cisco Application Centric Infrastructure 194

“Do I Know This Already?” Quiz 194

Foundation Topics 196

Cisco Application Centric Infrastructure (ACI) Overview 196

    Cisco Application Policy Infrastructure Controller 198

    Cisco Nexus 9000 Series Spine and Leaf Switches for Cisco ACI 201

Cisco ACI Initial Setup, Fabric Discovery, Access Policy, and VMM Domains 204

    Cisco ACI Initial Setup 204

    Cisco ACI Fabric Discovery 209

    Startup with Cisco ACI Fabric Discovery and Configuration 210

    Fabric Upgrade 212

    ACI Policy Model 212

        Tenants 214

        Virtual Routing and Forwarding Objects 214

        Bridge Domains and Subnets 214

        Endpoint Groups 215

        Application Profiles 215

        Microsegmentation 215

        Attachable Entity Profile 216

    Cisco ACI Fabric Policies 216

    Cisco ACI Virtual Machine Manager Domains 222

        Cisco ACI integration with Microsoft SCVMM 223

        Cisco ACI Integration with VMware vCenter 224

        Integrating VMware Overlays with the Cisco ACI 225

    Cisco ACI Virtual Edge 225

Cisco ACI Fabric: Tenants and Packet Flow 225

    Cisco ACI Tenants 227

        Virtual Routing and Forwarding 228

        Bridge Domain and Subnets 229

        Application Profile 230

        Endpoint Group 231

        Microsegmentations 231

    ACI Contract 231

    Taboo Contracts 233

    vzAny Rule 233

    Filters and Subjects 236

    Management Tenant 237

        In-Band Management Access 237

        Out-of-Band Management Access 238

    ACI VXLAN 239

    ACI Intersubnet Tenant Traffic 241

    Policy Identification and Enforcement 242

    ACI Fabric Traffic Storm Control 243

    ACI Fabric Traffic Load Balance 243

    ACI Fabric Loop Detection 244

    ACI Design Best Practices 245

ACI LAB Configurations Example 245

    Building ACI Fabric 248

    Creating Tenant 251

    Creating Contract and Filter 254

    Deploying a Three-Tier Application 257

    Integrating with vCenter 259

Exam Preparation Tasks 262

Chapter 5 Cisco Cloud Services and Deployment Models 264

“Do I Know This Already?” Quiz 264

Foundation Topics 266

What Is Cloud Computing? 266

Cloud Service Models 269

    Software as a Service 269

    Platform as a Service 270

    Infrastructure as a Service 270

Cloud Deployment Models 272

    Private Cloud 272

    Public Cloud 272

    Hybrid Cloud 273

    Community Cloud 274

Exam Preparation Tasks 274

Chapter 6 Data Center Network Management and Monitoring 276

“Do I Know This Already?” Quiz 276

Foundation Topics 278

Cisco Nexus NX-OS Software Installation, Updates, and Their Impacts 278

    PowerOn Auto Provisioning (POAP) 283

    Data Center Infrastructure Software Lifecycle Management 287

    Nexus Software Maintenance Upgrade 287

    Programmable Logical Devices Upgrade 289

    Graceful Insertion and Removal 291

    Nexus Nondisruptive In-Service Software Upgrade 295

    Nexus Disruptive and Nondisruptive Upgrade/Downgrade Procedure 299

Nexus Configuration Management 303

    NX-OS Configuration Save and Backup 303

    Nexus Config Rollback and Checkpoint 303

Network Infrastructure Monitoring 306

    NX-OS System Message Logging 306

    Network Time Management 307

    Network Time Protocol 307

    Precision Time Protocol 313

    NX-OS Simple Network Management Protocol 317

    Nexus Smart Call Home 324

    Nexus NetFlow 325

    Switched Port Analyzer 330

Streaming Telemetry 337

Network Assurance Concept 341

Exam Preparation Tasks 344

Part II Storage

