The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the following CLI commands:
You can use the following tools to display CLI command help:
command-name -help—Displays a brief summary of the command.
admin@apic1:aci> controller -h Usage: controller [TARGETNODE_ID] [commission|decommission] Display controller info. Commission or Decommission controllers. Options: -h --help
man command-name—Displays a Linux-style man page for the command.
admin@apic1:aci> man controller
The attach command opens an SSH session to a specified fabric node.
The following example shows how to use the attach command to connect the leaf1 node:
admin@apic1:aci> attach leaf1 # Executing command: ssh leaf1 Warning: Permanently added 'leaf1,10.0.75.31' (RSA) to the list of known hosts. admin@leaf1's password: admin@leaf1:~>
An audit log includes auditing information such as login and logout times. To display an audit summary for a given node, module, or interface, use the auditlog command.
auditlog-id | Specifies an audit log number to display. |
The following example shows how to use the auditlog command:
admin@apic1:Solar> pwd /home/admin/aci/tenants/Solar admin@apic1:Solar> auditlog 4294967305 ID : 4294967305 Description : Tenant Solar created Affected Object : uni/tn-Solar Time Stamp : 2014-07-21T20:00:25.518+00:00 Cause : transition Code : E4206326 Severity : info Change Set : name:Solar Action Performed : creation Action Trigger : config Transaction ID : 14411518807585652035 User : admin
The create command executes a wizard within a given scope; the wizard creates relevant objects in the MIT.
The following example shows how to use the create command:
admin@apic1:~> create tenant # Executing command: 'cd /aci/tenants; ./tenant.wiz' Create Tenant: -------------- Name : Cisco Description : Cisco Systems Monitoring Policy: Security Domains: ----------------- Name : skipping... Create new network: ------------------- Name : skipping... Do you want to view the corresponding commands? (Yes/No): Yes ------------------------------------------------------------------------- mocreate Cisco pushd . cd Tenant-Test moset description "Cisco Systems" pushd . cd security-domains popd pushd . cd networking pushd . cd private-networks popd popd popd -------------------------------------------------------------------------------- Do you want to commit changes? (Yes/No): Yes Adding mo tenants/Cisco All requests processed successfully!The tenant section of the create YAML file is defined as follows:
- tenant: help: 'Tenant' type: alias dirFormat: '/aci/tenants/' fileType: 'summary' createFile: tenant.wiz name: tenant
Note | For more information about YAML (.yml) file formats, see Customizing Commands. |
To display controller information or to commission or decommission a node, use the controller command.
commission | Commissions (creates) a node. |
decommission | Decommissions a specified node. |
controller-id | The controller ID. |
The following example shows how to use the controller command:
admin@apic1:> controller 1 decommission
To display equipment diagnostic tests, use the diagnostics command.
node-id |
The target node ID or node name. You can specify a range of node IDs or a list of node names. |
The following example shows how to use the diagnostics command:
admin@apic1:aci> diagnostics 1 Dn Group Model Subject Class Test Set ---------------------------------------------------------------------------------------------- topology/pod-1/node- internal-conn N9K-C9396PX eqptSupC mgmtp-lb 19/sys/diag/grptests- eqptSupC-model-[N9K- C9396PX]-grp-internal- conn topology/pod-1/node- cpu N9K-C93128TX eqptSupC cpu-cache 19/sys/diag/grptests- eqptSupC-model-[N9K- C93128TX]-grp-cpu topology/pod-1/node- sys-mem N9K-C93128TX eqptSupC bios-mem,mem-health 19/sys/diag/grptests- eqptSupC-model-[N9K- C93128TX]-grp-sys-mem topology/pod-1/node- peripherals Nagano eqptSupC act2-acc,cons-dev,fpga- 19/sys/diag/grptests- reg-chk,ge- eqptSupC-model- eeprom,nvram- [Nagano]-grp- cksum,obfl-acc,spi- peripherals cksum,ssd-acc,usb-bus topology/pod-1/node- fex NXS8-4532 eqptLC extch-fp,extch- 19/sys/diag/grptests- hp,extch-sprom eqptLC-model-[NXS8- 4532]-grp-fex admin@apic1:aci>
To erase the APIC configuration excluding first-time setup information and reboot the APIC, use the eraseconfig command.
Note | This command causes the APIC to reboot. |
Note | This command is removed in APIC Release 1.2(2) and later releases. Use the acidiag touch command followed by a reboot to erase the configuration. See the acidiag command documentation in the Cisco APIC Troubleshooting Guide. |
eraseconfig [ setup ]
setup | Erases first-time setup information. After the reboot, the first-time APIC setup dialog appears on the console. |
The following example shows how to use the eraseconfig command:
admin@apic1:~> eraseconfig
To display an event summary for a given node, module, or interface, use the eventlog command.
The following example shows how to use the eventlog command:
admin@apic1:/> eventlog switch 101 interface eth1/1
To display a summary of faults on a given node, module, port, or interface, use the faults command.
The following example shows how to use the faults command:
admin@apic1:faults> faults controller 1 detail
To manage firmware images in the repository on a fabric controller node, use the firmware command.
Note | This command is provided for local controller software upgrades; you can use policy-driven firmware upgrades to upgrade firmware on fabric controller nodes within a cluster. |
add | Adds a firmware image to the repository. You can download the firmware using SCP, FTP, HTTP, or any method for which the user is authorized. | ||
delete | Removes a firmware image from the repository. | ||
image-name | The name of the image file. | ||
list | Lists firmware images in the firmware repository. | ||
upgrade | Upgrades the firmware on a switch or the local APIC. | ||
controller | Specifies a local image installation the controller. | ||
status | Displays the firmware update status. | ||
node-id | The target node ID or node
name. You can only install firmware on one node at a time.
|
||
switch | Specifies an image installation on a switch. | ||
catalog | Upgrades an image within the image catalog. |
The following examples show how to use the firmware command:
admin@apic1:~> firmware list Name Type Major-Version Minor-Version Size(Bytes) Download-Date ----------------------- ------- ------------- ------------- ----------- --------------------- ifabric-k9-catalog- catalog 1.0 (0.566) 7461 2014-01- 1.0.0-566.bin 28T11:17:36.054+00:00
admin@apic1:~> firmware add ifabric-k9-simsw-1.0.0-559.bin Firmware Image ifabric-k9-simsw-1.0.0-559.bin is added to the repository admin@apic1:~> firmware list Name Type Major-Version Minor-Version Size(Bytes) Download-Date ----------------------- ------- ------------- ------------- ----------- --------------------- ifabric-k9-catalog- catalog 1.0 (0.566) 7461 2014-01- 1.0.0-566.bin 28T11:17:36.054+00:00 ifabric-k9-simsw-1.0.0- switch 1.0 (0.559) 854412177 2014-01- 559.bin
admin@apic1:~> firmware upgrade switch node 17 ifabric-k9-simsw-1.0.0-559.bin Firmware Installation on Switch Scheduled To check the upgrade status, use 'firmware upgrade status -t <node-id>' admin@apic1:~>
admin@apic1:~> firmware upgrade status node 17 Firmware Upgrade Status: Upgrade-Status Status Desired-Version Install-Stage Start-Date End-Date -------------- ------ ---------------- ----------------- --------------------- --------------------- inprogress simsw-1.0(0.559) InstallNotStarted 2014-01- 2014-01- 28T11:26:38.313+00:00 28T10:59:37.746+00:00.
admin@apic1:~> firmware upgrade status Node-Id Role Upgrade-Status -------------------------------------- 3 controller notscheduled 17 leaf completeok 20 spine notscheduled 1 controller notscheduled 2 controller notscheduled 19 spine notscheduled 18 leaf notscheduled
To display a health summary of a node, module, interface, or port, use the health command.
The following example shows how to use the health command:
admin@apic1:admin> health switch 101 interface eth1/1 Current Score Previous Score Timestamp ------------- -------------- --------------------- 95 96 2014-07- 21T15:25:24.092+00:00 Total : 1
To display the logging settings on the APIC, use the loglevel command.
get | Returns the service log level on a node. |
set | Sets the service log level on a node. |
node | Specifies a node. |
node-name | The node name. |
dme | Identifies a service process running on the node. |
dme-name | The service process (DME) name. Available DMEs vary by node and include: |
topic | Specifies a logging subsystem. |
topic-name | The logging subsystem. |
severity | Specifies a logging severity level. |
severity-level | The logging severity level. You can set the following values: |
The following example shows how to use the loglevel command:
admin@apic1:pod-1> loglevel get node spine1 dme dbgrelem logDefault : DBG4
To display the man (manual) page for a command, use the man command.
man command-name
command-name |
The command name. |
The following example shows how to use the man command:
admin@apic1> man trafficmap
To launch the managed object (MO) browser, use the mobrowser command.
scope | Specifies a scope within the MIT, such as aaa or access. |
The following example shows how to use the mobrowser command:
admin@apic1:> mobrowser
To commit or discard a configuration stored in the configuration buffer, use the moconfig command.
moconfig { commit | discard | diff | running }
commit |
Commits the configuration stored in the configuration buffer. |
discard |
Discards the configuration stored in the configuration buffer. |
diff |
Displays a summary of the difference between the active configuration and the configuration buffer. |
running | Shows the CLI commands used to create a configuration for a given context. This option simplifies the process of creating template configurations. For more information about configuration templates, see Creating Configuration Templates. |
The following examples show how to use the moconfig command:
admin@apic1:local-users> moconfig diff --- ./mario/mo 2013-10-01 21:17:06.000000000 -0700 +++ ./mario/mo.buffer 2013-10-01 21:17:53.000000000 -0700 @@ -2,8 +2,8 @@ local-user : ---------- login-id : george -first-name : -last-name : +first-name : George +last-name : Washington phone : email : description : admin@apic1:local-users> moconfig commit Commit Successful admin@apic1:local-users> moconfig diff admin@apic1:local-users>
admin@apic1:aci > cd tenants/ admin@apic1:tenants> moconfig running cd /aci/viewfw/tenants cd networking mocreate fv-tenant-common moconfig commit mocreate fv-tenant-test moconfig commit mocreate fv-tenant-mgmt moconfig commit cd external-routed-networks mocreate l3ext-out-x moconfig commit mocreate l3-outside-x moconfig commit cd l3-outside-x cd logical-node-profiles mocreate nodex cd nodex moset tag yellow-green moconfig commit
To create a managed object (MO), use the mocreate command.
Note | If you do not specify a scope, the command creates an MO in the current context. |
mocreate [context] name property-name property-value
context |
The context for the MO. |
name |
(Optional) The MO name. |
property-name |
(Optional) Specifies a property of the MO. |
property-value |
(Optional) Specifies a value for the property. |
The following example shows how to use the mocreate command to create an MO representing a user:
admin@apic1:node-associations> mocreate LS-all/ admin@apic1:node-associations> moconfig commit Committed mo 'fabric/policies/fabric-policy-associations/leaf/node/LNP/node-associations/LS-all' All mos committed successfully. admin@apic1:node-associations> ls LS-allTo override default settings, you can specify additional properties with the mocreate command, as shown in the following example.
admin@apic1:private-networks> pwd /aci/tenants/common/networking/private-networks admin@apic1:private-networks> mocreate Private1 monitoring-policy Monitor1
To remove a managed object (MO), use the modelete command.
Note | This command is typically used to remove a lower-level scope. |
modelete mo-name
mo-name |
The directory name containing the MO. |
admin@apic1:node-associations> modelete LS-all/
To search for a selected MO within the management information tree (MIT), use the mofind command.
mofind scope class package.class mo-value
class |
Class argument; specifies a class of MO to return |
package |
The name of the MO package. |
class |
The name of the MO class |
mo-value |
The MO name |
The following example shows how to use the mofind command:
admin@apic1:aci> mofind . class fv.Tenant /.aci/viewfs/tenants/t14/mo /.aci/viewfs/tenants/infra/mo /.aci/viewfs/tenants/common/mo /.aci/viewfs/tenants/Solar/mo /.aci/viewfs/tenants/mgmt/mo
admin@apic1:aci> mofind . class aaa.User /.aci/mitfs/uni/userext/user-admin/mo /.aci/viewfs/admin/aaa/security-management/local-users/admin/mo
To specify an output format for managed objects and managed object buffer files, use the moprint command.
