09-20-2021 02:33 PM
Hello Experts,
Need your help here please.
One of our leaf switches(leaf1) is stuck in inactive state during the fabric discovery. I have tried decommissioning/wiping off the leaf completely/changing the node ID as suggested by Cisco TAC., But no luck. When i tried "openssl s_client -state -connect leaf1:12440", I clearly see leaf1 is not presenting the full certificate chain like the other leaf did. Below is the snippet from the output. I would like to know if it has to do with the certs or if i am missing anything here. Thank you.
Inactive Leaf:
Certificate chain
0 s:/C=US/ST=CA/L=SanJose/O=Insieme Networks/CN=Insieme
i:/C=XX/L=Default City/O=Default Company Ltd
Active Leaf:
Certificate chain
0 s:/serialNumber=PID:N9K-C93180YC-FX SN:XXXXXXX/CN=XXXXXXX
i:/O=Cisco Systems/CN=Cisco Manufacturing CA
1 s:/O=Cisco Systems/CN=Cisco Manufacturing CA
i:/O=Cisco Systems/CN=Cisco Root CA 2048
2 s:/O=Cisco Systems/CN=Cisco Root CA 2048
i:/O=Cisco Systems/CN=Cisco Root CA 2048
09-21-2021 08:03 AM
Hello Ramu,
This is kinda a long shot since I don't have any more details, but what is the time on the leaf?
09-21-2021 05:55 PM
Hello David,
Thanks for your response. The time was same on all the nodes. TAC generated a cert and installed, without any luck. The leaf node just won't take the new cert and SSL handshake fails with apic. We had to proceed with the RMA.
09-24-2021 01:51 PM - edited 09-24-2021 01:51 PM
Hi @ramu.gajula
Can you run the "show diagnostic result module all " and "show diagnostic result module all detail" commands on your mentioned switch and share the result?
Maybe rtc-test parameter goes fail.
Regards,
Ali
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: