Hi community,
we have a strange behavior at one of our customers' ACI fabrics: This log-message appears in the syslog:
%ACLLOG-5-ACLLOG_PKTLOG_DENY: CName: <unknown>(UNKNOWN: 0), VlanType: FD_VLAN, Vlan-Id: 123, SMac: 0x020820a12345, DMac:0xffffffffffff, Src Intf: Ethernet1/15, PktLen: 60
Leveraging a packet capture we figured out that it's apparently Reverse ARP packets that trigger the message. From what I understand this looks like a typical contract deny log message and we do indeed have deny contracts in place. However, several questions arise:
- Why is the context (CName) unknown?
- Why would a RARP (L2 Broadcast) hit a contract between EPGs when EPGs are 1:1 related to VLANs in our case?
In the GUI these denies are not seen as contract drops under the tenant. They can only be seen under System > Events.
Does anyone have any experiences with log messages like this? Any hint is appreciated.
Kind regards,
Nik