Note | This command is useful for automation because it provides standardized output. |
moprint { exclude-help | include-help } { json | pretty | xml }
exclude-help |
Specifies that the output omit property descriptions |
include-help |
Specifies that the output contain property descriptions |
json |
Specifies JSON output |
pretty |
Specifies XML output in a tabular format |
xml |
Specifies XML output |
The following example shows how to use the moprint command to provide JSON output displaying MO properties:
admin@apic1:local-users> moprint json admin@apic1:local-users> cat ./mario/mo { "aaaUser": { "attributes": { "aaaUserclearPwdHistory": { "value": "no" }, "aaaUseremail": { "value": "" }, "aaaUserlastName": { "value": "Washington" }, "aaaUserphone": { "value": "" }, "aaaUserdescr": { "value": "" }, "aaaUserexpiration": { "value": "never" }, "aaaUserexpires": { "value": "no" }, "aaaUserencPwd": { "value": "" }, "aaaUseraccountStatus": { "value": "active" }, "aaaUsername": { "value": "george" }, "aaaUserfirstName": { "value": "George" }, "aaaUserpwdLifeTime": { "value": "no-password-expiration" }, "aaaUserpwd": { "value": "" } } } }
To run a query for a managed object (MO), use the moquery command.
--help or –h | Specifies an APIC host. |
--host or –i | Specifies an APIC host. |
host-id | The host name or IP address of an APIC. |
--port or –p | Specifies a port for a REST interface. |
portname | The REST interface port number. |
--dn or –d | Specifies a distinguished name (DN) for a managed object (MO). |
dn | The DN of an MO. |
--klass or –c | Specifies a class name for the query. |
classname | Specifies a class. You can enter multiple classes separated by commas. |
--filter or –f | Specifies a property on which to filter MOs. |
property | The property on which to filter MOs. |
--attrs or –a | Specifies the attributes that the query displays. |
attributes | The type of attributes to display. You can choose config (configuration attributes) or all. If config is selected, only configurable attributes are displayed. Unless the table output format is specified, the default is all. |
--output or –o | Specifies a query output format. |
output | The query output format. You can choose json, xml, block, or table. |
--user or –u | Specifies a user name. |
username | The user name. |
--options or –x | Specifies query options. |
options | The query options to enable. For more information, see Usage Guidelines. |
Using --options (or –x), you can specify query options as supported by the REST API. You can add multiple options statements to the command, using syntax such as the following:
-x [OPTIONS [OPTIONS ...]] [-x [OPTIONS [OPTIONS ...]]]
For example:
moquery -c firmwareCtrlrFwStatusCont -x query-target=subtree target-subtree-class=firmwareCtrlrRunning
The following example shows how to use the moquery command:
admin@apic1:~> moquery --dn unallocencap-[uni/infra] Total Objects shown: 1 # stp.UnAllocEncapCont infraPKey : uni/infra allocSize : 0 childAction : descr : dn : unallocencap-[uni/infra] lastAssigned : 8192 lcOwn : local modTs : 2014-07-26T16:46:27.176+00:00 name : ownerKey : ownerTag : rn : unallocencap-[uni/infra] size : 0 status :
To set the properties for a managed object (MO), use the moset command.
moset { property-name property-value [add | remove ] }
property-name | Property name |
property-value | Property value |
add | Adds a property to the managed object |
remove | Removes a property from the managed object |
The following example shows how to use the moset command to set the properties of a managed object:
admin@apic0:local-users> cat george/mo # aaa.User local-user : ---------- login-id : george first-name : last-name : phone : email : description : account-status : active account-expires : no expiration-date : never clear-password-history : no encrypted-password : password : password-life-time : no-password-expiration admin@apic0:local-users> moset first-name George last-name Washington admin@apic0:local-users> cat mario/mo.buffer # aaa.User local-user : ---------- login-id : george first-name : George last-name : Washington phone : email : description : account-status : active account-expires : no expiration-date : never clear-password-history : no encrypted-password : password : password-life-time : no-password-expiration admin@ifc0:local-users>
To display statistics for a MO, use the mostats command.
mostats [stats-class] [sampling-interval interval] [location location-name] [counter counter-name] [values values-name] [from date-from] [to date-to] [thresholded thresholded-flags] [output-to outputname]
stats-class |
Statistics type; use Tab autocomplete to display a list of available statistics in the current scope |
||
sampling-interval |
Specifies a sampling interval for the statistic |
||
interval |
Sampling interval; you can choose the following values: 5 minutes is the default value |
||
location |
Specifies a location from which to display statistics |
||
location-name |
Location from which to display statistics; you can chose history or current |
||
counter |
Specifies a specific counter to display. If you omit this keyword, the command displays all counters. |
||
counter-name |
Counter name. If you do not specify a counter name, the command displays the value of all counters. You can use autocomplete to display a list of available counters. |
||
values |
Specifies specific values to display |
||
values-name |
Type of values to display. You can use autocomplete to display a list of available values.
|
||
from |
Specifies a start date and time for statistics. This keyword is used for historical statistics. |
||
date-from |
Start date for the query |
||
to |
Specifies an end date and time for statistics. This keyword is used for historical statistics. |
||
date-to |
End date for the query |
||
thresholded | Specifies historical statistics that have crossed exceeded a threshold value | ||
thresholded-flags | The threshold flag value | ||
output-to |
Specifies a specific output type |
||
output-name |
Output type; you can choose the following values: |
The following example shows how to use the mostats command:
admin@apic0:leafport-17> mostats ingress-byte-counters location history Counters: flood (bytes) : periodic value multicastRate (bytes-per-second) : average value multicast (bytes) : periodic value unicastRate (bytes-per-second) : average value unicast (bytes) : periodic value Time Interval flood multicastRate multicast unicastRate unicast 2013-10-23 13:40:10 + 300sec 1692622494 6038011 1811403699 5959938 1787981697 2013-10-23 13:45:10 + 290sec 1701770043 5896513 1709988944 6350713 1841707150 2013-10-23 13:50:00 + 300sec 1875699742 6327240 1898172394 5204047 1561214263 2013-10-23 13:55:00 + 300sec 1991025635 6407343 1922203057 5961950 1788585183 2013-10-23 14:00:00 + 310sec 2020555778 6857403 2125795303 7152710 2217340307 2013-10-23 14:05:10 + 290sec 1884001802 6545303 1898138103 5878862 1704870238 2013-10-23 14:10:00 + 310sec 2037567241 5880848 1823063295 6927670 2147577849 2013-10-23 14:15:10 + 300sec 1651084097 6128338 1838501627 5696007 1708802494 2013-10-23 14:20:10 + 300sec 2119253728 5719718 1715322961 5606184 1681939173 2013-10-23 14:25:10 + 300sec 1824918785 6553074 1965922597 6167935 1850380704 2013-10-23 14:30:10 + 300sec 1794072506 6508516 1952555134 6745063 2023519193 2013-10-23 14:35:10 + 290sec 2305467846 6493923 1883237807 6693507 1941117370
To change the password on the APIC , use the password command.
password
The following example shows how to use the password command:
admin@apic1:aci> passwd Changing password for user admin. (current) password: New password: Retype new password: Password for user admin is changed successfully. admin@apic1:aci>
To reload a specified node or module, use the reload command.
