Configuring Out-of-Band connectivity to your ACI Fabric devices is a critical component to successfully maintaining and operating your datacenter. When it comes to configuring OOB connectivity to your devices (Leafs, Spines, and APIC Controllers), you’ll have need to do two things to get things going:

1. All devices will need static OOB addresses (APIC Controllers, Leafs, and Spines) that associates the IP address, NodeID, Default GW, and Management type (OOB, in our case)
2. Configure a Contract which will be consumed and provided to your OOB devices. The Contract will allow the system know what traffic is allowed (for our use case, we will use the default/common contract to permit any traffic).

Notables and Caveats

• Although you technically configure your OOB address for all APICs during the initial setup, you will need to configure their OOB connectivity here as well to ensure that you can reach the APICs via SNMP, etc. For more information on accessing the APICs via SNMP, check out this article.
• Out-of-band is required for those customers looking to use MultiSite (Multisite cannot be deployed with Inband Management).

Provide OOB Address for your APICs and Switches

Add the APIC(s) to the Static OOB Address List

Tenant > Tenant mgmt > Node Management Addresses > Static Node Management Addresses

• Configure a separate entry for each of your APICs
  • Node IDs for your APIC will range from 1-3 (assuming you have a 3-node APIC cluster).
  • Node Range (use the node ID for to and from)
  • Select Out-of-Band
  • Configure your OOB IPv4 address and IPv4 Gateway
  • Click Submit

Add your ACI Fabric Switches to the Static OOB Address List

Tenant > Tenant mgmt > Node Management Addresses > Static Node Management Addresses

• Configure a separate entry for each of your switches (both Spine and Leaf)
• Node Range (use the node ID for to and from)
• Select Out-of-Band
• Configure your OOB IPv4 address and IPv4 Gateway
• Click Submit

Provide and Consume Contracts for your OOB devices using default/common contract (permit any/any)

Step 1 – Providing the contract

Tenant > Tenant mgmt > Node Management EPGs > Out-of-Band EPG default

• Under the “Provided Out-of-Band Contracts” in the policy window, provide the appropriate contract (this could be a the default/common contract, or a specific contract you have created and modified).

Step 2 – Consuming the contract

Tenant > Tenant mgmt > External Management Network Instance Profiles > YourInstanceProfile

• Consume the same contract which you provided in the previous step
• Enter the subnets which are allowed to have access to the APIC (0.0.0.0/0 will permit all)