Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2216
Views
3
Helpful
5
Replies

Command to check which EPG is linked to which VRF in Cisco ACI

Singh007
Level 1
Level 1

‎07-10-2023 11:54 PM

Can someone help me with command used to check which EPG is linked to which VRF in cisco apic 5.2

Labels:
0 Helpful
5 Replies 5

Hefe2
Level 1
Level 1

‎07-11-2023 01:49 AM

Hi @Singh007 ,

there is no direct mapping between EPGs & VRFs. Only Bridge Domains are tied to VRFs.

So u have to find out which BD is mapped to your EPG first.

1. " show epg EPGxxx detail"       --> find out BD

2. "show bridge-domain "BDxxx"  --> get VRF Infos

 

Regards

0 Helpful

RedNectar
VIP Alumni
VIP Alumni

‎07-11-2023 05:22 AM - edited ‎07-11-2023 05:03 PM

Hi @Singh007 ,

Here's a command that will tell you which VRF is linked to an EPG.

If the EPG you want to find the VRF for is say the WebServers EPG from Tenant18's 2Tier_AP the command would be:
apic1# icurl -k 'https://localhost//api/node/mo/uni/tn-Tenant18/ap-2Tier_AP/epg-AppServers_EPG.json?query-target=children' | jq '.imdata[].fvCEp.attributes.vrfDn'
Now, getting the ?  character into that command is a bit of a challenge.  You have two choices:
  1. Press ctrl+v then ? 
  2. Start a bash shell - i.e. type bashEnter  before entering the command above.

As for getting a list of EPGs that belong to a VRF, that's a bit trickier.  I'll edit this if I figure it out

Later... (...MUCH Later... Phew)

OK, I've finally figured it out. But preliminaries first.

I tried querying the fvAEPg class (like @Robert Burns ) but that gives you ALL EPGs - not jus the EPGs for a VRF, which is what you asked.  So my logic is

  1. Identify the target VRF that you wish to find the EPGs for
    • If you want all EPGs for ALL VRFs, I'll deal with that as an extension
  2. Find the BDs that are linked to the target VRF
  3. For each BD found, find the EPGs linked to that.

Now, lets look at my test scenario. What better way to look than using the Policy Viewer plugin

RedNectar_0-1689115561794.png

 

Now the command to show all these EPGs for the above VRF is a mind-blowing 365 character command:

admin@apic1:~> for bd in $(icurl -ks "https://localhost/api/node/mo/uni/tn-Tenant18/ctx-Production_VRF.json?query-target=children&target-subtree-class=fvRtCtx" | jq ".imdata[].fvRtCtx.attributes.dn" | sed 's/.*\[//; s/\].*//') ; do icurl -ks "https://localhost/api/node/mo/${bd}.json?query-target=children&target-subtree-class=fvRtBd" | jq ".imdata[].fvRtBd.attributes.tDn" ; done
"uni/tn-Tenant18/ap-2Tier_AP/epg-AppServers_EPG"
"uni/tn-Tenant18/ap-2Tier_AP/epg-BD.Servers_EPG"
"uni/tn-Tenant18/ap-2Tier_AP/epg-WebServers_EPG"

 So let's make this a bit more manageable.

Step1: Don't use the APIC CLI, use bash

apic1# bash
admin@apic1:~>

Step 2: Define some static variables so you don't have to type such a long command

admin@apic1:~> uriPrefix="https://localhost/api/node/mo/"
admin@apic1:~> vrf="uni/tn-Tenant18/ctx-Production_VRF"

Step 3: Issue the command over multiple lines, using the above variables where possible (this reduces the longest line to a mere 166 chars)

admin@apic1:~> for bd in $(icurl -ks "${uriPrefix}${vrf}.json?query-target=children&target-subtree-class=fvRtCtx" | jq ".imdata[].fvRtCtx.attributes.dn" | sed 's/.*\[//; s/\].*//')
> do
> icurl -ks "${uriPrefix}${bd}.json?query-target=children&target-subtree-class=fvRtBd" | jq ".imdata[].fvRtBd.attributes.tDn"
> done
"uni/tn-Tenant18/ap-2Tier_AP/epg-AppServers_EPG"
"uni/tn-Tenant18/ap-2Tier_AP/epg-BD.Servers_EPG"
"uni/tn-Tenant18/ap-2Tier_AP/epg-WebServers_EPG"
admin@apic1:~>

Earlier I said "If you want all EPGs for ALL VRFs, I'll deal with that as an extension".  Here's the extension

