Introduction to APIC-EM

Hi Shaunl,

Some of these terms are indeed a bit vague. The total “SDN package” is a SDN controller with SDN supported hardware like routers, switches, firewalls or wireless access points. It also includes the NBI (an API) and a SBI protocol that communicates with our hardware (for example OpenFlow). We can also call this complete package a “SDN solution” or “SDN framework”.

The SDN controller is important, but you also need supported hardware or you won’t be able to do much :smile:

In case of APIC-EM, we have APIC-EM as the SDN controller, regular Cisco IOS / IOS XE hardware, the NBI is a GUI/API. The SBI are regular protocols like SSH/SNMP. This is our complete “SDN solution”.

Cisco called Cisco ACI a “SDN architecture” (yet another name)…it’s the same as a SDN solution / SDN framework. In this architecture, APIC is the SDN controller and ACI is what runs on the hardware (switches) that is managed by the SDN controller. They probably couldn’t choose more confusing names :smile:


1 Like

Hi Rene,

How can you classify Cisco Prime Infrastructure or compare it with APIC-EM controller ?
Thank’s for your answer.

Hello Jean-Christophe

Cisco Prime Infrastructure is a software package that that can be used to manage wired and wireless Cisco networks including:

…performance, application visibility, and user experience. It brings automation and best practices to the management of your Cisco® networks throughout the technology lifecycle, from design and deployment to day-to-day operations and service assurance.monitoring,

Cisco Prime Infrastrucutre can also be used to manage multiple instances of geographically separate CPI networks as one. More information about it can be found here.

APIC-EM on the other hand is something much more specific. It provides a method of implementing Software Defined Networking using traditional networking hardware.

I hope this has been helpful!


Many thank’s Laz. I can see the difference now

1 Like

Hello Rene,
A few questions about the APIC-EM. To me it looks like APIC-EM can only be used to discover topology, backup configuration and configure devices, but we already have plenty of tools out there that can be used for all of those things. I am not sure what is the special about APIC-EM.
On the other hand, a full blown SDN package might be little bit helpful. I am not sure about it, but it will require special devices for it.
Now let’s come to the point.

  1. After clicking the admin section on the top right corner, according to Rene, passwords need to be entered for CLI credentials and snmpv2c or snmpv3. What does it do? Why the CLI password is required here?

  2. When I am discovering a device, do I need to use SNMP read or write or both? Is it also required to enter CLI password? A device might be managed by a TACACS server. For that case, can any user’s credential be used here?

  3. Would you please show me how to configure a remote device by using APIC-EM?

  4. Let’s say a device is connected to the network and it does not have any configuration at all in it. Now, what is the minimum configuration the device has to have for me to configure the device remotely?

Thank you so much.


hi @azmuddincisco,

APIC-EM is indeed a bit similar to some other network management tools out there. After all, the devices that it manages are all “autonomous” routers/switches/etc so it’s not a “real” SDN solution. The control and data plane remains on the routers/switches. With so many proven network management tools out there, I don’t think APIC-EM will be that popular. The main reason I tested it is because the APIC-EM Path Trace ACL Analysis Tool is on the CCNA exam now.

From what I’ve read in the APIC-EM documentation the CLI is used for:

CLI global credentials are used by the Cisco APIC-EM to authenticate and access the devices in a network that share this device credential when performing network discoveries.

So it seems it uses the CLI (and SSH) sometimes. This is also possible through SNMP so there is some overlap here. However, the documentation does mention:

Both the CLI and SNMP credentials are required for a successful device discovery. You should enter at least one set of SNMP credentials, either SNMPv2c or SNMPv3 for device discovery.

It doesn’t tell us exactly when they use the CLI and when SNMP. You could test this by monitoring it though.

For discovery, you normally only need SNMP read. Write is used when you want to make changes to a device through SNMP. I think you can get away by only specifying the SNMP read community so it can only do discovery.

To add new devices, take a look at APIC-EM Plug and Play

If you want to try APIC-EM, make sure you look at the devnet labs. There’s also a lab where they apply a policy to APIC-EM managed devices which might be nice to try. Those are free:

Devnet APIC-EM Labs

Hi Rene,

Do you have the APIC-EM .ova file readily available? Also, what are you seeing right now as a good SDN controller for AWS?


Hi Fabian,

You can grab the ISO from Cisco directly, you don’t need a license for it.

So far, I only used SDN in lab environments :smile: Not sure if there are any other (non-vendor) solutions that are truly ready for production.

Great :+1:, thanks Rene.

Hello Guys,
I downloaded the APIC-EM iso and installed it on VMWare Workstation Pro.

How do I launch APIC-EM from here?

Btw, the iso I utilized is image .
thank you.
–Gaby :slight_smile:

Hello Martha

The next thing you should do is configure the APIC-EM as a single host or multi host cluster. Since you’re working in a simulation environment, I assume you’re going for the single host configuration. Take a look at this document that details the next steps for this:

I hope this has been helpful!


No Laz,
I am stuck. Something is wrong. I did not see APIC-EM install. I did not see the following screen when I ran the iso:

I am unclear as to what to do.

Hi Gaby,

Which ISO image did you try? It’s been 3 years since I wrote this lesson and installed APIC-EM so it’s likely something changed.

Let me know and I’ll try the install again.


The iso I utilized is APIC-EM1.2.1.691.
thank you.
–Gaby :slight_smile:

Hello Everyone,
I just wanted to circle back to ask if you guys have tried this again. Of all the topics in CCNA, this is the only one that I feel I have not tried anything. I will be attempting the test soon. Please let me know if you have an update. Thanks for all your help I love this site.
-Gaby <3

Hi Gaby,

I’m downloading two APIC-EM images now:

  • APIC-EM- (December 2018)
  • APIC-EM- (August 2016 )

Which screen do you see? I’ll boot both and see what I get.


Hi Gaby,

Just created a new VM on an ESXi 6.7 server. 22GB of RAM, 6 cores CPU, and 200GB disk space. I mounted the ISO and didn’t have any issues. Here’s a screen capture:

I didn’t complete the entire installation but at 7:50 you can see the license agreement part.

Where exactly do you get stuck? Does the ISO even boot?


I was trying to create it on my computer using VMware Workstation 15.5.0 and Apic-EM-

This is as far as it gets:

Does this have to be done on ESX, I wonder?
Thanks Rene.

Hi Gaby,

If it works on ESXi, it should also work on VMWare Workstation. Just to be clear, this is all you get right as soon as you start the VM and it boots the ISO?

Here’s someone who had the same error:

Looking at the error, it seems it can’t retrieve the IP address. It’s possible that Workstation uses different hardware than ESXi, which is why it fails.

Some things to check:

  • Did you set the OS to Linux 64-bit? You could try to set it to Ubuntu.
  • Check the virtual hardware version of the VM. It’s possible that APIC-EM doesn’t recognize the virtual hardware if you use the latest version.
  • What adapter type does it use? It should be VMXNET3.
  • Set your harddisk to 200GB (use thin provisioning).