11-29-2017 02:16 PM - edited 03-01-2019 05:23 AM
I have 3 ACI APIC UCS appliances.
1 of them is up and can be ssh-ed viva OOB mgmt.
Rest are not, although they can be pinged.
I used https://supportforums.cisco.com/t5/application-centric/how-can-i-make-a-apic-to-a-factory-default/td-p/2532218 as a guide to reset pw but still can't be login using admin via ssh nor console.
Can there be an instance where "passwd reset" doesn't go through?
Also, if configured correctly within one subnet, do rest of APIC controllers automatically join the 1st one?
Thanks.
Solved! Go to Solution.
11-30-2017 07:36 AM
Are you saying that your switches are booting into NX-OS? If that is the case, these switches will never get discover until they star running in ACI mode.
The consoling to the switch should be the same no matter if you are running in ACI mode or NX-OS. The switch should have a console port port.
You mentioned that the switch was able to see all of the APICs LLDP adjacencies, how did you determine this? You would have to have ssh or console access to the switch to get this info.
11-29-2017 02:20 PM
Is this a new setup? If the APICs have not formed a fully-fit cluster, then it is expected to not be able to gain SSH/GUI access with the admin user on APICs 2 and 3. They must join APIC 1 in a cluster first, so that they can pull the admin password from APIC 1.
If you need access to APICs 2 and 3, then try 'rescue-user' as the username via KVM console or vKVM (CIMC). It should be a null password.
-JW
11-29-2017 02:24 PM
sendalot7,
Just to shine a bit more light on Jasons response, the APICs cluster using the Infra (TEP) addresses, not the mgmt address.
The TEP addresses are assigned to the bond0 interface that is mapped to the VNIC ports (that should go into the leaf). So without at least a single leaf to link their TEP addresses, they will not cluster.
There is currently no method to cluster them via OOB mgmt.
-Gabriel
11-29-2017 02:28 PM - edited 11-29-2017 02:40 PM
Thank you both for your time.
This is a new setup I'm trying.
So I guess 1st eth is tied to OOB interface.
But how do I map TEP to 2nd eth then enable communication between them?
I can put 2nd eth(s) into their own vlan, but how do I map TEP to their eth(s)?
I'll look at the manual again for now.
Thank you again.
[Update: to phrase my question better, included a screenshot. I only see two NIC. Do I need more? 1/1,1/2,2/1/2/2 ?]
11-29-2017 08:33 PM - edited 11-29-2017 08:40 PM
In addition to Jason's and Gabriel comments, you mentioned this a new set up, has APIC1 discover the first leaf node? The TEP assignment to the APICs is automatically, so you don't have to worry about configuring it. Assuming the APICs and switches don't have any previous documentation If APIC1 is unable to discover the first leaf node try rebooting APIC1 by running the following command "acidiag reboot". If APIC1 can see the first leaf node assign node id and name to discover the rest of the nodes.
See video YouTube video below for ACI fabric Discovery
https://www.youtube.com/watch?v=2zCVpqdDcto
One more thing, looking at the screenshots you posted, it doesn't look like you have connected your APIC to any leaf node since eth2-1 and eth2-2 are showing as down. Eth1-1 and Eth1-2 are both the LOM ports of your APIC which are used for OOB connectivity of the APIC.
11-29-2017 09:44 PM
thanks for your reply
"to fabric" ports connected.
is this port supposed be part of In-Band mgmt for clustering?
screenshots attached aftewards (out-of-band mgmt is reachable wihle in-band is trunked with vlan tagging).
11-29-2017 10:05 PM - edited 11-29-2017 10:06 PM
Yes the connection of these ports are required to discover the fabric, and for clustering.
Note inband mgmt configuration is not needed for the discover of the nodes or the clustering of the APICs.
Are you able to discover first leaf node? Now that you connected the fabric ports? You can check by going to the Fabric>Inventory>Fabric Membership
Do all 3 APICs have Fabric port connected as well?
11-29-2017 10:35 PM
thanks for the continued help.
watched video and added serial #s of N9K to APIC ACI web-gui interface.
But still not discovering IPs of the N9K(s).
On the N9K(s), however, "show lldp nei" swhos all APIC ACI devices.
Do N9K(s) themselves need to be in TEP range with trunking to ACI?
thanks again.
11-29-2017 10:47 PM
You don't need to add the Serial Number, it should show automatically, the only thing you need to do is to add the node ID and name.
Also the TEP address gets assigned to the the leaf automatically no need to configure anything.
Are your leaf nodes running on ACI mode or NX-OS?
Can you console or ssh to one of the leaf and run the "show version" command and provide the output?
Also what version of code is your APIC running? If you ssh to APIC 1 and type the "show version" you can get this info.
11-30-2017 07:25 AM
1# show ver
Role Id Name Version
---------- ---------- ------------------------ --------------------
controller 1 crn1 2.2(1n)
also, booting NX into ACI mode.
does ACI get fetched by APIC-ACI?
it's not like conventional switch anymore where I console and setup?
(unless converting back to NX-OS mode?)
Thanks.
11-30-2017 07:36 AM
Are you saying that your switches are booting into NX-OS? If that is the case, these switches will never get discover until they star running in ACI mode.
The consoling to the switch should be the same no matter if you are running in ACI mode or NX-OS. The switch should have a console port port.
You mentioned that the switch was able to see all of the APICs LLDP adjacencies, how did you determine this? You would have to have ssh or console access to the switch to get this info.
11-30-2017 07:43 AM - edited 11-30-2017 07:45 AM
So while it was NX-OS, I was able to use "show lldp" to see APIC(s).
Then I saw the post and booted NX into ACI mode. (as in "boot aci image")
I'll provide update soon.
Thanks for your time.
11-30-2017 11:23 AM - edited 11-30-2017 11:33 AM
thank you that did it.
now magically everyone discovered each other.
(none) login: admin
********************************************************************************
Fabric discovery in progress, show commands are not fully functional
Logout and Login after discovery to continue to use show commands.
********************************************************************************
(none)#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide