FYI there is a bug in 1.4.1e that does not allow you to upload new code via the GUI.
What happens is the file is actually copied then immediately deleted after if finishes. This was fixed in the version right before this version, but not ported.
Good write up on the work around over at http://www.theaciguy.com/?p=1
Thanks to Jayson for this good write up.
This applies to versions of APIC controller software up to 1.1(4e)
Turns out the there is a bug that occurs when you connect an APIC to multiple leaves. And yes that is stupid because you’re supposed to connect them to different leaves. This bug manifests itself when integrating the VMM with the fabric.
Just be sure that you create an APIC policy in the policy groups. Fabric>Access Policies>Interface Policies>Policy Group
It’s a simple policy mine is:
L2 Interface Policy= default
Then bind the policy to the leaves that the APIC’s are connected to. Fabric>Access Policies>Interface Policies>Profiles>Leaf###. The click the plus sign (+) and add in your newly created APIC Policy group for the interfaces that the APIC is connected to.
The following process worked when the GUI upload via http or scp failed for the 3.8GB APIC ISO file.
If SCP fails (or stalls), what you can do is use a program like Filezilla to connect to the APIC as admin and upload the image directly.
Once the image is in the admin’s home directory, you need to issue the command “firmware add <image_name>”. This adds the file to the firmware repository and should be seen in the GUI as well.
I ran into a split fabric issue setting up my test lab and got the following error trying to log into my 2nd APIC:
REST Endpoint user authorization datastore is not initialized – Check Fabric Membership Status of this fabric node
I was able to get logged into the APIC with the follow username and a blank password:
NOTE: as in the past physical access to a Cisco device equal total ownership.
Basically when installing the fabric for the 1st time you should only power on 1 APIC and discover the entire fabric, then add the other APICs 1 at a time.
Let’s say you need to open a TAC case and didn’t document all the serial numbers of your fabric upon installation. You can get the membership information from the command line.
SSH to your APIC OOB management address and log in.
Then issue the following command:
you will get output simular to the following:
For spines and Leaves
admin@apic1:~> acidiag fnvread
ID Name Serial Number IP Address Role State LastUpdMsgId
101 Leaf1 SALXXXXXXXX 10.0.224.95/32 leaf active 0
102 Spine1 SALXXXXXXX 10.0.224.94/32 spine active 0
103 Spine2 SALXXXXXXX 10.0.224.93/32 spine active 0
admin@apic1:~> acidiag verifyapic
openssl_check: certificate details
subject= CN=FCH1922V0L4,serialNumber=PID:APIC-SERVER-M1 SN:FXXXXXXXX
issuer= CN=Cisco Manufacturing CA,O=Cisco Systems
notBefore=Jul 14 14:52:07 2015 GMT
notAfter=Jul 14 15:02:07 2025 GMT
While configuring my new ACI starter kit lab. (Yes I know lucky me !!!) I got the following error which was both weird and interesting.
I believe that the number 2 is between 1 and 9.
Well you need 3 APICs to actually shard the database.
Around figure 12.