Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2639
Views
5
Helpful
4
Replies

Standby APIC: "Accept / Reject Controller" context menu

Go to solution
Johannes Luther
Level 4
Level 4

‎07-25-2021 10:20 PM - edited ‎07-25-2021 10:22 PM

Hi ACI professionals,

I added a standby APIC to my fabric (which worked like a charm).

When checking the context menu of the standby APIC in the GUI (Controllers > APIC > Cluster as Seen by Node > Standby APIC) I can see the options "Accept Controller" and "Reject Controller".

stby_APIC_context-menu.png

What is the purpose of these options? I have not found any documentation on this. Am I done provisioning my standby APIC for now or do I have to "Accept" it first?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to Johannes Luther

‎07-26-2021 06:20 AM - edited ‎07-26-2021 06:24 AM

It follows your Controller admission policy (aka ACI Fabric Internode Secure Authentication Communications".  This can be set to "strict" or "permissive" (default) depending if you want to allow controllers to self-joined the cluster (permissive) or if you want user ack for joins (strict).   If it's joined and fully fit now, nothing more you need to do.

Robert

View solution in original post

4 Replies 4

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎07-26-2021 05:45 AM

Yes, you have to "Accept" (authorize) the APIC to join the cluster, even as standby.  Then it will sync up with the Cluster.

Robert

0 Helpful

Go to solution
Johannes Luther
Level 4
Level 4
In response to Robert Burns

‎07-26-2021 05:55 AM - edited ‎07-26-2021 05:58 AM

Hey Robert,
thank you for the reply. So I didn't do anything and after a while, the standby APIC changed it's state to "approved" in the GUI.

The question is if I still need to "Accept" it via the GUI .... is "approved" the same as "accept" in this context?

 

The CLI output shows:

apic01# show controller detail id 11
ID : 11~
Name :
UUID : ****** removed ******
Pod ID : 2
Address : ****** removed ******
In-Band IPv4 Address :
In-Band IPv6 Address :
OOB IPv4 Address : ****** removed ******
OOB IPv6 Address :
Serial Number : ****** removed ******
Version : 4.2(7f)
Commissioned : YES
Registered : YES
Approved : APPROVED
Valid Certificate :
Validity End :
Up Time :
Health : data-layer-partially-diverged
Failover Status : 0

As in my other post, the Health is still kinda weird ("data-layer-partially-diverged")

0 Helpful

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to Johannes Luther

‎07-26-2021 06:20 AM - edited ‎07-26-2021 06:24 AM

It follows your Controller admission policy (aka ACI Fabric Internode Secure Authentication Communications".  This can be set to "strict" or "permissive" (default) depending if you want to allow controllers to self-joined the cluster (permissive) or if you want user ack for joins (strict).   If it's joined and fully fit now, nothing more you need to do.

Robert

Go to solution
Johannes Luther
Level 4
Level 4
In response to Robert Burns

‎07-26-2021 07:11 AM

This what I was looking for and keep forgetting

My policy is permissive at the moment ... so there's nothing to do

However, the APIC is still in "data-layer-partially-diverged" state. I'll move this to the other topic...

https://community.cisco.com/t5/application-centric/standby-apic-health-quot-data-layer-partially-diverged-quot/m-p/4438667/highlight/true#M10817

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License