09-20-2021 02:33 PM
Hello Experts,
Need your help here please.
One of our leaf switches(leaf1) is stuck in inactive state during the fabric discovery. I have tried decommissioning/wiping off the leaf completely/changing the node ID as suggested by Cisco TAC., But no luck. When i tried "openssl s_client -state -connect leaf1:12440", I clearly see leaf1 is not presenting the full certificate chain like the other leaf did. Below is the snippet from the output. I would like to know if it has to do with the certs or if i am missing anything here. Thank you.
Inactive Leaf:
Certificate chain
0 s:/C=US/ST=CA/L=SanJose/O=Insieme Networks/CN=Insieme
i:/C=XX/L=Default City/O=Default Company Ltd
Active Leaf:
Certificate chain
0 s:/serialNumber=PID:N9K-C93180YC-FX SN:XXXXXXX/CN=XXXXXXX
i:/O=Cisco Systems/CN=Cisco Manufacturing CA
1 s:/O=Cisco Systems/CN=Cisco Manufacturing CA
i:/O=Cisco Systems/CN=Cisco Root CA 2048
2 s:/O=Cisco Systems/CN=Cisco Root CA 2048
i:/O=Cisco Systems/CN=Cisco Root CA 2048
09-21-2021 08:03 AM
Hello Ramu,
This is kinda a long shot since I don't have any more details, but what is the time on the leaf?
09-21-2021 05:55 PM
Hello David,
Thanks for your response. The time was same on all the nodes. TAC generated a cert and installed, without any luck. The leaf node just won't take the new cert and SSL handshake fails with apic. We had to proceed with the RMA.
09-24-2021 01:51 PM - edited 09-24-2021 01:51 PM
Hi @ramu.gajula
Can you run the "show diagnostic result module all " and "show diagnostic result module all detail" commands on your mentioned switch and share the result?
Maybe rtc-test parameter goes fail.
Regards,
Ali
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide