Configuring Cisco APIC-EM in Standalone Mode • ReviewingCiscoAPIC-EMConfigurationWizardParameters, page 1 • ConfiguringCiscoAPIC-EMasaSingleHostUsingtheWizard, page 5 • ManagingAdminAccounts, page 13 • InstallingCiscoAPIC-EMApplications, page 14 • PoweringDownandPoweringUpaSingleHostorMulti-HostCluster, page 16 • UninstallingtheCiscoAPIC-EM, page 18 Reviewing Cisco APIC-EM Configuration Wizard Parameters WhentheCiscoAPIC-EMconfigurationbegins,aninteractivewizardpromptsyoutoenterinformationto configurethecontroller.Thefollowingtabledisplaystheinformationthatyouwillbepromptedfortocomplete theconfiguration. Note EnsurethattheDNSandNTPserversarereachablebeforeyouruntheconfigurationwizardandwhenever aCiscoAPIC-EMhostrebootsinthedeployment. Table 1: Cisco APIC-EM Configuration Wizard Parameters Configuration Wizard Prompt Description Example (Optional)BondedNICs Choosetoconfigureornotconfigure Enter'yes'. bondedNICsonthecontroller's interfaces. Enter'yes'toproceedwithconfiguring NICbondingontheinterfaces.Enter'no' tobypassNICbondingcompletely,and bepresentedwiththeoptionforVLAN configuration. Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.4.1.x 1 Configuring Cisco APIC-EM in Standalone Mode Reviewing Cisco APIC-EM Configuration Wizard Parameters Configuration Wizard Prompt Description Example Bondingmode IfyouchosetoconfigurebondedNICs, Enter'802.3ad'. thenconfigureeither'balance-xor'or '802.3ad'forthebondedNICs. Entering'balance-xor'willconfigure staticbondingontheselectedNICs. Entering'802.3ad'willconfigureLACP bondingontheselectedNICs. Important Entering'802.3ad'requires thataseparateLACP configurationbemadeon theswitchesthatare connectedtotheEthernet ports.Entering'balance-xor 'willrequirea configurationonthe connectedswitchesforthe staticconfiguration. Generally,thismeansthat theappropriateportsbe groupedtogetherinaCisco EtherChannelconfiguration forthestaticconfiguration. RefertoyourCiscoswitch documentationfor informationabout configuringtheswitches. Forthisrelease,onlyone bondedinterfacewith multipleNICscanbe configuredonthe controller. (Optional)VLAN Choosetoconfigureornotconfigure Enter'yes' VLANsonthecontroller'sinterfaces. TheVLANrangeislimited TheNICsonthecontroller(whetheran (1-1001,1005-4094). appliance,server,orvirtualmachine) canbeconfiguredwithaVLAN interface.BothbondedNICsand standaloneNICscanbeconfiguredwith VLANs. Themanagementinterfaceofthe appliance,server,orvirtualmachinecan alsobeselectedandconfiguredwitha VLANinterface. Note ThesameVLANcannotbe usedonmultipleinterfaces. Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.4.1.x 2 Configuring Cisco APIC-EM in Standalone Mode Reviewing Cisco APIC-EM Configuration Wizard Parameters Configuration Wizard Prompt Description Example HostIPaddress EnterahostIPaddress. 10.0.0.12 ThisIPaddressisusedforthenetwork adapter(eth0)onthehostandconnects totheexternalnetworkornetworks.For multiplenetworkadapters,haveseveral IPaddressesavailable. Note ThishostIPaddressmustbea validIPv4address. (Optional)VirtualIPaddress EnteravirtualIPaddress. 10.12.13.14 ThisvirtualIPaddressisusedforthe networkadapter(eth0)onthehost.You shouldonlyconfigureavirtualIP address,ifyouaresettingupamulti-host deployment. Note ThevirtualIPaddressmustbe avalidIPv4address. NetmaskIPaddress EnteranetmaskIPaddress. 255.255.255.0 ThismustbeavalidIPv4netmask. DefaultGatewayIPaddress EnteradefaultgatewayIPaddress. 10.12.13.1 ThismustbeavalidIPv4addressforthe defaultgateway. PrimaryDNSserver EnteraprimaryDNSserveraddress. 10.15.20.25 ThismustbeavalidIPv4addressforthe Note Entereitherasingle primaryDNSserver. IPaddressfora singleprimary server,ormultipleIP addressesseparated byspacesforDNS servers. PrimaryNTPserver EnteraprimaryNTPserveraddress. 