Hi, I'm unable to ping some leafs and spines from the APIC, though I can ping these leafs and spines from outside the ACI network and I can ping these spines and leafs if I use the source address from any APIC i.e:
ping "leaf" -I "source_APIC_IP".............that's successful. This would tell me perhaps ARP does not get populated?
I checked my OOB connectivity and everything looks ok so far! Though the leaf and spines I cannot get to have a different default gatweway than the spines and leafs that are working and I can ping both gateways in OOB>Node Mgmt Addresses>Static Mode Mgmt Address. I'm guessing there something in Tennant>Mgmt>OOB config that is not correct?
I can see all my leafs and spines from the apic "acidiag avread" and I can run commands to them but some leafs/spines I cannot ping or ssh.
Just to understand what you are trying to do: you want to ping the mgmt0 interface of leaf and spine switches from APIC, over the OOB network?
If yes, then what is the preferred connection for external networks for the apic (System -> System Settings -> APIC Connectivity Preference)? You should have ooband.
You can double check the preferred route using "route -n" in bash on APIC CLI.
System systems>APC Connectivity>Preference Inband was used I adjusted to OOB and sumbit, still same issue.
I want to be able to SSH from any APIC in the APIC Cluster to all leaf and spines and also be able to do the same on the non (internal) network.
I can SSH to all leafs and spines under Tenant>Mgmt>Mode Mgmt Addresses>Static Node addresses with a default gateway of 203.1 but not 204.1
shows a route for 203.1 via oobmgmt and a default route 0.0.0.0 via 203.1 oobmgmt
surely 203.1 and 204.1 can talk to each other? as mentioned in my 1st post I can retrieve diagaci avread information from any of the spines and leafs in 204.1 and perform a fabric 201 show module for example why can't I SSH to these spines and leafs with 204.1?
I can successfully SSH now to the spines and leafs that were not working previously if I use "attach node" from any APIC then run SSH
We run a Multi-Pod setup as below:
APIC in Pod1 cannot ssh to spine/leaf in Pod2
APICs are not VRF aware; because of this, if you are trying to SSH from your APIC to Leaf or Spines in other Pods you will have to specify the interface or use the attach command.
Using the “attach” command will automatically source the correct interface to allow for SSH.
now I just can't AAA authenticate using TACACS to POD2 leafs and spines but I can authenticate to POD1 leafs and spines...........so still a problem not resolved. SSH fixed but not AAA.