Verify the ACI Endpoint Update App

Verify the ACI endpoint update app is working properly by checking the network objects in the management center.

Verify the ACI Endpoint Update App in the Management Center

When an APIC endpoint is pulled and pushed to the management center, it’s put into either a dynamic object or a network object. The object is named SitePrefix_TenantName_ApplicationProfileName_ApplicationEPGName .

Following is an example APIC tenant on which the information in this section is based.

Sample APIC tenant containing an application and ESG configuration.Sample APIC tenant containing an application profile and ESG configuration

This image is not available in preview/cisco.com

Procedure


Step 1

Log in to the management center.

Step 2

Click one of the following:

  • Network object: Click Objects > Object Management > Network.

  • Dynamic object: Click Objects > Object Management > External Attributes > Dynamic Objects.

FMC network objects that correspond to the preceding APIC tenant


What to do next

For troubleshooting purposes, you can track endpoints in the APIC's EP Tracker and Object Store Browser:

Additional notes:

  • During the push process, the REST operation (POST, PUT, or DELETE) is determined based on the comparison of what data is on the APIC and what is on the management center.

  • For diff calculation, each tenant updates only the data of its own tenant.

  • When all endpoints are deleted from an APIC endpoint group (EPG), the corresponding object group on the management center gets deleted too. But if the object group is referenced or used in any access rule on the management center, because there is a dependency, the object group cannot get deleted. In this case, we keep the group name and put the localhost IP address, 127.0.0.1, inside the group instead.

Verify the Endpoint Update App in the ASA

When an APIC endpoint is pushed to the ASA, it’s put into a network object group named SitePrefix#TenantName#ApplicationProfileName#ApplicationEPGName .

Procedure


Step 1

Start ASDM.

Step 2

Log in to the ASA.

Step 3

Click Configuration > Firewall.

Step 4

In the right pane, expand Network Objects.

Step 5

Network objects created by the Endpoint Update App are displayed under Network Object Groups, similar to the following.

The Endpoint Update App's network objects are displayed in the ASA if you configured it correctly