Explore the Cisco ACI Fabric
Note: Be sure to review the Objectives and
Job Aids links above for required
information. Password Information and
Command Lists for Detailed Lab Steps are
in the Job Aids link.
Task 1: Log In to the Cisco APIC Controller
In this lab, you will learn how to log in to the Cisco APIC Controller. Google Chrome is recommended for managing the Cisco APIC.
Show Steps
• Step 1:
On your Student-PC, open a browser.
Tip:
Google Chrome is recommended for managing the Cisco APIC. Connect to the APIC IP address https://10.10.1.145. Accept the security warning or create a security exception to access the GUI.
Note
Secure HTTP (HTTPS) is required to access the APIC GUI using default settings.
• Step 2:
Use the credentials that you can find in Job Aids to log in.
Tip:
Use APIC for the device name, 10.10.1.145 (mgmt) for Management/Fabric IP, and the admin/1234QWer password.
The What's New page will open.
Note
The What's New page may or not be present.
Click Begin First Time Setup and then click Close.
• Step 3:
Skim through the first screen.
Tip:
The first screen displays the dashboard. You may see the status of your deployment. On the top, you can also find several menus, which you can access.
Note
You may see the alert that there are insufficient controllers in the deployment. The minimum recommended setup for the Cisco APIC is a cluster consisting of three controllers. In this lab environment, you will use a cluster with a single APIC server, so you can ignore the alert. You may see the alerts by clicking the bell symbol in the top right corner.
Task 2: Exploring Fabric Inventory, Nodes, and Fabric Topology
In this lab, you will explore fabric inventory, nodes, and fabric topology.
Show Steps
• Step 1:
Examine the top-most portion of the GUI interface, also referred to as the menu bar.
Tip:
You can see the following options in the menu bar:
◦ System: The menu for system-wide setup, smart licensing, and monitoring.
◦ Tenants: The menu to perform tenant management.
◦ Fabric: Cisco ACI inventory and configuration point for intra-fabric and access policies.
◦ Virtual Networking: Configuration menu to view and configure inventory for various virtual machine (VM) managers, such as VMware vCenter, Microsoft Hyper-V, KVM, OpenStack, or Red Hat.
◦ L4–L7 Services: Package repository for upper-layer service elements, such as firewalls or load balancers, that can be inserted into the fabric.
◦ Admin: Menu for controlling the operation, administration, and maintenance (OAM) aspects.
◦ Operations: Menu for visibility, troubleshooting, and capacity profiling.
◦ Apps: App center used for deploying applications in the Cisco ACI.
◦ Integrations: Menu to view all third-party integrations.
• Step 2:
Choose the Tenants menu and choose a predefined tenant common.
Tip:
A submenu bar will appear below the menu bar. The Navigation pane displays on the left side of the Cisco APIC GUI below the submenu bar. This pane provides centralized navigation to all elements of the submenu category.
If you choose a component in the Navigation pane, its objects will display in the work pane on the right side of the Cisco APIC GUI. The work pane displays details about the component that is selected in the Navigation pane.
Note
A tenant is a logical container for application policies that enable an administrator to exercise domain-based access control. A tenant represents a unit of isolation from a policy perspective, such as a customer in a service provider setting, an organization or domain in an enterprise setting, or just a convenient grouping of policies. By default, there are three preconfigured tenants in ACI: common, infra, and mgmt.
• Step 3:
Check the environment of your pod.
Tip:
To view the discovered environment of your pod, go to Fabric > Inventory > Topology, and choose the Topology tab in the work pane.
� Your APIC should consist of a single server, connected to leaf-a. Each leaf is connected to a spine switch.
Note
You will see the same topology view if you go to Fabric > Inventory > Pod 1 and choose the Topology tab from the work pane.
• Step 4:
Examine the switches listed in the Registered Nodes tab.
Tip:
Expand Fabric > Inventory > Fabric Membership, and then examine the switches listed in the Registered Nodes tab.
You should see that your topology consists of three physical nodes (two leaves and one spine) and no virtual nodes. The node names and node IDs have been assigned to the switches during registration.
Note
The Cisco ACI solution uses an overlay, based on VXLAN, to virtualize the physical infrastructure. This overlay, like most overlays, requires the data path at the edge of the network to map from the tenant endpoint address in the packet, also known as its identifier, to the location of the endpoint, also known as its locator. This mapping occurs in a function called a tunnel endpoint (TEP), also known as VXLAN tunnel endpoint (VTEP). The VTEP addresses are displayed in the IP column. The TEP address pool 10.0.0.0/16 has been configured on the Cisco APIC using the initial setup dialog. The APIC assigns the TEP addresses to the
fabric switches via DHCP, so the infrastructure IP addresses in your fabric will be different from the figure.
• Step 5:
Verify connections to other fabric elements.
Tip:
Go back to the fabric topology page (Fabric > Inventory > Topology > Topology) and double-click each device to verify its connections to other fabric elements.
You should see connections to other fabric elements. The two examples show connections from the APIC controller and connections the leaf-a switch.