Chapter 7 Implement Fibre Channel 346

“Do I Know This Already?” Quiz 346

Foundation Topics 349

Fibre Channel Basics 349

    Fibre Channel Topologies 350

    Fibre Channel Port Types 353

        E Port 353

        F Port 354

        NP Ports 354

        TE Port 354

        TF Port 354

        TNP Port 354

        Fx Port 354

        Auto Mode 354

    Fibre Channel Addressing 355

    Flow Control 356

    Switched Fabric Initialization 358

        Principal Switch Selection 358

        Domain ID Distribution 360

        FCID Allocation 362

        Fabric Reconfiguration 362

    Device Registration: FLOGI, PLOGI, PRLI 362

    FLOGI and FCNS Databases 363

CFS 364

    CFS Features 365

    CFS Fabric Lock 366

    CFSoIP and CFSoFC 367

    CFS Merge 368

    CFS Regions 369

VSAN 370

    VSAN Features 370

    VSAN Attributes 372

    VSAN Advantages 373

    Dynamic Port VSAN Membership (DPVM) 373

    VSAN Trunking 374

SAN Port Channels 381

    Types of SAN Port Channels 381

    Port Channel Load Balancing 383

    Port Channel Modes 384

Zoning 389

    Zoning Features 389

    Zone Enforcement 391

    Full and Active Zone Set 392

    Autozone 395

    Zone Merge 395

    Smart Zoning 396

    Enhanced Zoning 397

Device Alias 403

    Device Alias Features 403

    Device Alias Modes 404

    Device Alias Distribution 405

    Zone Aliases (FC Aliases) Versus Device Aliases 406

NPIV and NPV 409

Exam Preparation Tasks 416

Chapter 8 Implement FCoE Unified Fabric 418

“Do I Know This Already?” Quiz 418

Foundation Topics 420

FCoE Overview 420

    Ethernet Enhancements 422

        Priority-Based Flow Control (PFC) 422

        Enhanced Transmission Selection (ETS) 423

        Data Center Bridging Exchange (DCBX) 424

    FCoE Frame Format 426

    Virtual Fibre Channel (VFC) 428

    FCoE Elements and Port Types 429

    FCoE Addressing and Forwarding 431

    FCoE Initialization Protocol (FIP) 432

    Benefits of FCoE 435

FCoE Topology Options 435

    FCoE Single-Hop Topology 435

        FCoE Direct-Attached Topology 436

        FCoE FEX Topology 437

        FCoE Remote-Attached Topology 438

    FCoE Multi-Hop Topology 438

FCoE Implementations 439

    FCoE Configuration on Cisco Nexus 7000 Series Switches 440

        Miscellaneous FCoE Configuration 441

    FCoE Configuration on Cisco Nexus 5000 Series Switches 442

    FCoE over FEX 444

    FCoE NPV 445

    FCoE Verification 448

Exam Preparation Tasks 457

Chapter 9 Describe NFS and NAS Concepts 460

“Do I Know This Already?” Quiz 460

Foundation Topics 461

Describe NFS Concepts 461

Describe NAS Concepts 463

    NAS Benefits 465

    Cisco NSS3000 Series Network Storage System 465

Exam Preparation Tasks 467

Chapter 10 Describe Software Management and Infrastructure Monitoring 470

“Do I Know This Already?” Quiz 470

Foundation Topics 472

Cisco MDS NX-OS Setup Utility 472

Cisco MDS NX-OS Software Upgrade and Downgrade 480

    Nondisruptive Upgrade on a Cisco MDS Fabric Switch 482

    Disruptive Upgrade on a Cisco MDS Fabric Switch 487

    Nondisruptive Downgrade on a Cisco MDS Fabric Switch 490

    Disruptive Downgrade on a Cisco MDS Fabric Switch 495

    EPLD Upgrade on Cisco MDS 9000 Series Switches 498

Infrastructure Monitoring 503

    System Messages 503

    Call Home 504

    Embedded Event Manager 505

    RMON 505

    SPAN 505

        SPAN Configuration Example 508

        Remote SPAN 509

Exam Preparation Tasks 511

Part III Compute

Chapter 11 Cisco Unified Computing Systems Overview 514

