Cisco APIC Installation, Upgrade, and Downgrade Guide · CiscoAPICLong-LivedRelease 44...

Cisco APIC Installation, Upgrade, and Downgrade GuideFirst Published: 2016-07-01

Last Modified: 2021-02-01

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version ofthe UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHERWARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.

All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.

Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply apartnership relationship between Cisco and any other company. (1721R)

© 2016–2021 Cisco Systems, Inc. All rights reserved.

https://www.cisco.com/c/en/us/about/legal/trademarks.html

C O N T E N T S

New and Changed Information 1C H A P T E R 1

New and Changed Information 1

Installing or Recovering Cisco APIC Images 5C H A P T E R 2

Installation Notes 5

Usage Guidelines 7

Conditions for Recovering or Installing Cisco APIC Software Image 9

Installing Cisco APIC Software Using a PXE Server 10

Installing Cisco APIC Software Using Virtual Media 11

Upgrading the CIMC Software 12

Installing Cisco APIC Software Using Virtual Media Through KVM Console 18

Installing Cisco APIC Software Using CIMC Virtual Media 20

Upgrading and Downgrading the Cisco APIC and Switch Software 25C H A P T E R 3

About Firmware Management 25

Firmware Upgrade Modes 26

Important Notes For Upgrading or Downgrading the Cisco APIC and Switch Software 27

Workflow to Upgrade or Downgrade the Cisco ACI Fabric 32

Validation Checks Prior to ACI Upgrades or Downgrades 34

Cisco ACI Long-Lived and Short-Lived Releases 50

Determining Current Software Build 51

About Upgrading the Cisco APIC and the Switch Software 52

Understanding APIC Upgrade Stages 52

Possible Issue When Upgrading Leaf Switches in Different Maintenance Groups 57

Understanding Upgrades or Downgrades Through Multiple Intermediate Releases 58

Supported Upgrade Paths for the Cisco APIC and Switch Software 59

Cisco APIC Installation, Upgrade, and Downgrade Guideiii

About Downgrading the Cisco APIC and Switch Software 59

Understanding APIC Downgrade Stages 59

Stateless Downgrade Procedure 64

Supported Downgrade Paths for the Cisco APIC and Switch Software 65

About Upgrading with the Scheduler 65

Configuring a Scheduler Using the GUI 66

Configuring a Scheduler Using the NX-OS Style CLI 68

Configuring a Scheduler Using REST API 70

About Disabling LLDP Back to Back Connections Before Upgrading 72

Upgrading the Software Using the GUI 73

Upgrading the Software Using the GUI (Releases Prior to Release 4.x) 73

Upgrading the Cisco APIC Software Version Using the GUI (Releases Prior to Release 4.x) 73

Upgrading the Leaf and Spine Switch Software Version Using the GUI (Releases Prior to Release4.x) 75

Upgrading the Catalog Software Version Using the GUI (Releases Prior to Release 4.x) 77

Changing the Ignore Compatibility Checks Setting (Releases Prior to Release 4.x) 77

Upgrading the Software Using the GUI (Release 4.x and Later) 78

Downloading an Image (Release 4.x and Later) 78

Upgrading the Cisco APIC Software Version Using the GUI (Release 4.x and Later) 80

Upgrading the Leaf and Spine Switch Software Version Using the GUI (Release 4.x and Later)82

Changing the Ignore Compatibility Checks Setting (Release 4.x and Later) 85

Upgrading the Software Using the GUI (Release 5.1x and Later) 86

Accessing the Dashboard 86

Adding an Image (Release 5.1x and Later) 86

Upgrading the Cisco APIC Software Version Using the GUI (Release 5.1x and Later) 88

Upgrading the Leaf and Spine Switch Software Version Using the GUI (Release 5.1x and Later)89

Upgrading the Software Using the REST API 92

Upgrading the Cisco APIC Software Using the REST API 92

Upgrading Switches Software Using the REST API 93

Upgrading the Catalog Software Version Using the REST API 95

Upgrading the Software Using the CLI 95

Upgrading the Cisco APIC Software Using the NX-OS Style CLI 95

Upgrading the Switches Using the NX-OS Style CLI 97

Cisco APIC Installation, Upgrade, and Downgrade Guideiv

Contents

Upgrading the Catalog Software Version Using the NX-OS Style CLI 100

Upgrading the Controller Using the Debug CLI 100

Upgrading the Controller Using the Debug CLI in Three Steps 100

Verifying the Firmware Version and the Upgrade Status Using the API 101

Verifying SSD Installation Status 101

Troubleshooting Failures During the Upgrade Process 102

Common Reasons for Download Failure 102

Verifying Cluster Convergence 102

Verifying That the Controller Upgrade Paused 103

Using the GUI to Verify Whether a Controller Upgrade Scheduler Paused 103

Using the REST API to Verify Whether a Controller Upgrade Scheduler Paused 104

Verifying That the Switch Upgrade Paused 104

Using the GUI to Verify Whether a Switch Upgrade Scheduler Paused 104

Using the REST API to Verify Whether a Switch Upgrade Scheduler Paused 105

Resuming a Paused Scheduler for a Controller Maintenance Policy 105

Using the GUI to Resume Paused Controller Upgrade Scheduler 105

Using the REST API to Resume Paused Controller Upgrade Scheduler 106

Resuming a Paused Scheduler for a Switch Maintenance Policy 106

Using the GUI to Resume Paused Switch Upgrade Scheduler 106

Using the REST API to Resume Paused Switch Upgrade Scheduler 107

Performing a Clean Reboot 107

Operations Allowed During Mixed Versions on Cisco ACI Switches 108

About the Silent Roll Package Upgrade 111

Configuring an Silent Roll Package Upgrade Using the Cisco APIC GUI 112

Configuring an Silent Roll Package Upgrade Using the CLI 113

Configuring an Silent Roll Package Upgrade Using the REST API 114

Cisco Nexus 9300 Platform Switches to Cisco Nexus 9300-EX Platform Switches Migration 115

Upgrade Examples 116

Controller Upgrade Examples 116

Switch Upgrade Examples 116

Cisco APIC Installation, Upgrade, and Downgrade Guidev

Contents

Cisco APIC Installation, Upgrade, and Downgrade Guidevi

Contents

C H A P T E R 1New and Changed Information

• New and Changed Information, on page 1

New and Changed Information

Always check the Cisco Application Policy Infrastructure Controller Release Notes for the release that youare working with first.

Note

The following table provides an overview of the significant changes to this guide for this current release. Thetable does not provide an exhaustive list of all changes made to the guide or of the new features in this release.

Table 1: New and Changed Information

Where DocumentedDescriptionFeatureCiscoAPICReleaseVersion

Upgrading and Downgrading the CiscoAPIC and Switch Software, on page25

Beginning with Release 5.1(1), theupgrade process for the APIC andswitch software through the GUI hasbeen enhanced.

Enhancements to the upgrade processthrough the GUI when upgrading theAPIC or switch software.

Release5.1(1)


When upgrading or downgrading thesoftware, additional validations areperformed and warnings are providedas part of the 5.1(1) release if issues arefound during those validations.

Additional validations are performedbefore an upgrade or downgradeoperation is triggered.

Release5.1(1)


Beginning with Release 4.2(5), whenyou attempt to trigger an upgrade ordowngrade operation, before theoperation is triggered, additionalvalidations are performed andwarningsare provided if issues are found duringthose validations.

Additional validations are performedbefore an upgrade or downgradeoperation is triggered.

Release4.2(5)

Cisco APIC Installation, Upgrade, and Downgrade Guide1



Beginning with Release 4.2(5),additional informationmay be providedon the status of the upgrade process forthe controllers.

Additional information provided whenupgrading the controllers.

Release4.2(5)


Beginning with Release 4.2(5), statusis provided on the progress of thedownload of the firmware whenupgrading switch nodes in firmwareupgrade groups.

Additional information provided whenupgrading switch nodes in firmwareupgrade groups.

Release4.2(5)


Beginning with Release 4.2(5), bydefault, the number of switches that thesystem can upgrade at a time haschanged from 20 to unlimited.

The number of switches that the systemcan upgrade at a time has changed.

Release4.2(5)


Beginning with Release 4.2(1), whenyou attempt to trigger an upgrade ordowngrade operation, before theoperation is triggered, some validationsare performed and warnings areprovided if faults are found duringthose validations.

Validations are performed before anupgrade or downgrade operation istriggered.

Release4.2(1)

The APIC upgrade and downgradepaths have been removed from thisdocument. Refer to the Cisco APICUpgrade/Downgrade Support Matrixfor APIC upgrade and downgradepaths, available here:

https://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/apicmatrix/index.html

APIC upgrade and downgrade pathsremoved from document

About the Silent Roll PackageUpgrade,on page 111

A silent roll package upgrade enablesyou to manually perform an internalpackage upgrade for ACI switchhardware SDK, drivers, and so on,without upgrading the entire ACIswitch software OS.

Silent Roll Package Upgrade4.1(2x)


New and Changed InformationNew and Changed Information

https://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/apicmatrix/index.htmlhttps://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/apicmatrix/index.htmlhttps://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/apicmatrix/index.html


TheCisco APIC Installation, Upgrade,and Downgrade Guide, Release 4.0(1)document is no longer available. Allthe information that was previously inthat document is now available in thisdocument, other than the upgrade anddowngrade paths.

TheCisco APIC Installation, Upgrade,and Downgrade Guide, Release 4.0(1)document is no longer available


Starting with Cisco APIC release4.0(1), you cannot use bash to upgradethe Cisco APIC and switch software.Use the NX-OS style CLI to upgradethe Cisco APIC and switch softwareinstead.

Bash no longer supported as upgrademethod

Release4.0(1)


The procedures for upgrading thesoftware using the GUI has changedstartingwith CiscoAPIC release 4.0(1).

Changes to upgrade procedure usingthe GUI

Release4.0(1)

CiscoACI Long-Lived and Short-LivedReleases, on page 50

Cisco APIC long-lived releaseRelease3.2(1m)

Operations Allowed During MixedVersions on Cisco ACI Switches, onpage 108

Support for additional features wasadded.

Network Configuration Capabilitiesand Changes During Mixed OSOperation

Release2.3(1e)

Operations Allowed During MixedVersions on Cisco ACI Switches, onpage 108

This feature was introduced.Network Configuration Capabilitiesand Changes During Mixed OSOperation

Release2.2(2e)

--The contents of this guide wasreorganized. the High Availability forCisco APIC Cluster content that was inthis guide for earlier releases is nowmigrated in the Cisco APIC GettingStarted Guide, Release 2.x.

--Release2.2(2e)

This content is available in the CiscoAPIC Getting Started Guide, Release2.x

The High Availability functionality foran APIC cluster enables you to operatethe APICs in a cluster in anActive/Standby mode.

High Availability for APIC ClusterRelease2.2(1n)

The old name was Cisco APICFirmware Management Guide.

The title of this document has beenchanged.

Release1.3(1g)



C H A P T E R 2Installing or Recovering Cisco APIC Images

• Installation Notes, on page 5• Usage Guidelines, on page 7• Conditions for Recovering or Installing Cisco APIC Software Image, on page 9• Installing Cisco APIC Software Using a PXE Server, on page 10• Installing Cisco APIC Software Using Virtual Media, on page 11

Installation Notes• For hardware installation instructions, see the Cisco ACI Fabric Hardware Installation Guide.

• Back up your Cisco APIC configuration prior to installing or upgrading to this release. Single CiscoAPIC clusters, which should not be run in production, can lose their configuration if database corruptionoccurs during the installation or upgrade.

• For instructions on how to access the Cisco APIC for the first time, see the Cisco APIC Getting StartedGuide.

• Cisco ACI with Microsoft System Center Virtual Machine Manager (SCVMM) or Microsoft WindowsAzure Pack only supports ASCII characters. Non-ASCII characters are not supported. Ensure that Englishis set in the System Locale settings for Windows, otherwise Cisco ACI with SCVMM and WindowsAzure Pack will not install. In addition, if the System Locale is later modified to a non-English Localeafter the installation, the integration components might fail when communicating with the Cisco APICand the Cisco ACI fabric.

• For the Cisco APIC Python SDK documentation, including installation instructions, see the Cisco APICPython SDK Documentation.

The SDK egg file that is needed for installation is included in the package (see Release Table below):

acicobra-2.1_1X-py2.7.egg

"X" is the letter of the release. For example, "2.1_1h".

Installation of the SDK with SSL support on Unix/Linux and Mac OS X requires a compiler. For a Windowsinstallation, you can install the compiled shared objects for the SDK dependencies using wheel packages.

Note


http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/hw/aci_hig/guide/b_aci_hardware_install_guide.htmlhttp://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/getting-started/1_2_x/b_APIC_Getting_Started_Guide_Rel_1_2_1.htmlhttp://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/getting-started/1_2_x/b_APIC_Getting_Started_Guide_Rel_1_2_1.htmlhttps://developer.cisco.com/media/apicDcPythonAPI_v0.1/https://developer.cisco.com/media/apicDcPythonAPI_v0.1/

The model package depends on the SDK package; be sure to install the SDK package first.Note

Table 2: Release Table

SDK egg file nameRelease Version

acicobra-5.1_3e-py2.7.eggRelease 5.1(3e)


acicobra-5.1_1h-py2.7.eggRelease 5.1(1h)

acicobra-5.0_1k-py2.7.eggRelease 5.0(1k)

acicobra-4.2_7f-py2.7.eggRelease 4.2(7f)

acicobra-4.2_6d-py2.7.eggRelease 4.2(6d)


acicobra-4.2_4i-py2.7.eggRelease 4.2(4i)

acicobra-4.2_3j-py2.7.eggRelease 4.2(3j)



acicobra-4.1_2g-py2.7.eggRelease 4.1(2g)



acicobra-4.0_2c-py2.7.eggRelease 4.0(2c)


acicobra-3.2_9b-py2.7.eggRelease 3.2(9b)






acicobra-3.2_2l-py2.7.eggRelease 3.2(2l)

acicobra-3.2_1m-py2.7.eggRelease 3.2(1m)


Installing or Recovering Cisco APIC ImagesInstallation Notes

SDK egg file nameRelease Version







acicobra-2.2_1n-py2.7.eggRelease 2.2(1n)







acicobra-1.3_1g-py2.7.eggRelease 1.3(1g)

For information about previous releases, see Cisco Application Policy Infrastructure Controller (APIC) ReleaseNotes.

Usage Guidelines• The Cisco APIC GUI supports the following browsers:

• Chrome version 59 (at minimum) on Mac and Windows

• Firefox version 54 (at minimum) on Mac, Linux, and Windows

• Internet Explorer version 11 (at minimum)

• Safari 10(at minimum)

Restart your browser after upgrading to release 1.3(1).Note

• The Cisco APIC GUI includes an online version of the Quick Start guide that includes videodemonstrations.

• The infrastructure IP address range must not overlap with other IP addresses used in the fabric for in-bandand out-of-band networks.


Installing or Recovering Cisco APIC ImagesUsage Guidelines

http://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.htmlhttp://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html

• The Cisco APIC does not provide IPAM services for tenant workloads.

• To reach the Cisco APIC CLI from the GUI: select System > Controllers, highlight a controller, right-clickand select "launch SSH". To get the list of commands, press the escape key twice.

• In some of the 5-minute statistics data, the count of ten-second samples is 29 instead of 30.

• For the following services, use a DNS-based host name with out-of-band management connectivity. IPaddresses can be used with both in-band and out-of-band management connectivity.

• Syslog server

• Call Home SMTP server

• Tech support export server

• Configuration export server

• Statistics export server

• Both leaf and spine switches can be managed from any host that has IP connectivity to the fabric.

• When configuring an atomic counter policy between two endpoints, and an IP is learned on one of thetwo endpoints, it is recommended to use an IP-based policy and not a client endpoint-based policy.

• When configuring two Layer 3 external networks on the same node, the loopbacks need to be configuredseparately for both Layer 3 networks.

• All endpoint groups (EPGs), including application EPGs and Layer 3 external EPGs, require a domain.Interface policy groups must also be associated with an Attach Entity Profile (AEP), and the AEP mustbe associated with domains. Based on the association of EPGs to domains and of the interface policygroups to domains, the ports and VLANs that the EPG uses are validated. This applies to all EPGsincluding bridged Layer 2 outside and routed Layer 3 outside EPGs. For more information, see the CiscoFundamentals Guide and the KB: Creating Domains, Attach Entity Profiles, and VLANs to Deploy anEPG on a Specific Port article.

In the 1.0(4x) and earlier releases, when creating static paths for application EPGsor Layer 2/Layer 3 outside EPGs, the physical domain was not required. In thisrelease, it is required. Upgrading without the physical domain will raise a faulton the EPG stating “invalid path configuration.”

Note

• The only place to associate an EPG with a contract interface is within its own tenant.

• User passwords must meet the following criteria:

• Minimum length is 8 characters

• Maximum length is 64 characters

• Fewer than three consecutive repeated characters

• At least three of the following character types: lowercase, uppercase, digit, symbol

• Cannot be easily guessed

• Cannot be the username or the reverse of the username


Installing or Recovering Cisco APIC ImagesUsage Guidelines

• Cannot be any variation of “cisco”, “isco”, or any permutation of these characters or variants obtainedby changing the capitalization of letters therein

• The power consumption statistics are not shown on leaf switch node slot 1.

• For Layer 3 external networks created through the API or Advanced GUI and updated through the CLI,protocols need to be enabled globally on the external network through the API or Advanced GUI, andthe node profile for all the participating nodes needs to be added through the API or Advanced GUIbefore doing any further updates through the CLI.

• For Layer 3 external networks created through the CLI, you should not to update them through the API.These external networks are identified by names starting with “__ui_”.

• The output from "show" commands issued in the NX-OS-style CLI are subject to change in futuresoftware releases. Cisco does not recommend using the output from the show commands for automation.

• In this software version, the CLI is supported only for users with administrative login privileges.

• Do not separate virtual private cloud (vPC) member nodes into different configuration zones. If the nodesare in different configuration zones, then the vPCs’ modes become mismatched if the interface policiesare modified and deployed to only one of the vPC member nodes.

• If you defined multiple login domains, you can choose the login domain that you want to use whenlogging in to a Cisco APIC. By default, the domain drop-down list is empty, and if you do not choose adomain, the DefaultAuth domain is used for authentication. This can result in login failure if the usernameis not in the DefaultAuth login domain. As such, you must enter the credentials based on the chosen logindomain.

• A firmware maintenance group should contain a maximum of 80 nodes.

• When contracts are not associated with an endpoint group, DSCP marking is not supported for a VRFwith a vzAny contract. DSCP is sent to a leaf switch along with the actrl rule, but a vzAny contract doesnot have an actrl rule. Therefore, the DSCP value cannot be sent.

• We recommend that you should not use a leaf switch as a NTP server for the Cisco ACI fabric.

Conditions for Recovering or Installing Cisco APIC SoftwareImage

Use the procedures in this section ONLY with the assistance of the Cisco Technical Assistance Center (TAC).Note

This chapter describes how to install or recover a Cisco APIC. You recover the Cisco APIC image when yourexisting server has a Cisco APIC image that is completely unresponsive, and you want a new Cisco APICimage installed in it.

If you have an existing UCS server, skip to the Installing Cisco APIC Software section.Note


Installing or Recovering Cisco APIC ImagesConditions for Recovering or Installing Cisco APIC Software Image

Installing the Cisco APIC image accomplishes the following tasks:

• It erases the existing data on the disks

• It reformats the disks

• It installs a new software image

You can use one of the following methods to install your Cisco APIC software in a server:

• Using a PXE server

• Using virtual media

You can use the Cisco APIC ISO image files for installation just as you perform any other virtual mediainstallation. The detailed steps are not described in this document.

Note

Installing Cisco APIC Software Using a PXE ServerFollow these steps to install the Cisco APIC software using a Preboot Execution Environment (PXE) server:

Procedure

Step 1 Configure the PXE server with a standard configuration for Linux.Step 2 Verify that the PXE configuration file has an entry similar to the following for installing a Cisco APIC software

image for release 4.0 or later.

label 25kernel vmlinuz dd blacklist=isci blacklist=ahci nodmraid noprobe=ata1 noprobe=ata2

noprobe=ata3 noprobe=ata4append initrd=initrd root=live:squashfs.img_URL rd.live.img rd.live.debug=1 rd.live.ram=1

rd.debug atomix.isourl=iso_URL

Example:

label 25kernel ifcimages/vmlinuz dd blacklist=isci blacklist=ahci nodmraid noprobe=ata1

noprobe=ata2 noprobe=ata3 noprobe=ata4append initrd=ifcimages/initrd.img

root=live:http://192.0.2.10/myisomount/LiveOS/squashfs.img rd.live.img rd.live.debug=1rd.live.ram=1 rd.debug atomix.isourl=http://192.0.2.10/aci-apic-dk9.4.0.0.iso

Step 3 Download the Cisco APIC .iso image from Cisco.com.Step 4 Create the mount folder and mount the Cisco APIC .iso image.

$ mkdir -p mount_folder$ mount –t iso9660 –o loop iso_image mount_folder


Installing or Recovering Cisco APIC ImagesInstalling Cisco APIC Software Using a PXE Server

Example:

$ cd /home/user$ mkdir -p myisomount$ mount –t iso9660 –o loop /local/aci-apic-dk9.4.0.0.iso myisomount

Step 5 Verify that the initrd.img and vmlinuz files are in the mount folder location.

Example:

$ ls /home/user/myisomount/images/pxeboot/initrd.img vmlinuz

Step 6 Copy vmlinuz and intird from the mounted Cisco APIC .iso image to your tftpboot path.

Example:

$ mkdir –p /var/lib/tftpboot/ifcimages$ cp –f /home/user/myisomount/images/pxeboot/vmlinuz /var/lib/tftpboot/ifcimages/$ cp –f /home/user/myisomount/images/pxeboot/initrd.img /var/lib/tftpboot/ifcimages/

Step 7 Copy the Cisco APIC .iso image and the mount folder to your HTTP root directory.

Example:

$ cp –R /local/aci-apic-dk9.4.0.0.iso /var/www/html$ cp –R /home/user/myisomount /var/www/html

Step 8 Add an entry to the PXE configuration (/var/lib/tftpboot/pxelinux.cfg/default) so that itpoints to the kickstart file for the Cisco APIC .iso image.

Example:

[root@pxeserver ~]# cat /var/lib/tftpboot/pxelinux.cfg/defaultlabel 25

kernel ifcimages/vmlinuz dd blacklist=isci blacklist=ahci nodmraid noprobe=ata1noprobe=ata2 noprobe=ata3 noprobe=ata4

append initrd=ifcimages/initrd.imgroot=live:http://192.0.2.10/myisomount/LiveOS/squashfs.img rd.live.img rd.live.debug=1rd.live.ram=1 rd.debug atomix.isourl=http://192.0.2.10/aci-apic-dk9.4.0.0.iso

You use this information to verify that your PXE menu entry images set up correctly.

Step 9 Restart the PXE servers.Step 10 Reboot the Cisco APIC and press F12 for network boot.Step 11 Choose the options configured on the PXE server to boot the Cisco APIC image.

Installing Cisco APIC Software Using Virtual MediaInstalling or upgrading the Cisco APIC software using virtual media (vMedia) requires the following high-levelprocess:


Installing or Recovering Cisco APIC ImagesInstalling Cisco APIC Software Using Virtual Media

• Upgrade the Cisco Integrated Management Controller (CIMC) software, if necessary.

• Obtain the relevant Cisco APIC .iso image from Cisco.com.

• Access the CIMC web interface for the controller.

For detailed instructions on accessing the CIMC and managing virtual media,please see the corresponding CIMC Configuration Guide for your controller'sversion of CIMC software (1.5 or 2.0).

Note

• Mount the .iso image using the CIMC vMedia functionality.

• Boot or power cycle the controller.

• During the boot process, press F6 to select Cisco vKVM-Mapped vDVD or Cisco CIMC-MappedvDVD as the one-time boot device. You may be required to enter the BIOS password. The defaultpassword is password.

• Follow the onscreen instructions to install the Cisco APIC software.

Due to the slower transfer rate of vMedia, you can optionally install the mainimage from the network. When prompted, press Enter within 30 seconds duringthe IMC vMedia installation process. The installer will switch from vMediainstallation to the network image location. Answer the prompts by entering therelevant host networking configuration details, such as the IP address, subnet,gateway, and image path.

Note

Upgrading the CIMC SoftwareIf you upgrade the Cisco APIC software in the Cisco ACI fabric, you might also have to upgrade the versionof CIMC that is running on your fabric. Therefore, we recommend that you check the appropriate Cisco APICRelease Notes for the list of the supported CIMC software versions for each Cisco APIC release. The CiscoAPIC Release Notes are available on the APIC documentation page.

In order to upgrade the CIMC software, you must first determine the type of UCS C Series server that youhave for the Cisco APICs in your fabric.

Cisco APICs use the following UCS C Series servers:

• Cisco UCS 220 M4 (second generation appliances APIC-SERVER-M2 and APIC-SERVER-L2)

• Cisco UCS 220 M3 (first generation appliance APIC-SERVER-M1 and APIC-SERVER-L1)

The Cisco APIC versions of these servers differ from the standard versions in that the Cisco APIC versionsare manufactured with an image secured with the Trusted Platform Module (TPM) certificates and an APICproduct ID (PID).

The following table provides more information on each of these Cisco APIC servers:


Installing or Recovering Cisco APIC ImagesUpgrading the CIMC Software

https://software.cisco.com/download/release.html?mdfid=285968390&softwareid=286278832&release=2.3(1o)&relind=AVAILABLE&rellifecycle=&reltype=latesthttps://www.cisco.com/c/en/us/support/servers-unified-computing/ucs-c-series-integrated-management-controller/products-installation-and-configuration-guides-list.htmlhttps://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html#Release_Notes

DescriptionCorresponding UCS PlatformAPIC Platform

Cluster of three Cisco APICfirst-generation controllers, with a

UCS-C220-M3APIC-SERVER-M1

medium-sizedCPU, hard drive, andmemory configurations for up to1000 edge ports.

Cluster of three Cisco APICsecond-generation controllers, with

UCS-C220-M4APIC-SERVER-M2

a medium-sized CPU, hard drive,and memory configurations for upto 1000 edge ports.

Cluster of three Cisco APICfirst-generation controllers, with a

UCS-C220-M3APIC-SERVER-L1

large-sized CPU, hard drive, andmemory configurations for morethan 1000 edge ports.

Cluster of three Cisco APICsecond-generation controllers, with

UCS-C220-M4APIC-SERVER-L2

a large-sized CPU, hard drive, andmemory configurations for morethan 1000 edge ports.

These procedures describe how to upgrade the Cisco APIC CIMC using the Cisco Host Upgrade Utility(HUU). Full instructions for upgrading software using the HUU are provided in Upgrading the Firmware ona Cisco UCS C-Series Server Using the HUU.

Before you begin

• Review the information that is provided in the Cisco APIC Release Notes and confirm which CIMCsoftware image that you should use for the upgrade. The Cisco APIC Release Notes are available on theAPIC documentation page.

• Obtain the software image from the Software Download site.

• Confirm that the MD5 checksum of the image matches the one published on Cisco.com.

• Allow for the appropriate amount of time for the upgrade.

The time needed for the process of upgrading a CIMC version varies, based on the speed of the linkbetween the local machine and the UCS-C chassis, and the source/target software image, as well as otherinternal component versions.

• Changing the CIMC version might also require changes to the Internet browser and Java software versionto run the vKVM.



https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/lomug/2-0-x/3_0/b_huu_3_0_1/b_huu_2_0_13_chapter_011.htmlhttps://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/lomug/2-0-x/3_0/b_huu_3_0_1/b_huu_2_0_13_chapter_011.htmlhttps://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html#Release_Noteshttps://software.cisco.com/download/home/285968390/type/286278832

Upgrading the CIMC version does not affect the production network as the Cisco APICs are not in the datapath of the traffic. Also, you do not have to decommission the Cisco APICs when upgrading the CIMCsoftware.

Note

Procedure

Step 1 Log in to the CIMC using the CIMC credentials.

Note that the CIMC credentials may be different from the Cisco APIC credentials.

Step 2 Determine the model of UCS platform for your Cisco APIC through the CIMC GUI.a) Locate the PID entry displayed under Server > Summary.

b) Use the table provided at the beginning of this procedure to find the corresponding UCS platform for theAPIC platform displayed in the PID entry.

For example, you would see that the APIC-SERVER-L1 entry shown in the example above would mapto the UCS-C220-M3 platform, based on the information provided at the beginning of this procedure.

Step 3 Locate the appropriate HUU .iso image at https://software.cisco.com/download.a) In the search window in https://software.cisco.com/download, enter the UCS platform model that you

found for your Cisco APIC in the previous step, without the dashes.

Using the example from the previous step, you might enter UCS C220 M3 in the search window.

b) Click on the link from the search result to show the software that is available for your UCS platform.c) In the list of software available for your server, locate the firmware entry, which will be shown with an

entry such as Unified Computing System (UCS) Server Firmware, and click on that firmware link.d) Locate the Cisco UCS Host Upgrade Utility .iso image link and make a note of the release information

for this image.



https://software.cisco.com/download/home/279030228https://software.cisco.com/download

Step 4 Go to the Recommended Cisco APIC and Cisco Nexus 9000 Series ACI-Mode Switches Releases documentand locate the row that contains the appropriate entry for your UCS platform and APIC software release.

Keep in mind that the UCS version shown in the table might not be the latest version of CIMC software, basedon corresponding APIC release. For example, for the 3.0 branch of the APIC release, the corresponding CIMCsoftware release might be 3.0(3e). While that is not necessarily the latest release of the CIMC software, it isthe correct version of the CIMC software for the 3.0 branch of the APIC release.

Step 5 Compare the information from the two sources to verify that you are downloading the correct version of theHUU .iso image.If you find conflicting information between the two sources, use the information provided in the RecommendedCisco APIC and Cisco Nexus 9000 Series ACI-Mode Switches Releases document as the final word on thecorrect version of the HUU .iso image for your UCS platform and APIC software release.

Step 6 Download the appropriate HUU .iso image from the https://software.cisco.com/download site.Step 7 Launch the KVM console from CIMC GUI.



https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/recommended-release/b_Recommended_Cisco_ACI_Releases.htmlhttps://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/recommended-release/b_Recommended_Cisco_ACI_Releases.htmlhttps://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/recommended-release/b_Recommended_Cisco_ACI_Releases.htmlhttps://software.cisco.com/download

If you are having problems opening the KVM console, this is generally an issue with your Javaversion. Review the information in the Cisco APIC Release Notes, available on the APICdocumentation page, for your CIMC version to learn the different workarounds available.

Note

Step 8 In the KVM console, click Virtual Media > Activate Virtual Devices and accept the session.Step 9 Click Virtual Media > Map CD/DVD and navigate to the downloaded HUU .iso image on your PC.Step 10 Select the downloaded HUU .iso image, then click Map Device to map the downloaded ISO on your PC.

Step 11 Click Macros > Static Macros > Ctrl-Alt-Del to reboot the server.

If you are not able to reboot the server using this option, click Power > Power cycle System to perform acold reboot instead.

Step 12 Press F6 to enter the boot menu so that you can select the mapped DVD that you want to boot from.

You can also create a user-defined macro to perform this action, if you are using a Remote Desktop application,by selecting Macros > User Defined Macros > F6.

Step 13 When prompted, enter the password.

The default password is password.

Step 14 When prompted to select the boot device, select the Cisco vKVM-Mapped vDVD option, as shown in thefigure below.



https://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html#Release_Noteshttps://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html#Release_Notes

Step 15 Wait for the proces to complete, then accept the terms and conditions when prompted.

It will take around 10-15 minutes for the ISO to be extracted by the HUU, then another 15-20 minutes to copythe firmware and other tools.

Step 16 Make the appropriate selection in the HUU screen, when it appears.

We recommend that you select the Update All option to update all the firmware for all components.



Step 17 If you see a pop-up asking if you want to enable Cisco IMC Secure Boot, select No for that option.

Refer to the "Introduction to Cisco IMC Secure Boot" section in the Cisco UCS C-Series Servers IntegratedManagement Controller CLI Configuration Guide, Release 4.0 document for more information.

Step 18 Monitor the progress of the updates using the information provided in theUpdate Status column in the HUU.Step 19 Once you see a status of PASS for each component, click Exit to reboot the server.

When the server reboots, you will be pushed out of the CIMC GUI. You will need to log back into the CIMCand verify the upgrade has completed successfully.

You can verify the upgrade was completed successfully through the GUI or by booting up the CIMC HUUand selecting Last Update Verify to ensure that all of the components passed the upgrade successfully.

Installing Cisco APIC Software Using Virtual Media Through KVM ConsoleUse this procedure to install or upgrade the Cisco APIC software using vMedia through the KVM console.

Before you begin

Review the information in Upgrading the CIMC Software, on page 12 to determine if you should upgradeyour Cisco Integrated Management Controller (CIMC) software before you begin the procedures in thissection.


Installing or Recovering Cisco APIC ImagesInstalling Cisco APIC Software Using Virtual Media Through KVM Console

https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/cli/config/guide/4_0/b_Cisco_UCS_C-Series_CLI_Configuration_Guide_40.htmlhttps://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/cli/config/guide/4_0/b_Cisco_UCS_C-Series_CLI_Configuration_Guide_40.html

Procedure

Step 1 Update the Java security.a) Open the Java Control Panel.b) In the Security tab, click High Security radio button.c) Add the Cisco Integrated Management Controller (CIMC) IP address in the Exception Site List.d) Click OK.

Step 2 Log in to the CIMC using the CIMC credentials.

The CIMC credentials may be different from the Cisco APIC credentials.

Step 3 Access the KVM console.a) Choose Server > Summary > Launch KVM Console.b) Open the downloaded file using the Java Web Start Launcher.c) Map the file to the viewer located at C:/user/Program Files/Java/bin/name of the

java viewer.

Ensure that the downloaded file has the extension .jnlp.Note

Step 4 Map the Cisco APIC .iso image.a) Download the Cisco APIC .iso image from Cisco.com.b) On the KVM console, choose Virtual Media > Activate Virtual Devices and then choose Virtual

Media > Map CD/DVD.c) Click Browse to select the Cisco APIC .iso image.d) Click Map Device.

Step 5 Boot or power cycle the controller.a) On the CIMC page, choose Server > Server Summary > Power Cycle Server.b) Press F6 to select the boot device.c) Choose Cisco vKVM-Mapped vDVD1.22 to load the image.

