This document describes the steps to be followed to replace a leaf or spine switch to the ACI fabric.
When you unbox the new switch, note down the serial number of the switch. Power on the switch and connect a console to check if it is running in ACI mode or NxOS mode. If running in NxOS mode, follow the steps documented in Converting the switch from NxOS to ACI mode to convert the switch to ACI mode.
Note: Customers in USA can choose the preferred version of ACI software to be pre-loaded when placing the RMA request.
Once you confirm the switch is in ACI mode, follow below steps.
From the new switch console run the command "setup-clean-config.sh" and reload (Run the command reload) to cleanup any existing configurations on the switch. This will prevent issues due to some existing configurations in new switch conflicting with existing fabric, even if the new switch was configured with another ACI fabric before.
Decommission the current/failed switch
1. In the ACI GUI, Navigate to Fabric -> Inventory -> Fabric Membership, identify the switch to be replaced. In this example, I will be replacing leaf 103.
2. Right click on the switch to be replaced and Decommission the switch. Now a new pop up windows will open as shown in image below. Click on "Remove from Controller" and hit Submit. Now another pop-up window will appear to confirm the decommission process.
Tip: The 'Remove from controller' option completely removes the node from the ACI fabric and the serial number is disassociated from the Node ID. The 'Regular' option is used in order to temporarily remove the node from the ACI fabric, with the expectation that the same node will rejoin the fabric with the same Node ID. For instance, if the node needs to be temporarily powered down for maintenance.
Now the switch would disappear from the Fabric Membership page.
3. Now, disconnect the switch to be replaced from fabric and disconnect the power cable. Unmount the old switch and mount new switch.
Commission the new switch
4. Power on the new switch and connect the new switch to the fabric.
Note: If you are replacing the leaf switch, make sure that the new leaf switch is connected to all the spine switches in the fabric. If you are replacing a spine switch, make sure to connect the new switch to all the leaf switches in the fabric.
Considering, the switch is in ACI mode and you have connected it to the fabric, the fabric should now discover the new switch automatically using LLDP.
5. Go back to GUI -> Fabric -> Inventory -> Fabric Membership and look for a the new switch which doesn't have any IP address assigned (0.0.0.0) and no node ID assigned. Please confirm the new switch by verifying the serial number.
6. Right click on the new switch and click "Register Switch". Now you will see few editable fields. It is very important to fill right information for below fields. Rest of the fields can be left to default.
POD ID: Default is 1. You need to change this to right POD ID if you have a multi-pod fabric.
Node ID: It is very important to configure the right node ID. Type in the same node ID as previous switch because the APIC will push the configurations based on the node ID. Once you assign and it gets registered, you cannot change this without decommissioning the switch.
Node Name: Enter the name for the node same as before.
7. Click "Update" and wait for the APIC to assign a TEP IP to the new switch.
8. You can verify the switch status in GUI -> Fabric -> Inventory -> Topology. You can see new switch part of topology now.
9. SSH to the APIC and run the command "acidiag fnvread" to confirm the new switch shows up as "active"
Scenario 1: The node is not discovered in the fabric
Connect a console and make sure that the switch is running in ACI mode. Run the command "show version". If running NxOS mode, convert to ACI mode. The steps to convert is available from the link listed at the beginning of this document.
Run the command "show lldp neighbors"and check if it discovers the immediately connected switch. If it is not listed check and confirm the cable is good. Otherwise open a case with TAC for help.
Scenario 2: The newly added switch shows as "not supported"
In ACI GUI -> Fabric -> Inventory -> Fabric Membership page if the new switch is listed as "no" under "Supported Model" column, this could be the issue of your APIC catalog firmware is too old and doesn't have the model of new switch listed in there. To solve this, upgrade the APIC to the same version level as the new switch. After that the new switch should be able to join the fabric.
Scenario 3: SSL certificate issue
If the switch fails to get registered with the fabric after you assign a node ID and node name, there could be SSL certificate issue. You can verify the same using below method.
From the console, run the command "netstat -an | grep <TEP ip of APIC>" and check for a "ESTABLISHED" session with on port 12215 with APIC. This session could be established with any of the APIC in your fabric. So re-run the command with different APIC IP's
Below is an example of the above step.
Established session with any of the APIC on port 12215 means the new switch is able to communicate with the APIC policy manager. If you don't see this session with any of the APIC, it could be a SSL certificate issue. Open a case with TAC for further assistance.
Scenario 4: New switch doesn't get a TEP IP assigned
If the new switch doesn't get a TEP IP assigned after registering the switch, it could be because of some issue DHCP IP allocation from the APIC. Please open a case with TAC for assistance.
Hello, Cisco DNA Center currently is supporting the modular nexus switches, and not the ToR 1RU nexus switches. I’m wondering if there is any news of upcoming models or software upgrade to support ToR switches with DNA Center Thanks
Hi Guys, I have ME-3600X switch on on side with some multiple provider service instances and client VLANs and I want to terminate Client VLANs on Nexus 93240YC-FX2 Border Gateway switch which is part of BGP EVPN VXLAN fabric. Will th...
Howdy out there in automation land!!! I hope everyone is having a nice ramp down to the school year and is getting ready for summer. I know we are :) I hope plenty of you folks are heading to Cisco Live in San Diego in a few weeks too!!!! I plan to be the...
Hello, I have configured 2 different L3outs with interfaces on the same leafs. However, all routes that should be advertised only to the first L3out are being advertised also to the second one without adding it to the associated L3 in the bridge...