Tag Archives: Cisco ACI

Another ACI bug

Love being the 1st to find these 🙂
The main issue is with the new code version 1.3(1g) binding vCenter to an EPG brings up the expected screen but there is now a 2nd required field (Primary VLAN) that was not required previously.

NewVMMBug

Work around options for now:
1. create the association as dynamic.
2. include junk info, then modify it.
3. Use the REST API.

Bug ID CSCuz47137

Another ACI bug initiated by me :)

This is a good one where a delete a network and the bridge domain and the route still lives in the routing table.

https://tools.cisco.com/bugsearch/bug/CSCux76657

Workaround:
Wipe the leafs that have the stale routes using the leaf-specific portion of the instructions found here:http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/troubleshooting/b_APIC_Troubleshooting/b_APIC_Troubleshooting_chapter_01001.html

Just to clarify, full wipe of fabric is not required. Just wipe of the leafs that contain the “stale” route.

ACI hell part 1

When connecting access ports with static paths within an EPG that has trunking what a pain.

So basically if you have a static path binding using 802.1p then try and put an access port with 802.1p Access Untagged things may not work.

The reason is that the 802.1p Access Untagged setting it sets the vlan to 0 in the header, but it still has a vlan tag in there.  Some access devices don’t accept it because they are not  expecting a tag period.  This is especially meaningful with appliances.

If you set your mode to 802.1p Access Untagged and use the same Encapsulation VLAN tag as trunked ports, it will not work.  ACI will give you an error saying that you can’t have tagged and untagged in the same EPG.  Yet you can if you change the encapsulation VLAN ID to a different number it will work.

Remember that a VLAN in ACI is just bogus because ACI uses VXLAN, but endpoint devices care about that VLAN number.  Below is an example of 1 EPG with multiple endpoints in the same bridge domain with different VLAN encapsulations.

ACI8021P

 

Where is the ACI software repository located?

Excellent question.  I did some digging via SCP and finally found it.

But don’t get to excited you can’t copy files directly into it.

The repository is located in the following path:
/.aci/viewfs/admin/firmware/firmware-repository

There is a good write up on how to upgrade your software using the command line.

  1. the current version of the firmware.

Were the firmware uploaded via the APIC GUI? If this is true, the issue is related to defect CSCux40954. Please use ‘scp’ in APIC to copy the firmware into the controllers. Attached is the instructions: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/getting-started/b_APIC_Getting_Started_Guide/b_APIC_Getting_Started_Guide_chapter_011.html#concept_734A579133814A85813C9C5232BBE44C

How to get code onto the APIC when the GUI upload fails

The following process worked when the GUI upload via http or scp failed for the 3.8GB APIC ISO file.

If SCP fails (or stalls), what you can do is use a program like Filezilla to connect to the APIC as admin and upload the image directly.

Once the image is in the admin’s home directory, you need to issue the command “firmware add <image_name>”. This adds the file to the firmware repository and should be seen in the GUI as well.