Tuesday, 26 August 2025

ACI Leaf Switch Replacement

 To replace a Cisco ACI leaf switch, follow these step-by-step instructions to ensure a smooth transition without disrupting your fabric:

🛠️ Preparation

  1. Document the existing switch details:
    • POD ID
    • Node ID
    • Node Name
    • Serial Number 
  1. Ensure the replacement switch is in ACI mode:
    • Connect via console and run show version.
    • If in NX-OS mode, convert to ACI mode using Cisco's documented procedure 
    • Before adding the new leaf switch to the fabric, ensure it's manually upgraded to the target image or one with a direct upgrade path. Avoid using intermediate images that require multiple upgrade steps, as they can trigger issues and impact your production environment. A final upgrade via policy helps ensure BIOS and FPGA components are properly updated.
  1. Clean up the replacement switch:
    • Run setup-clean-config.sh and then reload to remove any existing configuration 

🔄 Decommission the Faulty Leaf Switch

  1. Go to APIC GUI:
    Fabric > Inventory > Fabric Membership
  2. Right-click the faulty switch → Select Decommission.
  3. Once decommissioned, Remove from Controller and confirm the action 
  4. Physically disconnect and unmount the old switch.

🔌 Install and Connect the New Leaf Switch

  1. Mount the new switch and connect uplinks to spine switches. DONOT CONNECT DOWNLINK AT THIS STAGE
  2. Power on the switch.
  3. In APIC GUI, go to:
    Fabric > Inventory > Fabric Membership > Nodes Pending Registration
  4. Verify serial number, then Register the switch:
    • Use the same POD ID, Node ID, and Node Name as the old switch 
  1. Once registered, go to:
    Fabric > Inventory > Fabric Membership > Registered Nodes
    → Right-click → Select Commission.
  2. Wait for the switch to reach Active state.

🔍 Post-Replacement Validation

  1. Connect downlink cables (after switch is active).
  2. Go to:
    Fabric > Inventory > Topology
    → Verify the switch is visible and operational.
  3. SSH into APIC and run:

→ Confirm switch status is active 

  1. If you get SSH warnings (e.g., DNS spoofing), update the known_hosts file:

🧩 Troubleshooting Tips

  • Switch not discovered: Check LLDP neighbors and cable connections.
  • Switch shows "Not Supported": Upgrade APIC firmware to match switch model.
  • No TEP IP assigned: May be a DHCP issue—contact Cisco TAC.
  • SSL issues: Check for established sessions on port 12215 
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)