Showing results for 
Search instead for 
Did you mean: 

Cisco ACI 1.2 Updated CLI


Written by Michael Earls

If you're like me Christmas and New Year's went super fast and around this time Cisco announced the new software release of ACI 1.2. For others this was like an early Christmas present including support for a more advanced NX-OS style CLI, redesigned GUI, and Increased scalability. Check out the latest update here.

Below I will show just a few examples on using the new style CLI to create VLANs, and new Tenants.

Accessing the CLI:

Access the secure shell (SSH) client, open an SSH connection to the out-of-band management IP address that was configured durning the initial setup.

$ ssh apic-admin@

Application Policy Infrastructure Controller

apic-admin@'s password:

The NS-OS style CLI is organized the same way using a hierarchy of commands starting with EXEC mode as the root tree. The CLI supports question mark (?) level help at the system prompt.

Difference in usage when using NX-OS

  • Global configuration mode is entered when the configure command instead of configureterminal
  • To configure node-level or Leaf-level configuration, you must navigate to that given switch using leaf command
  • The physical port is slightly different, Ethernet port eth x/y instead of ethX/Y
  • Special characters such as ‘$’ or ‘!’ should be escaped with a backslash (‘\$’) or wrap the word or string in single quotes

Below we are creating VLAN groups called VLAN Domains, this is a combination of single or multiple VLANS. The VLAN-DOMAIN supports dynamic and static VLANs. The default type is static unless otherwise defined.

apic# configure

apic(config)# vlan-domain domain1

apic(config-vlan)# vlan 1001-1999,4001

apic(config-vlan)# exit

apic(config)# vlan-domain domain2 dynamic

apic(config-vlan)# vlan 201-300

apic(config-vlan)# vlan 401-500 dynamic

Now, lets associate those new VLAN-Domains we created in the last step and associate them to a leaf node interface.

apic# configure

(config) # leaf 101-102

(config-leaf) # int eth 1/1-24

(config-leaf-if) # vlan-domain member domain1

(config-leaf) # int eth 1/1-12

(config-leaf-if) # no switchport

(config-leaf) # int eth 1/13-24

(config-leaf-if) # switchport

(config) # leaf 101-102

(config-leaf) # int eth 1/1-12

(config-leaf-if) # switchport vlan scope local

(config-leaf) # int eth 1/13

(config-leaf-if) # no switchport vlan scope local

We can also create new tenants or modify the existing tenants defined within APIC.

apic# configure

apic(config)# tenant CorpMarketing

apic(config-tenant)# security domain CorpMarketing_domain1

apic(config-tenant)# vrf context CorpMarketing_v1

apic(config-tenant-vrf)# contract enforce

apic(config-tenant-vrf)# contract provider web

apic(config-tenant-vrf)# contract consumer db

apic(config-tenant-vrf)# contract provider icmp

apic(config-tenant-vrf)# contract consumer icmp

apic(config-tenant-vrf)# exit

apic(config-tenant)# bridge-domain CorpMarketing_b1

apic(config-tenant-bd)# vrf member CorpMarketing_v1

apic(config-tenant-bd)# exit

apic(config-tenant)# interface bridge-domain CorpMarketing_b1

apic(config-tenant-interface)# ip address

apic(config-tenant-interface)# exit

Just like NS-OS to remove the current configuration set we issue a 'no' in front of the command.

apic# configure

apic(config)# no tenant CorpMarketing

apic# end

apic(config)# no vlan-domain domain1

apic# exit

In our next post we will look at using show commands as well the builtin diagnostic CLI commands.

Content for Community-Ad
July's Community Spotlight Awards
This widget could not be displayed.