Cisco ACI – Connect to the leaf/spine switches

Auvik - Monitor Everything on your Network

With the introduction of the NX-OS Cli, cisco changed the way how you connect to leaf/spine switches.
Find my updated post here.

There are several scenarios where you want to connect to your leaf and spine switches of the ACI fabric.
In this example we want to checkout the BGP Status.

First you connect to your APIC Controller through SSH:

1
2
3
4


$ ssh [email protected]
Application Policy Infrastructure Controller
[email protected]'s password:
admin@aci-lab-apic01:~>

Easy way to connect

Claes Leufven just gave me a hint that you can also use “attach”, the same as on other cisco products 🙂

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21


admin@aci-lab-apic01:~>
admin@aci-lab-apic01:~> attach aci-lab-
aci-lab-apic01   aci-lab-leaf01   aci-lab-leaf02   aci-lab-spine01

admin@aci-lab-apic01:~> attach aci-lab-leaf01
# Executing command: ssh aci-lab-leaf01
Warning: Permanently added 'aci-lab-leaf01' (RSA) to the list of known hosts.
Nexus 9000 Switch
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2015, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
aci-lab-leaf01#

Alternative way!

If you know the tep address of your leaf/spine, you can directly connect, otherwise you can get an overview of the tep addresses:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


admin@aci-lab-apic01:~> acidiag fnvread
      ID             Name    Serial Number         IP Address    Role        State   LastUpdMsgId
-------------------------------------------------------------------------------------------------
     101  aci-lab-spine01      XXXXXXXXXXX   10.255.120.94/32   spine       active   0
     111   aci-lab-leaf01      XXXXXXXXXXX   10.255.120.95/32    leaf       active   0
     112   aci-lab-leaf02      XXXXXXXXXXX   10.255.120.93/32    leaf       active   0

Total 3 nodes

admin@aci-lab-apic01:~>

Now you just connect through ssh directly from the APIC Controller. No User required, PW is the same as for the APIC.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14


admin@aci-lab-apic01:~> ssh 10.255.120.94
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
aci-lab-spine01#

Run commands on the Leaf/Spine

And now you can run the avaiable commands on the ACI NX-OS

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


aci-lab-spine01# show bgp sessions vrf overlay-1
Total peers 2, established peers 2
ASN 65444
VRF overlay-1, local ASN 65444
peers 2, established peers 2, local router-id 10.255.120.94
State: I-Idle, A-Active, O-Open, E-Established, C-Closing, S-Shutdown

Neighbor        ASN    Flaps LastUpDn|LastRead|LastWrit St Port(L/R)  Notif(S/R)
10.255.120.95    65444 0     02w17d  |never   |never    E  179/52384  0/0
10.255.120.93    65444 0     02w17d  |never   |never    E  179/36010  0/0