Cisco ACI – Reset a APIC

If you want to reset one or all of your APIC Controllers to factory default, there is a easy command for that ‘eraseconfig setup’

→ ssh admin@10.127.129.50
Application Policy Infrastructure Controller
admin@10.127.129.50's password:
apic1# bash ---> Only required with Version 1.2+

admin@apic1:~> eraseconfig setup
Do you want to cleanup the initial setup data? The system will be REBOOTED. (Y/n):

When your intention is to reset a whole fabric, it’s recommended to reset the switches first:
Reset a ACI Spine/Leaf Switch
If you reset the APIC Controller first, you have to do this step through console afterwards.

Cisco ACI – NX-OS Style CLI

Cisco introduced a NX-OS like CLI for the Cisco ACI Solution with release 1.2(1i).
In this post i will demonstrate some of the things that can be achieved through the NX-OS CLI.

!Important!
There is no safety net, if you issue something like ‘no tenant XXX‘ the configuration is gone!
No commit, warning or similar!
!Important!

Basics

The NX-OS like CLI is the new default if you connect via SSH to the APIC

→ ssh admin@10.127.129.50
Application Policy Infrastructure Controller
admin@10.127.129.50's password:
apic1#

(more…)

Recognise the Production Date of your Cisco Equipment based on the Serial

Today i learnt that the Production Year and Week is ‘hidden’ in the Cisco Serials 🙂

The format of the serial is always like ‘xxxYYWWxxxx’, ‘YY’ is Code for the Year, but not the Year itself! ‘WW’ is the week of manufacture.

Year Codes
Code Year
01 1997
02 1998
03 1999
04 2000
05 2001
06 2002
07 2003
08 2004
09 2005
10 2006
11 2007
12 2008
13 2009
14 2010
15 2011
16 2012
17 2013
18 2014
19 2015
20 2016

 

Week Codes
Code Week
1-5 January
6-9 February
10-14 March
15-18 April
19-22 May
23-27 June
28-31 July
32-35 August
36-40 September
41-44 October
45-48 November
49-52 December

Cisco ACI – New Features in Release 1.1(2h)

Cisco just released the newest Cisco ACI Software called 1.1(2h).

Feature Description Guidelines and Restrictions
AES encryption for configuration files As of release 1.1(2), the secure properties of APIC configuration files can be encrypted by enabling AES-256 encryption. AES encryption is a global configuration option; all secure properties conform to the AES configuration setting. It is not possible to export just a portion of the ACI fabric such as a tenant configuration with AES encryption.
SCVMM clustering support You can now install the APIC SCVMM agent on a Highly Available System Center Virtual Machine Manager (SCVMM). None.
Windows Azure Pack with L3out support Windows Azure Pack tenants can now configure their networks to connect outside of the fabric. This is done by establishing a security contract to L3ExtOut for both incoming and outgoing traffic.

See the Cisco ACI Virtualization Guide for more information.
None.
ACI Optimizer After entering your network requirements in an Optimizer Config Template, the ACI Optimizer tells you how many leafs you will need for your network and suggests how to deploy each application and external EPG on each leaf without violating any constraints. Also, after entering your existing topology in an Optimizer Config Template, the ACI Optimizer helps you determine if you have what you need, if you are exceeding any limitations, and suggests how to deploy each application and external EPG on each leaf. When using the ACI Optimizer, Scale constraints may be violated if the given topology is not enough.
VMware vSphere 6.0 support ACI now supports VMware vCenter 6.0. 

See the Cisco ACI Virtualization Guide for more information.
The vCenter 6.0 feature of vMotion across a vCenter/datacenter is not supported.

Definitly notable is the VMware vSphere 6.0 support!

Source:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/release/notes/apic_rn_112h.html

Link to the Software:
https://software.cisco.com/download/release.html?mdfid=285968390&softwareid=286278832&release=1.1(2h)&relind=null&rellifecycle=null&reltype=null&i=rn

Cisco ACI – The new and nice GUI way to Upgrade your ACI Fabric

Some time ago i posted how to do a upgrade of your ACI Fabric through CLI.
Cisco made this process now way easier, with some cool new features.

In this short guide i used the current ACI release 1.1(1o), that you can grab directly from cisco here.

Upload the Firmware to the APIC

You can now upload directly through your browser, no longer the need for a SCP/FTP Server!

Upload the new Firmware to the ACI

Just select the file from you computer, that’s it!

Select the new Firmware from your Computer

Upload both files, the Controller and Switch Firmware:
Controller – aci-apic-dk9.1.1.1o.iso
Switches – aci-n9000-dk9.11.1.1o.bin

Upgrade of the APIC Controllers

You can now start with the upgrade of your APIC Controllers.

Start the ACI controller upgradeSelect to which version you want to upgrade

 

Select the new version here and ‘Apply now’ the Update will start immediately.

Upgrade of the Nexus 9000 Spine and Leaf switches

After the upgrade of the controllers is finished, you can start with the switches.
In production you got properly more than one Firmware Group or you split them in another way (Maintenance Windows A/B), but i kept it simple in my lab and made just two (Leaf/Spine).

Select the version to use for your spine switches

Select to upgrade your spine switches now

You can just trigger the upgrade one and now with the ‘Upgrade Now’ option!

