06-14-2020 02:24 AM
Hi All,
I want to configure inband IP for APIC and LEAF, but I still cannot ping and ssh to inband IP of APIC and cannot ssh to inband IP of Leaf (ping to leaf successfull).
I configure AEP, vlan pool, physical domain, create policy group, interface profile and assign interface profile to switch profile. Then, I create inband epg, create contract, assign L3out, and create static management inband.
Inband IP success configured in APIC but I still cannot ping to apic using inband IP, APIC cannot ping to gateway as well.
Any suggest?
William
06-14-2020 02:39 AM
Hello,
Did you changed the preferred APIC connectivity for external connection to inband?
System > System Settings > APIC Connectivity preferences
Stay safe,
Sergiu
06-14-2020 03:15 AM
Hi @Sergiu.Daniluk ,
Yes of course, I have done with it.
I just confused, why APIC cannot ping to the gateway of inband?
This a capture of inband IP and route -n:
admin@APIC-4:~> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.204.12.1 0.0.0.0 UG 8 0 0 bond0.99
0.0.0.0 10.256.2.1 0.0.0.0 UG 16 0 0 oobmgmt
bond0.99: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1496
inet 10.204.12.2 netmask 255.255.255.128 broadcast 10.204.12.127
inet6 fe80::2ee:abff:fe1a:6c6 prefixlen 64 scopeid 0x20<link>
ether 00:ee:ab:1a:06:c6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31 bytes 1494 (1.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
APIC-4# ping 10.204.12.1 (Not successful to gateway)
PING 10.204.12.1 (10.204.12.1) 56(84) bytes of data.
From 10.204.12.2 icmp_seq=1 Destination Host Unreachable
From 10.204.12.2 icmp_seq=5 Destination Host Unreachable
From 10.204.12.2 icmp_seq=6 Destination Host Unreachable
From 10.204.12.2 icmp_seq=7 Destination Host Unreachable
From 10.204.12.2 icmp_seq=8 Destination Host Unreachable
APIC-4#
APIC-4# ping 10.204.12.2 (successful to apic-4 inband IP)
PING 10.204.12.2 (10.204.12.2) 56(84) bytes of data.
64 bytes from 10.204.12.2: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from 10.204.12.2: icmp_seq=2 ttl=64 time=0.055 ms
64 bytes from 10.204.12.2: icmp_seq=3 ttl=64 time=0.077 ms
64 bytes from 10.204.12.2: icmp_seq=4 ttl=64 time=0.061 ms
06-14-2020 03:46 AM
Hi @williammanurung ,
There are basically three ways you can configure inband management, although I would not really recommend using an a L2Out.
Which of these methods did you use?
06-14-2020 04:19 AM
Hi @RedNectar
I used EPG method.
By the way, I have been read your guide https://rednectar.net/2016/12/22/configuring-in-band-management-for-the-apic-on-cisco-aci-part-1-via-an-epg/ , I followed it correctly but still got problem. Because I am still couldn't ping from APIC to gateway.
Then, I am curious about inband BD configuration you used at your article, can you share with me?
William
06-14-2020 04:31 AM
Hello,
You use EPG, but you also mentioned about L3Out, so I am a bit confused. Can you give more details about where you access the APIC from (subnet, phy and logical location etc), where is the GW connected, how the topology looks like etc. I don't like to make presumptions so the more details the better.
Regards,
Sergiu
06-14-2020 05:34 AM
I mean I assign L3OUT to the Inband BD.
Here is the topology:
I configured these things:
1) Configured vlan pool, aep, and physical domainf for inband.
2) configured policy group with LLDP ON and assign AEP to the policy group.
3) configure interface profile port 1/48, assign policy group, and assign to Leaf-01
4) configure interface profile port 1/47, assign policy group, and assign to Leaf-02.
5) Under tenant mgmt I configured inband Bridge domain, config subnet 10.204.12.1/25 as gateway, and assign L3OUT.
6) Create inband EPG, assignt inband EPG to inband Bridge domain, create contract allow any (this contract exist in tenant common).
7) create static node management address for APIC-1.
8) assign contract allow any to L3OUT in tenant common.
Is it clear?
06-14-2020 06:03 PM
Hi William,
I've spent a bit of time thinking about your issues - currently all my labs are being used for classes, so I won't have the ability to play too much until Saturday. But...
I'm not sure why ...
I am still couldn't ping from APIC to gateway.
Can you check that there are no errors showing in the mgmt tenant? If not, I'm out of ideas on this one.
Then, I am curious about inband BD configuration you used at your article, can you share with me?
Apart from the IP address being different to the article, I believe this is the same inb Bridge Domain configuration
but as I said, I can't explore my lab at the moment because OOB management is being used by the classes using the labs. I'll get a chance to swap over to inb on Saturday - hopefully by then you'll have it sorted!
07-22-2020 12:36 AM
Hello
I'm struggling with inband vs ooband management myself.
I discovered that you need to configure an inband management IP address for the leaf swtiches (on which the APIC is connected) or at least the one that has the active link.
By doing so, it seems to activate the "pervasive" SVI on the leaf switches and so being able to ping it.
Hope it can help
Sincerely yours, Mathieu.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide