04-04-2022 11:26 PM
Hello,
Is it possible to make a query that returns all the IP addresses that connect to a certain policy tag?
for example I have this environment:
- ESG with a name of "NoamESG" with a tag selector to the following policy tag: "NoamTag" : "NoamValue"
- Subnet 1.1.1.1/24 with the following policy tag: "NoamTag" : "NoamValue"
- Subnet 2.2.2.1/24 with the following policy tag: "NoamTag" : "NoamValue"
As I understand, the ESG "NoamESG" should hold now 1.1.1.1/24 and also 2.2.2.1/24
can I make a query that returns those two subnets?
Thank you!
04-05-2022 09:34 AM
Are you trying to return the Subnets or Individual Endpoint IPs matching the policy tag?
Robert
04-06-2022 03:10 AM
All the IP addresses connected to the Policy tag.
For example I have a Policy Tag's Key-Value pair or DN, something like that - can I extract all the relevant IP addresses from it?
04-05-2022 11:18 PM - edited 04-05-2022 11:18 PM
Hi @noamcoh
Get all EPs (both IP and MAC) associated to tag {TAG_NAME:VALUE_NAME}, you can get it through API call or moquery like this:
moquery: moquery -c fvAssocESgTagSel -f 'fv.AssocESgTagSel.tagSelectorDn=="uni/tn-TENANT_NAME/ap-AP_NAME/esg-ESG_NAME/tagselectorkey-[TAG_NAME]-value-[VALUE_NAME]"' API Call: https://APIC_IP/api/node/class/fvAssocESgTagSel.json?query-target-filter=eq(fvAssocESgTagSel.tagSelectorDn,"uni/tn-TENANT_NAME/ap-AP_NAME/esg-ESG_NAME/tagselectorkey-[TAG_NAME]-value-[VALUE_NAME]")
Make sure you replace the tenant, ap, esg and tag/value names.
Stay safe,
Sergiu
04-06-2022 03:09 AM
Thank you, this is very helpful for the specific example.
I wanted to know if is there a more general API query that returns the IP addresses that are connected to a certain Policy Tag. the difference is that the query you wrote asks for a Policy Tag that associated to an ESG, but Policy Tag can be associated to different kind of objects.
For example I have a Policy Tag's Key-Value pair or DN, something like that - can I extract all the relevant IP addresses from it?
04-06-2022 03:40 AM
As far as I know, policy tags can only be associated to EPs (IP and/or MAC) and BD subnets and afterwards used for ESG selection.
The above command will show both if the tag is already associated to an ESG.
If you have tags which are not yet associated to ESGs, then I guess you could use the following moquery:
moquery -c tagTag -f 'tag.Tag.key=="KEY_NAME" and tag.Tag.value=="VALUE_NAME"'
But it will not tell you in which ESG is being part of. I guess this is the ultimate goal, right?
Stay safe,
Sergiu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide