02-11-2019 12:11 AM - edited 03-01-2019 05:46 AM
I am googling around trying to find out how to check physical interface status of a switch in ACI environment via CLI. If I ssh to a leaf switch and issue "show interface x/y" I get the following:
Code: 403
Output: <?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="403" text="Need a valid webtoken cookie (named APIC-Cookie) or a signed request with signature in the cookie APIC-Request-Signature for all REST API requests"/></imdata>
Data Posted:
None
Error executing command, check logs for details
I tried to ssh to APIC and issue these commeands but no luck:
apic1# config
apic1(config)# leaf 103
apic1(config-leaf)# interface eth 1/7
apic1(config-leaf-if)# show
Error: Invalid argument ''. Please check syntax in command reference guide
apic1(config-leaf-if)#
I used "show" keyword because I saw one example where the same commands are issued but instead of just "show" you must use "show running-config", like this:
apic1(config)# leaf 103
apic1(config-leaf)# interface ethernet 1/2.150
apic1(config-leaf-if)# show running-config
# Command: show running-config leaf 103 interface ethernet 1 / 2 . 150
# Time: Tue Dec 8 08:08:37 2015
leaf 103
interface ethernet 1/2.150
vrf member tenant t1 vrf v1
ip address 169.10.10.1/24
ip router ospf default area 0.0.0.1
exit
So I thought if I just issued "show" keyword, the I will get the interface statistics, just like in using IOS command "show interface x/y"
Solved! Go to Solution.
02-11-2019 01:27 AM
Hi Blackschwanzer,
From the APIC, put the word fabric followed by the node id, followed by a regular command - use ? anywhere along the way to get help. For example, to examine ethernet interface 1/1 on the switch with ID 201, issue the command
fabric 201 show interface ethernet1/1
(See output below)
This should give you exactly the same output as issuing the command
show interface ethernet1/1
on the actual switch from an ssh session. I'm not sure why you got the error message shown, but the command syntax is show interface ethernet x/y - not show interface x/y
apic1# fabric 201 show interface ethernet1/1 ---------------------------------------------------------------- Node 201 (Spine201) ---------------------------------------------------------------- Ethernet1/1 is up admin state is up, Dedicated Interface Hardware: 40000 Ethernet, address: 0000.0000.0000 (bia 881d.fcc4.3648) MTU 9366 bytes, BW 40000000 Kbit, DLY 1 usec reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, medium is broadcast Port mode is routed full-duplex, 40 Gb/s, media type is 40G FEC (forward-error-correction) : disable-fec Beacon is turned off Auto-Negotiation is turned on Input flow-control is off, output flow-control is off Auto-mdix is turned off Rate mode is dedicated Switchport monitor is off EtherType is 0x8100 EEE (efficient-ethernet) : n/a Last link flapped 05w00d Last clearing of "show interface" counters never 1 interface resets 30 seconds input rate 624 bits/sec, 1 packets/sec 30 seconds output rate 992 bits/sec, 1 packets/sec Load-Interval #2: 5 minute (300 seconds) input rate 2952 bps, 2 pps; output rate 6576 bps, 2 pps L3 in Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes L3 out Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes RX 14498194 unicast packets 4569110 multicast packets 1 broadcast packets 19067305 input packets 3135504484 bytes 0 jumbo packets 0 storm suppression bytes 0 runts 0 giants 0 CRC 0 no buffer 0 input error 0 short frame 0 overrun 0 underrun 0 ignored 0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop 0 input with dribble 0 input discard 20114 input total drop 0 Rx pause TX 14864734 unicast packets 3742689 multicast packets 1 broadcast packets 18607424 output packets 3529176839 bytes 0 jumbo packets 0 output error 0 collision 0 deferred 0 late collision 0 lost carrier 0 no carrier 0 babble 0 output discard 0 output total drops 0 Tx pause
I hope this helps.
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem.
