Restarting Cisco Prime Infrastructure services

To restart the Cisco Prime Infrastructure services, establish a SSH connection to the Prime server and follow the steps below.

Step 1 Open a CLI session with the Prime Infrastructure server (see Connecting Via CLI).

Step 2 Enter the following command to stop the Prime Infrastructure server or appliance:

PIServer/admin# ncs stop

Step 3 Wait for the previous command to complete.

Step 4 Enter the following command to restart the Prime Infrastructure server or appliance:
PIServer/admin# ncs start


LAN/WLAN High availability

To ensure you have HA, from your access switches have one etherchannel uplink from the top stack switch and another etherchannel uplink from the bottom stack switch. 

In your wireless environment, spread your access points across all stack switches so if one switch is to fail, you haven’t lost complete wireless coverage. Position acccess points in a way to cater to this. 

Wireless controller AP migration

Recently I did a wireless AP migration from dual WLC5508 to dual WLC5520. There is not a lot of documentation out there on preference options for access points to join the controllers eg DNS, DHCP etc.
To create a pilot group on the new WLC, we were able to tell some access points to join a specific controller. In the access point High Availability options you have to specify the name of the preferred WLC and IP address.

Operating Cisco Application Centric Infrastructure

New logical concepts from the Operating Cisco Application Centric Infrastructure paper
Fabric – Access Policies


Endpoint groups are considered the “who” in ACI; contracts are considered the “what/when/why”; AEPs can be considered the “where” and domains can be thought of as the “how” of the fabric. Different domain types are created depending on how a device is connected to the leaf switch. There are four different domain types: physical domains, external bridged domains, external routed domains, and VMM domains. 

* Physical domains are generally used for bare metal servers or servers where hypervisor integration is not an option.

* External bridged domains are used for Layer 2 connections. For example, an external bridged domain could be used to connect an existing switch trunked-up to a leaf switch.

* External routed domains are used for Layer 3 connections. For example, an external routed domain could be used to connect a WAN router to the leaf switch.

* Domains act as the glue between the configuration done in the fabric tab to the policy model and endpoint group configuration found in the tenant pane. The fabric operator creates the domains, and the tenant administrators associate domains to endpoint groups.

Ideally, policies should be created once and reused when connecting new devices to the fabric. Maximizing the reusability of policy and objects makes day-to-day operations exponentially faster and easier to make large-scale changes. The usage of these policies can be viewed by clicking the Show Usage button in the Application Policy Infrastructure Controller (APIC) GUI. Use this to determine what objects are using a certain policy to understand the impact when making changes. 

For an in-depth whiteboard explanation on domains, watch the following video titled “How Devices Connect to the Fabric: Understanding Cisco ACI Domains”: https:/ / watch?v=_ iQvoC9zQ_ A. 
VLAN Pools

VLAN pools contain the VLANs used by the EPGs the domain will be tied to. A domain is associated to a single VLAN pool. VXLAN and multicast address pools are also configurable. VLANs are instantiated on leaf switches based on AEP configuration. Allow/deny forwarding decisions are still based on contracts and the policy model, not subnets and VLANs. 
Attachable Access Entity Profiles

Attachable Access Entity Profiles (AEPs) can be considered the “where” of the fabric configuration, and are used to group domains with similar requirements. AEPs are tied to interface policy groups. One or more domains can be added to an AEP. By grouping domains into AEPs and associating them, the fabric knows where the various devices in the domain live and the Application Policy Infrastructure Controller (APIC) can push the VLANs and policy where it needs to be. AEPs are configured under the global policies section.