Note | If you do not specify a node, the command reloads the node in the current context. |
reload { controller | switch } node-id
controller | Reloads a controller |
switch | Reloads a switch |
node-id |
The target node ID or node name. You can specify a range of node IDs or a list of node names. |
The following example shows how to use the reload command:
admin@apic1:aci> reload switch 118
To jump to the directory for a scope, use the scope command.
Note | The where command displays the MIT directory for a context, while scope opens the directory. |
scope scope-name
scope-name |
The scope name, such as aaa or access-policies |
The following examples show how to use the scope command:
admin@apic1:~> pwd /home/admin admin@apic1:/> scope tenant Changing directory to /.aci/tenants/ admin@apic1:tenants> pwd /aci/tenants
The show command displays the APIC configuration in a format similar to Cisco IOS and NX-OS. The command is similar to the alias Linux command.
show context
context |
The context name, such as aaa or access-policies |
The following example shows the standard show options:
admin@apic1:~> show <Esc><Esc> aaa aaa access Fabric Access Policies auditlog Show auditlog on current path bgp Show BGP information cdp Show Cisco Discovery Protocol information controller Controller Node cores cores eventlog Show eventlog on current path external-data-collectors external-data-collectors fabric Fabric Details faults Show faults current path fex Show fex information firmware Show firmware health Show health on current path historical-record-policy historic-record-policies import-export Import/Export interface Show interface status and information interface-policies interface-policies ip Display IP information isis Display IS-IS status and configuration l4-l7 L4-L7 Sevices Details lldp Show information about lldp module Show module information schedulers schedulers switch Switch Node tenant Tenant trafficmap Show trafficmap version Show version vmware VMware vCenter/vShield Controllers vpc Show vpc information
You can customize the show command with a simple YAML (.yml) configuration. For examples, see the .yml files in the /etc/scopedefs directory.
You can define custom show commands by creating a .yml file in your /home/username/scopedefs/ directory. You can ignore specific show scopes by adding them to the /home/username/scopedefs/.ignore.yml file.
You can also define custom show commands that execute at that specific scope, as shown in the cmdFormat value in the following example:
vmware : type: alias help: "VMware vCenter/vShield Controllers" name: vmware label: vmware sub: - name: controllers label: controllers type: keyword cmdFormat: "find /aci/vm-networking/inventory/VMware/vmm-domains/ -name controllers -exec echo ';' -exec echo {} ';' -exec cat '{}/summary' ';'" help: "Status of all Controllers" - name: domain label: domain type: keyword help: "Domain"
Note | For more information about YAML (.yml) file formats, see Customizing Commands. |
The following example shows how to use show to view local users.
admin@apic1:~> show aaa local-users # Executing command: cat /aci/admin/aaa/security-management/local-users/summary local-users: login-id first-name last-name email phone -------- ---------- --------- ----- ----- admin
The following excerpt shows the YAML definition for the aaa scope of the show command.
- aaa: name: aaa help: 'aaa' type: alias dirFormat: ' ' sub: - name: local-users label: local-users type: keyword dirFormat: '/aci/admin/aaa/security-management/local-users/' fileType: 'summary' help: 'local users'
To ping the management interface of a service device, use the svcping command.
Note | This command is supported within the Management Information Tree file system (mit); the command is not supported within the aci file system. |
svcping path
path |
The path of the service device (CDev) within the mit file system |
To display troubleshooting information, use the techsupport command.
techsupport all { [status] | [remotename fname ] }
techsupport controllers [status]
techsupport controllers remotename fname
techsupport db svc svcname [delete]
techsupport local
techsupport remote { list | name} [ fname ] {delete | [ {host remoteport protocol username password remotepath } ] }
techsupport switch nodeid { [status] | [remotename fname ] }
The techsupport command exports a file containing information about the current state of the ACI fabric or nodes. This information is very helpful to Cisco support and frequently provides the information needed to identify the source of a problem. The file is exported to the specified remote destination.
Beginning in Cisco APIC Release 1.1, three files are created and exported by this command:
filename.tar.gz—Contains configuration files, faults, events, debug counters, and other system information.
filename_db.tar.gz—Contains databases (.db files) collected from the node, one for each shard and replica.
filename_logs.tar.gz—Contains all logs collected from the node. For a switch node, the NX-OS techsupport data is included in this file.
