Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3238
Views
5
Helpful
8
Replies

How should I troubleshoot admin account login issue to APIC?

SIMMN
Spotlight
Spotlight

‎10-20-2021 06:01 AM

I have a Nexus Dashboard cluster and when I tried to add ACI/APIC as site using the admin account, it just tells me login failure as below...I can use the same admin account to login from browser and also from postman...Any further log/debug I can use to see why the login from ND failed?

Also if I tried to add site using a radius account, it works...So what is going on with the admin account then?

 

Screenshot 2021-10-20 095700.png 

Labels:
8 Replies 8

Robert Burns
Cisco Employee
Cisco Employee

‎10-20-2021 06:57 AM

Does your APIC have multiple Auth Realms configured?

Robertg

0 Helpful

SIMMN
Spotlight
Spotlight
In response to Robert Burns

‎10-20-2021 06:58 AM

yes, local and radius. Local is the default login domain.

 

0 Helpful

Robert Burns
Cisco Employee
Cisco Employee
In response to SIMMN

‎10-20-2021 11:18 AM

Are you trying to connect to the inband IP of the APIC or oob?

Robert

0 Helpful

SIMMN
Spotlight
Spotlight
In response to Robert Burns

‎10-20-2021 11:30 AM

I used INB IP of APIC in ND for adding the site. But I tried both inb and oob in browser to login to APIC and both worked.

0 Helpful

Robert Burns
Cisco Employee
Cisco Employee
In response to SIMMN

‎10-20-2021 01:41 PM

Can you SSH with this user account from the ND CLI > APIC?  You may need to ensure you have a route for the APIC's Inband subnet defined on the ND Cluster config under the Data Network interface - if you can't reach it.

[rescue-user@ND-01 ~]$ ssh roberbur@[apic_ip]
**********************************
THIS DEVICE USES LDAP AUTH
PLEASE LOG IN WITH YOUR LAB
AD CREDENTIALS
**********************************
roberbur@[apic_ip]'s password:
Last login: 2021-10-21T01:58:01.000+05:30 UTC
S1-POD1-APIC1#

Robert

0 Helpful

SIMMN
Spotlight
Spotlight
In response to Robert Burns

‎10-20-2021 02:08 PM

I definitely could try to ash from ND DATA to APIC INB. But I don’t think it is a routing issue. I can add the site with remote radius account and also from the APIC log/screen shot attached initially, the connection is there but login failed for whatever reason. 

 

also I checked ngnx log on the APIC but nothing there is useful to me…

0 Helpful

SIMMN
Spotlight
Spotlight

‎10-21-2021 11:56 AM

Update (2021-10-21): The issue so far after my troubleshooting, it is likely a bug on the ND v2.1 and/or APIC 4.2 related to the password of the account used...My local admin account password has "@" symbol and I crreated another local account on APIC with the same permission but without "@" symbol in the password. The new account works just fine for adding ACI into ND... TAC case has been openned as well.

0 Helpful

Robert Burns
Cisco Employee
Cisco Employee
In response to SIMMN

‎10-22-2021 04:36 AM

Can you unicast me your SR #?  I'd like follow up internally on this.

Thanks,

Robert

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License