02-11-2019 01:27 AM
Hi Blackschwanzer,
From the APIC, put the word fabric followed by the node id, followed by a regular command - use ? anywhere along the way to get help. For example, to examine ethernet interface 1/1 on the switch with ID 201, issue the command
fabric 201 show interface ethernet1/1
(See output below)
This should give you exactly the same output as issuing the command
show interface ethernet1/1
on the actual switch from an ssh session. I'm not sure why you got the error message shown, but the command syntax is show interface ethernet x/y - not show interface x/y
apic1# fabric 201 show interface ethernet1/1 ---------------------------------------------------------------- Node 201 (Spine201) ---------------------------------------------------------------- Ethernet1/1 is up admin state is up, Dedicated Interface Hardware: 40000 Ethernet, address: 0000.0000.0000 (bia 881d.fcc4.3648) MTU 9366 bytes, BW 40000000 Kbit, DLY 1 usec reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, medium is broadcast Port mode is routed full-duplex, 40 Gb/s, media type is 40G FEC (forward-error-correction) : disable-fec Beacon is turned off Auto-Negotiation is turned on Input flow-control is off, output flow-control is off Auto-mdix is turned off Rate mode is dedicated Switchport monitor is off EtherType is 0x8100 EEE (efficient-ethernet) : n/a Last link flapped 05w00d Last clearing of "show interface" counters never 1 interface resets 30 seconds input rate 624 bits/sec, 1 packets/sec 30 seconds output rate 992 bits/sec, 1 packets/sec Load-Interval #2: 5 minute (300 seconds) input rate 2952 bps, 2 pps; output rate 6576 bps, 2 pps L3 in Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes L3 out Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes RX 14498194 unicast packets 4569110 multicast packets 1 broadcast packets 19067305 input packets 3135504484 bytes 0 jumbo packets 0 storm suppression bytes 0 runts 0 giants 0 CRC 0 no buffer 0 input error 0 short frame 0 overrun 0 underrun 0 ignored 0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop 0 input with dribble 0 input discard 20114 input total drop 0 Rx pause TX 14864734 unicast packets 3742689 multicast packets 1 broadcast packets 18607424 output packets 3529176839 bytes 0 jumbo packets 0 output error 0 collision 0 deferred 0 late collision 0 lost carrier 0 no carrier 0 babble 0 output discard 0 output total drops 0 Tx pause
I hope this helps.
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem.
02-11-2019 01:57 AM
02-11-2019 06:49 AM
Alright, that error message is a known bug CSCvi51338
02-11-2019 11:28 AM
Just an FYI - when you issue commands from the APIC using the fabric xxx prefix, you can use the ? key as per normal NXOS/IOS CLI.
When you have a session directly with a leaf switch, the ? key doesn't work. <Tab> still works, but not ? However, there is an alternative. When you need help, hit <Esc><Esc> and you will get help similar to ?
E.g.
Leaf101# show interface <Esc><Esc> <CR> Carriage return bbcredits Show interface bbcredits information brief Show brief info of interface capabilities Show interface capabilities information counters Show interface counters debounce Show interface debounce time information description Show interface description ethernet Ethernet IEEE 802.3z fc Fc interface fex-fabric Show all FEX fabric ports flowcontrol Show interface flowcontrol information loopback Loopback interface mac-address Show interface MAC address mgmt Management interface port-channel Port Channel interface priority-flow-control Show interface PFC information snmp-ifindex Show snmp ifindex list status Show interface line status switchport Show interface switchport information transceiver Transceiver Information trunk Show interface trunk information tunnel Tunnel interface vfc Vfc interface vfc-port-channel Vfc Port Channel interface vlan Vlan interface
02-11-2019 09:42 PM
And just to extend the discussion about the show commands - how could I check the logs of a spine/leaf switch?
Because now, if I issue "fabric 220 show logging" from the APIC, I get "incorrect command" error message:
apic1# fabric 220 show logging
----------------------------------------------------------------
Node 220 (leaf2)
----------------------------------------------------------------
Incorrect command "show logging"
apic1#
I can only see logging of some access list cache:
apic1# fabric 220 show logging ip ?
access-list Access-list
apic1# fabric 220 show logging ip access-list ?
cache show entries in ACLLOG cache
drop-codes Drop Codes
internal Show internal acllog information
span show entries in ACLLOG span
apic1# fabric 220 show logging ip access-list cache ?
deny action is deny
permit action is permit
apic1# fabric 220 show logging ip access-list cache deny ?
<CR> Carriage return
apic# fabric 220 show logging ip access-list cache deny
And I cannot issue "show logging" locally on the switch due to earlier mentioned bug.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide