cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
265
Views
0
Helpful
0
Replies
Highlighted
Beginner

Unexpected log entry - also missing context information - in ACI

Hi community,

we have a strange behavior at one of our customers' ACI fabrics: This log-message appears in the syslog:

%ACLLOG-5-ACLLOG_PKTLOG_DENY: CName: <unknown>(UNKNOWN: 0), VlanType: FD_VLAN, Vlan-Id: 123, SMac: 0x020820a12345, DMac:0xffffffffffff, Src Intf: Ethernet1/15, PktLen: 60

Leveraging a packet capture we figured out that it's apparently Reverse ARP packets that trigger the message. From what I understand this looks like a typical contract deny log message and we do indeed have deny contracts in place. However, several questions arise:

- Why is the context (CName) unknown?

- Why would a RARP (L2 Broadcast) hit a contract between EPGs when EPGs are 1:1 related to VLANs in our case?

In the GUI these denies are not seen as contract drops under the tenant. They can only be seen under System > Events.

 

Does anyone have any experiences with log messages like this? Any hint is appreciated.

 

Kind regards,

Nik 

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey