07-25-2021 10:20 PM - edited 07-25-2021 10:22 PM
Hi ACI professionals,
I added a standby APIC to my fabric (which worked like a charm).
When checking the context menu of the standby APIC in the GUI (Controllers > APIC > Cluster as Seen by Node > Standby APIC) I can see the options "Accept Controller" and "Reject Controller".
What is the purpose of these options? I have not found any documentation on this. Am I done provisioning my standby APIC for now or do I have to "Accept" it first?
Solved! Go to Solution.
07-26-2021 06:20 AM - edited 07-26-2021 06:24 AM
It follows your Controller admission policy (aka ACI Fabric Internode Secure Authentication Communications". This can be set to "strict" or "permissive" (default) depending if you want to allow controllers to self-joined the cluster (permissive) or if you want user ack for joins (strict). If it's joined and fully fit now, nothing more you need to do.
Robert
07-26-2021 05:45 AM
Yes, you have to "Accept" (authorize) the APIC to join the cluster, even as standby. Then it will sync up with the Cluster.
Robert
07-26-2021 05:55 AM - edited 07-26-2021 05:58 AM
Hey Robert,
thank you for the reply. So I didn't do anything and after a while, the standby APIC changed it's state to "approved" in the GUI.
The question is if I still need to "Accept" it via the GUI .... is "approved" the same as "accept" in this context?
The CLI output shows:
apic01# show controller detail id 11
ID : 11~
Name :
UUID : ****** removed ******
Pod ID : 2
Address : ****** removed ******
In-Band IPv4 Address :
In-Band IPv6 Address :
OOB IPv4 Address : ****** removed ******
OOB IPv6 Address :
Serial Number : ****** removed ******
Version : 4.2(7f)
Commissioned : YES
Registered : YES
Approved : APPROVED
Valid Certificate :
Validity End :
Up Time :
Health : data-layer-partially-diverged
Failover Status : 0
As in my other post, the Health is still kinda weird ("data-layer-partially-diverged")
07-26-2021 06:20 AM - edited 07-26-2021 06:24 AM
It follows your Controller admission policy (aka ACI Fabric Internode Secure Authentication Communications". This can be set to "strict" or "permissive" (default) depending if you want to allow controllers to self-joined the cluster (permissive) or if you want user ack for joins (strict). If it's joined and fully fit now, nothing more you need to do.
Robert
07-26-2021 07:11 AM
This what I was looking for and keep forgetting
My policy is permissive at the moment ... so there's nothing to do
However, the APIC is still in "data-layer-partially-diverged" state. I'll move this to the other topic...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: