Solved: Inter-Fabric Messaging (IFM)

config · ‎01-29-2025

Hi community,

ACI fabric uses SSL certificate to establish SSL session between APIC and Leafs/Spines. But these SSL certificates have an expiration date. I'm going to change fabrick-security-mode from strict to permissive, in order to switches can communicate with APIC without SSL connections. Can i do this while my fabric is running? Will this change not destruct my fabric?

AshSe · ‎01-29-2025

Hello @config

Yes, you can change the fabric-security-mode from strict to permissive while your ACI fabric is running, and it will not disrupt your fabric. However, it is a temporary workaround, and you should address the underlying certificate issue and revert to strict mode as soon as possible to maintain the security of your ACI fabric.

Hope This Helps!!!

AshSe

Forum Tips:

Insert photos/images inline - don't attach.
Always mark helpful and correct answers, it helps others find what they need.
For a prompt reply, kindly tag @name. An email will be automatically sent to the member.

View solution in original post

AshSe · ‎01-29-2025

Hello @config

Yes, you can change the fabric-security-mode from strict to permissive while your ACI fabric is running, and it will not disrupt your fabric. However, it is a temporary workaround, and you should address the underlying certificate issue and revert to strict mode as soon as possible to maintain the security of your ACI fabric.

Hope This Helps!!!

AshSe

Forum Tips:

Insert photos/images inline - don't attach.
Always mark helpful and correct answers, it helps others find what they need.
For a prompt reply, kindly tag @name. An email will be automatically sent to the member.

config · ‎01-29-2025

@AshSe thanks a lot for you help!)