The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
When the Cisco APIC-EM configuration begins, an interactive wizard prompts you to enter information to configure the controller. The following table displays the information that you will be prompted for to complete the configuration.
Note | Ensure that the DNS and NTP servers are reachable before you run the configuration wizard and whenever a Cisco APIC-EM host reboots in the deployment. |
Configuration Wizard Prompt |
Description |
Example |
||
---|---|---|---|---|
(Optional) Bonded NICs |
Choose to configure or not configure bonded NICs on the controller's interfaces. Enter 'yes' to proceed with configuring NIC bonding on the interfaces. Enter 'no' to bypass NIC bonding completely, and be presented with the option for VLAN configuration. |
Enter 'yes'. |
||
Bonding mode |
If you chose to configure bonded NICs, then configure either 'balance-xor' or '802.3ad' for the bonded NICs. Entering 'balance-xor' will configure static bonding on the selected NICs. Entering '802.3ad' will configure LACP bonding on the selected NICs. Entering '802.3ad' requires that a separate LACP configuration be made on the switches that are connected to the Ethernet ports. Entering 'balance-xor ' will require a configuration on the connected switches for the static configuration. Generally, this means that the appropriate ports be grouped together in a Cisco EtherChannel configuration for the static configuration. Refer to your Cisco switch documentation for information about configuring the switches. For this release, only one bonded interface with multiple NICs can be configured on the controller. |
Enter '802.3ad '. |
||
(Optional) VLAN |
Choose to configure or not configure VLANs on the controller's interfaces. The NICs on the controller (whether an appliance, server, or virtual machine) can be configured with a VLAN interface. Both bonded NICs and standalone NICs can be configured with VLANs. The management interface of the appliance, server, or virtual machine can also be selected and configured with a VLAN interface.
|
Enter 'yes' The VLAN range is limited (1-1001, 1005-4094). |
||
Host IP address |
Enter a host IP address. This IP address is used for the network adapter (eth0) on the host and connects to the external network or networks. For multiple network adapters, have several IP addresses available.
|
10.0.0.12 |
||
(Optional) Virtual IP address |
Enter a virtual IP address. This virtual IP address is used for the network adapter (eth0) on the host. You should only configure a virtual IP address, if you are setting up a multi-host deployment.
|
10.12.13.14 |
||
Netmask IP address |
Enter a netmask IP address. This must be a valid IPv4 netmask. |
255.255.255.0 |
||
Default Gateway IP address |
Enter a default gateway IP address. This must be a valid IPv4 address for the default gateway. |
10.12.13.1 |
||
Primary DNS server |
Enter a primary DNS server address. This must be a valid IPv4 address for the primary DNS server. |
10.15.20.25
|
||
Primary NTP server |
Enter a primary NTP server address. This must be a valid IPv4 address or hostname of a Network Time Protocol (NTP) server.
|
10.12.13.10 Enter either a single IP address for a single NTP primary server, or multiple IP addresses separated by spaces for several NTP servers. We recommend that you configure three NTP servers for your deployment. |
||
Add/Edit another NTP server |
This must be a valid NTP domain. |
10.12.13.11 Allows you to configure multiple NTP servers.
|
||
(Optional) HTTPS proxy server |
Enter an HTTPS proxy server address. This must be a valid IPv4 address for the HTTPS proxy with port number. |
https://209.165.200.11:3128 |
||
Admin Username |
Enter the admin user name. Identifies the administrative username used for GUI access to the Cisco APIC-EM controller. We recommend that the username be three to eight characters in length and be composed of valid alphanumeric characters (A–Z, a–z, or 0–9). |
admin2780 |
||
Admin Password |
Enter the admin password. Identifies the administrative password that is used for GUI access to the Cisco APIC-EM controller. You must create this password because there is no default. The password meet the following requirements: |
MyIseYPass2 |
||
Linux Username |
Enter a Linux username. Identifies the Linux (Grapevine) username used for CLI access to the Grapevine root and clients. |
The default is 'grapevine' and cannot be changed. |
||
Linux Password |
Enter a Linux password. Identifies the Linux (Grapevine) password that is used for CLI access to the Grapevine roots and clients. You must create this password because there is no default. The password meet the following requirements: |
MyGVPass01 |
Perform the steps in the following procedure to configure Cisco APIC-EM as a single host using the wizard.