/------------------------------------\| Please select boot device: ||------------------------------------|| (Bus 05 Dev 00)PCI RAID Adapter || UNIGEN PHF16H0CM1-DTE PMAP || Cisco vKVM-Mapped vHDD1.22 || Cisco CIMC-Mapped vHDD1.22 || Cisco vKVM-Mapped vDVD1.22 || Cisco CIMC-Mapped vDVD1.22 || Cisco vKVM-Mapped vFDD1.22 || UEFI: Built-in EFI Shell || IBA GE Slot 0100 v1585 || IBA GE Slot 0101 v1585 || Enter Setup ||------------------------------------|| ^ and v to move selection || ENTER to select boot device || ESC to boot using defaults |\------------------------------------/

Enter the BIOS password if required. The default password is password


Installing or Recovering Cisco APIC ImagesInstalling Cisco APIC Software Using Virtual Media Through KVM Console

https://software.cisco.com/download/release.html?mdfid=285968390&softwareid=286278832&release=2.3(1o)&relind=AVAILABLE&rellifecycle=&reltype=latest

After this process is completed, the Cisco APIC setup script is displayed.

d) To verify, choose KVM Console > Tools > Stats.

Step 6 In the Cisco APIC console, enter the options for the initial setup such as fabric name, number of controllers,tunnel endpoint address pool, infra VLAN ID.

When setting up Cisco APIC in an active-standby mode, ensure that the Cisco APIC informationfor all the Cisco APICs in the cluster is the same.

Note

Installing Cisco APIC Software Using CIMC Virtual MediaUse this procedure to install the Cisco APIC software using Cisco IntegratedManagement Controller (CIMC)Virtual Media.

You will open two console windows in these procedures:

• KVM console

• Serial over LAN (SOL) console

You will be flipping back and forth between the two console windows, entering certain commands in one orthe other console window for most of the steps in this procedure.

Note

Before you begin

Review the information in Upgrading the CIMC Software, on page 12 to determine if you should upgradeyour Cisco Integrated Management Controller (CIMC) software before you begin the procedures in thissection.

Procedure

Step 1 Obtain the relevant Cisco APIC .iso image from CCO.Step 2 Copy the .iso image to the HTTP server.Step 3 Access the KVM console:

a) Open the Cisco Integrated Management Controller (CIMC) GUI for the controller.b) From the CIMC GUI, choose Server > Summary > Launch KVM, then select either Java based KVM

or HTML based KVM to access the KVM console.

We recommend using the Java based KVM option whenever possible, because it is a more reliable optionfor larger-sized files.

Step 4 Access the Serial over LAN (SOL) console:a) From a terminal window, log in to the CIMC console:

# ssh admin@cimc_ip


Installing or Recovering Cisco APIC ImagesInstalling Cisco APIC Software Using CIMC Virtual Media

Where cimc_ip is the CIMC IP address. For example:# ssh [email protected]@192.0.2.1's password:system#

b) Change the scope to virtual media:system# scope vmediasystem /vmedia #

c) Map the .iso image to the HTTP server:system /vmedia # map-www volume_name http://http_server_ip_and_path iso_file_name

Where:

• volume_name is the name of the volume.

• http_server_ip_and_path is the IP address of the HTTP server and the path to the .iso file location.

• iso_filename is the name of the .iso file.

Note that there is a space between the http_server_ip_and_path and the iso_filename.

For example:system /vmedia # map-www apic http://198.51.100.1/home/images/ aci-apic-dk9.4.0.3d.isoServer username:

d) Check the mapping status:system /vmedia # show mappings detail

The Map-Status should be shown as OK.

e) Connect to SOL to monitor the installation process:system /vmedia # connect host

Step 5 From the KVM console: Choose Power > Power Cycle System (cold boot) to power cycle the controller.Step 6 From the SOL console: Watch the screen during the boot process and prepare to press F6 at the appropriate

moment to enter the boot selection menu.

You should first see the following messages as the boot process begins:

Cisco Systems, Inc.Configuring and testing memory..Configuring platform hardware......

System bootup messages continue to appear, until the point where you should see the following screen:

...Press Setup, Boot Menu, Diagnostics, Cisco IMC COnfiguration, Network Boot



Step 7 From the SOL console: When you see the message above, press F6 to enter the boot selection menu.

You should see Entering boot selection menu... if you were able to press F6 at the appropriate moment.If you miss your opportunity and were not able to press F6 at the appropriate moment, go back to Step 5, onpage 21 to power cycle the controller and repeat the process until you are able to press F6 to enter the bootselection menu.

Step 8 From the SOL console: At the boot selection menu, select the Cisco CIMC-Mapped vDVD1.22 option asthe one-time boot device.

/------------------------------------\| Please select boot device: ||------------------------------------|| (Bus 05 Dev 00)PCI RAID Adapter || UNIGEN PHF16H0CM1-DTE PMAP || Cisco vKVM-Mapped vHDD1.22 || Cisco CIMC-Mapped vHDD1.22 || Cisco vKVM-Mapped vDVD1.22 || Cisco CIMC-Mapped vDVD1.22 || Cisco vKVM-Mapped vFDD1.22 || UEFI: Built-in EFI Shell || IBA GE Slot 0100 v1585 || IBA GE Slot 0101 v1585 || Enter Setup ||------------------------------------|| ^ and v to move selection || ENTER to select boot device || ESC to boot using defaults |\------------------------------------/

You might also have to enter the BIOS password. The default password is password.

Step 9 From the SOL console: Enter the following:a) Determine if you want to enter the ISO URL to speed up the installation process.

During the boot-up process, you might see the following message:To speed up the install, enter iso url in next ten minutes:

You have two options at this stage:

• Enter the ISO URL: This option will make the installation process go faster. If you choose thisoption, you will be asked to provide the protocol type:

• static: If you choose this option, you will be asked to enter the interface name, management IPaddress and gateway.

• dhcp

Also note that you do not have a space between the http_server_ip_and_path and the iso_filenamefor this ISO URL (for example,http://198.51.100.1/home/images/aci-apic-dk9.4.0.3d.iso).

• Do not enter the ISO URL: If you do not want to enter the ISO URL, the installation process startsafter ten minutes.

The system starts fetching the ISO at this point. You can track the status of the process by going toTools >Stats in the KVM console.



b) Wait until you see the message poweroff in the SOL console, then exit from SOL by pressing Ctrl andx (Ctrl+x).

c) Change the scope to virtual media again:system# scope vmediasystem /vmedia #

d) Unmap the .iso image that you mapped in 4.c, on page 21:system /vmedia # unmap volume_name

At the Save mapping prompt, enter yes if you want to save the mapping or no if you do not want to savethe mapping. For example:system /vmedia # unmap apicSave mapping? Enther 'yes' or 'no' to confirm (CTRL-C to cancel) → yessystem /vmedia #

e) Connect back to SOL again:system /vmedia # connect host

Step 10 From the KVM console: Choose Power > Power on System to power on the controller.Step 11 From the SOL console: Enter the following:

a) During the boot process, press F6 to to enter the boot selection menu, then select the PCI RAID Adapteras the one-time boot device.

You might also have to enter the BIOS password. The default password is password.

b) Enter the options for the initial setup, such as fabric name, number of controllers, tunnel endpoint addresspool, and infra VLAN ID to complete the installation process.



C H A P T E R 3Upgrading and Downgrading the Cisco APIC andSwitch Software

• About Firmware Management, on page 25• Important Notes For Upgrading or Downgrading the Cisco APIC and Switch Software, on page 27• Workflow to Upgrade or Downgrade the Cisco ACI Fabric, on page 32• Validation Checks Prior to ACI Upgrades or Downgrades, on page 34• Cisco ACI Long-Lived and Short-Lived Releases, on page 50• Determining Current Software Build, on page 51• About Upgrading the Cisco APIC and the Switch Software, on page 52• About Downgrading the Cisco APIC and Switch Software, on page 59• About Upgrading with the Scheduler, on page 65• About Disabling LLDP Back to Back Connections Before Upgrading, on page 72• Upgrading the Software Using the GUI, on page 73• Upgrading the Software Using the REST API, on page 92• Upgrading the Software Using the CLI, on page 95• Upgrading the Controller Using the Debug CLI, on page 100• Upgrading the Controller Using the Debug CLI in Three Steps, on page 100• Verifying the Firmware Version and the Upgrade Status Using the API, on page 101• Verifying SSD Installation Status, on page 101• Troubleshooting Failures During the Upgrade Process, on page 102• Operations Allowed During Mixed Versions on Cisco ACI Switches, on page 108• About the Silent Roll Package Upgrade, on page 111• Cisco Nexus 9300 Platform Switches to Cisco Nexus 9300-EX Platform Switches Migration, on page115

• Upgrade Examples, on page 116

About Firmware ManagementThe term "firmware" used in this guide refers to the Cisco APIC's appliance firmware. You can upgradefirmware in the Cisco APIC GUI on the menu bar under ADMIN > Firmware and, in APIC releases before4.x, in the Navigation pane under Controller Firmware. Do not confuse this term with the Cisco APIC'scomponent firmware such as the CIMC, BIOS, LOM, and RAID controllers, and NIC/VIC PCI adapters.


Version Nomenclature

The following information is necessary to manage the firmware:

• Firmware Repository—Firmware repository is a distributed store that stores firmware images that arerequired to upgrade Cisco ACI fabric. Firmware repository is synced to every controller in the cluster.A firmware image is downloaded into the firmware repository from an external server (HTTP or SCP)when you configure a firmware source policy. There are three types of firmware images that can bestored in the repository:

• Cisco APIC image—This image consists of software that runs on Cisco Application PolicyInfrastructure Controllers (Cisco APICs).

• Switch image—This image consists of software that runs on Cisco ACI switches.

• Catalog image—This image consists of Cisco-created internal policies. These internal policiescontain information about the capabilities of different models of hardware, the compatibility acrossdifferent versions of software, and the hardware and diagnostic tests. This image is usually bundledand upgraded along with the controller image. Unless specifically instructed by release notes of aspecific release, an administrator should never have to individually upgrade a catalog image.

• Firmware Group and Firmware Policy—AFirmware Group is a group of switches on which you configurea firmware policy. A Firmware Policy specifies the desired firmware version for switches in the group.

• Controller Firmware Policy and Controller Maintenance Policy—Applies for APIC releases before 4.x.The Controller Firmware Policy specifies the desired version for controllers. The Controller MaintenancePolicy specifies when the upgrade of controllers should start. The Controller Firmware Policy and theController Maintenance Policy apply to all the controllers in the cluster.

• Maintenance Group and Maintenance Policy—Applies for APIC releases before 4.x. A MaintenanceGroup is a group of switches on which youwould configure aMaintenance Policy. AMaintenance Policyspecifies a schedule for upgrade.

Firmware Upgrade ModesThe method to upgrade the firmware using Cisco APIC varies, depending on the release:

• Cisco APIC Releases Prior to 4.x, on page 26

• Cisco APIC Releases 4.x and Later, on page 27

Cisco APIC Releases Prior to 4.x

In the Cisco APIC GUI, you can upgrade the firmware by navigating to Admin > Firmware > Fabric NodeFirmware > Maintenance Groups. Select a maintenance group and from the Actions menu, select CreateOne Time Window Trigger or Create Recurring Window Trigger to schedule an upgrade.

There are two modes to upgrade the firmware using Cisco APIC.

• Upgrade immediately: In this mode, the firmware upgrade process is started immediately.

• Schedule an upgrade: In this mode you can schedule the firmware upgrade for a later date and time. Inthe Scheduler field, either select an existing trigger scheduler, or click Create Trigger Scheduler to createa new trigger scheduler.


Upgrading and Downgrading the Cisco APIC and Switch SoftwareFirmware Upgrade Modes

Cisco APIC Releases 4.x and Later

In the Cisco APIC GUI, you can upgrade the firmware by navigating to Admin > Firmware. Click theInfrastructure tab, then click the Nodes sub-tab. Click Actions, then click Schedule Node Upgrade. Selectan existing group or create a new one in the Upgrade Group Name area.

There are two modes to upgrade the firmware using Cisco APIC.

• Now: In this mode, the firmware upgrade process is started immediately.

• Schedule for Later: In this mode you can schedule the firmware upgrade for a later date and time. Inthe Scheduler field, either select an existing trigger scheduler, or click Create Trigger Scheduler to createa new trigger scheduler.

Important Notes For Upgrading or Downgrading the Cisco APICand Switch Software

Following are the important notes that you should understand before upgrading or downgrading the CiscoAPIC and switch software:

• Important Notes on Firmware Management, on page 27

• Important Notes on Upgrading the Cisco APIC and the Switch Software, on page 29

• Important Notes on Downgrading the Cisco APIC and the Switch Software, on page 31

Important Notes on Firmware Management

• Beginning in the 4.2(6) release, SNMPv3 supports the Secure Hash Algorithm-2 (SHA-2) authenticationtype. If you are running on Cisco APIC Release 4.2(6) or later and you are using the SHA-2 authenticationtype, and then downgrade from Cisco APIC Release 4.2(6) to a previous release, the downgrade will beblocked with the following error message:SHA-2 authentication type is not supported.

You can choose to either change the authentication type to MD5 or delete the corresponding SNMPv3users to continue.

• If you are running apps from https://aciappcenter.cisco.com/ on your Cisco APIC nodes:

• Disable those apps before upgrading or downgrading the APIC software on those APIC nodes.

• Do not install or remove any apps while upgrading or downgrading the APIC software on thoseAPIC nodes.

• Do not perform an app image upgrade while upgrading or downgrading the APIC software on thoseAPIC nodes.

• If you upgraded from a release prior to the 3.2(1) release and you had any apps installed prior tothe upgrade, the apps will no longer work. To use the apps again, you must uninstall and reinstallthem.


Upgrading and Downgrading the Cisco APIC and Switch SoftwareImportant Notes For Upgrading or Downgrading the Cisco APIC and Switch Software

https://aciappcenter.cisco.com/

After you have completed the APIC software upgrade or downgrade process for the entire fabric (theAPIC nodes and switches), reenable the apps again if you disabled them. You can install or remove apps,or perform an app image upgrade, after the APIC software upgrade or downgrade process is complete.

• Cisco has recently identified a defect (CSCvs16767) in the Cisco Application Centric Infrastructure(ACI). The Multicast FIB Distribution (MFDM) process crashes when processing an fmgroup updatethat comes from the spine switch. This issue happens when a remote leaf switch has the direct trafficforwarding feature from the 14.1(2) release enabled, and receives an unknown type-length-value (TLV)from the spine switch. This situation occurs when Readable Label-stack Depth (RLD) is enabled andspine switches are upgraded to the 14.2(2) release, which adds a new TLV in the fmgroup message.

To work around this issue:

• When upgrading from the 14.1(2) release to the 14.2(2) release, if there is a remote leaf switch inthe fabric with the direct traffic forwarding feature enabled, first upgrade the remote leaf switchesto the 14.2(2) release, then upgrade the spine switches. Regular leaf switches (non-remote leafswitches) are not affected by this bug.

• When downgrading to the 14.1(2) release, if there is a remote leaf switch in the fabric with the directtraffic forwarding feature enabled, first downgrade the spine switches to the 14.1(2) release, thendowngrade the remote leaf switches. Regular leaf switches (non-remote leaf switches) are notaffected by this bug.

• In APIC releases 4.1(1) and 4.1(2), a software check has been added to validate Ethernet transceivers.Before Release 4.1, this check was not present in the software. This check is required to make sure thatEthernet ports are properly identified. If the software check detects an Ethernet transceiver with FibreChannel SPROM values, the transceiver fails the validation check and is put into a downed state. If anyEthernet transceivers have an incorrectly programmed SPROM which identifies them as FC compliant,they fail the transceiver validation and fail to come up on APIC releases 4.1(1) and 4.1(2). In this scenario,contact your respective vendors to update and address the programmed SPROM values.

All Ethernet transceivers that have the expected Ethernet SPROMprogramming should continue to workafter the upgrade.

This Ethernet transceiver software check is no longer enabled for APIC releasesafter Release 4.1(2).

Note

• Confirm that the /firmware partition is not filled beyond 75%. If the partition is filled beyond 75%,you might have to remove some unused firmware files from the repository. This accommodates thecompressed image and provides adequate space to extract the image. The Cisco APIC automaticallyextracts the image.

• Booting from UEFI is not supported for Cisco APIC. Cisco APIC only supports booting from the HDD(the PCI RAID adapter).

• Starting with Release 2.1(4), support was added for the third-party Micron Solid State Drive (SSD)firmware auto update. As part of the standard Cisco APIC software upgrade process, the switches willreboot when they upgrade. During that boot-time process, the system will also check the current SSDfirmware and will automatically perform an upgrade to the SSD firmware, if necessary. If the systemperforms an SSD firmware upgrade, the switches will then go through another clean reboot afterwards.

• You should have serial console access when upgrading or downgrading in case the switch access throughthe Ethernet in-band or out-of-band access is no longer possible.



• When you upload firmware using the Cisco APIC GUI, if the transfer time exceeds the web token timeout value, the web token times out and the upload fails. Before you upload the firmware using the CiscoAPIC GUI, you must increase the web token time out value to a time greater than the expected uploadtime.

Important Notes on Upgrading the Cisco APIC and the Switch Software

• If you create a maintenance policy through the GUI, you cannot change that same policy through theCLI. Similarly, if you create a maintenance policy through the CLI, you cannot change that same policythrough the GUI.

• When you are upgrading the ACI switches, at the point when the upgrade process reaches 80%, theupgrade process that is shown in the GUI might freeze at 80-90%, although the switches have actuallycompleted their upgrades and are in the process of reloading. Click the Refresh button at the top rightcorner of the table to get the latest status on the switches so that you can verify that the upgrade processwas completed successfully.

• Do not upgrade a Cisco ACI fabric if any node in the fabric is in the Graceful Insertion and Removal(GIR) mode, or maintenance mode. If any node on the fabric is in the GIR mode and you upgrade thefabric, then that node becomes inaccessible after all other connected nodes are reloaded, even if that nodeis not part of the current upgrade group.

• If you are upgrading several leaf switches at once, and you are selecting the GracefulMaintenance optionin the Schedule Node Upgrade screen for each switch, then you must put Cisco Application PolicyInfrastructure Controller (Cisco APIC)-connected leaf switches into different maintenance groups suchthat the Cisco APIC-connected switches get upgraded one at a time.

• A firmware maintenance group should contain a maximum of 80 nodes.

• Although upgrading all spine switches in a pod at once is not recommended in general, you must not doit especially when you are using the Graceful Maintenance option for the upgrade in a Multi-Pod setup.Otherwise, the upgrade will fail, leaving the spine switches being isolated from the fabric indefinitely.This is because, as part of the Graceful Maintenance upgrade process, OSPF is brought down on eachspine switch being upgraded so that it can isolate itself from the fabric. Upgrading in this way results inthe entire pod, including the spine switches themselves, to lose communication with APICs and switchesin other pods without the means to self-recover.

Due to this reason, if you are using the Graceful Maintenance option, you must put the spine switchesfrom the same pod into different maintenance groups such that the switches get upgraded separately. Ifthe pod has only one spine switch, you must disable the GracefulMaintenance option prior to the upgrade.In case you fail to follow this procedure, refer to the workaround provided in CSCvn28063.

• The systemwill react differently if you set an upgrade schedule to a date in the past, depending on whetheryou are setting a one-time or a recurring upgrade schedule:

• If you set a one-time upgrade schedule with a date in the past, the configuration will be rejected bythe system.

• If you set a recurring upgrade schedule with a date in the past, the scheduler triggers the upgradeimmediately. For example, if it is noon on Wednesday and you set a recurring upgrade schedule forevery Tuesday at noon, the scheduler will first trigger an upgrade immediately, and then will performupgrades every Tuesday at noon from that point forward.

See Firmware Upgrade Modes, on page 26 for more information.



https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn28063

• A minimum subnet mask of /19 is recommended.

• When you perform an upgrade, the kickstart variable is typically rewritten as part of the upgrade process.However, in certain situations, if you upgrade fromNX-OS to ACI and you neglect to set the boot variablecorrectly, it could result in the switches reverting to boot loader mode. Verify that you have set the bootvariable correctly before performing an upgrade to avoid this situation.

• In APIC, there is a compatibility check feature that verifies if an upgrade path from the currently runningversion of the system to a specific newer version is supported or not. There is an "Ignore CompatibilityChecks" setting that is set to off by default, so the system automatically checks the compatibility forpossible upgrades by default. See Changing the Ignore Compatibility Checks Setting (Releases Prior toRelease 4.x), on page 77 or Changing the Ignore Compatibility Checks Setting (Release 4.x and Later),on page 85 if you wish to change the "Ignore Compatibility Checks" setting to on for any reason so thatthe compatibility check feature is disabled.

• Cisco ACI Multi-Pod deployment requires 239.255.255.240 (the default ACI system GIPo) to beconfigured on the interpod network as a PIM BIDIR range. This requirement can be avoided by enablingthe Use Infra GIPo as System GIPo option. This option must be enabled only after all the switch nodesin the fabric are upgraded to the supported version, such as 2.2(1) or later.

• Beginning with Release 4.0, node upgrade group policies are used instead of the firmware groups andmaintenance groups that were used in previous releases. When upgrading Cisco APICs from a pre-4.0release to Release 4.0(1) or later, you must remove all firmware group and maintenance group policiesprior to the upgrade.

• To remove a firmware group policy, navigate to Admin > Firmware > Fabric Node Firmware >Firmware Groups, then right-click on the name of firmware group and chooseDelete the FirmwareGroup.

• To remove amaintenance group policy, navigate toAdmin >Firmware >Fabric Node Firmware >Maintenance Groups, then right-click on the name of maintenance group and choose Delete theMaintenance Group.

If you have to preserve any of these configurations, contact Cisco support to evaluate the configurationand make the necessary modifications before upgrading.

• In the 4.x and later releases, if a firmware policy is created with a different name than the maintenancepolicy through a POST request, the firmware policy will be deleted and a new firmware policy getscreated with the same name, which causes the upgrade process to fail. This issue can also occur if policiescreated prior to upgrading to a 4.x or later release have different names. To avoid this issue, create thefirmware policy and maintenance policy with the same name.

• Starting with Cisco APIC release 4.0(1), you cannot use Bash to upgrade the Cisco APIC and the switchsoftware. Use the NX-OS style CLI to upgrade the Cisco APIC and the switch software instead, asdescribed in Upgrading the Software Using the CLI, on page 95.

• Starting from Cisco APIC release 3.0(1), during a Cisco APIC upgrade if a switch upgrade is triggered,the switch is upgraded after all the Cisco APICs have been successfully upgraded. During the CiscoAPIC upgrade process, the switches are in an IN Queue state.

• If you are upgrading your APIC software from Release 2.3 to a release earlier than 3.2(2l), then you mayrun into an issue where the domainmgr DME database, which contains the configuration data fordomain-name based micro-segmentation EPGs, might get diverged, which will cause the APIC clusterhealth to show as not fully fit. If you encounter this issue, contact Cisco Support and request assistancewith CSCvv13780.



https://tools.cisco.com/bugsearch/bug/CSCvv13780

• Starting in the 2.2(1) release, the Cisco APICs must have 1 SSD and 2 HDDs, and both RAID volumesmust be healthy before upgrading to the 2.2(1) release or later. An SSD is required to boot a Cisco APIC,and the Cisco APIC will not boot if the SSD is not installed. See Verifying SSD Installation Status, onpage 101.

• When performing a multistep upgrade, you should use an intermediate version of Cisco APIC release2.1 if supported, or later to prevent issues that are related to CSCvb94260.

• Starting with Cisco APIC release 1.2(2), when a contract is provided on an Out-of-band nodemanagementEPG, the default Cisco APIC Out-of-band contract source address is the local subnet that is configuredon the Out-of-band node management address. Previously, any address was allowed to be the defaultCisco APIC Out-of-band contract source address.

• Ensure that a contract is provided under the OOB EPG that it is properly configured before upgrading.When upgrading to the 1.2(2) release, a nondefault Out-of-band contract that is applied to the Out-of-bandnode management endpoint group can cause unexpected connectivity issues to the Cisco APICs. If anincorrectly configured Out-of-band contract is present that had no impact in prior Cisco APIC releases,upgrading to the 1.2(2) release can cause Out-of-band management EPGs that use such incorrectlyconfigured Out-of-band contracts to lose access to the cluster of Cisco APICs.

Important Notes on Downgrading the Cisco APIC and the Switch Software

• The ability to use the DUO application as an authentication method when logging in to Cisco APIC wasintroduced as part of the Cisco APIC Release 5.0(1). If you are running Release 5.0(1) and you haveDUO set up as your default authenticationmethod, but then you decide to downgrade from Release 5.0(1)to a previous release where DUO was not supported as an authentication method, we recommend thatyou change the default authentication method from DUO to an option that was available prior to Release5.0(1), such as Local, LDAP, RADIUS, and so on. If you do not change the default authenticationmethodbefore downgrading in this situation, you will have to log in using the fallback option after the downgrade,then you will have to change the authentication method to an option that was available prior to Release5.0(1) at that point.

Navigate to Admin > AAA > Authentication, then change the setting in the Realm field in the DefaultAuthentication area of the page to change the default authentication method before downgrading yoursystem. You will also have to manually delete the DUO login domain after the downgrade.

• Switches can be downgraded to a 1.0(1x) version if the imported configuration consists of a firmwarepolicy with a desired version set to 1.0(1x).

• Newly added microsegment EPG configurations must be removed before downgrading to a softwarerelease that does not support it.

• Downgrading the fabric starting with the leaf switch will cause faults such as policy-deployment-failedwith fault code F1371.

• Downgrading a Cisco APIC configured with Intra-EPG deny configuration from the 1.2(2) release to anearlier release is not supported. The Intra-EPG deny configuration must be manually cleaned up beforedowngrading.

• When performing a Cisco APIC software downgrade, you must disable Federal Information ProcessingStandards (FIPS) first. See the Cisco APIC and Federal Information Processing Standards (FIPS)document for more information.

• When you enable or disable Federal Information Processing Standards (FIPS) on a Cisco ACI fabric,you must reload each of the switches in the fabric for the change to take effect. The configured scale



https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb94260/?referring_site=bugquickviewredir

profile setting is lost when you issue the first reload after changing the FIPS configuration. The switchremains operational, but it uses the default port scale profile. This issue does not happen on subsequentreloads if the FIPS configuration has not changed. FIPS is supported on Cisco NX-OS release 13.1(1)or later.

• If you must downgrade the firmware from a release that supports FIPS to a release that does not supportFIPS, you must first disable FIPS on the Cisco ACI fabric and reload all the switches in the fabric forthe FIPS configuration change.

• If you have Anycast services configured in your Cisco ACI fabric, you must disable the Anycast gatewayfeature and stop Anycast services on external devices before downgrading from Cisco APIC 3.2(x) toan earlier release.

• When downgrading from Cisco APIC 1.2(1x) to 1.0(4q) or earlier or from 1.1(1x), 1.1(2x), 1.1(3x), or1.1(4x) to 1.0(4h) or earlier, follow the stateless downgrade instructions below. You must plan for afabric outage, as this procedure rebuilds the fabric.

• Cisco N9K-C9508-FM-E2 fabric modules must be physically removed before downgrading to releasesearlier than Cisco APIC 3.0(1).

• If you have remote leaf switches deployed, and you downgrade the Cisco APIC software from Release3.1(1) or later to an earlier release that does not support the remote leaf switches feature, you mustdecommission the nodes before downgrading. For information about prerequisites to downgrading RemoteLeaf switches, see the Remote Leaf Switches chapter in theCisco APIC Layer 3 Networking ConfigurationGuide.

Workflow to Upgrade or Downgrade the Cisco ACI FabricCisco APIC simplifies upgrading the fabric because it allows you to manage centrally the upgrade for theentire fabric. The Cisco APIC acts as the repository of the image and as the booting server. Leaf switches andspine switches have in-band connectivity to the Cisco APIC, and when upgrading, the switches download thefirmware from the Cisco APIC. To complete an upgrade successfully, you must have connectivity from theleaf switches and spine switches that you are upgrading to the Cisco APIC. To maintain connectivity, youshould define a minimum of two maintenance groups and upgrade one group at a time. Wait until the firstgroup has successfully completed the upgrade before upgrading the second group. This section provides therecommended steps for a successful upgrade with minimum disruption.

At a high level, steps to upgrade or downgrade the Cisco ACI fabric are as follows:

• The procedure or steps for upgrade and downgrade are the same unless stated otherwise in the releasenotes of a specific release.

• Ensure that you have the required CIMC version required for Cisco APIC upgrade. See the Cisco APICRelease Notes for the supported CIMC versions and Upgrading the CIMC Software, on page 12 for theprocedures for upgrading the CIMC software, if necessary.

• Download the Cisco ACI Controller image (Cisco APIC image) into the repository.

• Download the Cisco ACI switch image into the repository.

• Upgrade the cluster of Application Policy Infrastructure Controllers (Cisco APICs).

• Verify that the fabric is operational and the APIC cluster is "Fully Fit" before proceeding.


Upgrading and Downgrading the Cisco APIC and Switch SoftwareWorkflow to Upgrade or Downgrade the Cisco ACI Fabric

https://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html#Release_Noteshttps://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html#Release_Notes

• Divide the switches into multiple groups, and upgrade the switches by group, verifying that the fabric isoperational between switch group upgrades. For example, assume that you divided the switches into twogroups – red and blue. You could then go through the following upgrade process:

1. Upgrade the red group of switches.

2. Verify that the fabric is operational.

3. Upgrade the blue group of switches.

4. Verify that the fabric is operational.

If the Cisco ACI fabric deployment includes Cisco AVS, upgrade the Cisco AVS to the version compatiblewith the Cisco APIC. To upgrade Cisco AVS, see the section Recommended Upgrade Sequence for CiscoAPIC, the Fabric Switches, and the Cisco AVS in the Cisco Application Virtual Switch Installation Guide.

Note

Guidelines

Additionally, here are some general guidelines regarding Cisco ACI fabric upgrade or downgrade:

• Divide switches into two or more groups. Upgrade one group at a time. That way you will not lose fabricbandwidth entirely during the upgrade window.

• Do not upgrade or downgrade nodes that are part of a disabled configuration zone.

• A specific release, or a combination of releases, may have some limitations and recommendationsfor the upgrade or downgrade procedure. Double check the release notes for the release beforeupgrading or downgrading your Cisco ACI fabric.

• Before an upgrade or downgrade is triggered, any faults on the fabric should be investigated and resolved.It is possible for the fabric to have benign faults that will not affect the upgrade, which might includeunused or unfinished configurations. All faults should be evaluated before the upgrade or downgradeoperation. Any disk usage related faults should be addressed before the upgrade as overcapacity cancause issues while unpacking new software.

• Before triggering an upgrade or downgrade operation, it is required that the fabric is in a Fully Fit state.All Cisco APICs should be in Fully Fit state before moving between Cisco APIC image versions orbefore initiating switch upgrade or downgrade. Initiating a controller or switch upgrade or downgradewhile the controllers are not in a Fully Fit operational state can lead to unexpected results.

When you perform an upgrade or downgrade operation across multiple versions, you must ensure thatthe fabric is in a Fully Fit state. For example, if upgrading from version A to B to C, after upgradingfrom A to B, you must wait for all controllers and switches to be in a Fully Fit state and operational onversion B before initiating the upgrade from version B to C.

• We recommend that you collect a configuration backup before upgrading or downgrading the fabric.

• For Multi-Pod configurations, we recommend that you put the leaf switches and the spine switches intodifferent maintenance groups when upgrading or downgrading. Also, we recommend that you divide theleaf switches and spine switches using the method described in Four-group method, on page 34.


Upgrading and Downgrading the Cisco APIC and Switch SoftwareWorkflow to Upgrade or Downgrade the Cisco ACI Fabric

https://www.cisco.com/c/en/us/support/switches/application-virtual-switch/products-installation-guides-list.html

Prior to Cisco APIC Release 4.2(5), if you had switches from multiple pods in the same maintenancegroup and attempted an upgrade, only switches from one pod would be upgraded at a time. Other switchesin other pods would wait until the upgrade of the previous pod completed before starting their upgrades.

Beginning with Cisco APIC Release 4.2(5), this restriction has been relaxed so that you can now upgrademultiple pods at the same time in parallel. This Multi-Pod parallel upgrade is effective when the APICsare running on Release 4.2(5) or later, even when the switches are still on a version older than Release14.2(5), which is the equivalent switch release of 4.2(5).

It is recommended to divide your switches into two or more groups for upgrading or downgrading. Below areexamples of dividing switches into two groups and four groups respectively.

Note

Two-group method

1. Divide your switches into two groups: a red group and a blue group. Put one half of the spine switchesin the red group, and the other half in the blue group. Also, put one half of the leaf switches in the redgroup and the other half in the blue group.

2. Upgrade the red group.

3. After the red group upgrade is complete, confirm that the fabric is healthy.

4. Upgrade the blue group.

Four-group method

1. Divide your switches into four groups: a red spine switches group, a blue spine switches group, a red leafswitches group, and a blue leaf switches group. Put one half of the spine switches in the red spine switchesgroup, and the other half of the spine switches in the blue spine switches group. Then, place half the leafswitches in the red leaf switches group, and the other half in the blue leaf switches group.

2. Upgrade the red leaf switches group.

3. After the red leaf switches group upgrade is complete, confirm that the fabric is healthy.

4. Upgrade the blue leaf switches group.

5. After the blue leaf switches group upgrade is complete, confirm that the fabric is healthy.

6. Upgrade the red spine switches group.

7. After the red spine switches group upgrade is complete, confirm that the fabric is healthy.

8. Upgrade the blue spine switches group.

Validation Checks Prior to ACI Upgrades or DowngradesThe following sections describe the validations performed by APIC to detect certain issues or faults, and therecommended actions that you should perform beforehand to ensure a smooth upgrade or downgrade.

There are three situations where validations are performed:


Upgrading and Downgrading the Cisco APIC and Switch SoftwareValidation Checks Prior to ACI Upgrades or Downgrades

Supported ReleasesWhen It Is PerformedWhat Is PerformedAction That Triggers Validation

Certain validationsautomatically performed startingwith Cisco APIC release 4.2(1).

When a different targetfirmware version is selected foran APIC.

Validations related to the entirefabric or to the APIC itself.

When configuring an APICupgrade or downgrade.

Certain validationsautomatically performed startingwith Cisco APIC release 4.2(4).

When you click Submit in themaintenance group (upgradegroup).

Validations related to theswitches in the configuredmaintenance group (upgradegroup).

When configuring a switchupgrade or downgrade.

Validations available for CiscoAPIC Release 3.2(1) and later.

Whenever you performvalidations through thePre-Upgrade Validator app.

Validations for both of theabove. The

Date post:	24-Oct-2020
Category:	Documents
Upload:	others
View:	6 times
Download:	0 times

Cisco APIC Installation, Upgrade, and Downgrade Guide · CiscoAPICLong-LivedRelease 44...

Documents