Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
30443
Views
70
Helpful
5
Comments

Adding new leaf/spine node to ACI fabric

gkumark
Cisco Employee
Cisco Employee

‎11-14-2017 09:27 PM - edited ‎03-01-2019 06:06 AM

This document describes the steps to be followed to add a new leaf or spine switch to the ACI fabric.

 

When you unbox the new switch, note down the serial number of the switch. Power on the switch and connect a console to check if it is running in ACI mode or NxOS mode. If running in NxOS mode, follow the steps documented in Converting the switch from NxOS to ACI mode to convert the switch to ACI mode. 

 

 

Once you confirm the switch is in ACI mode, follow below steps.

1. From the new switch console run the command "setup-clean-config.sh" and reload (Run the 

    command reload) to cleanup any existing configurations on the switch. This will prevent issues due to

    some existing configurations in new switch conflicting with existing fabric, even if the new switch was

    configured with another ACI fabric before. 

2. Rack the new switch and power it on

3. Connect the switch to the fabric. If you are adding the leaf switch, make sure that the leaf switch is connected to all the spine switches in the fabric. If you are adding a spine switch, make sure to connect the spine switch to all the leaf switches in the fabric. 

 

Considering, the switch is in ACI mode and you have connected it to the fabric, the fabric should now discover the new switch automatically using LLDP.

 

4. Go to ACI GUI -> Fabric -> Inventory -> Fabric Membership and look for a the new switch which doesn't have any IP address assigned (0.0.0.0) and no node ID assigned. Please confirm the new switch by verifying the serial number.3.jpg

 

5. Right click on the new switch and click "Register Switch". Now you will see few editable fields. It is very important to fill right information for below fields. Rest of the fields can be left to default. 

  • POD ID: Default is 1. You need to change this to right POD ID if you have a multi-pod fabric.
  • Node ID: It is very important to configure the right node ID. Once you assign and it gets registered, you cannot change this without decommissioning the switch. 
  • Node Name: Enter the name for the node.

In this example, I am registering the new switch with node ID 103 and node name leaf103. 

4.jpg

 

5.jpg

 

 6.  Click "Update" and wait for the APIC to assign a TEP IP to the new switch.

6.jpg

 

7. You can verify the switch status in GUI -> Fabric -> Inventory -> Topology. You can see new switch part of topology now.

 

8. SSH to the APIC and run the command "acidiag fnvread" to confirm the new switch shows up as "active"

8.jpg

 

Troubleshooting

Scenario 1: The node is not discovered in the fabric
  • Connect a console and make sure that the switch is running in ACI mode. Run the command "show version". If running NxOS mode, convert to ACI mode. The steps to convert is available from the link listed at the beginning of this document. 
  • Run the command "show lldp neighbors"and check if it discovers the immediately connected switch. If it is not listed check and confirm the cable is good. Otherwise open a case with TAC for help.

Scenario 2: The newly added switch shows as "not supported"

In ACI GUI -> Fabric -> Inventory -> Fabric Membership page if the new switch is listed as "no" under "Supported Model" column, this could be the issue of your APIC catalog firmware is too old and doesn't have the model of new switch listed in there. To solve this, upgrade the APIC to the same version level as the new switch. After that the new switch should be able to join the fabric.

 

Scenario 3: SSL certificate issue

  • If the switch fails to get registered with the fabric after you assign a node ID and node name, there could be SSL certificate issue. You can verify the same using below method.
    • From the console, run the command "netstat -an | grep <TEP ip of APIC>" and check for a "ESTABLISHED" session with on port 12215 with APIC. This session could be established with any of the APIC in your fabric. So re-run the command with different APIC IP's
    • Below is an example of the above step.netstat.jpg 

       

    • Established session with any of the APIC on port 12215 means the new switch is able to communicate with the APIC policy manager. If you don't see this session with any of the APIC, it could be a SSL certificate issue. Open a case with TAC for further assistance.  

       

Scenario 4: New switch doesn't get a TEP IP assigned
  • If the new switch doesn't get a TEP IP assigned after registering the switch, it could be because of some issue DHCP IP allocation from the APIC. Please open a case with TAC for assistance. 

 

Labels:
Comments
Rick1776
Level 5
Level 5
‎11-20-2017 09:44 AM

Great job on the article. This was very concise. I've actually run into the firmware issue a lot. So thanks for sharing.

 

 

denz_cruel
Level 1
Level 1
‎12-05-2018 11:19 AM

Nice article. Do we experience any impact on existing fabric in adding new spine?

CSCO11733021
Level 1
Level 1
‎04-30-2020 01:10 AM

very nice article

RavindraKedar34468
Level 1
Level 1
‎04-26-2021 06:35 AM

Nicely written Article, keep up the good work

Mohammed Aswath Ali
Level 1
Level 1
‎07-17-2022 10:05 AM

Thanks for this article. Really helpful 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card