10.12.13.10 ThismustbeavalidIPv4addressor EntereitherasingleIP hostnameofaNetworkTimeProtocol addressforasingleNTP (NTP)server. primaryserver,ormultipleIP addressesseparatedbyspaces Note BeforeyoudeploytheCisco forseveralNTPservers.We APIC-EM,makesurethatthe recommendthatyou timeonthecontroller'ssystem configurethreeNTPservers clockiscurrentorthatyouare foryourdeployment. usingaNetworkTimeProtocol (NTP)serverthatiskeepingthe correcttime. Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.4.1.x 3 Configuring Cisco APIC-EM in Standalone Mode Reviewing Cisco APIC-EM Configuration Wizard Parameters Configuration Wizard Prompt Description Example Add/EditanotherNTPserver ThismustbeavalidNTPdomain. 10.12.13.11 Allowsyoutoconfigure multipleNTPservers. Note Werecommendthat youconfigurethree NTPserversforyour deployment. (Optional)HTTPSproxyserver EnteranHTTPSproxyserveraddress. https://209.165.200.11:3128 ThismustbeavalidIPv4addressforthe HTTPSproxywithportnumber. AdminUsername Entertheadminusername. admin2780 Identifiestheadministrativeusername usedforGUIaccesstotheCisco APIC-EMcontroller. Werecommendthattheusernamebe threetoeightcharactersinlengthandbe composedofvalidalphanumeric characters(A–Z,a–z,or0–9). AdminPassword Entertheadminpassword. MyIseYPass2 Identifiestheadministrativepassword thatisusedforGUIaccesstotheCisco APIC-EMcontroller.Youmustcreate thispasswordbecausethereisno default.Thepasswordmeetthe followingrequirements: •Eightcharacterminimumlength. •DoesNOTcontainataboraline break. •Doescontaincharactersfromat leastthreeofthefollowing categories: ◦Uppercasealphabet ◦Lowercasealphabet ◦Numeral ◦Specialcharacters(for example,!or#) Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.4.1.x 4 Configuring Cisco APIC-EM in Standalone Mode Configuring Cisco APIC-EM as a Single Host Using the Wizard Configuration Wizard Prompt Description Example LinuxUsername EnteraLinuxusername. Thedefaultis'grapevine'and cannotbechanged. IdentifiestheLinux(Grapevine) usernameusedforCLIaccesstothe Grapevinerootandclients. LinuxPassword EnteraLinuxpassword. MyGVPass01 IdentifiestheLinux(Grapevine) passwordthatisusedforCLIaccessto theGrapevinerootsandclients.You mustcreatethispasswordbecausethere isnodefault.Thepasswordmeetthe followingrequirements: •Eightcharacterminimumlength. •DoesNOTcontainataboraline break. •Doescontaincharactersfromat leastthreeofthefollowing categories: ◦Uppercasealphabet ◦Lowercasealphabet ◦Numeral ◦Specialcharacters(for example,!or#) Configuring Cisco APIC-EM as a Single Host Using the Wizard PerformthestepsinthefollowingproceduretoconfigureCiscoAPIC-EMasasinglehostusingthewizard. Before You Begin YoumusthaveeitherreceivedtheCiscoAPIC-EMControllerAppliancewiththeCiscoAPIC-EMpre-installed oryoumusthavedownloaded,verified,andinstalledtheCiscoISOimageontoaserverorvirtualmachine asdescribedinthepreviousprocedures. Step 1 Bootupthehost. Step 2 ReviewtheAPIC-EMLicenseAgreementscreenthatappearsandchooseeither<viewlicenseagreement>toreview thelicenseagreementoraccept>>toacceptthelicenseagreementandproceed. Note Youwillnotbeabletoproceedwithoutacceptingthelicenseagreement. Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.4.1.x 5 Configuring Cisco APIC-EM in Standalone Mode Configuring Cisco APIC-EM as a Single Host Using the Wizard Afteracceptingthelicenseagreement,youarethenpromptedtoselectaconfigurationoption. Step 3 ReviewtheWelcometotheAPIC-EMConfigurationWizard!screenandchoosetheCreateanewAPIC-EMcluster optiontobegin. Youarethenpromptedtoenter'yes'or'no'forRESETEXISTINGCONTROLLERNETWORKCONFIG. Step 4 SelecttheResetNetworkingConfigurationoptionforyourconfiguration. Foraninitialdeployment,enter'no'andproceedwiththeconfiguration.Foranupgradeforyourdeployment,enter'yes' andproceedwiththeconfiguration Note Entering'yes'willremovethecurrentnetworkingconfigurationforthecontrolleronthis host. YouarethenpromptedtoentervaluesfortheNETWORKADAPTERBONDINGmode(OPTIONAL). Step 5 SelecttheNETWORKADAPTERBONDINGmode(OPTIONAL)foryourconfiguration. Entereither'yes'or'no'forthisstep. Enter'yes'toproceedwithconfiguringNICbondingontheinterfaces(createasinglelogicalportfromtwoEthernet ports(NICs)onthecontroller).Enter'no'tobypassNICbondingcompletely,andbepresentedwiththeoptionforVLAN configuration(seeStep7below). Afterenteringavalue,clicknext>>toproceed. Step 6 Ifyouentered'yes',thenenterthebondingmodeintheNETWORKADAPTER0(bond0)screen. Entereither'balance-xor'or'802.3ad'forthisstep. ThissteppermitsyoutocreateasinglelogicalportfromtwoormoreEthernetports(NICs)onthecontrollerthatthe configurationwizarddiscoversanddisplays.Entering'balance-xor'willconfigurestaticbondingontheselectedNICs. Entering'802.3ad'willconfigureLACPbondingontheselectedNICs. Forthisrelease,onlyasinglebondedinterfacewithmultipleNICscanbeconfiguredonthecontroller. Important Entering'802.3ad'requiresaseparateLACPconfigurationbemadeontheswitchesthatareconnectedto theEthernetports.Entering'balance-xor'willrequireaconfigurationontheconnectedswitchesforthe staticconfiguration.Generally,thismeansthattheappropriateportsbegroupedtogetherinaCisco EtherChannelconfigurationforthestaticconfiguration.RefertoyourCiscoswitchdocumentationfor informationaboutconfiguringtheswitches. Step 7 SelecttheindividualEthernetports(forexample,eth0andeth1)tobondtogetherasasinglelogicalport. UsetheTabkeytonavigatetotheEthernetportfieldsintheconfigurationwizard.Userthespacebartoselect(check) theEthernetport. Note WhennavigatingtoanEthernetport,theconfigurationwizarddisplaystheport'sMACaddressandspeeds(in Mb/s).Boththeactualandsupportedspeedsaredisplayed.Theactualspeedisdefinedasthenegotiatedspeed retrievedfromthekernelitself(whentheinterfaceisdown,'NA'willbedisplayed).Thesupportedspeedis definedasthemaximumspeedsupportedbytheNIC. Whenfinishedwiththisstep,clicknext>>toproceed. Step 8 SelecttheNETWORKADAPTERVLANMode(Optional) Entereither'yes'or'no'forthisstep. Entering'yes'permitsyoutoconfigureVLANsontheinterface(s)inthenextstep.Entering'no'bypassesVLAN configuration. Note Foramulti-hostcluster,alltheVLANsmustbeconfiguredthesameoneach host. Afterenteringavalue,clicknext>>toproceed. Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.4.1.x 6 Configuring Cisco APIC-EM in Standalone Mode Configuring Cisco APIC-EM as a Single Host Using the Wizard Step 9 (Optional)Ifyouenteredyes,thenenterthemanagementinterfaceintheADDVIRTUALNETWORKADAPTERS screen. ThemanagementinterfacecanbeeitheranEthernetport(bondedornot)oraVLAN.ForaVLAN,usethefollowing format: interface.vlan_id Forexample,bond0.300oreth0.300 Step 10 (Optional)AddvirtualadaptersforeachoftheinterfacesintheADDVIRTUALNETWORKADAPTERSscreen. Ifyoucreatedabondedportintheprevioussteps,thenthatbondedportwillbedisplayedinthisscreen.Navigatetothe bondedportdisplayedonthescreenusingtheTabkeyonyourkeyboard.ProceedtoconfigureoneormoreVLANson thebondedport. Ifyoudidnotcreateabondedportintheprevioussteps,theneachEachEthernetportdiscoveredbytheconfiguration wizardwillbedisplayedinthisscreen.NavigatetotheEthernetportsdisplayedonthescreenusingtheTabkeyonyour keyboard.ProceedtoconfigureoneormoreVLANsontheseEthernetports. Note YoucanuseacommaseparatedlistofVLANs(forexample,100,200,300)forthisstep.TheVLANrangeis