Cisco ACI – Reset a ACI Spine/Leaf Switch to default

Login via SSH or Console to the switch

Make sure that there is an image on the leaf/spine

leaf01# dir /bootflash/aci-n9000*

Make sure that this image is used as bootvar

leaf01# cat /mnt/cfg/0/boot/grub/menu.lst.local
boot aci-n9000-dk9.11.0.2j.bin
leaf01# cat /mnt/cfg/1/boot/grub/menu.lst.local
boot aci-n9000-dk9.11.0.2j.bin

If this Image is not set as bootvar, there is a script for that 🙂

leaf01# aci-n9000-dk9.11.0.2j.bin

After the check you can reset the switch

leaf01# aci-n9000-dk9.11.0.2j.bin
Just reload the switch

leaf01# reload
This command will reload the chassis, Proceed (y/n)? [n]: y

After this process you can rejoin this Switch to the fabric


Cisco ACI – New Features in Release 1.1(2h)

Cisco just released the newest Cisco ACI Software called 1.1(2h).

Feature Description Guidelines and Restrictions
AES encryption for configuration files As of release 1.1(2), the secure properties of APIC configuration files can be encrypted by enabling AES-256 encryption. AES encryption is a global configuration option; all secure properties conform to the AES configuration setting. It is not possible to export just a portion of the ACI fabric such as a tenant configuration with AES encryption.
SCVMM clustering support You can now install the APIC SCVMM agent on a Highly Available System Center Virtual Machine Manager (SCVMM). None.
Windows Azure Pack with L3out support Windows Azure Pack tenants can now configure their networks to connect outside of the fabric. This is done by establishing a security contract to L3ExtOut for both incoming and outgoing traffic.

See the Cisco ACI Virtualization Guide for more information.
ACI Optimizer After entering your network requirements in an Optimizer Config Template, the ACI Optimizer tells you how many leafs you will need for your network and suggests how to deploy each application and external EPG on each leaf without violating any constraints. Also, after entering your existing topology in an Optimizer Config Template, the ACI Optimizer helps you determine if you have what you need, if you are exceeding any limitations, and suggests how to deploy each application and external EPG on each leaf. When using the ACI Optimizer, Scale constraints may be violated if the given topology is not enough.
VMware vSphere 6.0 support ACI now supports VMware vCenter 6.0. 

See the Cisco ACI Virtualization Guide for more information.
The vCenter 6.0 feature of vMotion across a vCenter/datacenter is not supported.

Definitly notable is the VMware vSphere 6.0 support!


Link to the Software:

Cisco ACI – The new and nice GUI way to Upgrade your ACI Fabric

Some time ago i posted how to do a upgrade of your ACI Fabric through CLI.
Cisco made this process now way easier, with some cool new features.

In this short guide i used the current ACI release 1.1(1o), that you can grab directly from cisco here.

Upload the Firmware to the APIC

You can now upload directly through your browser, no longer the need for a SCP/FTP Server!

Upload the new Firmware to the ACI

Just select the file from you computer, that’s it!

Select the new Firmware from your Computer

Upload both files, the Controller and Switch Firmware:
Controller – aci-apic-dk9.1.1.1o.iso
Switches – aci-n9000-dk9.11.1.1o.bin

Upgrade of the APIC Controllers

You can now start with the upgrade of your APIC Controllers.

Start the ACI controller upgradeSelect to which version you want to upgrade


Select the new version here and ‘Apply now’ the Update will start immediately.

Upgrade of the Nexus 9000 Spine and Leaf switches

After the upgrade of the controllers is finished, you can start with the switches.
In production you got properly more than one Firmware Group or you split them in another way (Maintenance Windows A/B), but i kept it simple in my lab and made just two (Leaf/Spine).

Select the version to use for your spine switches

Select to upgrade your spine switches now

You can just trigger the upgrade one and now with the ‘Upgrade Now’ option!

Same apply for my other group.

Select the version to use for your leaf switchesSelect to upgrade your leaf switches now

That’s it! You just upgraded your ACI Fabric with success and this time easier and faster!

Cisco ACI – AVS Upgrade through CLI

Frist grab the release from the cisco page here

Then put it through scp from you Download place to the ESX Server

scp root@
Password: 100% 35MB 806.2KB/s 00:45

Next you Login to the ESX through SSH and check the current version

~ # vemcmd show version
VEM Version:
System Version: VMware ESXi 5.5.0 Releasebuild-2068190
ESX Version Update Level: 0

Then i unzipped the archives and upgraded the vib

cd /tmp/
cd ~
esxcli software vib update -v /tmp/CiscoAVS_1.5-5.2.1.SV3.1.5/cross_cisco-vem-v197- --maintenance-mode

And thats it, i’m now running the new AVS Version

~ # vemcmd show version
VEM Version:
OpFlex SDK Version: 1.1(1j)
System Version: VMware ESXi 5.5.0 Releasebuild-2068190
ESX Version Update Level: 2

Cisco ACI – Upgrade your ACI Fabric (1.0(2j) to 1.0(3f))

I did a upgrade of our ACI Lab Fabric last week and documented all the steps. The upgrade is really straightforward, but hopefully this guide still helps you 🙂

First you have to catch the desired Software, get them directly from cisco. You need APIC Release image for 1.0(3f) release (aci-apic-dk9.1.0.3f.iso) and the Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(3f) (aci-n9000-dk9.11.0.3f.bin). Get them here:
Cisco ACI Version 1.0(3f)

I always check the MD5 sum, just to be sure that everything went right with my download.

$ md5 aci-apic-dk9.1.0.3f.iso
MD5 (aci-apic-dk9.1.0.3f.iso) = 6e747378ec4225ead0f27cb23aa54f02
Cisco ACI 1.0(3f) MD5 Hash

The MD5 hash looks right. Check the same for the Nexus 9000 Image!


Cisco ACI – Connect to the leaf/spine switches

With the introduction of the NX-OS Cli, cisco changed the way how you connect to leaf/spine switches.
Find my updated post here.

There are several scenarios where you want to connect to your leaf and spine switches of the ACI fabric.
In this example we want to checkout the BGP Status.

First you connect to your APIC Controller through SSH:

$ ssh admin@
Application Policy Infrastructure Controller
admin@'s password: