Question 2 – What are the modes of operations in nexus 9000 series switches?
Answer: We have two modes in which nexus 9K Switches can be used: NX-OS and ACI Mode. These are exclusive modes, meaning you cannot run both modes simultaneously in a switch. If you switch the mode, then the complete config will be deleted.
Question 13 – What is Interface Policy in ACI? What happens if we do not create an Interface Policy in ACI?
Answer: It is the policy we require for setting up protocols on Interfaces such as LACP, CDP, Storm Control, LLDP, Link-level for speed/duplex settings, NetFlow, Port Security, 802.1x port authentication and many more.
If we do not create an Interface Policy in ACI, the default policy will be applicable, e.g. Default CDP, LLDP, and MCP policies will be applicable on interfaces.
Question 12 – What do you mean by Tenant? What are Common Tenant, Infrastructure Tenant, and MGMT Tenant?
Answer – A Tenant is a secure and exclusive virtual computing environment and a logical unit of isolation from a policy perspective. However, it is not a private network, and the tenant is referred to as the largest logical unit or entity or the highest-level object for management in Cisco ACI.
Tenant is like your business unit, department, or organization/company. Tenants may stand-in for a client in a service provider context, a company or domain in an enterprise setting, or simply a useful collection of rules.
Tenants allow re-use of an IP Address space, i.e., multiple tenants can have identical IP Address schemas. Cisco ACI tenants can contain multiple private networks (VRF instances). One user-created tenant cant talk to another tenant. By default, ACI has three tenants: Common, Infra & Management.
Tenant contains VRFs, BDs, Subnets, Application Profiles, EPGs, Subjects, Filters, and Contracts.
Question 10 – What is the Bridge domain in Cisco ACI?
Answer: A Bridge Domain is a layer 2 construct in Cisco ACI Fabric. It must be part of VRF (Virtual Routing Forwarder).
The bridge domain is like a container for subnets — its used to define an L2 boundary, but not like a VLAN; in fact, it is a VXLAN, represented as VNI (VXLAN Network Identifier).
If such flooding is enabled, the BD defines the unique Layer 2 MAC address space and a Layer 2 flood domain. It can carry multiple subnets in a single bridge domain, and Inter-subnet communication within the Bridge domain is enabled.
We can create multiple Bridge Domains inside a single VRF and cannot link one BD to two different VRFs. Public, private, or shared bridge domains are all possible. Private bridge domains only apply within the tenancy, but public bridge domains allow the subnet to be exported to a routed connection. When a shared service is used, shared bridge domains can be exported to numerous VRFs both within and outside of the same tenant.