Monthly Archives: August 2015

How to get code onto the APIC when the GUI upload fails

The following process worked when the GUI upload via http or scp failed for the 3.8GB APIC ISO file.

If SCP fails (or stalls), what you can do is use a program like Filezilla to connect to the APIC as admin and upload the image directly.

Once the image is in the admin’s home directory, you need to issue the command “firmware add <image_name>”. This adds the file to the firmware repository and should be seen in the GUI as well.


Can’t log into your APIC?

I ran into a split fabric issue setting up my test lab and got the following error trying to log into my 2nd APIC:

REST Endpoint user authorization datastore is not initialized – Check Fabric Membership Status of this fabric node

I was able to get logged into the APIC with the follow username and a blank password:


NOTE: as in the past physical access to a Cisco device equal total ownership.

Basically when installing the fabric for the 1st time you should only power on 1 APIC and discover the entire fabric, then add the other APICs 1 at a time.

How to find your ACI fabric serial numbers

Let’s say you need to open a TAC case and didn’t document all the serial numbers of your fabric upon installation.  You can get the membership information from the command line.

SSH to your APIC OOB management address and log in.

Then issue the following command:
acidiag fnvread

you will get output simular to the following:

For spines and Leaves

admin@apic1:~> acidiag fnvread
ID Name Serial Number IP Address Role State LastUpdMsgId
101 Leaf1 SALXXXXXXXX leaf active 0
102 Spine1 SALXXXXXXX spine active 0
103 Spine2 SALXXXXXXX spine active 0

For APIC’s

admin@apic1:~> acidiag verifyapic
openssl_check: certificate details
subject= CN=FCH1922V0L4,serialNumber=PID:APIC-SERVER-M1 SN:FXXXXXXXX
issuer= CN=Cisco Manufacturing CA,O=Cisco Systems
notBefore=Jul 14 14:52:07 2015 GMT
notAfter=Jul 14 15:02:07 2025 GMT
openssl_check: passed

Wierd 6500 interface output

So the question is what state is the following port in?

#sho run all | beg GigabitEthernet2/5
interface GigabitEthernet2/5
description LAB newtork
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 138
switchport mode trunk
no snmp trap link-status

The answer might not be what you think.

#sho int g2/5
GigabitEthernet2/5 is up, line protocol is up (connected)

#sho run int g2/5

Building configuration…

Current configuration : 230 bytes
interface GigabitEthernet2/5
description LAB newtork f
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 138
switchport mode trunk
no snmp trap link-status

#sho ver
Cisco IOS Software, s3223_rp Software (s3223_rp-IPBASEK9-M), Version 12.2(33)SXI14, RELEASE SOFTWARE (fc2)

The question is why?  I’m not sure other than it might be a code version bug.