Note
The Link Layer Discovery Protocol (LLDP) is responsible for discovering directly adjacent neighbors. When LLDP runs between the Cisco APIC and a leaf switch, it precedes three other processes: Tunnel endpoint (TEP) IP address assignment, node software upgrade (if necessary), and the intra-fabric messaging (IFM) process, which is used by the Cisco APIC to push policy to the leaves.
• Step 6:
Check various pieces of information such as model type, serial number, management IP addresses (missing at this point), and other chassis information.
Tip:
Navigate to Fabric > Inventory > Pod 1, choose leaf-a, and choose the General tab.
• Step 7:
Investigate interfaces and their properties.
Tip:
Click the Interface tab and hover the cursor over some interfaces to investigate their properties.
You should see various pieces of information for the interface. You can see the admin and operational state, description, neighbors, etc.
• Step 8:
Expand the menu of a switch in the navigation pane.
Tip:
Skim through the available inventory information, such as the various interface types.
• Step 9:
Launch the terminal window application from your jumphost to connect to Cisco APIC via SSH.
Tip:
Use the ssh [email protected] command and login with the 1234QWer password as specified in Job Aids.
• Step 10:
Check the available ACI diagnostics options.
Tip:
Run the acidiag -h command to view the available ACI diagnostics options.
apic1# acidiag -h
usage: acidiag [-h] [-v]
{avread,fnvread,fnvreadex,fnvreadall,rvread,rvreadle,crashsuspect tracker,bootother,bootcurr,dbgtoken,version,platform,touch,dmelogdecode,journal, logs,oob,scheduler,cleanup,cluster,hwcheck,validateimage,validatenginxconf,prese rvelogs,verifyapic,bond0test,linkflap,run,installer,start,stop,restart,reboot,dr rmode,vapicjoin,gluster,dmestack,dmecore}
...
positional arguments:
{avread,fnvread,fnvreadex,fnvreadall,rvread,rvreadle,crashsuspecttracker,booto ther,bootcurr,dbgtoken,version,platform,touch,dmelogdecode,journal,logs,oob,sche duler,cleanup,cluster,hwcheck,validateimage,validatenginxconf,preservelogs,verif yapic,bond0test,linkflap,run,installer,start,stop,restart,reboot,drrmode,vapicjo in,gluster,dmestack,dmecore}
sub-command help
avread read appliance vector
fnvread read fabric node vector
fnvreadex read fabric node vector (extended mode)
fnvreadall read fabric node vector readall
rvread read replica vector
rvreadle read replica leader summary
crashsuspecttracker
read crash suspect tracker state
bootother on next boot, boot other Linux Partition, and display
updated /etc/grub.conf
bootcurr on next boot, boot current Linux Partition, and
display updated /etc/grub.conf
dbgtoken show debug token
version show ISO version
platform show platform
touch touch special files
dmelogdecode DME log decode
journal Contents of journal logs
logs show log history
oob oob options
scheduler scheduler
cleanup fs cleanup utility
cluster cluster health check
hwcheck Quick check of APIC Hardware
validateimage validate image
validatenginxconf validate nginx conf
preservelogs stash away logs in preparation for hard reboot
verifyapic run apic installation verify command
bond0test ==SUPPRESS==
linkflap flap a link
run run specific commands and capture output
installer installer
start start a service
stop stop a service
restart restart a service
reboot reboot
drrmode drrmode options
� vapicjoin join existing vapic cluster
gluster gluster admin and health tool
optional arguments:
-h, --help show this help message and exit
-v, --verbose verbose
• Step 11:
View the fabric node vector.
Tip:
Use the acidiag fnvread command.
apic1# acidiag fnvread
ID Pod ID Name Serial Number IP Address Role State LastUpdMsgId
-----------------------------------------------------------------------------------
101 1 leaf-a TEP-1-101 10.0.160.64/32 leaf active 0
102 1 leaf-b TEP-1-102 10.0.160.66/32 leaf active 0
201 1 spine TEP-1-103 10.0.160.65/32 spine active 0
Total 3 nodes
• Step 12:
Go to the configuration mode.
Tip:
Display the running configuration.
apic1# configure terminal
apic1(config)# show running-config
# Command: show running-config
# Time: Thu Apr 11 07:22:22 2021
aaa banner 'Application Policy Infrastructure Controller'
aaa authentication login console
exit
aaa authentication login default
exit
aaa authentication login domain fallback
exit
bgp-fabric
exit
coop-fabric
exit
no password pwd-strength-check
crypto aes
exit
crypto webtoken
session-record-flags login,logout,refresh
exit
rbac security-domain "all"
exit
rbac security-domain "common"
exit
rbac security-domain "mgmt"
exit
rbac role "site-policy"
priv site-policy
exit
<... output omitted ...>
You can see that you can also use the CLI to configure the system and view the configuration.
Lab Completion Instructions
You have now completed this lab exercise.
Please click 'End Session'.
Choose 'Exit'.
