I was reviewing the open caveats in UCS firmware 2 and came across this about QoS policies. I found this odd because I have updated several customers to 2.0 that are using QoS policies and have yet to see the issue.
Symptom During upgrade from UCS 1.4 to 2.0, an SSLCert error may be written to the log files.
Workaround None. This is harmless and has not been found to impact functionality. (CSCtr10869)
Symptom While upgrading to UCS 2.0 with QoS policies defined , critical errors will be displayed for all QoS policies and VIFs with QoS policies defined on them will be down after upgrading the subordinate interconnect but before upgrading the primary interconnect.
Workaround Completing the upgrade to 2.0 by upgrading the Primary interconnect will clear these faults, however during the upgrade there will be a period of downtime between when the primary restarts and when the secondary becomes primary and brings up its VIFs. During this time all blades will lose their connectivity to both LAN and SAN. Alternatively you can remove all QoS policies from the affected interfaces, allowing them to come up, complete the upgrade and then reapply the QoS policies with no downtime. (CSCtt41541)
CSCtr10869… based on the internal bug details this is related to a cert between VC and ESX, it was seen on ESX 4.1.0 build 260247. Our developers will be looking into this with VMware. You can follow the updates on CCO using bug toolkit.
As far as CSCtt41541 I only see 8 cases attached to the bug. It appears you have not met the conditions to trigger the bug during your upgrades. It is resolved in 2.0(1s), you can avoid exposure to this when upgrading from 1.4 by going to this version. As always review the release notes before moving to any new version of code.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...