Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
0
Helpful
1
Replies

DNAC fooled APIC to register hosts outside Fabric as local and point to DNAC

a12288
Level 3
Level 3

‎06-14-2021 10:46 AM

We ran into a strangle problem.

1. Our DNAC is inside of ACI fabric and is managing number of Cisco switches and WLC  outside of Fabric through L3Out.

2. We powered cycle the DNAC and all of sudden ACI registered those Cisco switches and WLC managed by DNAC and "believes" those Off-Fabric switches can be reached via the Leaf interface attached to DNAC, and sending traffic to Leaf interface where the DNAC is attached instead of L3Out, therefore they are not reachable.

3. Has anyone experience the similar issue? We have to manually clean up those entries on ACI as power off DNAC won't help.

Labels:
0 Helpful
1 Reply 1

Robert Burns
Cisco Employee
Cisco Employee

‎06-14-2021 11:00 AM

Some comments.

Personally I wouldn't put DNAC behind ACI.  Fabric Controllers should be kept separate IMO from each other.  How did the DNAC discover these devices - via the Data Network or Management Network?  If the DNAC-managed devices are only hosted behind the L3 out, I'm baffled how ACI would think they're coming from DNAC.  DNAC wouldn't source or relay traffic from those devices.  Can you provide some outputs showing the DNAC endpoint connections on the Leaf, as well as the IP/MAC of the DNAC-managed devices also being learned on the leafs.  (show endpoints ip x.x.x.x).  Show for DNAC IP as well Devices.

Robert

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License