Cisco 300-615 Exam Dumps & Practice Test Questions

Question 1:

In a VXLAN EVPN deployment with vPC peers, a Type-1 inconsistency is detected between the two vPC devices. Which two steps should be taken to fix this issue? (Select two.)

A. Ensure the NVE interfaces are administratively up on both switches.
B. Assign different distributed gateway virtual MAC addresses.
C. Configure different secondary IP addresses on the NVE source-interfaces.
D. Map the same VNI to the multicast group on both peers.
E. Assign different primary IP addresses on the NVE source-interfaces.

Correct Answers: A, D

Explanation:

A vPC Type-1 inconsistency in a VXLAN EVPN environment commonly indicates a configuration mismatch or a communication problem between the two vPC peers that affects the overlay network operation. To resolve this, it is crucial to ensure that certain fundamental parameters are consistent and correctly set on both vPC devices.

First, the NVE (Network Virtualization Edge) interfaces on both switches must be in an administratively up state. The NVE interface is responsible for handling VXLAN encapsulation and decapsulation. If the interface is down on either switch, VXLAN encapsulation will fail, disrupting communication and causing inconsistencies in the vPC setup. Hence, option A is essential.

Second, both vPC peers must have consistent mappings of the VNI (VXLAN Network Identifier) to the multicast group. VXLAN uses multicast groups to distribute broadcast, unknown unicast, and multicast traffic across the overlay. If the VNIs are mapped to different multicast groups on the two peers, the multicast traffic won't be properly synchronized, leading to a Type-1 inconsistency. Therefore, option D is also critical.

Other options are less relevant for resolving Type-1 inconsistencies:

• Changing distributed gateway MAC addresses (option B) can cause further network instability unless carefully coordinated, and it's not a common fix for Type-1 issues.

• Modifying secondary or primary IP addresses on the NVE source interfaces (options C and E) might impact routing but typically do not resolve vPC peer inconsistencies related to VXLAN EVPN control plane operations.

By ensuring the NVE interfaces are up and the VNI-to-multicast group mappings are identical, the fundamental VXLAN EVPN environment between vPC peers is aligned, resolving the Type-1 inconsistency effectively.

Question 2:

A critical server located at site A is unreachable from site B because the MAC address route has been aged out in the OTV Virtual Device Context (VDC) on the Cisco Nexus 7000 at site B. 

What is the correct method to enable flooding of unknown unicast MAC traffic in the OTV VDC to restore connectivity?

A. Use a route map to statically advertise the MAC address and redistribute it with IS-IS.
B. Unknown unicast flooding is prohibited in OTV.
C. Use the otv flood mac <MAC address> command to selectively flood the MAC address.
D. Use the otv isis bfd command to configure Bidirectional Forwarding Detection.

Correct Answer: C

Explanation:

In a Cisco Nexus 7000 OTV deployment, the forwarding of unknown unicast traffic is a critical mechanism to maintain connectivity when a MAC address is not present in the local MAC address table due to aging or topology changes. When a MAC address ages out of the MAC table in the OTV Virtual Device Context (VDC), traffic destined for that MAC may be dropped unless the unknown unicast traffic is flooded across the OTV overlay to find the destination.

The correct approach to address this issue is to use the otv flood mac <MAC address> command. This command explicitly enables the flooding of unicast frames destined for the specified MAC address within the OTV domain, ensuring that the traffic reaches the destination even if the MAC route is missing locally. This selective flooding temporarily restores connectivity while the MAC address is relearned or refreshed, and it helps prevent traffic loss in mission-critical scenarios.

The other options are less appropriate:

• Using a route map and IS-IS redistribution (option A) involves advertising routes via the routing protocol but does not directly influence unknown unicast flooding behavior in OTV. MAC address handling and flooding are generally outside the scope of IS-IS route redistribution in this context.

• Option B is incorrect because unknown unicast flooding is allowed and is part of OTV's design to maintain connectivity despite MAC learning issues.

• The otv isis bfd command (option D) relates to configuring Bidirectional Forwarding Detection to quickly detect failures in IS-IS adjacencies but does not affect MAC address flooding or unknown unicast traffic handling.

In summary, using the otv flood mac command is the recommended solution for flooding unknown unicast MAC addresses in OTV, thereby ensuring continued communication between sites when MAC routes age out.

Question 3:

After a failover event, what two steps must be taken on Switch-B to manually return the primary vPC role to Switch-A? (Select two.)

A. Set the local vPC role priority on Switch-B to a lower value than Switch-A.
B. Set the local vPC role priority on Switch-B to a higher value than Switch-A.
C. Turn off and then turn on the vPC peer-keepalive link on Switch-B.
D. Set the local vPC role priority on Switch-B to the same value as Switch-A.
E. Turn off and then turn on the vPC peer link on Switch-B.

Correct Answer: A, E

Explanation:

In a Virtual Port Channel (vPC) architecture, the assignment of the primary role between two peer switches is largely governed by the vPC role priority setting and the status of the vPC peer link. The primary switch is typically the one with the lowest configured priority value, as the role priority is numerically ranked with lower numbers meaning higher priority. When a failover occurs, Switch-B might take over as the primary, but if you want to revert the primary role back to Switch-A manually, you need to adjust Switch-B’s priority accordingly.

Option A is correct because setting Switch-B’s vPC role priority to a lower value than Switch-A ensures that Switch-A retains the lowest priority, thus reclaiming the primary role. This numeric priority control is fundamental to the vPC failover mechanism.

Option E is also correct because disabling and re-enabling the vPC peer link triggers a role reevaluation process. This action forces the vPC system to reconsider which switch should be primary based on the newly adjusted priorities. It effectively “resets” the vPC synchronization and role assignment.

Option B would have the opposite effect, making Switch-B remain primary, so it is incorrect. Option C involves the peer-keepalive link, which monitors the health between switches but doesn’t influence role preemption directly. Option D is problematic because assigning the same priority to both switches can lead to unpredictable behavior or role conflicts.

In summary, the correct procedure to manually preempt the primary role back to Switch-A involves lowering Switch-B’s role priority (Option A) and toggling the vPC peer link to trigger re-election (Option E).

Question 4:

Given the exhibit, an OSPF adjacency between Router-A and Router-B fails to reach the FULL state. Which corrective action will resolve this problem?

A. Change Router-A’s MTU setting to 1600.
B. Disable MTU verification in OSPF.
C. Set OSPF’s media type on the interfaces to point-to-point.
D. Change Router-B’s MTU setting to 1604.

Correct Answer: D

Explanation:

For OSPF routers to establish a fully functional adjacency, several conditions must be met, one of which is that both routers must have matching Maximum Transmission Unit (MTU) settings on their interfaces. The MTU represents the largest packet size that can be transmitted on a network interface without fragmentation. When there is a mismatch in MTU sizes between two OSPF neighbors, the adjacency stalls and will not progress beyond the initial stages (usually stuck at 2-way or Exchange state).

In this case, Router-A’s MTU is set to 1604, while Router-B likely has a different MTU configured. This mismatch prevents OSPF from forming a full adjacency because OSPF includes the MTU value in its database description packets and rejects neighbors with mismatched MTU values to avoid communication issues.

Option D is the correct solution because adjusting Router-B’s MTU to match Router-A’s 1604 will allow both routers to negotiate successfully and transition the adjacency to the FULL state.

Option A is incorrect because changing Router-A’s MTU to 1600 (a different value than Router-B’s 1604) will not solve the mismatch; instead, it would worsen the inconsistency.

Option B is invalid since OSPF does not provide an option to disable MTU checks during adjacency formation. The MTU check is a fundamental part of OSPF to maintain reliable packet exchanges.

Option C, while potentially useful in some scenarios (point-to-point links simplify adjacency negotiation), does not address the core MTU mismatch problem and therefore will not resolve the adjacency failure.

In conclusion, aligning the MTU settings on both routers—specifically adjusting Router-B’s MTU to 1604—is essential for OSPF to reach the FULL adjacency state, ensuring stable neighbor relationships and proper routing updates.

Question 5:

A Cisco Nexus switch is connected via a port channel to a peer switch that is not running Cisco NX-OS. Packet loss is occurring on this connection. 

What configuration change should be made on the Nexus switch ports to fix this issue?

A. Enable lacp suspend-individual.
B. Enable lacp graceful-convergence.
C. Disable lacp graceful-convergence.
D. Disable lacp suspend-individual.

Correct Answer: D

Explanation:

When configuring port channels with LACP (Link Aggregation Control Protocol), the behavior of individual links within the bundle can be controlled by options like lacp suspend-individual. This setting prevents individual member links from being suspended when a failure is detected, which is helpful in homogeneous environments where all devices fully support LACP.

However, when a Cisco Nexus switch peers with a non-Cisco switch or a device that does not fully support the LACP specification, this feature can cause problems. If one link in the port channel fails temporarily, lacp suspend-individual might cause the Nexus switch to keep that link suspended even after the failure is resolved, leading to persistent packet loss and degraded bandwidth.

Disabling lacp suspend-individual (no lacp suspend-individual) allows the Nexus switch to re-enable links that were previously suspended due to transient issues, improving link recovery and reducing packet loss. This makes the port channel more resilient in environments where the peer device’s LACP implementation differs or is less robust.

Option A is incorrect because enabling lacp suspend-individual would worsen the problem by preventing links from automatically recovering after failures.
Option B is incorrect because lacp graceful-convergence is designed to smooth out the transition when a port-channel member goes up or down but does not address compatibility issues with non-Cisco devices causing packet loss.
Option C is also incorrect because disabling lacp graceful-convergence has no direct impact on resolving packet loss caused by peer switch LACP behavior mismatches.

Therefore, the appropriate solution is to disable lacp suspend-individual on the Nexus switch ports to ensure the port channel operates correctly with the non-Cisco peer, resolving packet loss.

Question 6:

Given the exhibit where HSRP (Hot Standby Router Protocol) is not working correctly, what configuration change will fix the problem?

A. Enable IP redirects on the routers.
B. Set the MTU to 1500 bytes on the interfaces.
C. Configure HSRP version 2 on both devices.
D. Configure the same HSRP group number on both routers.

Correct Answer: D

Explanation:

HSRP is a Cisco redundancy protocol designed to provide high availability by creating a virtual router with a shared IP address that multiple routers can use for failover purposes. For HSRP to function properly, all participating routers must be configured to belong to the same HSRP group. This group number acts as an identifier so that routers know they are cooperating in the same failover cluster.

If the group numbers are mismatched between the routers, they will not recognize each other as HSRP peers. As a result, the failover mechanism and virtual IP address ownership will not work, causing the protocol to fail and potentially leading to network outages or loss of redundancy.

Option D correctly identifies the need to configure the same HSRP group on both devices to ensure they communicate and coordinate the virtual IP and active/standby roles properly.

Option A is incorrect because enabling IP redirects is unrelated to HSRP functionality. IP redirects inform hosts of better routes but do not impact router redundancy protocols.
Option B is incorrect because adjusting the MTU affects packet size handling but does not influence HSRP group membership or failover behavior. Unless there are packet fragmentation issues—which are not indicated here—changing the MTU is not relevant.
Option C is incorrect because switching to HSRP version 2 offers enhancements, including IPv6 support, but does not solve issues caused by mismatched group numbers. Both routers must still share the same group number regardless of the version.

In conclusion, matching the HSRP group numbers on both routers is essential for proper HSRP operation and failover. This change ensures that the devices recognize each other as part of the same redundancy group, restoring the intended HSRP functionality.

Question 7:

Given the exhibit where the HSRP instance on both switches is showing as active, which step will correct this issue?

A. Set the HSRP timers to identical values on both switches
B. Permit VLAN 100 traffic between the two switches
C. Assign the IP address of switch N9K-B to the same subnet as N9K-A
D. Enable preemption on only one of the switches

Correct Answer: D

Explanation:

Hot Standby Router Protocol (HSRP) is designed to provide network redundancy by allowing one router to actively forward traffic, while the other remains in standby mode, ready to take over if the active router fails. Ideally, within an HSRP group, there should be only one active router at any time. When both switches report their HSRP instance as active, this indicates a misconfiguration causing both routers to believe they should simultaneously act as the active router, which leads to network conflicts and instability.

The core reason for this behavior often stems from the configuration of the preempt feature. Preemption allows a router with a higher priority to assume the active role when it becomes available. If preempt is enabled on both routers, they may continuously attempt to become active, causing both to show as active at the same time.

Option D is the correct fix because enabling preempt on only one switch ensures a clear election process: the switch with preempt and the higher priority will take the active role, while the other switch will remain standby, preventing dual active states.

Option A—configuring HSRP timers—affects failover timing but does not resolve the fundamental issue of simultaneous active roles.

Option B—allowing VLAN 100 between switches—is necessary for HSRP communication but unrelated to resolving dual active states.

Option C—changing the IP subnet—does not fix the problem since HSRP instances can operate on different IPs within the same subnet, and this issue is tied to preemption, not subnet configuration.

In summary, properly configuring preempt on only one switch resolves the conflict and ensures proper HSRP operation.

Question 8:

Which two connectivity requirements must be met to troubleshoot and resolve fabric discovery failures in a Cisco ACI environment?

A. Cisco APICs must connect only to spine nodes
B. Cisco APICs must connect to leaf nodes
C. Spine nodes should be interconnected with other spine nodes
D. Cisco APICs must be dual-attached to two distinct spine nodes
E. Leaf nodes must connect exclusively to spine nodes

Correct Answers: D, E

Explanation:

Fabric discovery in Cisco’s Application Centric Infrastructure (ACI) environment is a critical step where all components—APIC controllers, spine nodes, and leaf nodes—identify each other and establish communication. Proper connectivity is essential for this process to succeed.

First, option D highlights that each Cisco APIC controller must be dual-attached to two different spine nodes. This dual attachment is a fundamental requirement in ACI to ensure high availability and redundancy. Should one spine node fail, the APIC can still communicate through the other, preventing loss of control-plane connectivity that could lead to fabric discovery failure. Without this dual connection, a single point of failure would jeopardize fabric integrity.

Option E states that leaf nodes must connect only to spine nodes, not to each other. This maintains the spine-leaf architecture, where spine nodes form the core and leaf nodes serve as the access layer. Connecting leaf nodes directly breaks this design and can cause discovery and traffic forwarding issues.

Let’s clarify the incorrect options:

• A (APIC must connect only to spine nodes) is partially true but incomplete, as it must be dual-attached to two spine nodes, not just one.

• B (APIC attached to leaf nodes) is false. APICs connect to spine nodes, not leaf nodes.

• C (spine nodes connecting to other spine nodes) is true in a broader sense but is not a critical factor in fabric discovery failure troubleshooting. The main discovery failures relate to APIC connectivity and leaf-spine topology compliance.

In summary, ensuring dual APIC connections to separate spine nodes and leaf nodes connecting exclusively to spine nodes are essential for preventing fabric discovery failures, making D and E the correct answers.

Question 9:

A network engineer connects the management port of a Cisco Nexus switch to the internet using DHCP to allow the Guest shell running on the switch to download Python packages. The engineer can successfully ping google.com from the Nexus switch, but the Guest shell is unable to download Python packages. 

What should the engineer do to fix this issue?

A. Update the Python packages directly on the Cisco Nexus switch.
B. Manually set the DNS configuration inside the Guest shell, even though the switch gets DNS via DHCP.
C. Manually configure NTP settings within the Guest shell.
D. Connect the Guest shell to data plane interfaces to access external networks.

Correct Answer: B

Explanation:

This scenario involves a Cisco Nexus switch that can ping external domains like google.com, which proves that the switch itself has proper network connectivity and DNS resolution. However, the Guest shell environment running on the switch fails to download Python packages, indicating a problem localized within the Guest shell’s network configuration.

The critical detail here is that even though the host switch obtains network settings such as DNS via DHCP, the Guest shell runs as a containerized or isolated environment with its own network stack. This separation means it does not necessarily inherit the host’s DNS settings automatically. When the Guest shell tries to resolve domain names for package downloads, it might not have the proper DNS configuration, leading to resolution failures despite external network access being available at the host level.

Option A (updating Python packages directly on the switch) does not address the root cause, which is DNS resolution within the Guest shell, not the package availability.

Option C (configuring NTP) is unrelated because NTP handles time synchronization and does not affect DNS or package downloads.

Option D (connecting Guest shell to data plane interfaces) is unnecessary since the switch already has external network access proven by successful ping tests.

The correct and most effective fix is to manually configure DNS servers inside the Guest shell environment, ensuring it can properly resolve domain names to IP addresses and download Python packages without issue. This manual DNS configuration resolves the discrepancy between the switch’s network settings and the Guest shell’s isolated environment.

Thus, option B is the right answer.

Question 10:

The vPC between switch1 and switch2 is not functioning properly. Which two actions should the engineer take to fix this problem? (Choose two.)

A. Ensure the vPC domain ID is the same on both switches.
B. Assign IP addresses to the vPC interfaces.
C. Enable VLANs on the vPC interfaces.
D. Verify and correct the configuration of the vPC peer link and peer keepalive.
E. Designate one switch as the primary vPC switch.

Correct Answers: A, D

Explanation:

A Virtual Port Channel (vPC) allows two Cisco Nexus switches to appear as a single logical switch to downstream devices. This provides redundancy and load balancing. When the vPC is not working, the root causes often involve mismatches or misconfigurations critical to establishing and maintaining vPC functionality.

Option A involves matching the vPC domain ID on both switches. The vPC domain ID uniquely identifies the vPC pair. If these IDs don’t match, the two switches will not recognize each other as part of the same vPC domain, preventing the vPC from forming. This is a fundamental step and absolutely necessary for proper vPC operation.

Option D relates to the vPC peer link and peer keepalive connections. The peer link is responsible for forwarding traffic between the two switches to keep their forwarding tables synchronized, while the peer keepalive detects the health of the peer switch. Misconfiguration or failure of either causes the vPC to fail. Ensuring that the peer link is properly configured and the keepalive mechanism is working correctly is critical.

Option B is incorrect because the vPC interfaces themselves typically do not require IP addresses; they operate at Layer 2, forwarding traffic based on MAC addresses.

Option C—activating VLANs—is necessary for VLAN traffic to flow but is less likely the direct cause of a vPC failure. Without a working domain ID and peer link/keepalive, activating VLANs won’t fix the root issue.

Option E—designating a primary switch—is part of vPC role assignments but generally does not solve basic vPC formation problems.

Therefore, the two most crucial actions are ensuring the vPC domain IDs match (A) and verifying the vPC peer link and peer keepalive configurations (D).