You must have either received the Cisco APIC-EM Controller Appliance with the Cisco APIC-EM pre-installed or you must have downloaded, verified, and installed the Cisco ISO image onto a server or virtual machine as described in the previous procedures.
Step 1 | Boot up the host. | ||||||||||||||||||||
Step 2 | Review the
APIC-EM
License Agreement screen that appears and choose either
<view
license agreement> to review the license agreement or
accept>> to accept the license agreement and
proceed.
After accepting the license agreement, you are then prompted to select a configuration option. | ||||||||||||||||||||
Step 3 | Review the
Welcome to the APIC-EM Configuration Wizard! screen
and choose the
Create
a new APIC-EM cluster option to begin.
You are then prompted to enter 'yes' or 'no' for RESET EXISTING CONTROLLER NETWORK CONFIG. | ||||||||||||||||||||
Step 4 | Select the Reset Networking Configuration option for your configuration.
For an initial deployment, enter 'no' and proceed with the configuration. For an upgrade for your deployment, enter 'yes' and proceed with the configuration
You are then prompted to enter values for the NETWORK ADAPTER BONDING mode (OPTIONAL). | ||||||||||||||||||||
Step 5 | Select the NETWORK ADAPTER BONDING mode (OPTIONAL) for your configuration.
Enter either 'yes' or 'no' for this step. Enter 'yes' to proceed with configuring NIC bonding on the interfaces (create a single logical port from two Ethernet ports (NICs) on the controller). Enter 'no' to bypass NIC bonding completely, and be presented with the option for VLAN configuration (see Step 7 below). After entering a value, click next>> to proceed. | ||||||||||||||||||||
Step 6 | If you entered 'yes', then enter the bonding mode in the NETWORK ADAPTER 0 (bond0) screen.
Enter either 'balance-xor' or '802.3ad' for this step. This step permits you to create a single logical port from two or more Ethernet ports (NICs) on the controller that the configuration wizard discovers and displays. Entering 'balance-xor' will configure static bonding on the selected NICs. Entering '802.3ad' will configure LACP bonding on the selected NICs. For this release, only a single bonded interface with multiple NICs can be configured on the controller. Entering '802.3ad' requires a separate LACP configuration be made on the switches that are connected to the Ethernet ports. Entering 'balance-xor ' will require a configuration on the connected switches for the static configuration. Generally, this means that the appropriate ports be grouped together in a Cisco EtherChannel configuration for the static configuration. Refer to your Cisco switch documentation for information about configuring the switches. | ||||||||||||||||||||
Step 7 | Select the individual Ethernet ports (for example, eth0 and eth1) to bond together as a single logical port.
Use the Tab key to navigate to the Ethernet port fields in the configuration wizard. User the space bar to select (check) the Ethernet port.
When finished with this step, click next>> to proceed. | ||||||||||||||||||||
Step 8 | Select the NETWORK ADAPTER VLAN Mode (Optional)
Enter either 'yes' or 'no' for this step. Entering 'yes' permits you to configure VLANs on the interface(s) in the next step. Entering 'no' bypasses VLAN configuration.
After entering a value, click next>> to proceed. | ||||||||||||||||||||
Step 9 | (Optional) If you entered yes, then enter the management interface in the ADD VIRTUAL NETWORK ADAPTERS screen.
The management interface can be either an Ethernet port (bonded or not) or a VLAN. For a VLAN, use the following format: interface.vlan_id For example, bond0.300 or eth0.300 | ||||||||||||||||||||
Step 10 | (Optional) Add virtual adapters for each of the interfaces in the ADD VIRTUAL NETWORK ADAPTERS screen.
If you created a bonded port in the previous steps, then that bonded port will be displayed in this screen. Navigate to the bonded port displayed on the screen using the Tab key on your keyboard. Proceed to configure one or more VLANs on the bonded port. If you did not create a bonded port in the previous steps, then each Each Ethernet port discovered by the configuration wizard will be displayed in this screen. Navigate to the Ethernet ports displayed on the screen using the Tab key on your keyboard. Proceed to configure one or more VLANs on these Ethernet ports.
Click next>> to proceed. | ||||||||||||||||||||
Step 11 | Enter
configuration values for the
NETWORK
ADAPTER #1 on the host.
The configuration wizard discovers and prompts you to confirm values for the network adapter or adapters on your host. For example, if your host has three network adapters you are prompted to confirm configuration values for network adapter #1 (eth0), network adapter #2 (eth1), and network adapter #3 (eth2) respectively.
The primary interface for the controller is eth0 and it is best practice to ensure that this interface is made highly available. On Cisco UCS servers, the NIC labeled with number 1 would be the physical NIC. The NIC labeled with the number 2 would be eth1.
Once satisfied with the controller network adapter settings, enter next>> to proceed. After entering next>>, the configuration wizard proceeds to validate the values you entered. After validation and if your host has two network adapters, you are prompted to enter values for NETWORK ADAPTER #2 (eth1). If your host has three network adapters, you are prompted to enter values for NETWORK ADAPTER #2 (eth1) and NETWORK ADAPTER #3 (eth2). If you do not have any additional network adapters or if you do not have more than one non-routable network, then proceed directly to the next step. | ||||||||||||||||||||
Step 12 | If the
controller is being deployed in your network behind a proxy server and the
controller's access to the Internet is through this proxy server, then enter
configuration values for the
HTTPS
PROXY.
After configuring the HTTPS PROXY, enter next>> to proceed. After entering next>>, you are then prompted to enter values for CLOUD CONNECTIVITY. | ||||||||||||||||||||
Step 13 | Enter
configuration values for
CLOUD
CONNECTIVITY.
Once satisfied with the cloud connectivity settings, enter next>> to proceed. After entering next>>, the configuration wizard proceeds to validate the values entered. After validation, you are then prompted to enter values for the LINUX USER SETTINGS. | ||||||||||||||||||||
Step 14 | Enter
configuration values for the
LINUX
USER SETTINGS.
After configuring the Linux password, enter next>> to proceed. After entering next>>, you are then prompted to enter values for the APIC-EM ADMIN USER SETTINGS. | ||||||||||||||||||||
Step 15 | Enter
configuration values for the
APIC-EM ADMIN USER SETTINGS.
After configuring the administrator password, enter next>> to proceed. After entering next>>, you are then prompted to enter values for either the NTP SERVER SETTINGS. | ||||||||||||||||||||
Step 16 | Enter
configuration values for
NTP
SERVER SETTINGS.
After configuring the NTP server(s), enter next>> to proceed. After entering next>>, you are then prompted to enter values for INTER-HOST COMMUNICATION. | ||||||||||||||||||||
Step 17 | Enter
configuration values for
INTER-HOST COMMUNICATION.
Once satisfied with the inter-host communication setting, enter next>> to proceed. After entering next>>, the configuration wizard proceeds to validate the values you entered. | ||||||||||||||||||||
Step 18 | Enter
configuration values for CONTROLLER CLEAN-UP.
For an initial configuration, enter no for both options. After configuring the controller clean-up, enter next>> to proceed. After entering next>>, you are then prompted to enter values to finish the configuration and begin the configuration wizard installation. | ||||||||||||||||||||
Step 19 | A final
message appears stating that the wizard is now ready to proceed with applying
the configuration.
The following options are available:
Enter proceed>> to complete the installation. After entering proceed>>, the configuration wizard applies the configuration values that you entered above.
At the end of the configuration process, a CONFIGURATION SUCCEEDED! message appears. | ||||||||||||||||||||
Step 20 | Open your
browser and enter the host IP address to access the
Cisco APIC-EM
GUI.
You can use the displayed IP address of the Cisco APIC-EM GUI at the end of the configuration process. | ||||||||||||||||||||
Step 21 | After
entering the IP address in the browser, a message stating that "Your connection
is not private" appears.
Ignore the message and click the Advanced link. | ||||||||||||||||||||
Step 22 | After
clicking the
Advanced link, a message stating that the site’s
security certificate is not trusted appears.
