cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
31579
Views
25
Helpful
14
Comments
Ryan Bos
Level 1
Level 1

Nexus 9000 Series Switch - Standalone to ACI Conversion

There is now an official Cisco document on this process available here

Thank you.

Comments
Martin Lipka
Level 1
Level 1

Tip:

I used USB stick to upload the ACI image and EPLD image to the switch.

 

Question:

Why do I need to upload and configure mentioned certs?

I built my fabric without uploading certs and running prepare-mfg.sh as the switch formatted itself while booting the ACI image for the first time. Fabric recovers as planned after doing redundancy testing.

mtimm
Cisco Employee
Cisco Employee

Certs may need to be installed on hardware shipped before May 2014.  Hardware shipped after this should come from Cisco manufacturing with the certs preinstalled.

Mike

mkoch
Level 4
Level 4

is there also a way back to NX/OS?

i could not find any info.

regards,

Michael

dpita
Cisco Employee
Cisco Employee

Yes, just break into loader and boot the nxos image. certs will remain if you wish to go back to ACI mode at a later time. 

mtimm
Cisco Employee
Cisco Employee

If you go back to standalone mode you may want/need to also get the epld file and ensure that you have the correct epld, bios, etc for that release using show install all impact commands.

KRIS PATE
Level 4
Level 4

Couple of questions:

 

1.  How do you get it to boot without going to loader everytime?  My 9508 is now running ACI image, but everytime I reload it goes back to loader prompt.

2. How do I set the management0 interface for out of band communication? 

3.  I have two 9508 with dual sups.  One comes up and shows active and standby Supervisors.  The other only shows active and detected.  Could this be because of a certificate issue? 

 

Kris

dpita
Cisco Employee
Cisco Employee

Hi Kris

I'm just going to reply to your questions in order

1. there is a script on the switches, setup-bootvars.sh <image-name.bin> that will prevent the reload from dropping the switches in loader. setting up a default firmware policy in the APIC GUI should also take care of the problem

2. mgmt0 is set for out of band through a out of band policy configuration in the MGMT tenant, depending on the version you are running on the switch, it can also be done in command line if im not mistaken. here is a link for management configuration from CCO: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/getting-started/b_APIC_Getting_Started_Guide/b_APIC_Getting_Started_Guide_chapter_01.html#concept_998EA59F9C4E4013BC84F9BF97915DB1

3.active/detected sups is a strange case. it might very well be a cert issue or time or may not even be running ACI. there is no way of knowing with out console access to both.

KRIS PATE
Level 4
Level 4

I checked on the other SUP (I do have both console ports cabled up) and it is running the right image, but it doesn't have the right certificate.  Would that be enough to keep it from being recognized by the primary supervisor?

 

Also when I do a show module on the primary I see everything except my line cards.

My APIC controllers are plugged into this 9508 (as a leaf) but are not discovering it....

 

mtimm
Cisco Employee
Cisco Employee

Hi Kris,

 

it it is probably best if you open a TAC case so we can help you more quickly.

 

at this point in time the APICs have to be plugged into a 9300 leaf.  The 9508 must be a spine and the APICs cannot be plugged directly into the spines.

 

Mike

KRIS PATE
Level 4
Level 4

I wondered about that.  I think  you guys need to change some of the documentation.  The cards I have in the 9500 are listed as ACI ready in all the documentation.  There are even diagrams that show the 9500 as a Leaf.. 

I have the 9336 spine switches already and only need additional leaf nodes.

 

Kris

mtimm
Cisco Employee
Cisco Employee

Hi Kris,

 

I personally agree with you and will make the request again to only document what is shipping today.  However, the last time My group made this request we were told that the documents we were raising as an issue should not be the final word on what is functional today.  Instead the release notes and current install and configure docs should be used to identity what is currently supported.

 

Again I believe a TAC case would help both you and us document the issues you have and resolve them faster.

 

Mike 

Lawrence Searcy
Cisco Employee
Cisco Employee

With that in mind, no ACI customers today should have equipment that requires a TAC case for a new Cisco certificate.

For Cisco Internal Folks: If you run into an Insieme certificate issue converting old lab equipment to ACI, TAC will only redirect you to the internal resources you require to resolve the issue yourself.

^C doesn't work for interrupting the boot process and getting into the bootloader on the 9332 

The 9332 boots right into ACI mode with a shell prompt saying something about the fabric initializing and show commands not available.

It's a linux bash prompt so it was fairly straight forward to copy nxos from one of the mounted /usb directories.  I ran the setup-bootvars.sh script referenced  in the comments and rebooted.  

Would be great to have updated step by step docs from Cisco.

theunfcco
Level 1
Level 1

For lab and educational proposes, can I convert Nexus 9k virtual from v7 to v13 aci mode ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: