Use VCE Exam Simulator to open VCE files
300-615 Cisco Practice Test Questions and Exam Dumps
Question No 1:
A vPC Type-1 inconsistency between two vPC peers in a VXLAN EVPN setup is discovered. Which two actions need to be attempted to resolve the issue? (Choose two.)
A. Configure the NVE interfaces to be Up on both switches.
B. Set a different distributed gateway virtual MAC address.
C. Set a different secondary IP addresses on NVE source-interface.
D. Configure the same VNI to multicast group mapping.
E. Set a different primary IP addresses on NVE source-interface.
Correct answer: A, D
Explanation:
A vPC Type-1 inconsistency typically arises from misconfigurations between the vPC peers that affect VXLAN EVPN functionality. To address such inconsistencies, the following actions are essential:
A. Configure the NVE interfaces to be Up on both switches: The NVE (Network Virtualization Edge) interfaces on both vPC peers need to be administratively up to ensure proper VXLAN encapsulation and data plane communication. If these interfaces are not up, it can lead to a vPC Type-1 inconsistency because the VXLAN EVPN control plane and data plane may not function properly.
D. Configure the same VNI to multicast group mapping: VXLAN relies on multicast for the distribution of broadcast, unknown unicast, and multicast traffic in the overlay network. Ensuring that the same VNI (VXLAN Network Identifier) is mapped to the correct multicast group on both vPC peers is critical for consistency. A mismatch in VNI to multicast group mappings can result in traffic issues and vPC inconsistencies.
The other options are less likely to resolve the issue:
B. Set a different distributed gateway virtual MAC address: Changing the virtual MAC address could disrupt the network functionality if the virtual gateway is not properly synchronized, leading to further inconsistencies.
C. Set a different secondary IP address on NVE source-interface: Secondary IP addresses are typically used for routing purposes, and mismatches here may impact routing but not directly resolve a vPC Type-1 inconsistency.
E. Set a different primary IP address on NVE source-interface: Similar to secondary IP addresses, this could affect routing, but it’s not a direct action to fix a vPC Type-1 inconsistency related to VXLAN EVPN.
By addressing options A and D, the configuration and connectivity between the vPC peers will be aligned, helping resolve the Type-1 inconsistency.
Question No 2:
A mission-critical server is connected to site A. Connectivity to this server is lost from site B because the MAC route is missing in the OTV VDC of the Cisco Nexus 7000 in site B due to MAC aging.
Which action allows the flooding of the unknown unicast MAC on the Nexus 7000 in the OTV VDC?
A. Use route map to statically advertise this MAC and redistribute with IS-IS.
B. Unknown unicast flooding is not allowed.
C. Use the otv flood mac <> command to selectively flood traffic for a given MAC.
D. Use the otv isis bfd <> command to configure BFD protocol.
Correct answer: C
Explanation:
In an Overlay Transport Virtualization (OTV) deployment on a Cisco Nexus 7000, unknown unicast traffic is typically flooded within the OTV network when the destination MAC address is not known to the local routing table. This flooding is used to ensure that traffic can still reach the destination even if the MAC address route has been aged out or is otherwise missing.
The command "otv flood mac <MAC address>" allows the administrator to explicitly enable the flooding of unknown unicast traffic for a given MAC address. This ensures that if the MAC address has aged out or is missing from the MAC table in the OTV Virtual Device Context (VDC) on site B, the traffic will still be flooded across the OTV overlay to ensure it reaches the destination server. This command is used to temporarily restore connectivity by enabling unicast flooding for the specified MAC address, which is particularly useful in situations where a MAC address is not present due to aging or other issues.
Let's review the other options:
Option A suggests using a route map to statically advertise the MAC via IS-IS. While this approach could potentially help in some situations for advertising MAC addresses in the routing protocol, it is not directly related to unicast flooding in OTV. IS-IS and route maps are not the typical tools for handling MAC address flooding within the OTV context.
Option B states that unknown unicast flooding is not allowed. This is incorrect because OTV does support unicast flooding, and in fact, it is a standard behavior when a MAC address is not known in the local MAC table. The flooding mechanism is there to allow traffic to still be delivered across the overlay network.
Option D suggests using the "otv isis bfd" command to configure BFD (Bidirectional Forwarding Detection). While BFD can be used to quickly detect faults in the network, it does not address the issue of MAC address flooding. BFD is used primarily for detecting link failures, not for controlling MAC address behavior or flooding in OTV.
Thus, the correct action to allow flooding of the unknown unicast MAC is to use the "otv flood mac <MAC address>" command, making C the correct answer.
Question No 3:
Refer to the exhibit. After a failover occurs, which two actions must be performed on Switch-B to manually preempt the operational primary role back to Switch-A? (Choose two.)
A. Configure the local vPC role priority to have a lower value than Switch-A.
B. Configure the local vPC role priority to have a higher value than Switch-A.
C. Disable and then re-enable the vPC peer-keepalive link.
D. Configure the local vPC role priority to have the same value as Switch-A.
E. Disable and then re-enable the vPC peer link.
Correct answer: A, E
Explanation:
In a vPC (Virtual Port Channel) setup, the primary role is typically determined by the vPC role priority and the vPC peer link status. If a failover occurs, and you want to manually preempt the operational primary role back to Switch-A, there are specific actions that need to be taken:
Option A: Configure the local vPC role priority to have a lower value than Switch-A.
This is the correct action because the vPC primary role is determined by the lowest priority value. In a vPC setup, the switch with the lowest priority value will take the primary role. Therefore, if Switch-B's priority is higher than Switch-A's, you can manually preempt the role back to Switch-A by lowering Switch-B's priority value to ensure that Switch-A has the lower priority and is reinstated as the primary role holder.Option E: Disable and then re-enable the vPC peer link.
This action can help force a reevaluation of the roles and trigger the failover process again, allowing you to manually preempt the operational primary role. When the vPC peer link is disabled and re-enabled, it can trigger a change in the vPC role assignment and allow the primary role to return to Switch-A.
The other options are less effective or incorrect in the context of manually preempting the role:
Option B: Configure the local vPC role priority to have a higher value than Switch-A.
This would make Switch-B the primary, as a higher priority value would give Switch-B the operational primary role. This is the opposite of what is needed to preempt the primary role back to Switch-A.Option C: Disable and then re-enable the vPC peer-keepalive link.
The vPC peer-keepalive link is used to monitor the connection between the two switches. Disabling and re-enabling this link would not directly impact the operational primary role; it is more related to maintaining the health check between the switches, not role assignment.Option D: Configure the local vPC role priority to have the same value as Switch-A.
If the vPC role priority is set the same on both switches, neither switch will have a definitive advantage in terms of primary role assignment. This might lead to unexpected behavior or no change in the primary role assignment, so it's not the correct approach for preempting the role back to Switch-A.
In conclusion, the correct actions are A (lowering the priority of Switch-B) and E (re-enabling the vPC peer link), which will ensure Switch-A is preemptively restored as the primary switch in the vPC configuration.
Question No 4:
Refer to the exhibit. An OSPF adjacency between Router-A and Router-B fails to reach the FULL state. Which action resolves the issue?
A. Adjust the MTU on Router-A to 1600.
B. Disable the check of the MTU value.
C. Set the OSPF media type to point-to-point.
D. Adjust the MTU on Router-B to 1604.
Correct answer: D
Explanation:
In OSPF, one of the conditions for establishing a successful adjacency is that the MTU (Maximum Transmission Unit) values on both routers must match. If there is an MTU mismatch, OSPF will not form a full adjacency, and the state will remain stuck in 2-way or other intermediary states. Based on the exhibit, if the MTU values on Router-A and Router-B are not matching, the adjacency will not reach the FULL state.
D. Adjust the MTU on Router-B to 1604: If the MTU on Router-A is set to 1604 and Router-B has a different MTU (perhaps a lower value), OSPF will fail to establish a full adjacency. Adjusting the MTU on Router-B to match Router-A’s MTU of 1604 will resolve the issue and allow the adjacency to reach the FULL state.
Let’s review the other options:
A. Adjust the MTU on Router-A to 1600: This option suggests adjusting the MTU on Router-A to 1600, which would not match Router-B's MTU of 1604. This adjustment would not resolve the issue since both routers must have the same MTU value.
B. Disable the check of the MTU value: This is not a valid solution because OSPF strictly checks for MTU consistency when establishing adjacencies. Disabling MTU checks is not an option in OSPF and would compromise the integrity of the OSPF adjacency process.
C. Set the OSPF media type to point-to-point: Changing the OSPF media type to point-to-point could be useful in some scenarios, but the main issue here is the MTU mismatch. This change would not resolve the underlying MTU mismatch that is preventing the full adjacency.
Thus, D is the correct action to resolve the OSPF adjacency issue.
Question No 5:
The Cisco Nexus switch is connected to a peer switch that is not running Cisco NX-OS. The switches are connected using port channel and are experiencing packet loss.
Which action should be performed on the Cisco Nexus switch ports to resolve this issue?
A. Turn on lacp suspend-individual.
B. Turn on lacp graceful-convergence.
C. Turn off lacp graceful-convergence.
D. Turn off lacp suspend-individual.
Answer: D
Explanation:
When using Link Aggregation Control Protocol (LACP) on a port channel, the lacp suspend-individual option is used to prevent individual links from being suspended in certain failure conditions. This is useful in situations where the peer switch is non-Cisco or does not fully support LACP. However, this can cause issues when one link in the port channel fails, as it will prevent the link from being automatically re-enabled even if the failure is temporary.
The correct action in this case is to turn off lacp suspend-individual. This ensures that the LACP protocol operates correctly with the peer switch, even when it is not running Cisco NX-OS. Disabling this option allows the switch to re-enable individual links in the port channel that might have been erroneously suspended, thus resolving the packet loss issue.
Option A is incorrect because lacp suspend-individual is used to suspend individual links, which is not needed in this situation. Disabling it allows the port channel to be more resilient.
Option B is incorrect because lacp graceful-convergence is a feature designed to enable smoother transitions during port-channel link changes, but it does not address the core issue of a non-Cisco peer switch causing packet loss in the port channel.
Option C is also incorrect because lacp graceful-convergence is typically used in specific scenarios to ensure more graceful transitions of the port channel’s state. While it could be beneficial in certain environments, turning it off does not directly resolve the packet loss caused by the peer switch mismatch.
Thus, the correct answer is D, to turn off lacp suspend-individual.
Question No 6:
Refer to the exhibit. The HSRP configuration in the exhibit fails to function. Which action resolves this issue?
A. Enable IP redirects.
B. Set the MTU to 1500 bytes.
C. Configure HSRP version 2.
D. Configure the same HSRP group on both devices.
Correct answer: D
Explanation:
HSRP (Hot Standby Router Protocol) is a redundancy protocol that ensures network availability in the case of a router failure. For HSRP to function properly, both routers in the HSRP configuration must be part of the same group to provide the virtual IP and ensure correct failover behavior. If the HSRP group is not configured consistently across all participating routers, the protocol will fail to function as expected.
A. Enable IP redirects is incorrect. Enabling IP redirects is not typically necessary for resolving HSRP configuration issues. IP redirects are used to inform hosts about a better route after the initial packet is forwarded. It doesn’t directly address issues related to HSRP group misconfiguration.
B. Set the MTU to 1500 bytes is incorrect. The MTU (Maximum Transmission Unit) setting is related to packet size, but it doesn’t impact the HSRP configuration unless there are specific issues related to packet fragmentation or jumbo frames, which is not the case here. Changing the MTU would not resolve an HSRP group mismatch issue.
C. Configure HSRP version 2 is incorrect. While HSRP version 2 does offer enhancements like support for IPv6, it doesn’t directly resolve an issue where the HSRP groups are mismatched. If the devices were already using HSRP version 2 and were mismatched in terms of group configuration, switching versions would not fix the fundamental issue of misconfiguration.
D. Configure the same HSRP group on both devices is the correct answer. For HSRP to function correctly, both routers participating in the HSRP configuration must be part of the same HSRP group. If the HSRP group numbers do not match between the devices, the failover and virtual IP addressing will not work, resulting in HSRP failure. Ensuring both devices are configured with the same HSRP group will resolve this issue.
In conclusion, to fix the HSRP configuration failure, the routers need to be in the same HSRP group, ensuring proper communication and failover functionality.
Question No 7:
Refer to the exhibit. The HSRP instance on both switches is showing as active. Which action resolves the issue?
A. Configure the HSRP timers to be the same.
B. Allow VLAN 100 between the switches.
C. Configure the IP address of N9K-B on the same subnet as N9K-A.
D. Configure preempt on only one of the switches.
The correct answer is D.
Explanation:
In HSRP (Hot Standby Router Protocol), there is typically only one active router for a given virtual IP address. If both switches show as active in the HSRP instance, it indicates a misconfiguration that leads to an improper election of the active router. The most effective way to resolve this is to configure preempt on only one of the switches.
A is not the best solution because while configuring HSRP timers can impact failover behavior, it doesn't directly address the issue of both switches being active.
B is unrelated to the problem. Allowing VLAN 100 between the switches is necessary for HSRP communication but does not resolve the issue of both switches being active in the same HSRP instance.
C is not a viable solution. HSRP should work fine with IP addresses on different subnets if they are part of the same routing domain, and the issue at hand is more related to HSRP configuration than subnet alignment.
D is the correct action. Configuring preempt ensures that the switch with the highest priority or the one that is configured to preempt the active state will take over as the active router, resolving the conflict.
Thus, the correct answer is D.
Question No 8:
Which two requirements about switch connectivity must be verified to solve a fabric discovery failure?
A. A Cisco APIC must be attached to a spine node only.
B. A Cisco APIC must be attached to leaf nodes.
C. Spine nodes must connect to other spine nodes.
D. A Cisco APIC must be dual-attached to two separate spine nodes.
E. Leaf nodes must connect to spine nodes only.
Answer: D, E
Explanation:
In a Cisco ACI (Application Centric Infrastructure) environment, fabric discovery is a critical process that ensures the correct configuration and connectivity between the different network elements such as APICs (Application Policy Infrastructure Controllers), spine nodes, and leaf nodes. There are specific connectivity requirements that must be met to ensure a successful fabric discovery.
D. A Cisco APIC must be dual-attached to two separate spine nodes: This is a key requirement in ACI to ensure high availability and redundancy in the fabric. The APIC needs to be connected to two separate spine nodes to ensure fault tolerance in case one of the connections fails. If the APIC is only connected to a single spine node, the fabric may experience connectivity issues if that spine node goes down, leading to a failure in fabric discovery.
E. Leaf nodes must connect to spine nodes only: In ACI, the leaf nodes are designed to connect to the spine nodes, which act as the core of the fabric. Leaf nodes should not directly connect to other leaf nodes. This topology ensures that traffic follows the spine-leaf model, which provides scalability and efficiency in routing within the fabric. If leaf nodes are improperly connected to each other, fabric discovery may fail, as the switches will not be able to properly establish the correct path for traffic.
Now, let’s discuss the other options:
A. A Cisco APIC must be attached to a spine node only: This statement is incorrect because the APIC must be dual-attached to two spine nodes for redundancy, as mentioned in D. An APIC attached to only one spine node would not meet the high availability requirements of the ACI fabric.
B. A Cisco APIC must be attached to leaf nodes: This is incorrect. The APIC is not directly attached to the leaf nodes; it connects to the spine nodes in the ACI fabric. Leaf nodes are only connected to spine nodes, not directly to the APIC.
C. Spine nodes must connect to other spine nodes: While it is true that spine nodes interconnect to form a resilient and scalable fabric, this is not the key requirement for fabric discovery. The fabric discovery failure issue is more likely to be related to how the APIC connects to the spine nodes and how the leaf nodes connect to the spine nodes.
In conclusion, the correct requirements for solving fabric discovery failure are D (dual attachment of the APIC to separate spine nodes) and E (leaf nodes connecting only to spine nodes). These ensure the necessary redundancy and proper network topology for a successful fabric discovery in a Cisco ACI environment.
Question No 9:
Refer to the exhibit. A network engineer connects the Cisco Nexus switch management port to the Internet using DHCP to allow the Guest shell that runs on the switch to download Python packages. The engineer can ping google.com from the Cisco Nexus switch, but the Guest shell fails to download Python packages.
Which action resolves the problem?
A. Update the Python packages directly on the Cisco Nexus switch.
B. Manually configure DNS in the Guest shell, even if it is claimed on the Cisco Nexus switch through DHCP.
C. Manually configure NTP in the Guest shell.
D. Connect Guest shell to data plane interfaces to be able to connect to the networks outside of the Cisco Nexus switch.
Correct answer: B
Explanation:
The scenario describes a situation where the engineer can ping external addresses (like google.com) from the Cisco Nexus switch, indicating that the switch itself has network connectivity. However, the Guest shell running on the switch is unable to download Python packages, which is likely a DNS resolution issue within the Guest shell. This can occur even if the Cisco Nexus switch itself is able to resolve domain names, because the Guest shell may have its own network configuration that does not automatically inherit settings like DNS from the host switch.
A. Update the Python packages directly on the Cisco Nexus switch: This option is not related to the issue of the Guest shell being unable to download Python packages. The problem seems to be related to DNS resolution, not the availability of the Python packages themselves.
B. Manually configure DNS in the Guest shell, even if it is claimed on the Cisco Nexus switch through DHCP: This is the most likely solution. The Guest shell may not be using the DNS settings configured on the Cisco Nexus switch. Even though the switch can resolve domain names via DHCP (such as through a management interface), the Guest shell might require explicit DNS configuration to resolve external domains for downloading Python packages. By manually configuring the DNS settings inside the Guest shell, the engineer can enable the shell to properly resolve domain names and download the required packages.
C. Manually configure NTP in the Guest shell: NTP (Network Time Protocol) configuration typically relates to synchronizing the system time and would not directly impact DNS resolution or the ability to download Python packages. This option is not related to the issue at hand.
D. Connect Guest shell to data plane interfaces to be able to connect to the networks outside of the Cisco Nexus switch: This option is unnecessary because the switch can already reach external addresses (evidenced by the ability to ping google.com from the switch). The issue is likely related to DNS resolution in the Guest shell, not network connectivity.
Therefore, the correct answer is B because it addresses the DNS configuration issue within the Guest shell.
Question No 10:
Refer to the exhibit. The vPC between switch1 and switch2 does not work. Which two actions resolve the problem? (Choose two.)
A. Match the vPC domain ID between the two devices.
B. Configure the IP address on the interface.
C. Activate VLANs on the vPC.
D. Correct the configuration of the vPC peer link and the vPC peer keepalive.
E. Configure one of the switches as primary for the vPC.
Correct answer: A,D
Explanation:
In a vPC (Virtual Port Channel) configuration, two Nexus switches can present themselves as a single logical switch to downstream devices. A vPC allows for redundancy and load balancing while ensuring that traffic can flow without loops. However, if the vPC isn't working, several factors need to be verified. Let’s analyze the options:
A. Match the vPC domain ID between the two devices: The vPC domain ID must match between both switches in the pair. This domain ID identifies the vPC configuration on each device. If the domain IDs don't match, the vPC cannot function properly. This is a critical configuration that ensures both switches recognize themselves as part of the same vPC domain. Therefore, this action is essential to resolve the issue.
B. Configure the IP address on the interface: The IP address configuration is typically not required on the vPC interfaces themselves. The vPC peer-link and peer-keepalive do not rely on IP addressing on the data plane interfaces (the interfaces carrying traffic), so this action would not directly resolve the problem.
C. Activate VLANs on the vPC: While activating the required VLANs is important for proper data plane operation, it is not typically the root cause of a vPC link failure unless the VLANs have not been explicitly allowed on the vPC peer link. However, this is not the primary action to resolve the vPC failure indicated by the question.
D. Correct the configuration of the vPC peer link and the vPC peer keepalive: The vPC peer link and peer keepalive mechanism are critical for maintaining synchronization between the two switches. If either of these configurations is incorrect, it can lead to the failure of the vPC. Correcting the configuration of these links will directly address the issue of vPC not working.
E. Configure one of the switches as primary for the vPC: The primary and secondary roles in a vPC are typically associated with vPC virtual port channel (vPC) role designation for consistency in certain configurations, but it is not usually necessary to explicitly configure a "primary" switch unless dealing with specific failover scenarios. This would not necessarily resolve the issue unless there are specific failover configurations.
In conclusion, the two most likely actions to resolve the vPC issue are A (matching the vPC domain ID) and D (correcting the configuration of the vPC peer link and peer keepalive), as these are fundamental to establishing and maintaining a working vPC.
Top Training Courses
SY0-701
CompTIA Security+
$14.99
AZ-104
Microsoft Azure Administrator
$14.99
200-301
Cisco Certified Network Associate (CCNA)
$14.99
AWS Certified Solutions Architect - Associate SAA-C03
AWS Certified Solutions Architect - Associate SAA-C03
$14.99
AZ-305
Designing Microsoft Azure Infrastructure Solutions
$14.99
PL-300
Microsoft Power BI Data Analyst
$14.99
350-401
Implementing Cisco Enterprise Network Core Technologies (ENCOR)
$14.99
AZ-900
Microsoft Azure Fundamentals
$14.99
CS0-003
CompTIA CySA+ (CS0-003)
$14.99
CISSP
Certified Information Systems Security Professional
$14.99