Ignore the message and click the link.
| ||||||||||||||||||||
Step 23 | In the Login window, enter the administrator username and password that you configured above and click the Log In button. |
Start to use the Cisco APIC-EM to manage and configure your network. For assistance with navigating the controller's GUI and becoming familiar with the its features, use the Cisco APIC-EM Quick Start Guide.
If you are deploying a multi-host configuration, then review the following multi-host configuration procedure.
Note | You can send feedback about the Cisco APIC-EM by clicking the Feedback icon ("I wish this page would....") at the lower right of each window in the GUI. Clicking on this icon opens an email. Use this email to send a comment on the current window or to send a request to the Cisco APIC-EM development team. |
Managing Admin Accounts
The usernames and passwords that you configure by using the Cisco APIC-EM configuration wizard are intended to be used for administrative access to the Cisco APIC-EM Grapevine root (Linux) and the Cisco APIC-EM GUI interface.
The administrator that has access to the Cisco APIC-EM Grapevine root is called the Linux admin user. By default, the username for the Linux admin user is 'grapevine' and the password is user-defined during the configuration wizard setup process. There is no default password.
Both the username and password for the Cisco APIC-EM GUI is user-defined during the configuration wizard process. There is no default username or password.
The Cisco APIC-EM Linux admin user has different rights and capabilities than the Cisco APIC-EM GUI-based admin user and can perform other administrative tasks.
The following tasks can be performed by the Linux (Grapevine) admin user:
Displaying audit and system logs on the Cisco APIC-EM.
Reviewing the status of Cisco APIC-EM services on the appliance.
Resetting the configuration values back to their original configuration settings.
Restoring the Cisco APIC-EM back to the factory default.
Creating a support file that you can then email to Cisco support for assistance.
Updating or changing your Cisco APIC-EM configuration wizard settings (for example, updating the NTP configuration settings).
GUI-based admin users that are created by using the Cisco APIC-EM user interface cannot automatically log into the Cisco APIC-EM and access the Grapevine root and clients located on the appliance. Only Linux admin users can access the Cisco APIC-EM Grapevine root and clients on the appliance.
Note | See the Cisco Application Policy Infrastructure Controller Enterprise Module Troubleshooting Guide for information about the supported Grapevine root (Linux) commands and accessible logs. |
The following tasks can be performed by the GUI admin user:
Initiate and work with the base applications (Discovery, Inventory, Topology, Path Trace, and EasyQoS) and solution applications (Network PnP and iWAN).
Back up and restore the Cisco APIC-EM database and files.
Display the service logs on the Cisco APIC-EM.
Apply Cisco APIC-EM software patches, maintenance releases, and upgrades.
Note | See the following for detailed information about the above supported controller GUI operations: |
For first-time GUI-based access to Cisco APIC-EM system, the administrator username and password is configured during the configuration wizard setup.
Note | You can add GUI admin users through the GUI interface itself. See the Cisco Application Policy Infrastructure Controller Enterprise Module Administrator Guide for more information. |
The application installation procedure is simple, the application bundle provided by Cisco must be dropped in the browser window under admin (Settings Icon) in App Management.
Perform the following procedure to install additional applications.
Perform this procedure only after you have completed your Cisco APIC-EM configuration. If you are setting up a multi-host Cisco APIC-EM configuration, then perform this procedure when finished setting up all of the hosts in your multi-host configuration.
You have installed Cisco APIC-EM, following the procedures described in this guide.
You must have administrator (ROLE_ADMIN) permissions and either access to all resources (RBAC scope set to ALL) or an RBAC scope that contains all of the resources that you want to group. For example, to create a group containing a specific set of resources, you must have access to those resources (custom RBAC scope set to all of the resources that you want to group).
For information about user permissions and RBAC scopes required to perform tasks using the Cisco APIC-EM, see "User Settings" in the chapter, "Configuring the Cisco APIC-EM Settings" in the Cisco Application Policy Infrastructure Controller Enterprise Module Administrator Guide.
If needed for your network deployment, repeat the above steps to upload, install, and enable another application.
Under certain circumstances such as troubleshooting, you might want to gracefully power down and then power up either a single host or an entire multi-host cluster. This procedure describes how to perform these procedures.
For information about powering down and powering up only a single host within a multi-host cluster, see Powering Down and Powering Up a Single Host Within a Multi-Host Cluster.
