APIC docker0 interface IP address

Unanswered Question
Jun 13th, 2017
User Badges:

Hello community,

All my APICs are having a docker0 interface with the same IP address  This subnet is in the production network VLAN 100 and causes the problem with VLAN 100 to access APIC because route was wrong.

Question: How do I change APICs docker0 ip address? I prefer to change them to a loop-back address like


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gmonroy Tue, 06/13/2017 - 09:08
User Badges:
  • Cisco Employee,


I will take a look in our lab, but at the moment I am unaware of a method to change the docker0 address.

With that said, what type of service is the APIC trying to reach and what is its path through ACI fabric?

Are you using in-band management and you are expecting the APIC to reply using the VICs/in-band EPG to reach some external Endpoint sourced traffic within the subnet?


Trinh Nguyen Tue, 06/13/2017 - 09:16
User Badges:


I am using OOBMGMT interface.  This service is for management only, nothing wrong in ACI.  I have a TACACS server in that cannot be reach by all APICs

Note that all three APICs are having the same docker0 ip address

[email protected]:~> ifconfig docker0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet netmask broadcast

RX packets 128 bytes 8576 (8.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2345321 bytes 98503674 (93.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Thanks for looking at this.



gmonroy Tue, 06/13/2017 - 10:28
User Badges:
  • Cisco Employee,


I just got confirmation from our development team that it is not configurable at this point. I will file an enhancement to allow that to happen in the future.

As for immediate solutions, I am assuming it is not possible to change the address of the TACACS service that is on the subnet outside of ACI?

Also, could you please send me the output of the following (if acceptable), otherwise please open an SR to send over this info:

>route -rm

>arp -an

>the address of your TACACS server




Trinh Nguyen Tue, 06/13/2017 - 11:24
User Badges:


No, changing the TACACS IP address is not an option.  

These are the outputs of the commands with some IP and MAC mask-out:

IP address of TACACS is 172.17.N.M (it is in the arp table) 

[email protected]:~> route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

default         172.X.Y.1         UG    16     0        0 oobmgmt     UG    0      0        0 bond0.3961 UH    0      0        0 bond0.3961   U     0      0        0 teplo-1   U     0      0        0 lxcbr0     U     0      0        0 docker0

172.X.Y.0   U     0      0        0 oobmgmt

[email protected]:~> arp -an

? ( at xxxxxxxxxx [ether] on oobmgmt

? ( at xxxxxxxxxx [ether] on oobmgmt

<output omit>..

? (172.17.N.M) at <incomplete> on docker0

? ( at xxxxxxxxxx [ether] on oobmgmt

[email protected]:~>

Thanks again.



This Discussion