cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1980
Views
5
Helpful
4
Replies

Standby APIC: "Accept / Reject Controller" context menu

Johannes Luther
Level 4
Level 4

Hi ACI professionals,

I added a standby APIC to my fabric (which worked like a charm).

When checking the context menu of the standby APIC in the GUI (Controllers > APIC > Cluster as Seen by Node > Standby APIC) I can see the options "Accept Controller" and "Reject Controller".

stby_APIC_context-menu.png

What is the purpose of these options? I have not found any documentation on this. Am I done provisioning my standby APIC for now or do I have to "Accept" it first?

1 Accepted Solution

Accepted Solutions

It follows your Controller admission policy (aka ACI Fabric Internode Secure Authentication Communications".  This can be set to "strict" or "permissive" (default) depending if you want to allow controllers to self-joined the cluster (permissive) or if you want user ack for joins (strict).   If it's joined and fully fit now, nothing more you need to do.

Robert

View solution in original post

4 Replies 4

Robert Burns
Cisco Employee
Cisco Employee

Yes, you have to "Accept" (authorize) the APIC to join the cluster, even as standby.  Then it will sync up with the Cluster.

Robert

Hey Robert,
thank you for the reply. So I didn't do anything and after a while, the standby APIC changed it's state to "approved" in the GUI.

The question is if I still need to "Accept" it via the GUI .... is "approved" the same as "accept" in this context?

 

The CLI output shows:

apic01# show controller detail id 11
ID : 11~
Name :
UUID : ****** removed ******
Pod ID : 2
Address : ****** removed ******
In-Band IPv4 Address :
In-Band IPv6 Address :
OOB IPv4 Address : ****** removed ******
OOB IPv6 Address :
Serial Number : ****** removed ******
Version : 4.2(7f)
Commissioned : YES
Registered : YES
Approved : APPROVED
Valid Certificate :
Validity End :
Up Time :
Health : data-layer-partially-diverged
Failover Status : 0

As in my other post, the Health is still kinda weird ("data-layer-partially-diverged")

It follows your Controller admission policy (aka ACI Fabric Internode Secure Authentication Communications".  This can be set to "strict" or "permissive" (default) depending if you want to allow controllers to self-joined the cluster (permissive) or if you want user ack for joins (strict).   If it's joined and fully fit now, nothing more you need to do.

Robert

This what I was looking for and keep forgetting

My policy is permissive at the moment ... so there's nothing to do

However, the APIC is still in "data-layer-partially-diverged" state. I'll move this to the other topic...

https://community.cisco.com/t5/application-centric/standby-apic-health-quot-data-layer-partially-diverged-quot/m-p/4438667/highlight/true#M10817

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Save 25% on Day-2 Operations Add-On License