Free Cisco 300-620 Practice Exam with Questions & Answers | Set: 2

By enabling Global AES Encryption and ensuring secure data inclusion, you can safely back up and restore the Cisco ACI fabric configuration, including the vCenter password.

To integrate a new Hyperflex storage cluster into an existing Cisco ACI fabric and manage it with vCenter, the following steps should be taken:

Create a new vSphere Distributed Switch (vDS): This is done within the vCenter interface. The vDS acts as a single virtual switch across all associated hosts in the data center, providing centralized management and monitoring of the network configuration1.

Configure the vDS for the Hyperflex cluster: This involves setting up the correct port groups, VLANs, and uplink profiles to ensure proper network segmentation and performance2.

Enable hardware discovery using a vendor-neutral protocol: This could involve using protocols like LLDP (Link Layer Discovery Protocol) or CDP (Cisco Discovery Protocol), which are supported by vCenter and can help in identifying and managing physical network devices3.

Integrate the Hyperflex cluster with ACI using the Application Policy Infrastructure Controller (APIC): This involves creating the necessary policies and profiles in ACI to manage the Hyperflex storage traffic effectively4.

References :=

Cisco HyperFlex Systems Installation Guide for VMware ESXi1

Cisco HyperFlex Virtual Server Infrastructure 3.0 with Cisco ACI 3.2 and VMware vSphere 6.52

How to Set Up Networking with vSphere Distributed Switches - VMware Docs3

Tutorial: How to integrate HyperFlex and ACI with VMM (VMware) and UCSM4

The Cisco APIC configuration that prevents a remote network that is not configured on the bridge domain from being learned by the fabric is to enable Limit IP Learning to Subnet2. This setting restricts IP address learning to only those subnets that are defined on the bridge domain2.

To ensure that application EPGs communicate only with their respective database EPGs, the app-to-db contract should be configured with a scope set to the Application Profile. This scope ensures that the contract is applied only within the specific application profile, allowing for granular control over the communication between the application and database tiers. By setting the scope to Application Profile, the contract will not apply to other application profiles, thus preventing unwanted traffic between EPGs of different applications1.

References :=

Cisco ACI Contract Guide White Paper1

To backup the PRODUCTION tenant configuration on the APIC using a markup language and include all secure information, the network engineer must use an export policy that allows for exporting in a markup language format such as XML or JSON and includes secure attributes. In this case, the correct export policy is Option A, which shows an interface with “Export-Tenant-Production” where the format can be selected as ‘xml’ or ‘json’, and there is an option to modify global AES encryption settings, indicating that secure information can be included in the backup.

References :=

Cisco Application Policy Infrastructure Controller (APIC) - Cisco APIC

Cisco Application Centric Infrastructure Best Practices Guide - Cisco ACI Design Guide

The image shows a graphical user interface for an export policy named “Export-Tenant-Production.” The interface provides options to select the format of the backup (either ‘json’ or ‘xml’), whether to start now with options ‘Yes’ or ‘No’, a field for Target DN with ‘/tn-PRODUCTION’ filled in, a scheduler dropdown menu, and a checkbox for modifying global AES encryption settings which is enabled. This image is relevant because it depicts how to configure an export policy on Cisco’s APIC to backup tenant configurations securely.

The purpose of the Overlay Multicast TEP (O-MTEP) in a Cisco ACI Multi-Site deployment is to perform head-end replication for BUM (Broadcast, Unknown unicast, Multicast) traffic. This common anycast address is shared by all the spine nodes in the same site and is used to replicate BUM traffic across the sites4.

To ensure that destination updates from a newly created L3Out are propagated to all Cisco ACI leaf switches, a BGP route reflector policy should be applied. This policy allows the border leaf switches, which act as BGP route reflectors, to redistribute the learned routes to other leaf switches within the fabric1.

 To redistribute externally learned OSPF routes within the ACI fabric, a Route Control Profile must be configured1. This profile allows for the control of route redistribution and the application of route maps to influence routing decisions within the fabric1.