Re: ACI Rogue Endpoint Listing

dongvillo-ccie · ‎01-15-2023

I'll get right to the point, is there any "good" way to get a list of all the Rogue EPs in a Fabric?

I'm not talking about the Fault table in the APIC GUI, yes I know you can see them there.

But that data is not very manageable or usable.

Any other way to export them, see them via CLI, etc.?

Thanks much in advance.

Mike

abhjha2 · ‎01-18-2023

Hi,

Use the below moquery to see the list of rogue IPs and using automation have them exported to csv file or the format you want.

APIC1# moquery -c epmIpEp -f 'epm.IpEp.flags*"rogue"' | grep addr | sort | uniq
addr : 10.10.10.1

APIC1# moquery -c epmMacEp -f 'epm.MacEp.flags*"rogue"' | grep addr | sort | uniq
addr : AA:AA:AA:AA:AA:AA

Leaf-101# show system internal epm endpoint all summary | grep -i rogue
Total number of rogue endpoints : 1
Total number of IP rogue endpoints : 1

or

Leaf-101# vsh_lc -c 'show system internal epmc endpoint all summary' | grep -i rogue
Total number of rogue endpoints : 1
Total number of IP rogue endpoints : 1

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Cisco ACI through our live Ask the Experts (ATXs) session. Check out Cisco ACI ATXs Resources [https://community.cisco.com/t5/data-center-and-cloud-knowledge/cisco-aci-ask-the-experts-resources/ta-p/4394491] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

dongvillo-ccie · ‎01-18-2023

I appreciate the info!

However, it would be nice if Cisco would just build this kind of crap into the APIC GUI itself.

abhjha2 · ‎01-19-2023

You can use a script to monitors for Rogue EPs using the faults and have them cleared at defined interval.
Rogue EP Control monitoring tool : https://github.com/brightpuddle/aci-rep-monitor