You should have installed the Cisco APIC-EM following the procedures in this guide.
Step 1 | Using a Secure
Shell (SSH) client, log into the host (appliance, server, or virtual machine)
with the IP address that you specified using the configuration wizard.
| ||
Step 2 | When prompted, enter your Linux username ('grapevine') and password for SSH access. | ||
Step 3 | Enter the
harvest_all_clients command to harvest (gracefully
shut down) all services on a single host or on multiple hosts within a
multi-host cluster.
$ sudo /home/grapevine/bin/harvest_all_clients For a multi-host cluster, you only need to enter this command on one of the hosts to harvest (gracefully shut down) all services on all of hosts in the cluster. | ||
Step 4 | Review the
command output and subsequent directions.
$ sudo /home/grapevine/bin/harvest_all_clients Disabled Grapevine policy Harvesting client 1f481f49-fabc-44f9-af5a-0481bd823165... Harvesting client 6dac3f56-fb05-4fd0-be06-d5c6869e23cd... Harvesting client c800924c-7603-4092-b1f8-0c19f5141acc... Waiting on task 05b9192c-9484-11e6-bdc2-0050569f3bee... Task '05b9192c-9484-11e6-bdc2-0050569f3bee' completed successfully Waiting on task 05da80da-9484-11e6-bdc2-0050569f3bee... Task '05da80da-9484-11e6-bdc2-0050569f3bee' completed successfully Successfully harvested all clients PLEASE NOTE: Grapevine policy has been DISABLED so that services and clients can be harvested. To start all services again, run the following command: grape config update enable_policy true | ||
Step 5 | Power down the
host, by entering the following command:
$ sudo shutdown -h now Enter your password a second time when prompted. For a multi-host cluster, you will need to enter this command on each of the hosts in the multi-host cluster to shut them all down. You need to ensure that the last host that was shutdown in a multi-host cluster is the very first host that is then restarted. Be sure to track the order in which the hosts are shutdown in a multi-host cluster. | ||
Step 6 | Review the
command output as the host shuts down.
| ||
Step 7 | Power up the
Grapevine root process by turning the host or hosts (in a multi-host cluster)
back on.
For a multi-host cluster, be sure to restart the host that was shutdown last in the multi-host cluster. This must be the first host restarted. | ||
Step 8 | Using a Secure
Shell (SSH) client, log back into the host with the IP address that you
specified using the configuration wizard.
| ||
Step 9 | When prompted, enter your Linux username ('grapevine') and password for SSH access. | ||
Step 10 | Enable
Grapevine, by entering the following command on the Grapevine root:
$ grape config update enable_policy true Wait a few minutes for the Cisco APIC-EM services to start up again. For a multi-host cluster, you only need to enter this command on one of the hosts after all of the hosts have been successfully powered on. |
Log back into the controller's GUI and begin working with the Cisco APIC-EM to manage and monitor the devices within your network.
The following procedure describes how to uninstall the Cisco APIC-EM.
Note | If you plan to reinstall the Cisco APIC-EM after uninstalling it, then you must follow the procedure described below to avoid any possible problems. You should have also contacted Cisco support for the link to download the latest Cisco APIC-EM ISO image. Be aware that this procedure shuts down both the Cisco APIC-EM and the host (physical or virtual) on which it resides. At the end of this procedure and if you are reinstalling the Cisco APIC-EM, then you will need to access the host and restart it. |
Step 1 | Using a Secure
Shell (SSH) client, log into the host (appliance, server, or virtual machine)
with the IP address that you specified using the configuration wizard.
| ||
Step 2 | Enter the Linux username ('grapevine') and password when prompted. | ||
Step 3 | Enter the
reset_grapevine factory command at the prompt.
$ reset_grapevine factory | ||
Step 4 | Enter your Linux
grapevine password a second time to start the reset process.
$ sudo password for grapevine ********* After entering this command a warning appears that the reset_grapevine factory command will shut down the controller. You are then prompted to confirm your intent to run the reset_grapevine factory command. | ||
Step 5 | Enter
Yes to confirm that you want to run the
reset_grapevine factory command.
The controller then performs the following tasks: |