limited(1-1001,1005-4094).ThesameVLANcannotbeusedonmultipleinterfaces.Upto5VLANscanbe configuredperCiscoAPIC-EMcluster. Clicknext>>toproceed. Step 11 EnterconfigurationvaluesfortheNETWORKADAPTER#1onthehost. Theconfigurationwizarddiscoversandpromptsyoutoconfirmvaluesforthenetworkadapteroradaptersonyourhost. Forexample,ifyourhosthasthreenetworkadaptersyouarepromptedtoconfirmconfigurationvaluesfornetwork adapter#1(eth0),networkadapter#2(eth1),andnetworkadapter#3(eth2)respectively. Note Thestepheaderchangestoreflectyourpriorconfigurationselections.Forexample,ifyouconfiguredabonded NIC,thentheheaderwilldisplayNETWORKADAPTER#1(bond0),ifyouconfiguredthisbondedNICas themanagementinterface,thentheheaderwilldisplayNETWORKADAPTER#1(bond0)MANAGEMENT INT,andsoforth. Important Theprimaryinterfaceforthecontrolleriseth0anditisbestpracticetoensurethatthisinterfaceismade highlyavailable. OnCiscoUCSservers,theNIClabeledwithnumber1wouldbethephysicalNIC.TheNIClabeledwiththenumber2 wouldbeeth1. HostIPaddress EnterthehostIPaddresstouseforthenetworkadapter. ThishostIPaddress(andnetworkadapter)connectstothe externalnetworkornetworks. Theseexternalnetwork(s)consistsofthenetworkdevices, NTPservers,aswellasprovidingaccesstothenorthbound RESTAPIs.Theexternalnetwork(s)alsoprovidesaccess tothecontrollerGUI. Note Theconfigurationwizardvalidatesthevalue enteredandissuesanerrormessageifincorrect. IfyoureceiveanerrormessageforthehostIP address,thenchecktoensurethateth0(ethernet interface)isconnectedtothecorrectnetwork adapter. Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.4.1.x 7 Configuring Cisco APIC-EM in Standalone Mode Configuring Cisco APIC-EM as a Single Host Using the Wizard VirtualIP (Optional)EnteravirtualIPaddresstouseforthisnetwork adapter.YoushouldonlyconfigureavirtualIPaddress,if youaresettingupamulti-hostdeployment. Note ForadditionalinformationaboutvirtualIP,see Multi-HostDeploymentVirtualIP Netmask Enterthenetmaskforthenetworkadapter'sIPaddress. DefaultGatewayIPaddress EnteradefaultgatewayIPaddresstouseforthenetwork adapter. Note Ifnootherroutesmatchthetraffic,trafficwillbe routedthroughthisIPaddress. DNSServers EntertheDNSserverorserversIPaddresses(separated byspaces)forthenetworkadapter. StaticRoutes Ifrequiredforyournetwork,enteraspaceseparatedlist ofstaticroutesinthisformat: <network>/<netmask>/<gateway> Staticroutes,whichdefineexplicitpathsbetweentwo routers,cannotbeautomaticallyupdated;youmust manuallyreconfigurestaticrouteswhennetworkchanges occur.Youshouldusestaticroutesinenvironmentswhere networktrafficispredictableandwherethenetworkdesign issimple.Youshouldnotusestaticroutesinlarge, constantlychangingnetworksbecausestaticroutescannot reacttonetworkchanges. Oncesatisfiedwiththecontrollernetworkadaptersettings,enternext>>toproceed.Afterenteringnext>>,the configurationwizardproceedstovalidatethevaluesyouentered.Aftervalidationandifyourhosthastwonetwork adapters,youarepromptedtoentervaluesforNETWORKADAPTER#2(eth1).Ifyourhosthasthreenetwork adapters,youarepromptedtoentervaluesforNETWORKADAPTER#2(eth1)andNETWORKADAPTER#3 (eth2).Ifyoudonothaveanyadditionalnetworkadaptersorifyoudonothavemorethanonenon-routablenetwork, thenproceeddirectlytothenextstep. Step 12 Ifthecontrollerisbeingdeployedinyournetworkbehindaproxyserverandthecontroller'saccesstotheInternetis throughthisproxyserver,thenenterconfigurationvaluesfortheHTTPSPROXY. Note IfthereisnoproxyserverbetweenthecontrollerandaccesstotheInternet,thenthisstepwillnotappear.Instead, youwillbepromptedtoentervaluesforCLOUDCONNECTIVITY.Additionally,iftheHTTPSPROXY stepappearsbecausetheGatewayisunreachableforashortperiodoftimeduetonetworkdelay,thenyoucan chooseNextandskipbacktotheHTTPSPROXYstep. HTTPSProxy Entertheprotocol(HTTPorHTTPS),IPaddress,andport numberoftheproxy. Forexample,enterhttps://209.165.200.11:3128 HTTPSProxyUsername Entertheusername,ifauthenticationisrequiredforthe proxy. Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.4.1.x 8 Configuring Cisco APIC-EM in Standalone Mode Configuring Cisco APIC-EM as a Single Host Using the Wizard HTTPSProxyPassword Enterthepassword,ifauthenticationisrequiredforthe proxy. AfterconfiguringtheHTTPSPROXY,enternext>>toproceed.Afterenteringnext>>,youarethenpromptedtoenter valuesforCLOUDCONNECTIVITY. Step 13 EnterconfigurationvaluesforCLOUDCONNECTIVITY. CCOUsername EnteraCiscoConnectionOnline(CCO)usernameforcloud connectivity.Forexample,entertheusernamethatyouuse tologintotheCiscowebsitetoaccessrestrictedlocations aseitheraCiscocustomerorpartner. Note IfyoudonothaveaCCOusernameandpassword, thenenteryourcompanynameintheusername andcompanynamefieldsandleavethepassword fieldemptyforthisstep.Thiswillpermityouto proceedthroughtheconfig-wizardprocess.Values enteredforthisstepareusedfortelemetry collection.Forinformationabouttelemetry collection,seetheCiscoApplicationPolicy InfrastructureControllerEnterpriseModule AdministratorsGuide. CCOPassword EnteraCiscoConnectionOnline(CCO)passwordforthe CCOusername.Forexample,enterthepasswordthatyou usetologintotheCiscowebsitetoaccessrestricted locationsaseitheraCiscocustomerorpartner. CompanyName Enterthecompanyororganization'snamewithwhichyou areaffiliated. Oncesatisfiedwiththecloudconnectivitysettings,enternext>>toproceed.Afterenteringnext>>,theconfiguration wizardproceedstovalidatethevaluesentered.Aftervalidation,youarethenpromptedtoentervaluesforthe LINUX USERSETTINGS. Step 14 Enterconfigurationvaluesforthe LINUXUSERSETTINGS. Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.4.1.x 9 Configuring Cisco APIC-EM in Standalone Mode Configuring Cisco APIC-EM as a Single Host Using the Wizard LinuxPassword EnteraLinuxpassword. TheLinuxpasswordisusedtoensuresecurityforboththe Grapevinerootandclientslocatedonthehost(appliance, server,orvirtualmachine).AccesstotheGrapevineroot andclientsbyyouorthecontrollerrequiresthispassword. Thedefaultusernameisgrapevine. ForinformationabouttherequirementsforaLinux password,seethePasswordRequirementssectionin Chapter2,SecuringtheCiscoAPIC-EMintheCisco ApplicationPolicyInfrastructureControllerEnterprise ModuleAdministratorGuide. Note TheLinuxpasswordisencryptedandhashedin thecontrollerdatabase. Re-enterLinuxPassword ConfirmtheLinuxpasswordbyenteringitasecondtime. SeedPhrasePasswordGeneration (Optional)Insteadofcreatingandenteringyourown passwordintheaboveLinuxPasswordfields,youcan enteraseedphraseandhavetheconfigurationwizard generatearandomandsecurepasswordusingthatseed phrase. Enteraseedphraseandthenpress<GeneratePassword> togeneratethepassword. AutoGeneratedPassword (Optional)Theseedphraseappearsaspartofarandom andsecurepassword.Ifdesired,youcaneitherusethis password"asis",oryoucanfurthereditthisautogenerated password. Note Whenfinishedwiththepassword,besuretosave ittoasecurelocationforfuturereference. Press<UseGeneratedPassword>tosavethepassword. AfterconfiguringtheLinuxpassword,enternext>>toproceed.Afterenteringnext>>,youarethenpromptedtoenter valuesfortheAPIC-EMADMINUSERSETTINGS. Step 15 Enterconfigurationvaluesforthe APIC-EMADMINUSERSETTINGS. AdministratorUsername Enteranadministratorusername. Youradministratorusernameandpasswordareusedto ensuresecurityforthecontrolleritself.Accesstothe controller'sGUIrequiresthatyouenterthisusernameand password. Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.4.1.x 10