Same apply for my other group.

Select the version to use for your leaf switchesSelect to upgrade your leaf switches now

That’s it! You just upgraded your ACI Fabric with success and this time easier and faster!

Cisco ACI – AVS Upgrade through CLI

Frist grab the release from the cisco page here

Then put it through scp from you Download place to the ESX Server

scp CiscoAVS_1.5-5.2.1.SV3.1.5-pkg.zip root@10.32.5.150:/tmp
Password:
CiscoAVS_1.5-5.2.1.SV3.1.5-pkg.zip 100% 35MB 806.2KB/s 00:45

Next you Login to the ESX through SSH and check the current version

~ # vemcmd show version
VEM Version: 5.2.1.3.1.3.0-3.2.1
System Version: VMware ESXi 5.5.0 Releasebuild-2068190
ESX Version Update Level: 0

Then i unzipped the archives and upgraded the vib

cd /tmp/
unzip CiscoAVS_1.5-5.2.1.SV3.1.5-pkg.zip
unzip CiscoAVS_1.5-5.2.1.SV3.1.5.zip
cd ~
esxcli software vib update -v /tmp/CiscoAVS_1.5-5.2.1.SV3.1.5/cross_cisco-vem-v197-5.2.1.3.1.5.0-3.2.1.vib --maintenance-mode

And thats it, i’m now running the new AVS Version

~ # vemcmd show version
VEM Version: 5.2.1.3.1.5.0-3.2.1
OpFlex SDK Version: 1.1(1j)
System Version: VMware ESXi 5.5.0 Releasebuild-2068190
ESX Version Update Level: 2

Cisco Prime Infrastructure – Update from 2.1 to 2.2

 Overview

I did the Upgrade from Prime Infrastructure 2.1 to Prime Infrastructure 2.2 last week for one of our customers. Unfortunately this upgrade isn’t possible ‘in place’, you have to install a new Prime Infrastructure 2.2 Server and then import your old configuration.

As described in the Prime Infrastructure 2.2 Quickstart Guide you have to be on one of the following versions that the backup can be used in 2.2:

  • Cisco Prime Infrastructure 2.1.2 (with the UBF patch)
  • Cisco Prime Infrastructure 2.1.1 (with the UBF patch)
  • Cisco Prime Infrastructure 2.1.0.0.87
  • Cisco Prime Infrastructure 1.4.2
  • Cisco Prime Infrastructure 1.4.1
  • Cisco Prime Infrastructure 1.4.0.45

Luckily we were on 2.1.0.0.87, so it wasn’t necessary to do a minor upgrade first.

  (more…)

Cisco ACS – Patch Install error (% Manifest file not found in the bundle)

I’m sure that it’s not the first time i felt for this …
Tried to install a ACS Patch this morning and got an error:
% Manifest file not found in the bundle

First i used the wrong command:
patch install 5-4-0-46-5.tar.gpg FTP

ACS01/admin# patch install 5-4-0-46-5.tar.gpg FTP
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Patch installation...
% Manifest file not found in the bundle

Easy solution, use the right command! 🙂
acs patch install 5-4-0-46-5.tar.gpg repository FTP

ACS01/admin# acs patch install 5-4-0-46-5.tar.gpg repository FTP
Installing ACS patch requires a restart of ACS services. Continue?  (yes/no) yes
Calculating disk size for /opt/CSCOacs/patches
Total size of patch files are 1079 M.
Max Size defined for patch files are 1000 M.
WARNING: Patch of size 1079 M exceeds the allowed quota of 1000 M.
This will not prohibit patch installation process as long as there is enough disk space.
Please note that this indicates you should consider moving ACS to a higher disk space machine
Stopping ACS.
Stopping Management and View...............................................................
Stopping Runtime.........................
Stopping Database.....
Stopping Ntpd....
Cleanup..
Stopping log forwarding .....
Installing patch version '5.4.0.46.5'
Installing ADE-OS 1.2 patch.  Please wait...
Decompressing patch files 5.4.0.46.5 ...
About to install files
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
/opt/CSCOacs/patches/5-4-0-46-5
Patch '5-4-0-46-5' version '5.4.0.46.5' successfully installed
Starting ACS ....

To verify that ACS processes are running, use the
'show application status acs' command.

Cisco ACI – Upgrade your ACI Fabric (1.0(2j) to 1.0(3f))

I did a upgrade of our ACI Lab Fabric last week and documented all the steps. The upgrade is really straightforward, but hopefully this guide still helps you 🙂

First you have to catch the desired Software, get them directly from cisco. You need APIC Release image for 1.0(3f) release (aci-apic-dk9.1.0.3f.iso) and the Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(3f) (aci-n9000-dk9.11.0.3f.bin). Get them here:
Cisco ACI Version 1.0(3f)

I always check the MD5 sum, just to be sure that everything went right with my download.

$ md5 aci-apic-dk9.1.0.3f.iso
MD5 (aci-apic-dk9.1.0.3f.iso) = 6e747378ec4225ead0f27cb23aa54f02
Cisco ACI 1.0(3f) MD5 Hash

Cisco ACI 1.0(3f) MD5 Hash

The MD5 hash looks right. Check the same for the Nexus 9000 Image!

(more…)