The following example shows how to use the techsupport command in releases earlier than Cisco APIC Release 1.1.
admin@apic1:~> techsupport switch 101 Triggering techsupport for Switch 101 using policy supNode101 Triggered on demand tech support successfully for node 101, will be available at: /data/techsupport on the controller. Use 'status' option with your command to check techsupport status
To display a summary of traffic between two nodes, use the trafficmap command.
controller srcnode source-node-id destnode dest-node-id
srcnode | Specifies a node name |
source-node-id | The source node name |
destnode | Specifies a destination node |
dest-node-id | The destination node name |
The following example shows how to use the trafficmap command:
admin@apic1:> trafficmap srcnode 102 destnode 112
To create an IP troubleshooting session, use the troubleshoot eptoep session <session_name> srcip <src_ip> tenant <src_tenant> app <src_app> epg <src_epg> destip <dest_ip> tenant <dest_tenant> app <dest_app> epg <dest_epg> command.
To create a MAC troubleshooting session, use the troubleshoot eptoep session <session_name> srcmac <src_mac> tenant <src_tenant> app <src_app> epg <src_epg> destmac <dest_mac> tenant <dest_tenant> app <dest_app> epg <dest_epg> command.
Once the session is created, the following configuration options are available:
atomiccounter start
atomiccounter stop
traceroute start
traceroute stop
traceroute protocol <prot> dstport <dst_port>
report [<format>]
delete
description <descr>
latestminutes <num_min>
starttime <start_time> endtime <end_time>
monitor destination tenant <tenant_name> application <appln> epg <epg_name> ip_addr <ip_address> srcipprefix <ip_prefix> [(flowid <flow_id>)]
monitor stop
scheduler <scheduler-name>
scheduler delete
The following example shows how to create the IP troubleshoot eptoep session session:
admin@apic1:/> troubleshoot eptoep session <session_name> srcip <src_ip> tenant <src_tenant> app <src_app> epg <src_epg> destip <dest_ip> tenant <dest_tenant> app <dest_app> epg <dest_epg>
The following example shows how to create the MAC troubleshoot eptoep session session:
admin@apic1:/> troubleshoot eptoep session <session_name> srcmac <src_mac> tenant <src_tenant> app <src_app> epg <src_epg> destmac <dest_mac> tenant <dest_tenant> app <dest_app> epg <dest_epg>
To create an EP to external IP troubleshooting session, use the troubleshoot epext session <session_name> srcip <src_ip> tenant <src_tenant> app <src_app> epg <src_epg> destextip <dest_ip> command.
To create an external IP to EP troubleshooting session, use the troubleshoot epext session <session_name> srcextip <src_ip> destip <dest_ip> tenant <dest_tenant> app <dest_app> epg <dest_epg> command.
Once the session is created, the following configuration options are available:
atomiccounter start
atomiccounter stop
traceroute start
traceroute stop
traceroute protocol <prot> dstport <dst_port>
report [<format>]
delete
description <descr>
latestminutes <num_min>
starttime <start_time> endtime <end_time>
monitor destination tenant <tenant_name> application <appln> epg <epg_name> ip_addr <ip_address> srcipprefix <ip_prefix> [(flowid <flow_id>)]
monitor stop
scheduler <scheduler-name>
scheduler delete
The following example shows how to create the external IP troubleshoot epext session session:
admin@apic1:/> troubleshoot epext session <session_name> srcextip <src_ip> destip <dest_ip> tenant <dest_tenant> app <dest_app> epg <dest_epg>
To schedule a troubleshooting session, use the schedule troubleshoot eptoep session <session name>option command.