“Do I Know This Already?” Quiz 514

Foundation Topics 516

Cisco UCS Architecture 516

    Cisco UCS Components and Connectivity 518

    Cisco UCS 5108 Blade Server Chassis 520

    UCS Blade Servers 520

    Cisco UCS Rack Servers 521

    Cisco UCS Storage Servers 521

    Cisco UCS Mini 523

    Cisco UCS Fabric Infrastructure 524

    Cisco UCS 6454 Fabric Interconnect 524

    Cisco UCS 6300 Series Fabric Interconnects 526

    Fabric Interconnect and Fabric Extender Connectivity 527

    Cisco UCS Virtualization Infrastructure 533

Cisco UCS Initial Setup and Management 536

    Fabric Interconnect Connectivity and Configurations 544

        Uplink Connectivity 546

        Downlink Connectivity 546

    Fabric Interconnect Port Modes 547

    Fabric Failover for Ethernet: High-Availability vNIC 549

    Ethernet Switching Mode 550

    UCS Device Discovery 556

    Chassis /FEX Discovery 556

    Rack Server Discovery Policy 557

    Initial Server Setup for Standalone UCS C-Series 557

Network Management 563

    UCS Virtual LAN 563

        Named VLANs 566

        Private VLANs 570

    UCS Identity Pools 571

        Universally Unique Identifier Suffix Pools 572

        MAC Pools 573

        IP Pools 574

        Server Pools 576

    Service Profiles 577

    UCS Server Policies 580

    UCS Service Profile Templates 583

    Quality of Service 589

        QoS System Classes 589

        QoS System Classes Configurations 590

        Configuring Quality of Service Policies 591

UCS Storage 592

    UCS SAN Connectivity 592

    UCS SAN Configuration 596

    Virtual Storage-Area Networks 597

        Named VSANs Configurations 597

        Zones and Zone Sets 599

    World Wide Name Pool 603

    SAN Connectivity Policies 605

Exam Preparation Tasks 606

Chapter 12 Cisco Unified Computing Infrastructure Monitoring 610

“Do I Know This Already?” Quiz 610

Foundation Topics 612

Cisco UCS System Monitoring 612

    Data Management Engine 612

    Application Gateway 613

    Northbound Interfaces 614

    Cisco UCS Monitoring Events and Logs 614

    Cisco UCS Monitoring Policies 616

        Cisco UCS Simple Network Management Protocol 618

        Cisco UCS Call Home and Smart Call Home 619

        Cisco UCS Manager Database Health and Hardware Monitoring 620

        Cisco UCS NetFlow Monitoring 620

    Traffic Monitoring 622

        Traffic Monitoring Across Ethernet 623

        Traffic Monitoring Across Fibre Channel 624

Cisco Intersight 629

    Intersight Management as a Service 630

    Intersight as a Telemetry Data Collection 632

    Cisco Intersight Supported Software 632

    Cisco Intersight Licensing 632

Exam Preparation Tasks 637

Chapter 13 Cisco Unified Compute Software and Configuration Management 640

“Do I Know This Already?” Quiz 640

Foundation Topics 642

Cisco UCS Configuration Management 642

    Creating and Running a Backup Operation 643

    Backup Policies 648

    Backup Policy Configuration 648

    Import Backups 650

    Enable the Import Operation 651

    System Restore 652

    Restoring the Configuration for a Fabric Interconnect 653

UCS Firmware and Software Updates 654

    Firmware Version Terminology 661

    Firmware Upgrades Through Auto Install 662

    Direct Upgrade After Auto Install Procedure 666

    Install Infrastructure Firmware Procedure 670

    Upgrading the Server Firmware with Auto Install 673

    Standalone Cisco UCS C-Series Server Firmware Upgrade Using the Host Upgrade Utility (HUU) 675

