cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2405
Views
0
Helpful
8
Replies

(ASK) How to configure correct INBAND ACI?

williammanurung
Level 1
Level 1

Hi All,

 

I want to configure inband IP for APIC and LEAF, but I still cannot ping and ssh to inband IP of APIC and cannot ssh to inband IP of Leaf (ping to leaf successfull).

I configure AEP, vlan pool, physical domain, create policy group, interface profile and assign interface profile to switch profile. Then, I create inband epg, create contract, assign L3out, and create static management inband.

Inband IP success configured in APIC but I still cannot ping to apic using inband IP, APIC cannot ping to gateway as well.

 

Any suggest?

 

William

 

8 Replies 8

Sergiu.Daniluk
VIP Alumni
VIP Alumni

Hello,

Did you changed the preferred APIC connectivity for external connection to inband?

System > System Settings > APIC Connectivity preferences

 

Stay safe,

Sergiu

Hi @Sergiu.Daniluk ,

 

Yes of course, I have done with it.

I just confused, why APIC cannot ping to the gateway of inband?

 

This a capture of inband IP and route -n:

 

admin@APIC-4:~> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.204.12.1 0.0.0.0 UG 8 0 0 bond0.99
0.0.0.0 10.256.2.1 0.0.0.0 UG 16 0 0 oobmgmt

 

bond0.99: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1496
inet 10.204.12.2 netmask 255.255.255.128 broadcast 10.204.12.127
inet6 fe80::2ee:abff:fe1a:6c6 prefixlen 64 scopeid 0x20<link>
ether 00:ee:ab:1a:06:c6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31 bytes 1494 (1.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

 

 

APIC-4# ping 10.204.12.1  (Not successful to gateway)
PING 10.204.12.1 (10.204.12.1) 56(84) bytes of data.
From 10.204.12.2 icmp_seq=1 Destination Host Unreachable
From 10.204.12.2 icmp_seq=5 Destination Host Unreachable
From 10.204.12.2 icmp_seq=6 Destination Host Unreachable
From 10.204.12.2 icmp_seq=7 Destination Host Unreachable
From 10.204.12.2 icmp_seq=8 Destination Host Unreachable

 

APIC-4#
APIC-4# ping 10.204.12.2 (successful to apic-4 inband IP)
PING 10.204.12.2 (10.204.12.2) 56(84) bytes of data.
64 bytes from 10.204.12.2: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from 10.204.12.2: icmp_seq=2 ttl=64 time=0.055 ms
64 bytes from 10.204.12.2: icmp_seq=3 ttl=64 time=0.077 ms
64 bytes from 10.204.12.2: icmp_seq=4 ttl=64 time=0.061 ms

 

RedNectar
VIP
VIP

Hi @williammanurung ,

There are basically three ways you can configure inband management, although I would not really recommend using an a L2Out.

Which of these methods did you use?

 

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Hi @RedNectar 

 

I used EPG method.

 

By the way, I have been read your guide https://rednectar.net/2016/12/22/configuring-in-band-management-for-the-apic-on-cisco-aci-part-1-via-an-epg/ , I followed it correctly but still got problem. Because I am still couldn't ping from APIC to gateway.

Then, I am curious about inband BD configuration you used at your article, can you share with me?

 

 

William

Hello,

You use EPG, but you also mentioned about L3Out, so I am a bit confused. Can you give more details about where you access the APIC from (subnet, phy and logical location etc), where is the GW connected, how the topology looks like etc. I don't like to make presumptions so the more details the better.

 

Regards,

Sergiu

Hi @Sergiu.Daniluk 

 

I mean I assign L3OUT to the Inband BD.

Here is the topology:

 

 

INBAND TOPOLOGY.png

 

I configured these things:

1) Configured vlan pool, aep, and physical domainf for inband.

2) configured policy group with LLDP ON and assign AEP to the policy group.

3) configure interface profile port 1/48, assign policy group, and assign to Leaf-01

4) configure interface profile port 1/47, assign policy group, and assign to Leaf-02.

5) Under tenant mgmt I configured inband Bridge domain, config subnet 10.204.12.1/25 as gateway, and assign L3OUT.

6) Create inband EPG, assignt inband EPG to inband Bridge domain, create contract allow any (this contract exist in tenant common).

7) create static node management address for APIC-1.

8) assign contract allow any to L3OUT in tenant common.

 

Is it clear?

 

Hi William,

I've spent a bit of time thinking about your issues - currently all my labs are being used for classes, so I won't have the ability to play too much until Saturday. But...

I'm not sure why ... 


I am still couldn't ping from APIC to gateway.

Can you check that there are no errors showing in the mgmt tenant? If not, I'm out of ideas on this one.

 

Then, I am curious about inband BD configuration you used at your article, can you share with me?

Apart from the IP address being different to the article, I believe this is the same inb Bridge Domain configuration

Untitled 5.pngUntitled 6.png

but as I said, I can't explore my lab at the moment because OOB management is being used by the classes using the labs. I'll get a chance to swap over to inb on Saturday - hopefully by then you'll have it sorted!

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Hello

I'm struggling with inband vs ooband management myself.

I discovered that you need to configure an inband management IP address for the leaf swtiches (on which the APIC is connected) or at least the one that has the active link.

By doing so, it seems to activate the "pervasive" SVI on the leaf switches and so being able to ping it.

Hope it can help

Sincerely yours, Mathieu.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Save 25% on Day-2 Operations Add-On License