cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3994
Views
5
Helpful
31
Replies
Highlighted
Beginner

ACI APIC setup

Hi all,

quick question:

When you configure the APICs one by one, and once you have configured two of them, are you supposed to see the second one in the GUI topology view once you have browsed and logged into the first ?

Note: There is no Spine or Leaf connected yet as the APICs are only connected together on the same management network.

Thanks in advance.

31 REPLIES 31
Highlighted
Cisco Employee

No, the APICs will only

No, the APICs will only discover each other via the Infra subnet (Infra VLAN).  This requires them to be connected to the same fabric.  The Management network is not used for APIC clustering.  Once you setup and discover your switches, they will join the cluster.

Robert

Highlighted
Beginner

How do you reset the APIC if

How do you reset the APIC using the console port if you want to start the initial setup again ?

More so, how do you login to Apic 2 and 3 as they didn't prompt for a password ???

Highlighted
Cisco Employee

Depending on the release of

Depending on the release of ACI Software, there are multiple ways to reset the APIC Controllers back to factory defaults:

Older releases:

eraseconfig setup

acidiag reboot

Newer releases:

acidiag touch clean

acidiag touch setup

acidiag reboot

To login into an APIC that is having issues with the cluster and is not sync'd to APIC1, you can use "rescue-user" username to login.  The password for rescue-user is the LAST KNOWN "admin" password.  If the APICs never sync'd with APIC1 then there would be no password.

You should then issue the above commands and start over.   As a best practice, I would suggest resetting all 3 APICs then "Power" down APIC2 & APIC3.  Do NOT configure them yet.  Configure APIC1 as you would normally do and discover the ENTIRE fabric first.  Then Power up APIC2 and configure.  Once it has joined the fabric and is fully fit move on to APIC3.

Note:  If you already discovered any of the switches during the first attempt, they too will need to be reset to factory defaults using either:

Older releases:

setupsetup-clean-config.sh

reload

Newer releases:

acidiag touch clean

reload

Highlighted
Beginner

Excellent, thanks Robert.

Excellent, thanks Robert. When you say login though, I did my initial setup via the console port (no fabric devices connected yet), then noticed once configured you lose that access. So how would you run these commands, can you SSH ?

If so, is there a command that just changes the TEP address range ?

I do have GUI access via the management port, pity you can't do this here.

Highlighted
Cisco Employee

Once the setup is completed

Once the setup is completed you use SSH or the CIMC KVM or Serial over LAN.  Make sure to configure CIMC with an IP address.

There is a warning after you complete the configuration the that the ONLY way to change TEP address range is to go thru the setup script again which involves wiping the configuration.

Cheers!

T.

Highlighted

Tomas,

Tomas,

I seem to be having a similar issue. 

I have APIC1 online and the fabric connected.  However, I attempted to bring APIC2 online but it failed.  I found where my domains did not match so I reset APIC2 using the acidiag commands.  I am currently 2 hours from these devices and have been attempting to connect via the KVM thru the CIMC GUI with no luck. (KVM unable to Launch)  I also have console access but after APIC2 boots and gets to the setup menu the console stops returning anything. 

I am planning on going onsite tomorrow to connect physically but would like to see if there is a way to complete the initial setup of APIC2 remotely. 

For full disclosure I also have an APIC3 which I configured after configuring APIC2.  Would it be causing any issues since I did not let APIC2 come online fully prior to APIC3?

Daniel

Highlighted
Cisco Employee

You can perform the following

You can perform the following which will help you reconfigure the your APIC2.  This method can be used when you are having issues with KVM launching.

  • HTTP(s) to the CIMC GUI
  • Select the ADMIN Tab and then COMMUNICATION SERVICES.  "Enable SSH"
  • Once SSH is enabled you can enable SOL (Serial Over Lan) for console access. SSH to the CIMC IP address.
  • Configure SOL

C220-cimc# scope sol
C220-cimc /sol # set enabled yes
C220-cimc /sol *# set baud-rate 115200
C220-cimc /sol *# commit
C220-cimc /sol # show

  • Connect to APIC using the "connect host" command

C220-cimc# connect host

  • Hit\Press ENTER

The APIC Console should appear and you should be able to configure APIC2 remotely now.

T.

 

 

Highlighted
Beginner

Thanks Tomas, on the out of

Thanks Tomas, on the out of band management why is that so difficult ? For example, you can't seem to set up a profile that enables you to manually set each devices IP address. You can set a range but then the IP addresses get set to random devices and then the Spines seem to get excluded ???

I was using the reference to "out of band management using the GUI"

Highlighted
Cisco Employee

Ken,

Ken,

I don't seem to have the same issues.  I have configured the nodes via an IP address range and the leafs & spines all get addresses. I just need to make sure there is enough address' in the pool to be assigned.

Also, I use "Static Management Node Address" for each node.  And simply assign an address per node.  I save the .xml so that if I need to add another address or rebuild the fabric, I can use postman to post the configuration if needed.

T.

Highlighted
Beginner

I tried the static approach

I tried the static approach too but the Spines don't seem to want to play ball.

Also, when adding static OoB addressing do you really need to touch the ip address pool ?

Highlighted
Beginner

I've tested the Leaf mgmt

I've tested the Leaf mgmt port which works ok

Surely I don't have to complete the whole OoB management procedure and set up a contract for the Spine Mgmt access to work ?

Highlighted
Cisco Employee

The Leaf & Spine nodes use

The Leaf & Spine nodes use the same OOB Contract.  Once the Contract is defined and the Ext Management Network Instance Profile is configured, access to the OOB interfaces on the LEAF & SPINES should work.

  • Are there any faults that report any software programming errors for the nodeIds of spines?
  • Does the output of "ifconfig -a eth6" on the spine show the configured OOB management address? Are the TX or RX values incrementing?
  • Link up?  "ip link | grep eth6"
  • Correct Default GW?  "ip route show | grep eth6"

just checking basics..

T.

Highlighted
Beginner

So I completed the oob

So I completed the oob contract stuff and still the same.

Previous to that I could get to my Leaves but not my Spines and now it is the same.

I'll get on the console and issue those commands

I have two Spines and both are the same.

Highlighted
Beginner

Tomas, I connected via

Tomas, I connected via console and had to issue these commands to get the management port working:

ifconfig eth0 10.X.X.X
ifconfig eth0 netmask 255.255.255.0
route add default gw 10.X.X.1 eth0

But this isn't permanent, so what and where is the file to hard code this info ?