    Downloading and Preparing the ISO for an Upgrade 676

Exam Preparation Tasks 682

Chapter 14 Cisco HyperFlex Overview 684

“Do I Know This Already?” Quiz 684

Foundation Topics 686

Cisco HyperFlex Solution and Benefits 686

    HyperFlex Benefits 689

        Intelligent End-to-End Automation 690

        Unified Management for All Workloads 691

        Independent Resource Scaling 692

        Superior Virtual Machine Density with Lower and Consistent Latency 693

HyperFlex as an Edge, Hybrid, and All-Flash Nodes 694

    HyperFlex as an Edge Device 694

    HyperFlex Hyperconverged Multicloud Platform (Hybrid or All-Flash) 696

    HyperFlex All NVMe 697

    Cisco HyperFlex Data Platform 698

        HX Storage Cluster Physical Components 699

        HX Data Platform High Availability 700

        HX Data Platform Cluster Tolerated Failures 701

        HX Data Platform Ready Clones 701

        HX Data Platform Native Snapshots 701

        HX Cluster Interfaces 702

        HX Self-Encrypting Drives 702

        Configuring a Local Encryption Key 703

        Managing HX Disks in the Cluster 703

        Managing HX Datastores 706

        Expand Cisco HX System Clusters 707

        Enabling HX Logical Availability Zones 708

Exam Preparation Tasks 710

Part IV Automation

Chapter 15 Automation and Scripting Tools 712

“Do I Know This Already?” Quiz 712

Foundation Topics 715

EEM Overview 715

    Policies 715

    Event Statements 716

    Action Statements 716

    Configuring EEM 717

    Verifying the EEM Configuration 718

Scheduler 718

    Configuring Scheduler 719

    Verifying Scheduler Configuration 721

Bash Shell for Cisco NX-OS 722

    Managing Feature RPMs 724

    Managing Patch RPMs 724

Guest Shell for Cisco NX-OS 725

    Accessing the Guest Shell 725

    Resources Used for the Guest Shell 726

    Capabilities in the Guest Shell 726

    Managing the Guest Shell 728

XML 730

    Example 731

    XML Syntax 732

JSON 733

Rest API 734

    Authentication 735

    Response 736

    NX-API 737

    NX-API Request and Response Elements 739

    NX-API Developer Sandbox 741

Exam Preparation Tasks 742

Chapter 16 Evaluate Automation and Orchestration Technologies 744

“Do I Know This Already?” Quiz 745

Foundation Topics 747

Ansible 747

    Ansible Components 748

    Important Ansible Concepts 749

    Ansible CLI Tools 750

    Cisco NX-OS and Ansible Example 750

Puppet 751

    Puppet Workflow 752

    Puppet and NX-OS Environment Integration 753

    Puppet Master Installation 754

    Puppet Agent Installation 754

    Resource Types 756

    Sample Manifest: OSPF 756

    Puppet and Cisco UCS Manager Integration 757

Python 758

    Python Package for Cisco 758

    Using the CLI Command APIs 760

    Python in Interactive Mode 761

    Python in Noninteractive Mode 762

    UCS Manager Python SDK 764

    Convert to UCS Python 766

PowerOn Auto Provisioning (POAP) 767

    Limitations of POAP 767

    Network Requirements for POAP 767

    POAP Configuration Script 768

    POAP Process 768

        Power-Up Phase 770

        USB Discovery Phase 770

        DHCP Discovery Phase 770

        Script Execution Phase 772

        Post-Installation Reload Phase 772

    Configuring a Switch Using POAP 772

Cisco DCNM 772

    Feature Details and Benefits 774

    Cisco DCNM Web User Interface 779

Cisco UCS Director 782

    Automation and Orchestration with Cisco UCS Director 783

    Features and Benefits 784

    Cisco UCS Director System Setup 785

PowerShell 787

    Installing the Cisco UCS Director PowerShell Agent 787

    Executing PowerShell Agent Commands 788

Exam Preparation Tasks 789

Part V Security

Chapter 17 Network Security 792

“Do I Know This Already?” Quiz 792

Foundation Topics 794

Authentication, Authorization, and Accounting 794

    AAA Service Configuration Options 796

    Authentication and Authorization User Login Process 797

    AAA NX-OS Configurations 798

Role-Based Access Control 801

    NX-OS User Roles and Rules 803

    NX-OS RBAC Configurations 805

Nexus First-Hop Security 809

    Nexus Dynamic ARP Inspection 810

    NX-OS DAI Configurations 813

    NX-OS DHCP Snooping 821

        DHCP Snooping Trusted and Untrusted Sources 821

        DHCP Snooping Packet Validation 822

        DHCP Snooping Option 82 Data Insertion 823

        NX-OS DHCP Snooping Configuration 823

    Port Security 826

    Nexus Port Secure MAC Address Maximum and Dynamic

    Address Aging 827

    Port Security Violations and Actions 828

    Nexus Port Types and Port Security 829

    NX-OS Port Security Configuration 829

Nexus Control Plane Policing 831

    Control Plane Packet 833

    Classification for CoPP 834

        Rate-Controlling Mechanisms 834

        Modular QoS Command-Line Interface 836

    NX-OS CoPP Configuration 838

Cisco ACI Contracts 845

    Cisco ACI Contract Configuration Parameters 847

    Create, Modify, or Remove Regular Contracts 848

    Apply or Remove VRF Contracts 850

    Inter-Tenant Contracts 851

    Inter-Private Network Contracts Communication 852

    Single Contract Bidirectional Reverse Filter 853

    Single Contract Unidirectional with Multiple Filters 853

    Multiple Contracts Unidirectional Single Filter 854

ACI Microsegmentation 854

    Example: ACI Microsegmentation with VMs from a Single Application EPG 856

    Example: ACI Microsegmentation with VMs in Different Application EPGs 857

    ACI Microsegmentation Configurations 858

Exam Preparation Tasks 862

Chapter 18 Compute Security 864

“Do I Know This Already?” Quiz 864

Foundation Topics 865

Securing UCS Management Using Authentication, Authorization, and

    Accounting 865

    User RADIUS and TACACS+ Attributes 866

    Two-Factor Authentication 869

    UCS Web Session Refresh and Session Timeout Period 869

    UCS LDAP Providers and Groups 869

        LDAP Group Mapping 875

    RADIUS and TACACS+ Authentication Configurations 878

    UCS Remote Users Role Policy 882

    Multiple Authentication Services Configuration 884

Keychains Authentication 884

    NX-OS Keychain Configurations 885

    Key Selection 888

Exam Preparation Tasks 889

Chapter 19 Storage Security 892

“Do I Know This Already?” Quiz 892

Foundation Topics 894

Authentication, Authorization, and Accounting 894

    Authentication 895

    Authorization 895

    Accounting 896

    Server Groups 896

    AAA Service Configuration Options 896

    AAA Server Monitoring 896

    Remote AAA Services 897

        RADIUS 898

        TACACS+ 900

        LDAP 903

    Local AAA Services 907

    AAA Authentication and Authorization Process 908

    AAA Server Distribution 909

    Merging RADIUS and TACACS+ Configurations 910

User Accounts and RBAC 910

    User Roles 911

    Rules 911

    User Role Policies 913

    RBAC Sample Configuration 914

Port Security 915

    Port Security Configuration 917

        Method 1: Manual Database Configuration 917

        Method 2: Auto-Learning Without CFS Distribution 918

        Method 3: Auto-Learning with CFS Distribution 919

    Verification of Port Security 920

Fabric Binding 922

    Fabric Binding Configuration 922

    Port Security Versus Fabric Binding 924

Exam Preparation Tasks 925

Chapter 20 Final Preparation 928

Getting Ready 928

Tools for Final Preparation 929

    Pearson Test Prep Practice Test Software and Questions on the Website 929

        Accessing the Pearson Test Prep Software Online 929

        Accessing the Pearson Test Prep Software Offline 929

    Customizing Your Exams 930

    Updating Your Exams 931

        Premium Edition 931

    Chapter-Ending Review Tools 932

Learn the Question Types Using the Cisco Certification Exam Tutorial 932

Suggested Plan for Final Review/Study 936

Summary 936

Appendix A Answers to the “Do I Know This Already?” Quizzes 938

Appendix B CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide Exam Updates 952

Glossary 954

Online Elements

Glossary

Appendix C Memory Tables

Appendix D Memory Tables Answer Key

Appendix E Study Planner

9780136449621    TOC    1/30/2019

Errata

We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.

Download the errata (12 MB .doc)

Submit Errata

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020