Hi @aci_network_test ,
Can we check the running configuration of the interface via cli of LEAF switch ?
Yes. You sure can check the running config of the interface, but you'll need to know the leaf ID of the switch that the interface is on.
So if you wanted to check say interface Ethernet 1/9 on Leaf switch 2201 then the command (issued from the CLI of the APIC of course) is
show running-config leaf 2201 interface ethernet 1/9
Sample from our lab:
apic1# show running-config leaf 2201 interface ethernet 1/9
# Command: show running-config leaf 2201 interface ethernet 1/9
# Time: Mon Aug 22 20:44:48 2022
leaf 2201
interface ethernet 1/9
# policy-group Common:SharedServices_APPG
switchport trunk allowed vlan 2001 tenant common application SharedServices_AP epg SharedServices_EPG
exit
exit
apic1#
If you actually wanted to check the state of the interface, you can do that from the APIC CLI as well, but the format is a little different. In this case, you'd use the fabric <leaf-id> show construction - so for our sample interface above:
fabric 2201 show interface ethernet 1/9
And as seen from our lab:
apic1# fabric 2201 show interface ethernet 1/9
----------------------------------------------------------------
Node 2201 (Leaf2201)
----------------------------------------------------------------
Ethernet1/9 is up
admin state is up, Dedicated Interface
Port description is To Shared Services Server (DNS/DHCP)
Hardware: 100/1000/10000/25000/auto Ethernet, address: 10b3.d557.0d89 (bia 10b3.d557.0d89)
MTU 9000 bytes, BW 1000000 Kbit, DLY 1 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is trunk
full-duplex, 1000 Mb/s, media type is 1G
FEC (forward-error-correction) : disable-fec
Beacon is turned off
Auto-Negotiation is turned on
Input flow-control is off, output flow-control is off
Auto-mdix is turned off
Rate mode is dedicated
Switchport monitor is off
EtherType is 0x8100
EEE (efficient-ethernet) : n/a
Last link flapped 01w06d
Last clearing of "show interface" counters never
4 interface resets
30 seconds input rate 1680 bits/sec, 1 packets/sec
30 seconds output rate 1512 bits/sec, 2 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 2232 bps, 2 pps; output rate 2048 bps, 2 pps
RX
3029271 unicast packets 97089 multicast packets 32 broadcast packets
3126392 input packets 387150664 bytes
0 jumbo packets 0 storm suppression bytes
0 runts 0 giants 0 CRC 0 Stomped CRC 0 no buffer
0 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
0 input with dribble 0 input discard
0 input buffer drop 0 input total drop
0 Rx pause
TX
2294332 unicast packets 638792 multicast packets 1 broadcast packets
2933125 output packets 277489676 bytes
0 jumbo packets
0 output error 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble 0 output discard
0 output buffer drops 0 output total drops
0 Tx pause
and of course, if you wanted to check the VLANs you'd add the switchportoption as shown below:
apic1# fabric 2201 show interface ethernet 1/9 switchport
----------------------------------------------------------------
Node 2201 (Leaf2201)
----------------------------------------------------------------
Name: Ethernet1/9
Switchport: Enabled
Switchport Monitor: not-a-span-dest
Operational Mode: trunk
Access Mode Vlan: unknown (default)
Trunking Native Mode VLAN: unknown (default)
Trunking VLANs Allowed: 10-11
FabricPath Topology List Allowed: 0
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
And then of course you'd notice that the command above indicates that VLANs 10-11 are allowed on the port, but the running config shows VLAN 2001 is allowed - so to see the internal VLAN mappings, you would then use this command
apic1# fabric 2201 show vlan id 10-11 extended
----------------------------------------------------------------
Node 2201 (Leaf2201)
----------------------------------------------------------------
VLAN Name Encap Ports
---- -------------------------------- ---------------- ------------------------
10 common:SharedServices_BD vxlan-15761393 Eth1/9
11 common:SharedServices_AP:SharedS vlan-2001 Eth1/9
ervices_EPG
The "extra" VLAN (VLAN 10 above) being the VLAN allocated to the Bridge Domain on that switch to map the VNID of the BD to a local VLAN, and to provide a holding place for the gateway IPs for that Bridge domain, which of course you'd be able to see by issuing...
apic1# fabric 2201 show ip interface vlan10
----------------------------------------------------------------
Node 2201 (Leaf2201)
----------------------------------------------------------------
IP Interface Status for VRF "common:SharedServices_VRF"
vlan10, Interface status: protocol-up/link-up/admin-up, iod: 124, mode: pervasive
IP address: 10.200.0.1, IP subnet: 10.200.0.0/24
IP broadcast address: 255.255.255.255
IP primary address route-preference: 0, tag: 0
Oops. I seem to have got carried away - but I DID answer your question I believe!
RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
