Cisco ACI troubleshooting commands

List of usefull commands for ACI troubleshooting (controllers/leaves/spines).

Cisco ACI troubleshooting commands

Last updated - Oct 22, 2020

APIC Controller commands

Misc/management

acidiag fnvread - display information about fabric nodes (leaves and spines).

fabric <NODE_ID> <COMMAND> - execute a COMMAND on NODE_ID. NODE_ID can be specified as range or list of nodes, i.e. 101-103 or 101,105.

show oob - display information about Out-of-band management configuration.

Endpoints

show endpoints vlan xxx - display endpoints of specific VLAN xxx. Here xxx is exact encapsulation ID specified in EPG interface deployment, not internal ID of leaves.

show tenant <TENANT> application <APP> epg - display list of EPGs inside TENANT / APP and their contracts list.

show tenant <TENANT> application <APP> endpoints - list of endpoints for all EPGs inside TENANT / APP.

show tenant <TENANT> application <APP> epg <EPG> endpoints - list of endpoints for specific EPG inside TENANT / APP.

show tenant <TENANT> endpoints vlan <ID> - list of endpoints for TENANT and specific encapsulation VLAN ID.

show tenant <TENANT> application <APP> epg <EPG> details - display detailed information about EPG inside TENANT / APP, including EPG configuration details, assigned domains, contracts, static paths.

PC/VPC

show vpc map - display VPC to interfaces mapping table which includes VPC name, VPC cluster ID, VPC ID, Leaf ID/Name, port-channel interface ID, exact physical leaf interface.

show vpc map <VPC_IF_POLICY> - same as above, but only for specific VPC interface policy name.

show port-channel map
show port-channel map <VPC_IF_POLICY> - same as above, but little less info.

Bridge-domains

show tenant <TENANT> ip interface bridge-domain | egrep "Interface|<IP>" - find bridge-domain name in TENANT with IP.

Interfaces

show stats granularity 15min leaf 103 interface ethernet 1/5 - show interface statistics for specified interval.

Leaf commands

PC/VPC, VLANs

show vlan extended - display list of internal leaf VLAN ID mapping to EPG/BD and encap VLAN including leaf interfaces.

show vpc extended - display list of VPC IDs mapping to internal Port-channel IDs, encap VLAN IDs, interface policies.

vsh_lc -c "show system internal eltmc info vlan brief" - display table of internal VLANs. Access_enc field represents the VLAN ID deployed to the interface (EPG/L3Out).

vsh_lc -c "show system internal eltmc info vlan <VLAN>" - display info for VLAN, where VLAN is the ID of the internal VLAN. Internal VLAN ID numbers can be found with the help of show vlan extended command.

Endpoints

show system internal epm endpoint ip <IP> - display information about IP from dataplane.

clear system internal epm endpoint key vrf <TENANT>:<VRF> ip <IP> - clear learned endpoint in TENANT / VRF with address IP.

show system internal epm vlan <ID> [detail] - display information about VLAN. In this command you should pass internal VLAN ID, which could be obtained from show vlan extended command.

show ip arp internal event-history event - display ARP process traces.

Interfaces

cat /mit/sys/lldp/inst/if-[eth1--1]/summary - get information from MIT about leaf interface including its MAC address, wiring issues, operational/admin status.

cat /mit/sys/summary - get leaf manamenet information, state, sw version, uptime, last reboot reason, serial.

Routing

show ip arp vlan xxx - display next-hop IP in ARP table (only for L3Out).

show ip route vrf TENANT:VRF_NAME [PREFIX] - display routes, PREFIX is optional.

show ip eigrp int bri vrf TENANT:VRF_NAME
show ip ospf int bri vrf TENANT:VRF_NAME - verify OSPF/EIGRP is enabled on a correct interface.

show ip eigrp neighbors vrf TENANT:VRF_NAME
show ip ospf neighbors vrf TENANT:VRF_NAME - check the status of neighbors.

show ip eigrp vrf TENANT:VRF_NAME | egrep 'AS|K' - display EIGRP AS, K values.

show ip bgp neighbors vrf TENANT:VRF_NAME | egrep 'BGP nei|Using|Opens|hops' - display BGP neighbors info.

show ip bgp summary vrf TENANT:VRF_NAME - show BGP summary information.

show bgp sessions vrf overlay-1 - check if leaf have BGP sessions with RR spines.

show bgp vpnv4 unicast vrf overlay-1 - display redistributed/exported external routes in VRF overlay-1.

Overlay

show isis dteps vrf overlay-1 - display Dynamic Tunnel Endpoints, existing in IS-IS.

show isis adjacency vrf overlay-1 - display IS-IS neighbor information for overlay-1.

Checks

iping -V <TENANT>:<VRF> <IP> - perform ping inside specific TENANT / VRF to IP. Complete list of options:

usage: iping     
[ -d    set the SO_DEBUG option]
[ -D    enable debug information ]
[ -F    enable do not fragment bit in IP header ]
[ -L    receive packets on supplied interface ]
[ -n    enable printing host IP address than resolved name ]
[ -q    quiet output ]
[ -r    disable routing of the packets, send only to directly connected hosts ]
[ -v    output in verbose format ]
[ -V    <vrf-name> name of the VRF through which destination is reachable ]
[ -c    <count> no of packets to send ]
[ -i    <wait> no of seconds to wait before sending next packet ]
[ -p    <pattern> packet payload pattern ]
[ -s    <packetsize> size of packets to send ]
[ -t    <timeout> wait for seconds to receive reply ]
[ -S    <source ip/interface> send packet with given source-ip or IP of given interface and send packet out of that interface ]
<host>  destination host-name or ip address

Spine commands

Endpoints

show coop internal info ip-db | grep <IP> -A 13 - display information about IP.

show coop internal info repo ep dampening - see the list of dampened EPs.


The list will be updated whenever possible.

  • [22.10.2020] Added commands for routing troubleshooting
  • [18.02.2021] Added EPM VLAN details command
  • [19.04.2021] Added commands for displaying dteps in IS-IS, IS-IS neighbor info in overlay, internal VLAN info, ARP process traces.

Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Prox blog
Great! Next, complete checkout for full access to Prox blog
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.