Initial Setup

This chapter contains the following sections:

For Next Steps, See...

This table provides a list of additional documents that are useful references along with the Cisco APIC Getting Started Guide. These Cisco APIC documents and others are available at the APIC documents landing page.


Tip


To find documentation for a specific Cisco APIC feature, type the feature name in the Choose a Topic box in the APIC documents landing page.

Documents

Application Centric Infrastructure Fabric Hardware Installation Guide

Cisco APIC Installation, Upgrade, and Downgrade Guide

Cisco APIC Basic Configuration Guide

Cisco APIC Layer 2 Networking Configuration Guide

Cisco APIC Layer 3 Networking Configuration Guide

Cisco APIC Security Configuration Guide

Cisco APIC System Management Configuration Guide

Cisco ACI Virtualization Guide

Cisco Application Centric Infrastructure Fundamentals

Cisco APIC Layer 4 to Layer 7 Services Deployment Guide

Most of these links take you to the section of the documentation landing page that contains the specified document. Click the arrow at the right end of the section title to expand the document list for that section, then find the document for your release.

If the document for a release does not exist, the document for the previous release applies. For example, the Cisco APIC System Management Configuration Guide was not republished for the 5.0 releases because there are no changes from the 4.2 releases. Therefore, you should use the document for the 4.2 releases.

Simplified Approach to Configuring in Cisco APIC

Cisco APIC supports a simplified approach to configuring the ACI with an additional NX-OS style CLI interface. The existing methods of configuration using REST API and the GUI are supported as well.

In addition to the simple approach available for network administrators and other users of the NX-OS style CLI, there is intelligence embedded in this approach as compared to the GUI or the REST API. In several instances, the NX-OS style CLI can create the ACI model constructs implicitly for a user's ease of use, and they also provide validations to ensure consistency in configuration. This functionality reduces and prevents faults.

For further details about configurations and tasks, see the Cisco APIC Basic Configuration Guide and the Cisco APIC NX-OS Style Command-Line Interface Configuration Guide.

Changing the BIOS Default Password

The APIC controller ships with a default BIOS password. The default password is 'password'. When the boot process starts, the boot screen displays the BIOS information on the console server.

To change the default BIOS password perform the following task:

Procedure


Step 1

During the BIOS boot process, when the screen displays Press <F2> Setup, press F2.

The Entering Setup message displays as it accesses the setup menu.

Step 2

At the Enter Password dialog box, enter the current password.

Note

 

The default is 'password'.

Step 3

In the Setup Utility, choose the Security tab, and choose Set Administrator Password.

Step 4

In the Enter Current Password dialog box, enter the current password.

Step 5

In the Create New Password dialog box, enter the new password.

Step 6

In the Confirm New Password dialog box, re-enter the new password.

Step 7

Choose the Save & Exit tab.

Step 8

In the Save & Exit Setup dialog box, choose Yes.

Step 9

Wait for the reboot process to complete.

The updated BIOS password is effective.

About the APIC

The Cisco Application Centric Infrastructure (ACI) is a distributed, scalable, multitenant infrastructure with external end-point connectivity controlled and grouped through application-centric policies. The Application Policy Infrastructure Controller (APIC) is the unified point of automation, management, monitoring, and programmability for the ACI. The APIC supports the deployment, management, and monitoring of any application anywhere, with a unified operations model for the physical and virtual components of the infrastructure. The APIC programmatically automates network provisioning and control that is based on the application requirements and policies. It is the central control engine for the broader cloud network; it simplifies management and allows flexibility in how application networks are defined and automated. It also provides northbound Representational State Transfer (REST) APIs. The APIC is a distributed system that is implemented as a cluster of many controller instances.

Setting up the Cisco APIC

This section describes how to establish a local serial connection to the Cisco APIC server to begin the initial basic configuration. For additional connection information, including instructions on connecting to the server remotely for setup, refer to "Initial Server Setup" in the Cisco APIC M3/L3 Server Installation and Service Guide.

Initial Connection

The Cisco APIC M3/L3 Server operates on a Cisco Integrated Management Controller (CIMC) platform. You can make an initial connection to the CIMC platform using one of these methods:

  • Use a KVM cable (Cisco PID N20-BKVM) to connect a keyboard and monitor to the KVM connector on the front panel of the server.

  • Connect a USB keyboard and VGA monitor to the corresponding connectors on the rear panel of the server.


    Note


    You cannot use the front panel VGA and the rear panel VGA at the same time.

You can make a serial connection using one of the following methods. Two of these methods require a configuration change in the CIMC:


Note


You cannot use more than one of these methods simultaneously.
  • Use the DB9 connector of the KVM cable

  • Use the rear panel RJ-45 console port (after enabling in the CIMC)

  • Connect by Serial-over-LAN (SoL) (after enabling in the CIMC)

The default connection settings from the factory are:

  • The serial port baud rate is 115200

  • The RJ-45 console port located on the rear panel is disabled in the CIMC

  • SoL is disabled in the CIMC

The following are additional notes about serial access:

  • If you are using a Cisco Integrated Management Controller (CIMC) for your setup, setup the CIMC first, and then access the Cisco APIC through the CIMC KVM or continue to access the Cisco APIC locally through the rear panel USB/VGA port. If you choose the CIMC KVM access, you will have remote access available later which is required during operations.

  • If you are using the RJ-45 console port, connect to CIMC using SSH and enable the SoL port using the following commands:

    
    scope sol
      set enabled yes
      set baud-rate 115200
      commit
      exit
    

    After enabling SoL, enter the command connect host to access the APIC console.


    Note


    When using SoL, physically disconnect the rear panel RJ-45 console port.


Initial Cisco APIC Setup

When the Cisco Application Policy Infrastructure Controller (Cisco APIC) is launched for the first time, the Cisco APIC console presents a series of initial setup options. For many options, you can press Enter to choose the default setting that is displayed in brackets. At any point in the setup dialog, you can restart the dialog from the beginning by pressing Ctrl-C.

Important Notes

  • If the UNIX user ID is not explicitly specified in the response from the remote authentication server, then some Cisco APIC software releases assign a default ID of 23999 to all users. If the response from the remote authentication server fails to specify a UNIX ID, all users will share the same ID of 23999 and this can result in the users being granted higher or lower privileges than the configured privileges through the RBAC policies on the Cisco APIC.

  • Cisco recommends that you assign unique UNIX user IDs in the range of 16000 to 23999 for the AV Pairs that are assigned to the users when in Bash shell (using SSH, Telnet, or Serial/KVM consoles). If a situation arises where the Cisco AV Pair does not provide a UNIX user ID, the user is assigned a user ID of 23999 or similar number from the range that also enables the user's home directories, files, and processes accessible to the remote users with a UNIX ID of 23999.

    To ensure that your remote authentication server does not explicitly assign a UNIX ID in its cisco-av-pair response, open an SSH session to the Cisco APIC and log in as an administrator (using a remote user account). Once logged in, run the following commands (replace userid with the username that you logged in with):

    • admin@apic1: remoteuser-userid> cd /mit/uni/userext/remoteuser-userid

    • admin@apic1: remoteuser-userid> cat summary

  • Cisco recommends against modifying any parameters using CIMC. If there are any issues, ensure that the default setting for CIMC management node is Dedicated Mode and not Shared. If Dedicated Mode is not used, it can prevent the discovery of fabric nodes.

  • Do not upgrade software or firmware using the CIMC user interface, XML, or SSH interfaces unless the modified property and software or firmware version are supported with your specific Cisco APIC version.

  • Set the NIC mode to Dedicated, when setting up the CIMC, in the CIMC Configuration Utility. After the CIMC is configured, in the CIMC GUI, verify that you have the following parameters set.

    Parameters

    Settings

    LLDP

    Disabled on the VIC

    TPM Support

    Enabled on the BIOS

    TPM Enabled Status

    Enabled

    TPM Ownership

    Owned

  • Beginning with Release 5.0(2), if you log in to your Cisco APIC using https, and then attempt to log in to the same Cisco APIC using http in the same browser window without first logging out of the Cisco APIC in the https window, you might see the following error message:

    Need a valid webtoken cookie (named APIC-Cookie) or a signed request with signature in the cookie.

    If this occurs, resolve the issue using either of the following methods:

    • Log out of the Cisco APIC in the https window, or

    • Delete the cookies in the browser window

    You should be able to successfully log into the Cisco APIC using http after resolving the issue with either of the methods above.

  • During the initial setup, the system will prompt you to select IPv4, or IPv6, or dual stack configuration. Choosing dual stack will enable accessing the Cisco APIC and Cisco Application Centric Infrastructure (Cisco ACI) fabric out-of-band management interfaces with either IPv4 or IPv6 addresses. While the examples in the table below use IPv4 addresses, you can use whatever IP address configuration options you chose to enable during the initial setup.

  • A minimum subnet mask of /19 is recommended.

  • Connecting the Cisco APIC to the Cisco ACI fabric requires a 10G interface on the ACI-mode leaf switch. You cannot connect the Cisco APIC directly to the Cisco Nexus 9332PQ, Cisco Nexus 93180LC, or Cisco Nexus 9336C-FX2 ACI-mode leaf switches unless you use a 40G to 10G converter (part number CVR-QSFP-SFP10G), in which case the port on the leaf switches will auto-negotiate to 10G without requiring any manual configuration.


    Note


    Starting with Cisco APIC release 2.2(1n), the Cisco Nexus 93180LC leaf switch is supported.


  • The fabric ID is set during the Cisco APIC setup and it cannot be changed unless you perform a clean reload of the fabric. To change the fabric ID, export the Cisco APIC configuration, change the sam.config file, and perform a clean reload of the Cisco APIC and leaf switches. Remove the "fvFabricExtConnP" setting from the exported configuration before importing the configuration into the Cisco APIC after the Cisco APIC comes up. All Cisco APICs in a cluster must have the same fabric ID.

  • All logging is enabled by default.

  • For login and cluster operations, non-default HTTPS port (default is 443) is not supported for layer 3 physical APIC.

About Cold Standby for a Cisco APIC Cluster

The Cold Standby functionality for a Cisco APIC cluster enables you to operate the Cisco APICs in a cluster in an active/standby mode. In a Cisco APIC cluster, the designated active Cisco APICs share the load and the designated standby Cisco APICs can act as an replacement for any of the Cisco APICs in an active cluster.

An admin user can set up the Cold Standby functionality when the Cisco APIC is launched for the first time. We recommend that you have at least 3 active Cisco APICs in a cluster, and one or more standby Cisco APICs. An admin user must initiate the switch over to replace an active Cisco APIC with a standby Cisco APIC. See the Cisco APIC Management, Installation, Upgrade, and Downgrade Guide for more information.

Setup for Active and Standby APIC

Table 1. Setup for Active APIC
Name Description Default Value

Fabric name

Fabric domain name

ACI Fabric1

Fabric ID

Fabric ID

1

Number of active controllers

Cluster size

3

Note

 

When setting up a Cisco APIC in an active-standby mode, you must have at least 3 active Cisco APICs in a cluster.

POD ID

POD ID

1

Standby controller

Setup standby controller

NO

Controller ID

Unique ID number for the active Cisco APIC instance.

Valid range: 1-32

Standalone APIC Cluster

Is the Cisco APIC cluster not directly connected to the Fabric, but connected by a layer 3 inter-pod network (IPN). This feature is available only on Cisco APIC release 5.2(1) and later.

NO

See the knowledge base article Deploying APIC Cluster Connectivity to the Fabric Over a Layer 3 Network for additional setup instructions.

Controller name

Active controller name

apic1

IP address pool for tunnel endpoint addresses

Tunnel endpoint address pool

10.0.0.0/16

This value is for the infrastructure virtual routing and forwarding (VRF) only.

This subnet should not overlap with any other routed subnets in your network. If this subnet does overlap with another subnet, change this subnet to a different /16 subnet. The minimum supported subnet for a 3 Cisco APIC cluster is /23. If you are using Release 2.0(1) the minimum is /22.

The 172.17.0.0/16 subnet is not supported for the infra TEP pool due to a conflict of address space with the docker0 interface. If you must use the 172.17.0.0/16 subnet for the infra TEP pool, you must manually configure the docker0 IP address to be in a different address space in each Cisco APIC before you attempt to put the Cisco APICs in a cluster.

VLAN ID for infrastructure network1

Infrastructure VLAN for Cisco APIC-to-switch communication including virtual switches

Note

 
Reserve this VLAN for Cisco APIC use only. The infrastructure VLAN ID must not be used elsewhere in your environment and must not overlap with any other reserved VLANs on other platforms.

IP address pool for bridge domain multicast address (GIPo)

IP addresses used for fabric multicast.

For Cisco APIC in a Cisco ACI Multi-Site topology, this GIPo address can be the same across sites.

225.0.0.0/15

Valid range: 225.0.0.0/15 to 231.254.0.0/15, prefixlen must be 15 (128k IPs)

IPv4/IPv6 addresses for the out-of-band management

IP address that you use to access the Cisco APIC through the GUI, CLI, or API.

This address must be a reserved address from the VRF of a customer

IPv4/IPv6 addresses of the default gateway

Gateway address for communication to external networks using out-of-band management

Management interface speed/duplex mode

Interface speed and duplex mode for the out-of-band management interface

auto

Valid values are as follows

  • auto

  • 10baseT/Half

  • 10baseT/Full

  • 100baseT/Half

  • 100baseT/Full

  • 1000baseT/Full

Strong password check

Check for a strong password

[Y]

Password

Password of the system administrator

This password must be at least 8 characters with one special character.

1 To change the VLAN ID after the initial APIC setup, export your configurations, rebuild the fabric with a new infrastructure VLAN ID and import the configurations so that the fabric does not revert to the old infrastructure VLAN ID. See the KB article about Using Export and Import to Recover Configuration State.
Table 2. Setup for Standby APIC
Name Description Default Value

Fabric name

Fabric domain name

ACI Fabric1

Fabric ID

Fabric ID

1

Number of active controllers

Cluster size

3

Note

 

When setting up Cisco APIC in an active-standby mode, you must have at least 3 active Cisco APICs in a cluster.

POD ID

ID of the POD

1

Standby controller

Setup standby controller

Yes

Standby Controller ID

Unique ID number for the standby Cisco APIC instance

Recommended range: >20

Controller name

Standby controller name

NA

IP address pool for tunnel endpoint addresses

Tunnel endpoint address pool

10.0.0.0/16

This value is for the infrastructure virtual routing and forwarding (VRF) only.

This subnet should not overlap with any other routed subnets in your network. If this subnet does overlap with another subnet, change this subnet to a different /16 subnet. The minimum supported subnet for a 3 Cisco APIC cluster is /23. If you are using Release 2.0(1) the minimum is /22.

VLAN ID for infrastructure network2

Infrastructure VLAN for Cisco APIC-to-switch communication including virtual switches

Note

 
Reserve this VLAN for Cisco APIC use only. The infrastructure VLAN ID must not be used elsewhere in your environment and must not overlap with any other reserved VLANs on other platforms.

IPv4/IPv6 addresses for the out-of-band management

IP address that you use to access the Cisco APIC through the GUI, CLI, or API.

This address must be a reserved address from the VRF of a customer

IPv4/IPv6 addresses of the default gateway

Gateway address for communication to external networks using out-of-band management

Management interface speed/duplex mode

Interface speed and duplex mode for the out-of-band management interface

auto

Valid values are as follows

  • auto

  • 10baseT/Half

  • 10baseT/Full

  • 100baseT/Half

  • 100baseT/Full

  • 1000baseT/Full

Strong password check

Check for a strong password

[Y]

Password

Password of the system administrator

This password must be at least 8 characters with one special character.

2 To change the VLAN ID after the initial APIC setup, export your configurations, rebuild the fabric with a new infrastructure VLAN ID and import the configurations so that the fabric does not revert to the old infrastructure VLAN ID. See the KB article about Using Export and Import to Recover Configuration State.

Example

The following is a sample of the initial setup dialog as displayed on the console:
Cluster configuration ...
  Enter the fabric name [ACI Fabric1]:
  Enter the fabric ID (1-128) [1]:
  Enter the number of active controllers in the fabric (1-9) [3]:
  Enter the POD ID (1-9) [1]:
  Is this a standby controller? [NO]:
  Enter the controller ID (1-3) [1]:
  Enter the controller name [apic1]: sec-ifc5
  Enter address pool for TEP addresses [10.0.0.0/16]:
  Note: The infra VLAN ID should not be used elsewhere in your environment
        and should not overlap with any other reserved VLANs on other platforms.
  Enter the VLAN ID for infra network (2-4094): 3914
  Enter address pool for BD multicast addresses (GIPO) [225.0.0.0/15]:

Out-of-band management configuration ...
  Enable IPv6 for Out of Band Mgmt Interface? [N]:
  Enter the IPv4 address [192.168.10.1/24]: 172.23.142.29/21
  Enter the IPv4 address of the default gateway [None]: 172.23.136.1
  Enter the interface speed/duplex mode [auto]:

admin user configuration ...
  Enable strong passwords? [Y]:
  Enter the password for admin:

  Reenter the password for admin:

Cluster configuration ...
  Fabric name: ACI Fabric1
  Fabric ID: 1
  Number of controllers: 3
  Controller name: sec-ifc5
  POD ID: 1
  Controller ID: 1
  TEP address pool: 10.0.0.0/16
  Infra VLAN ID: 3914
  Multicast address pool: 225.0.0.0/15

Out-of-band management configuration ...
  Management IP address: 172.23.142.29/21
  Default gateway: 172.23.136.1
  Interface speed/duplex mode: auto

admin user configuration ...
  Strong Passwords: Y
  User name: admin
  Password: ********

The above configuration will be applied ...

Warning: TEP address pool, Infra VLAN ID and Multicast address pool
         cannot be changed later, these are permanent until the
         fabric is wiped.

Would you like to edit the configuration? (y/n) [n]:

Provisioning IPv6 Management Addresses on APIC Controllers

IPv6 management addresses can be provisioned on the APIC controller at setup time or through a policy once the APIC controller is operational. Pure IPv4, Pure IPv6 or dual stack (i.e both IPv6 and IPv4 addresses) are supported. The following snippet is of a typical setup screen that describes how to setup dual stack (IPv6 and IPv4) addresses for out-of-band management interfaces during the setup:

Cluster configuration …
 
  Enter the fabric name [ACI Fabric1]:
  Enter the number of controllers in the fabric (1-9) [3]:
  Enter the controller ID (1-3) [1]:
  Enter the controller name [apic1]: infraipv6-ifc1
  Enter address pool for TEP addresses [10.0.0.0/16]:
  Note: The infra VLAN ID should not be used elsewhere in your environment
        and should not overlap with any other reserved VLANs on other platforms.
  Enter the VLAN ID for infra network (1-4094): 3914
  Enter address pool for BD multicast addresses (GIPO) [225.0.0.0/15]:
 
Out-of-band management configuration ...
  Enable IPv6 for Out of Band Mgmt Interface? [N]: Y (Enter Y to Configure IPv6 Address for Out of Band Management Address)
  Enter the IPv6 address [0:0:0:0:0:ffff:c0a8:a01/40]: 2001:420:28e:2020:0:ffff:ac1f:88e4/64 (IPv6 Address)
  Enter the IPv6 address of the default gateway  [None]: 2001:420:28e:2020:acc:68ff:fe28:b540 (IPv6 Gateway)
  Enable IPv4 also for Out of Band Mgmt Interface? [Y]: (Enter Y to Configure IPv4 Address for Out of Band Management Address)
  Enter the IPv4 address [192.168.10.1/24]: 172.31.136.228/21 (IPv4 Address)
  Enter the IPv4 address of the default gateway [None]: 172.31.136.1 (IPv4 Gateway)
  Enter the interface speed/duplex mode [auto]:
 
admin user configuration ...
  Enable strong passwords? [Y]:
  Enter the password for admin:
 
  Reenter the password for admin:

Accessing the GUI

Procedure


Step 1

Open one of the supported browsers:

  • Chrome version 59 (at minimum)

  • Firefox version 54 (at minimum)

  • Internet Explorer version 11 (at minimum)

  • Safari version 10 (at minimum)

Note

 

A known issue exists with the Safari browser and unsigned certificates. Read the information presented here before accepting an unsigned certificate for use with WebSockets. When you access the HTTPS site, the following message appears:

“Safari can’t verify the identity of the website APIC. The certificate for this website is invalid. You might be connecting to a website that is pretending to be an APIC, which could put your confidential information at risk. Would you like to connect to the website anyway?”

To ensure that WebSockets can connect, you must do the following:

Click Show Certificate.

Choose Always Trust in the three drop-down lists that appear.

If you do not follow these steps, WebSockets will not be able to connect.

Step 2

Enter the URL: https://mgmt_ip-address

Use the out-of-band management IP address that you configured during the initial setup. For example, https://192.168.10.1.

Note

 

Only https is enabled by default. By default, http and http-to-https redirection are disabled.

Note

 

If you see the following error message when logging into your Cisco APIC:

Need a valid webtoken cookie (named APIC-Cookie) or a signed request with signature in the cookie.

This is due to a known issue that occurs when you are logging into a Cisco APIC using both https and http. See the "Important Notes" section in Setting up the Cisco APIC for more information on this issue and the workaround.

Step 3

When the login screen appears, enter the administrator name and password that you configured during the initial setup.

Step 4

In the Domain field, from the drop-down list, choose the appropriate domain that is defined.

If multiple login domains are defined, the Domain field is displayed. If the user does not choose a domain, the DefaultAuth login domain is used for authentication by default. This may result in login failure if the username is not in the DefaultAuth login domain.


What to do next

To learn about the features and operation of the Application Centric Infrastructure fabric and the Application Policy Infrastructure Controller, see the available white papers and the Cisco Application Centric Infrastructure Fundamentals Guide.

Accessing the REST API

Procedure


By using a script or a browser-based REST client, you can send an API POST or GET message of the form: https://apic-ip-address/api/api-message-url

Use the out-of-band management IP address that you configured during the initial setup.

Note

 
  • Only https is enabled by default. By default, http and http-to-https redirection are disabled.

  • You must send an authentication message to initiate an API session. Use the administrator login name and password that you configured during the initial setup.


Accessing the NX-OS Style CLI

You can access the APIC NX-OS style CLI either directly from a terminal or through the APIC GUI.

For information about using the NX-OS style CLI commands, see the Cisco APIC NX-OS Style Command-Line Interface Configuration Guide and the Cisco APIC NX-OS Style CLI Command Reference.

Guidelines and Restrictions for the APIC NX-OS Style CLI

  • The CLI is supported only for users with administrative login privileges.

  • The APIC NX-OS style CLI uses similar syntax and other conventions to the Cisco NX-OS CLI, but the APIC operating system is not a version of Cisco NX-OS software. Do not assume that a Cisco NX-OS CLI command works with or has the same function on the APIC CLI.

  • If FIPS is enabled in the Cisco ACI setups, then SHA256 support is mandatory on the SSH Client. Additionally, to have the SHA256 support, the openssh-client must be running version 6.6.1 or higher.

  • In releases earlier than Cisco APIC Release 1.2, the default CLI was a Bash shell with commands to directly operate on managed objects (MOs) and properties of the Management Information Model. Beginning with Cisco APIC Release 1.2, the default CLI is a NX-OS style CLI. The object model CLI is available by typing the bash command at the initial CLI prompt.

Accessing the NX-OS Style CLI from a Terminal

Procedure


Step 1

From a secure shell (SSH) client, open an SSH connection to APIC at username@ip-address .

Use the administrator login name and the out-of-band management IP address that you configured during the initial setup. For example, admin@192.168.10.1.

Step 2

When prompted, enter the administrator password.


What to do next

When you enter the NX-OS style CLI, the initial command level is the EXEC level. You can stay in EXEC mode or you can type configure to enter global configuration mode. In any mode, type ? to see the available commands.

For information about using the NX-OS style CLI commands, see the Cisco APIC NX-OS Style Command-Line Interface Configuration Guide and the Cisco APIC NX-OS Style CLI Command Reference.

Accessing the NX-OS Style CLI from the GUI

Procedure


Step 1

From the menu bar, choose System > Controllers.

Step 2

In the navigation pane, click Controllers.

Step 3

Right-click the desired APIC and choose Launch SSH.

Step 4

Follow the displayed instructions to open an SSH session to the selected controller.


What to do next

When you enter the NX-OS style CLI, the initial command level is the EXEC level. You can stay in EXEC mode or you can type configure to enter global configuration mode. In any mode, type ? to see the available commands.

For information about using the NX-OS style CLI commands, see the Cisco APIC NX-OS Style Command-Line Interface Configuration Guide and the Cisco APIC NX-OS Style CLI Command Reference.

Accessing the Object Model CLI


Note


In releases earlier than Cisco APIC Release 1.2, the default CLI was a Bash shell with commands to directly operate on managed objects (MOs) and properties of the Management Information Model. Beginning with Cisco APIC Release 1.2, the default CLI is a NX-OS style CLI. The object model CLI is available by typing the bash command at the initial CLI prompt.


Procedure


Step 1

From a secure shell (SSH) client, open an SSH connection to username@ip-address .

Use the administrator login name and the out-of-band management IP address that you configured during the initial setup. For example, ssh admin@192.168.10.1.

Step 2

When prompted, enter the administrator password that you configured during the initial setup.

You are now in the NX-OS style CLI for APIC.

Step 3

Type bash to enter the object model CLI.

Step 4

To return to the NX-OS style CLI, type exit .

This example shows how to enter the object model CLI and how to return to the NX-OS style CLI:


$ ssh admin@192.168.10.1
Application Policy Infrastructure Controller
admin@192.168.10.1's password: cisco123
apic#             <---- NX-OS style CLI prompt
apic# bash
admin@apic1:~>    <---- object model CLI prompt
admin@apic1:~> exit
apic#

What to do next

Every user must use the shared directory called /home. This directory gives permissions for a user to create directories and files; files created within /home inherit the default umask permissions and are accessible by the user and by root. We recommend that users create a /home/userid directory to store files, such as /home/jsmith, when logging in for the first time.

For more information about accessing switches using the ACI CLI using modes of operation such as BASH or VSH, see the Cisco APIC Command Line Interface User Guide and the Cisco ACI Switch Command Reference.

For detailed information about configuring the APIC CLI, see the Cisco APIC Object Model Command Line Interface User Guide.