Step 1: Figure out how to get all the VRFs. Note I've added another bash variable (classPrefix) and the -r option in the jq command

admin@apic1:~> classPrefix="https://localhost/api/node/class/"
admin@apic1:~> icurl -ks "${classPrefix}fvCtx.json" | jq -r ".imdata[].fvCtx.attributes.dn"
uni/tn-infra/ctx-overlay-1
uni/tn-common/ctx-default
uni/tn-common/ctx-copy
uni/tn-mgmt/ctx-oob
uni/tn-mgmt/ctx-inb
uni/tn-infra/ctx-ave-ctrl
uni/tn-common/ctx-SharedServices_VRF
uni/tn-Tanant01/ctx-Production_VRF
uni/tn-Tenant18/ctx-Production_VRF

Step 2: Use the output of this in an outer loop surrounding the above answer.  I'll include the definitions of the variables again for completeness

admin@apic1:~> uriPrefix="https://localhost/api/node/mo/"
admin@apic1:~> vrf="uni/tn-Tenant18/ctx-Production_VRF"
admin@apic1:~> classPrefix="https://localhost/api/node/class/"
admin@apic1:~> for vrf in $(icurl -ks "${classPrefix}fvCtx.json" | jq -r ".imdata[].fvCtx.attributes.dn")
> do
> echo "EPGs for VRF ${vrf}"
> for bd in $(icurl -ks "${uriPrefix}${vrf}.json?query-target=children&target-subtree-class=fvRtCtx" | jq ".imdata[].fvRtCtx.attributes.dn" | sed 's/.*\[//; s/\].*//')
> do
> icurl -ks "${uriPrefix}${bd}.json?query-target=children&target-subtree-class=fvRtBd" | jq ".imdata[].fvRtBd.attributes.tDn"
> done
> done
EPGs for VRF uni/tn-infra/ctx-overlay-1
"uni/tn-infra/ap-access/epg-default"
EPGs for VRF uni/tn-common/ctx-default
"uni/tn-Tenant11/ap-2Tier_AP/epg-WebServers_EPG"
EPGs for VRF uni/tn-common/ctx-copy
EPGs for VRF uni/tn-mgmt/ctx-oob
EPGs for VRF uni/tn-mgmt/ctx-inb
EPGs for VRF uni/tn-infra/ctx-ave-ctrl
"uni/tn-infra/ap-ave-ctrl/epg-ave-ctrl"
EPGs for VRF uni/tn-common/ctx-SharedServices_VRF
"uni/tn-common/ap-SharedServices_AP/epg-SharedServices_EPG"
EPGs for VRF uni/tn-Tanant01/ctx-Production_VRF
"uni/tn-Tanant01/ap-2Tier_AP/epg-AppServers_EPG"
"uni/tn-Tanant01/ap-2Tier_AP/epg-WebServer_EPG"
EPGs for VRF uni/tn-Tenant18/ctx-Production_VRF
"uni/tn-Tenant18/ap-2Tier_AP/epg-AppServers_EPG"
"uni/tn-Tenant18/ap-2Tier_AP/epg-BD.Servers_EPG"
"uni/tn-Tenant18/ap-2Tier_AP/epg-WebServers_EPG"

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Robert Burns
Cisco Employee
Cisco Employee

‎07-11-2023 05:36 AM

Another easy way is to Navigate via the UI to Tenant > Networking > VRFs > VRFx, Operational Tab > Associated EPGs.  With this output it lists all EPGs in the VRF. You can then "Save As" and grab the output as JSON/XML to a file.  Pull this into Excel and you can scrape out the EPG names easily by 'dn" or 'name' property.

RobertBurns_1-1689078993850.png

Robert

Robert Burns
Cisco Employee
Cisco Employee

‎07-11-2023 06:37 AM

Here's what a parsed Excel file can look like just pulling out the EPG friendly names:

RobertBurns_2-1689082588418.png

If you need help parsing JSON within Excel you can follow this write up: https://malvenko.medium.com/parsing-json-data-in-excel-7254819cbbbf

Robert

0 Helpful

RedNectar
VIP Alumni
VIP Alumni

‎07-20-2023 02:17 PM

Hi @Singh007 ,

Have you checked my earlier answer?  This is a community forum, and it helps future visitors to this community if you explain why the answers given don't meet your expectations.

And of course, if the answer is correct, future visitors benefit from having the answer marked as correct.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License