Converting from Cisco NX-OS to ACI Boot Mode and from ACI Boot Mode Back to Cisco NX-OS

This chapter describes how to convert a Cisco Nexus 9000 Series switch from Cisco NX-OS to Cisco Application Centric Infrastructure (ACI) boot mode. It contains the following sections:

Converting to ACI Boot Mode

You can convert any Cisco Nexus 9000 Series switch from Cisco NX-OS to ACI boot mode.


Note

You cannot convert a Cisco Nexus 3164Q switch to ACI boot mode.


Note

Use this procedure to convert a Cisco Nexus 9000 Series switch running Cisco NX-OS Release 6.1(2)I3(3) or later to ACI boot mode.

Before you begin

Verify whether your switch hardware is supported in ACI boot mode by checking the "Supported Hardware" section of the Release Notes for Cisco Nexus 9000 Series ACI-Mode Switches. For example, line cards are not compatible between Cisco NX-OS and ACI boot mode.

Remove or turn off any unsupported modules (using the poweroff module module command). Otherwise, the software uses a recovery/retry mechanism before powering down the unsupported modules, which can cause delays in the conversion process.

For dual-supervisor systems, use the show module command to make sure that the standby supervisor module is in the ha-standby state.

Verify that the Application Policy Infrastructure Controller (APIC) is running Release 1.0(2j) or a later release.

Make sure that the ACI image is 11.0(2x) or a later release.

Use the show install all impact epld epld-image-name command to verify that the switch does not require any EPLD image upgrades. If any upgrades are required, follow the instructions in the Cisco Nexus 9000 Series FPGA/EPLD Upgrade Release Notes.

Procedure

Step 1

Verify that the switch is running Cisco NX-OS Release 6.1(2)I3(3) or a later release.

Example:

switch(config)# show version
Software
BIOS: version 08.06
NXOS: version 6.1(2)I3(3)
BIOS compile time: 12/03/2014
NXOS image file name is: bootflash:///n9000-dk9.6.1.2.I3.3.bin
NXOS compile time: 12/05/2014 10:50:20 [12/05/2014 2:25]

Cisco NX-OS filenames begin with "n9000" while ACI filenames begin with "aci-n9000."

Step 2

Follow these steps to copy the ACI image from the APIC:

  1. Set the IP address on the mgmt0 interface of the switch to allow connectivity between this interface and the APIC.

  2. Enable SCP services on the switch.

    Example:

    switch(config)# feature scp-server

  3. From the APIC CLI, use SCP to copy the firmware image from the APIC to the active supervisor module on the switch.

    Example:

    admin@apic1:aci> scp -r /firmware/fwrepos/fwrepo/switch-image-name admin@switch-ip-address:switch-image-name

  4. For dual-supervisor systems, copy the ACI image to the standby supervisor module.

    Example:

    switch(config)# copy bootflash:aci-image bootflash://sup-standby/

Step 3

Follow these steps to boot to the ACI image:

  1. Configure the switch to not boot from Cisco NX-OS.

    Example:

    switch(config)# no boot nxos

  2. Save the configuration.

    Example:

    switch(config)# copy running-config startup-config

    Note

     

    You must run the copy running-config startup-config command prior to booting the ACI image. Do not run it after you enter the boot aci command.

  3. Boot the active and standby supervisor modules with the ACI image.

    Example:

    switch(config)# boot aci bootflash:aci-image-name

    Caution

     

    Do not enter the copy running-config startup-config command after the boot aci command. If you do, the switch will go to the loader> prompt.

  4. Verify the integrity of the file by displaying the MD5 checksum.

    Example:

    switch(config)# show file bootflash:aci-image-name md5sum

    Note

     

    Check the output of the show boot command to see if the bootvar is correctly set.

  5. Reload the switch.

    Example:

    switch(config)# reload

    Note

     

    If the switch goes into a bootloader prompt after following step 3e, manually execute the following commands in ACI mode, for example: 

    
switch# dir /bootflash/aci-n9000*
switch# cat /mnt/cfg/0/boot/grub/menu.lst.local
switch# cat /mnt/cfg/1/boot/grub/menu.lst.local
switch# cd bootflash
switch# setup-bootvars.sh aci-n9000-VERSION.bin

  6. Log in to the switch as an administrator.

    Example:

    Login: admin

Step 4

Verify whether you must install certificates for your device.

Example:

admin@apic1:aci> openssl asn1parse -in /securedata/ssl/server.crt

Look for PRINTABLESTRING in the command output. If "Cisco Manufacturing CA" is listed, the correct certificates are installed. If something else is listed, contact TAC to generate and install the correct certificates for your device.

Note

 

You might need to install certificates for Cisco Nexus 9000 Series switches that were shipped prior to May 2014.

To run this command, contact TAC.

What to do next

See the ACI and APIC documentation to configure and operate your switch in ACI mode: http://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html.

Converting a Replacement Standby Supervisor to ACI Boot Mode

If you ever need to replace the standby supervisor module in a dual-supervisor system, you will need to copy and boot the ACI image for use with the replacement standby supervisor.

Before you begin

Copy the ACI image to a USB drive.

Procedure

Step 1

Reload the switch.

Example:

switch# reload

Step 2

Enter a break sequence (Ctrl-C or Ctrl-]) during the initial boot sequence to access the loader> prompt.

Example:


Ctrl-C
loader>

Step 3

Plug the USB drive containing the ACI image into the standby supervisor USB slot.

Step 4

Boot the ACI image.

Example:

loader> boot usb#:aci-image-name

Note

 

If you have two USB drives, enter the dir command to see which drive contains the ACI image. Then specify either usb1 or usb2 in the boot command.

Step 5

Log in to the switch as an administrator. 

Login: admin

Step 6

Copy the ACI image from the USB drive to the switch.

Example:

switch# copy usb#:aci-image-name bootflash:aci-image-name

Converting Back to Cisco NX-OS

You can convert a Cisco Nexus 9000 Series switch from ACI boot mode back to Cisco NX-OS.

Procedure

Step 1

Reload the switch.

Example:

switch# reload

Step 2

Enter a break sequence (Ctrl-C or Ctrl-]) during the initial boot sequence to access the loader> prompt.

Example:

Ctrl-C
loader>

Step 3

Configure the boot process to stop at the switch(boot)# prompt.

Example:

loader> cmdline recoverymode=1

Step 4

Boot the active supervisor module with the Cisco NX-OS image.

Example:

loader> boot n9000-dk9.6.1.2.I3.2.bin

Note

 

If the Cisco NX-OS image mentioned in the bootvariable is not present in the bootflash, the system falls back to the loader prompt during the boot sequence. To recover the switch from the loader prompt, boot the system through a different image present in the bootflash, perform a tftpboot , or boot through a USB device.

Note

 

For some Cisco NX-OS releases and Cisco Nexus 9000 Series switches, the following error message appears: 

!!Fatal error!!
Can't reserve space for RPM repo
Please free up bootflash space and reboot

If you see this error message, start over from Step 1. After Step 3, enter the cmdline init_system command and then go to Step 4. The switch boots into the normal Cisco NX-OS prompt and skips the switch(boot)# prompt.

Step 5

Restores the switch's file system partitioning to the default settings. The bootflash filesystem is reset to Cisco NX-OS partitioning, and the Cisco NX-OS image is deleted.

Example:

switch(boot)# init system

Step 6

Completes the upload of the nx-os image file.

Example:

switch(boot)# load-nxos

Note

 

For some Cisco Nexus 9000 Series switches, the device does not load with the normal Cisco NX-OS prompt (switch#) and instead comes up as "bash-4.2#”. In this case, you must power cycle the device, jump to loader, and boot the NX-OS image using either TFTP or an USB method.

  • For TFTP method - First assign a IP address and gateway to the device using the set ip ip address subnet mask and the set gw gateway address commands. This is required as the init system command in the above step erases all available configurations on the device

    Example

    loader> set ip 1.1.1.2 255.255.255.0
loader>set gw 1.1.1.1

    Then use the tftp command to load the image. 

    loader> boot tftp://<tftp server ip>/<nxos-image-name>

  • For USB method - Mount the USB on the switch and execute the dir coammnd on the loader to see the contents of the bootflash folder and the USB device.

    Example

    loader > dir
usb1::
lost+found
/n9000-dk9.6.1.2.I3.3.bin

    Then boot the NX-OS image using the following following command:.

    loader> boot usb1:/nxos-image
Example: boot usb1:/n9000-dk9.6.1.2.I3.3.bin

Once you boot the NX-OS image, the device will load as an NX-OS switch and you can continue with the remaining steps.

Step 7

Re-copy the Cisco NX-OS image into bootflash: and set the appropriate boot variables to ensure that the system boots the Cisco NX-OS image on the next reload.

Example:

TFTP example:

switch# copy tftp://tftp-server-ip/nxos-image-name bootflash:
switch# configure terminal
switch(config)# boot nxos bootflash:nxos-image-name
switch(config)# copy running-config startup-config
switch(config)# end

USB example:

switch# copy usb1:nxos-image-name bootflash:
switch# configure terminal
switch(config)# boot nxos bootflash:nxos-image-name
switch(config)# copy running-config startup-config
switch(config)# end

Step 8

Wait for the system controllers to come up, which could take approximately 15 to 20 minutes.

File system differences between ACI and Cisco NX-OS require a one-time reformatting change during the ACI to Cisco NX-OS conversion. Subsequent reloads with the Cisco NX-OS image will be faster.

Step 9

Verify that the active supervisor module and the system controllers are in the active state.

Example:

switch# show module
Mod  Ports  Module-Type                           Model            Status
---  -----  ------------------------------------- ---------------- ----------
27   0      Supervisor Module                     N9K-SUP-A        active
28   0      Supervisor Module                     N9K-SUP-A        ha-standby
29   0      System Controller                     N9K-SC-A         active
30   0      System Controller                     N9K-SC-A         active

Step 10

For dual-supervisor systems, follow Steps 3 through 6 on the standby supervisor.

Step 11

Log in to the switch and verify that it is running Cisco NX-OS software. 

Software
BIOS: version 08.06
NXOS: version 6.1(2)I3(3)
BIOS compile time: 12/03/2014
NXOS image file name is: bootflash:///n9000-dk9.6.1.2.I3.3.bin
NXOS compile time: 12/05/2014 10:50:20 [12/05/2014 2:25]