Skip to content

Cisco APIC

Jump to bottom
eekbot edited this page Oct 11, 2024 · 13 revisions

How Log In With Local Admin Credentials

Use this as your username, and then use your admin password:

apic#fallback\admin

Obtain a List of All EPGs

apic01# moquery -c fvAEPg | egrep "^dn\ "

CIMC Upgrade

Directions upgrading CIMC using HUU (Host Upgrade Utility) https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/lomug/2-0-x/3_0/b_huu_3_0_1/b_huu_2_0_13_chapter_011.html

Another link to upgrade the CIMC with pictures (and lists the default password): https://community.cisco.com/t5/data-center-documents/apic-cimc-upgrade-procedure/ta-p/3216002

Brief summary of steps:

  1. Power down APIC in GUI; System > Controllers > Right-click APIC > shutdown (best to perform from a different APIC than the one you're shutting down)
  2. Log into CIMC KVM and mount UCE image to DVD a. Go to Virtual Media > Activate b. Virtual Devices > Virtual Media c. Map CD/DVD to Mount UCE image to DVD via CIMC KVM (browse to where you stored your image)
  3. Power On and mash F6, and boot from DVD (wait about 25 min)
  4. When the Cisco Host Utility appears: Click Update all (wait about 20 min)
  5. Click Exit when updates are done (wait about 40 min)

APIC Upgrade

Do your pre-upgrade validations/backups/etc. Once you upgrade the APICs, you shouldn't make any changes in ACI until the switches are upgraded too, so do those close together in timing.

  1. Upload images: Admin > Firmware > Images > Wrench > Upload & browses to the image
  2. Admin > Firmware > Infrastructure > Controllers > Wrench > Schedule Controller Upgrade
  3. Check box for the agreement, and Ignore compatiblity check. Then select upgrade now. (12:05pm) (Optional) Log into an APIC that's not upgrading and refresh the Admin > Firmware > Infrastructure > Controllers page to see progress. Node1 took 37 min (12:42pm); Node 2 took 20 min. Node 3 another 20 min.

ACI Upgrade

  1. Admin > Firmware > Infrastructure > Nodes > Wrench > Schedule Node Upgrade
    Timing: Stopped recording at 3:16 ; lost neighbors at 3:23 when leaf201 went down; spine101 went down at 3:29? leaf201 came back up at 3:32 ; spine101 came back at 3:41 (12min) New method:

  2. Admin > Firmware > Switches > ???

  3. Repeated step 1) for the evens; 3:44 started pre-validation checks

Adding a New Leaf

These are some untested steps that I jotted down from what Steve sent me in an email for the addition of border leaf switches 303 & 304:

Fabric Policies > Switches > Leaf Switches > Profiles > New Leaf Profile for 303-304 Fabric Policies > Switches > Leaf Switches > Add to Policy Group > pg-leaf-ch > Add new profile here

Management Tenant > Node Management Addresses > Static Node Management Addresses > 10.xx.xx.xx - lf-303 Management Tenant > Node Management Addresses > Static Node Management Addresses > 10.xx.xx.xx - lf-304

Access Policies > Interfaces > Leaf Interfaces > Profiles > lf-303 Access Policies > Interfaces > Leaf Interfaces > Profiles > lf-304 Access Policies > Interfaces > Leaf Interfaces > Profiles > lf-303-304 Access Policies > Policies > Switch > Virtual Port Channel default > Add new leaf vpn group/profiles

Clone this wiki locally