atomiccounter |
Configure atomic counter between the source and destination end-points |
delete |
Delete this troubleshoot session |
description |
Textual description of this troubleshooting session |
latestminutes |
Enter time window in number of minutes from current time |
monitor |
Configure monitor session to span the source and destination interfaces |
report |
Generate troubleshooting report |
scheduler |
Configure a scheduler for this session |
srcip |
Configure source endpoint IP |
srcmac |
Configure source endpoint MAC |
starttime |
Time when the problem started |
traceroute |
Configure traceroute session between two endpoints |
The following example shows how to use the troubleshoot eptoep session <session name> command:
admin@apic1:/> troubleshoot eptoep session <session name>report
To configure a new endpoint (ep) to endpoint atomic counter session, use the troubleshoot eptoep session newSession atomiccounteroption command.
start |
Start atomiccounter session |
stop |
Stop atomiccounter session |
The following example shows how to use the troubleshoot eptoep session <session name> atomiccounter command:
admin@apic1:/> troubleshoot eptoep session <session name> atomiccounter start
To configure a new endpoint (ep) to endpoint traceroute session, use the troubleshoot eptoep session <session name> tracerouteoption command.
protocol |
Configure traceroute protocol |
start |
Start traceroute policy |
stop |
Stop traceroute policy |
The following example shows how to use the troubleshoot eptoep session <session name> traceroute command:
admin@apic1:/> troubleshoot eptoep session <session name> traceroute start
To configure a new endpoint (ep) to endpoint traceroute protocol session, use the troubleshoot eptoep session <session name> traceroute protocoloption command.
<prot> |
Specify IP protocol (tcp|udp|icmp) |
The following example shows how to use the troubleshoot eptoep session <session name> traceroute protocol command:
admin@apic1:/> troubleshoot eptoep session <session name> traceroute protocol icmp
To configure a new endpoint (ep) to endpoint traceroute protocol session, use the troubleshoot eptoep session <session name> traceroute protocol tcpoption command.
<dstport> |
Specify destination L4 port to be used by traceroute |
The following example shows how to use the troubleshoot eptoep session <session name> traceroute protocol command:
admin@apic1:/> troubleshoot eptoep session <session name> traceroute protocol tcp dstport 80
To show an endpoint (ep) to endpoint connection, use the show troubleshoot eptoepoption command.
session |
Show session information |
sessions |
Show all session names |
The following example shows how to use the show troubleshoot eptoep command:
admin@apic1:/> show troubleshoot eptoep
To show an endpoint (ep) to endpoint MAC session, use the show troubleshoot eptoep session <session name>option command.
atomiccounter |
Show atomic counters |
audit |
Show audit information |
contracts |
Show contract information |
deployments |
Show deployment changes |
events |
Show events |
faults |
Show faults |
monitor |
Show monitor status |
reports |
Show reports |
statistics |
Show statistics |
topology |
Show topology |
traceroute |
Show traceroute results |
The following example shows how to use the show troubleshoot eptoep session <session name> command:
admin@apic1:/> show troubleshoot eptoep session <session name>
To display the current software version of a node, use the version command.
Note | If you do not specify a node, the command displays the current software version of all configured nodes. |
version { controller | switch } [node-id ]
controller | Displays the version for a controller |
switch | Displays the version for a switch |
node-id |
The target node ID or node name. You can specify a range of node IDs or a list of node names. |
The following examples show how to use the version command:
admin@apic1:~> version switch 101 node type node id node name version --------- ------- --------- ---------------- leaf 101 leaf1 simsw-1.0(0.450) admin@apic1:~> version node type node id node name version ---------- ------- --------- ---------------- controller 1 apic1 1.0(0.450) controller 2 apic2 1.0(0.450) controller 3 apic3 1.0(0.450) leaf 101 leaf1 simsw-1.0(0.450) leaf 102 leaf2 simsw-1.0(0.450) leaf 103 leaf3 simsw-1.0(0.450) spine 104 spine1 simsw-1.0(0.450) spine 105 spine2 simsw-1.0(0.450)
To display the management information tree (MIT) directory path for a scope, use the where command.
where scope-name
scope-name |
The scope name, such as aaa or access-policies. |
The following examples show how to use the where command:
admin@apic1:~> where aaa local-users admin /aci/admin/aaa/security-management/local-users/admin