Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5338
Views
40
Helpful
3
Replies

What is sclass in ACI ?

ciscoaci2015
Level 1
Level 1

‎10-24-2016 03:19 AM - edited ‎03-01-2019 05:04 AM

Hi ACI Team, 

what does 'sclass' means in the following output ?

module-1# show system internal eltmc info vlan 21
             vlan_id:             21   :::      hw_vlan_id:             23
           vlan_type:        BD_VLAN   :::         bd_vlan:             21
   access_encap_type:        Unknown   :::    access_encap:              0
   fabric_encap_type:          VXLAN   :::    fabric_encap:       16351138
              sclass:          32773   :::           scope:              4
             bd_vnid:       16351138   :::        untagged:              0
     acess_encap_hex:              0   :::  fabric_enc_hex:       0xf97fa2
Labels:
3 Replies 3

Robert Burns
Cisco Employee
Cisco Employee

‎10-24-2016 05:53 AM

sclass is the "source class".  This essentially is the unique EPG identifier ID.  In your case its shows as a decimal value, but often you'll see this value shown as a hex value.  Similarly there's a dclass value seen in some outputs.  This is useful when looking at/verifying contracts which will use the sclass & dclass to distinguish each ACL rule.

This property is known in the MIT as the 'pcTag'

Robert

Tomas de Leon
Cisco Employee
Cisco Employee

‎10-24-2016 06:04 AM

In addition to what Robert has already mentioned, here is a sample of a use case scenario. There are other reasons to look at this for advanced troubleshooting but this is a simple example:

TECHNOTE ON FINDING OUT INFORMATION ON ENDPOINTS, EPGS, AND ZONING RULES
------------------------------------------------------------------------
The purpose of this exercise is to find out what the source class is for certain endpoints. Then show the relationship to the "sclass" to the zoning rules. Then, show the relationship between the "sclass" to the configured EPGs.

The VRF used in this exercise is "deadbeef-l2ext:l2ext-v1" and the two endpoints are "192.2.80.101" and "192.2.81.101". The connections maybe be a single connection or a VPC connection. So you may need to capture all the information on each leaf used.

# FROM THE LEAF(s)
# Get Endpoint information for Endpoints in VRF_NAME or a specific Endpoint
# show endpoint vrf TENANT_NAME:VRF_NAME
# show endpoint ip [ep_ipaddress]

rtp-f2-p1-leaf3# show vrf
VRF-Name VRF-ID State Reason
deadbeef-l2ext:l2ext-v1 5 Up --

rtp-f2-p1-leaf3# show endpoint vrf deadbeef-l2ext:l2ext-v1
Legend:
s - arp O - peer-attached a - local-aged S - static
V - vpc-attached p - peer-aged M - span L - local
B - bounce H - vtep
+-----------------------------------+---------------+-----------------+--------------+-------------+
VLAN/ Encap MAC Address MAC Info/ Interface
Domain VLAN IP Address IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
3/deadbeef-l2ext:l2ext-v1 vxlan-16056263 0005.73a0.0052 tunnel6
3/deadbeef-l2ext:l2ext-v1 vxlan-16056263 1c17.d3e4.f90d tunnel6
3/deadbeef-l2ext:l2ext-v1 vxlan-16056263 0000.0c9f.f050 tunnel5
3/deadbeef-l2ext:l2ext-v1 vxlan-16056263 1c17.d3e4.f945 a tunnel6
4 vlan-80 2894.0f05.01ff LpV po2
deadbeef-l2ext:l2ext-v1 vlan-80 192.2.80.253 LV po2
deadbeef-l2ext:l2ext-v1 vlan-80 2002:192:2:80::253 LV po2
18 vlan-48 0050.5689.8601 LpV po4
deadbeef-l2ext:l2ext-v1 vlan-48 192.2.80.101 LV po4
12/deadbeef-l2ext:l2ext-v1 vxlan-15990735 1c17.d3e4.f90d tunnel6
12/deadbeef-l2ext:l2ext-v1 vxlan-15990735 1c17.d3e4.f946 p tunnel6
13 vlan-81 2894.0f05.01ff LpV po2
deadbeef-l2ext:l2ext-v1 vlan-81 192.2.81.253 LV po2
deadbeef-l2ext:l2ext-v1 vlan-81 2002:192:2:81::253 LV po2
88 vlan-73 0050.5689.ae49 LpV po7
deadbeef-l2ext:l2ext-v1 vlan-73 192.2.81.101 LV po7


+------------------------------------------------------------------------------+
Endpoint Summary
+------------------------------------------------------------------------------+
Total number of Local Endpoints : 4
Total number of Remote Endpoints : 6
Total number of Peer Endpoints : 0
Total number of vPC Endpoints : 4
Total number of non-vPC Endpoints : 0
Total number of MACs : 10
Total number of VTEPs : 0
Total number of Local IPs : 6
Total number of Remote IPs : 0
Total number All EPs : 10


# show endpoint ip 192.2.80.101
# show endpoint ip 192.2.81.101

rtp-f2-p1-leaf3# show endpoint ip 192.2.80.101
Legend:
s - arp O - peer-attached a - local-aged S - static
V - vpc-attached p - peer-aged M - span L - local
B - bounce H - vtep
+-----------------------------------+---------------+-----------------+--------------+-------------+
VLAN/ Encap MAC Address MAC Info/ Interface
Domain VLAN IP Address IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
18 vlan-48 0050.5689.8601 LpV po4
deadbeef-l2ext:l2ext-v1 vlan-48 192.2.80.101 LV po4

rtp-f2-p1-leaf3# show endpoint ip 192.2.81.101
Legend:
s - arp O - peer-attached a - local-aged S - static
V - vpc-attached p - peer-aged M - span L - local
B - bounce H - vtep
+-----------------------------------+---------------+-----------------+--------------+-------------+
VLAN/ Encap MAC Address MAC Info/ Interface
Domain VLAN IP Address IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
88 vlan-73 0050.5689.ae49 LpV po7
deadbeef-l2ext:l2ext-v1 vlan-73 192.2.81.101 LV po7


------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
# FROM THE LEAF(s)
# Check HW programming for a specific endpoint
# vsh_lc -c "show system internal epmc endpoint ip 192.2.80.101"
# vsh_lc -c "show system internal epmc endpoint ip 192.2.81.101"

rtp-f2-p1-leaf3# vsh_lc -c "show system internal epmc endpoint ip 192.2.80.101"
vsh_lc -c "show system internal epmc endpoint ip 192.2.80.101"


MAC : 0050.5689.8601 ::: Num IPs : 1
IP# 0 : 192.2.80.101
Vlan id : 18 ::: Vlan vnid : 9210 ::: BD vnid : 16056263
Encap vlan : 802.1Q/48
VRF name : deadbeef-l2ext:l2ext-v1 ::: VRF vnid : 2293761
phy if : 0x16000003 ::: tunnel if : 0 ::: Interface : port-channel4
Ref count : 5 ::: sclass : 32773
Timestamp : 01/02/1970 04:31:34.022065
::: Learns Src: NS
EP Flags : local|IP|MAC|sclass|timer|
Aging: Timer-type : HT ::: Timeout-left : 681 ::: Hit-bit : Yes ::: Timer-reset count : 3

PD handles:
Bcm l2 hit-bit : Yes
[L2]: Asic : NS ::: ADJ : 0x25 ::: LST SA : 0x1 ::: LST DA : 0x1 ::: GST ING : 0x16ca ::: BCM : Yes
[L3-0]: Asic : NS ::: ADJ : 0x25 ::: LST SA : 0xce ::: LST DA : 0xce ::: GST ING : 0x1636 ::: BCM : Yes
<detail> SDB Data:
is_ns_learn_port_valid : YES ::: ns_learn_port 95
is_bcm_trunk_id_valid : YES ::: bcm_trunk_id 0x6(6)
is_bcm_vrf_id_valid : YES ::: bcm_vrf_id 0x3
is_bcm_l3_if_valid : YES ::: bcm_l3_if 0x1e
is_rmac_idx_valid : YES ::: rmac_idx 0x1
::::


rtp-f2-p1-leaf3# vsh_lc -c "show system internal epmc endpoint ip 192.2.81.101"
vsh_lc -c "show system internal epmc endpoint ip 192.2.81.101"


MAC : 0050.5689.ae49 ::: Num IPs : 1
IP# 0 : 192.2.81.101
Vlan id : 88 ::: Vlan vnid : 9235 ::: BD vnid : 15990735
Encap vlan : 802.1Q/73
VRF name : deadbeef-l2ext:l2ext-v1 ::: VRF vnid : 2293761
phy if : 0x16000006 ::: tunnel if : 0 ::: Interface : port-channel7
Ref count : 6 ::: sclass : 16386
Timestamp : 01/02/1970 04:31:04.567064
::: Learns Src: EPM
EP Flags : local|vPC|IP|MAC|sclass|timer|
Aging: Timer-type : HT ::: Timeout-left : 290 ::: Hit-bit : Yes ::: Timer-reset count : 180

PD handles:
Bcm l2 hit-bit : Yes
[L2]: Asic : NS ::: ADJ : 0x60 ::: LST SA : 0xf37 ::: LST DA : 0xf37 ::: GST ING : 0x10c5 ::: BCM : Yes
[L3-0]: Asic : NS ::: ADJ : 0x60 ::: LST SA : 0x2f1 ::: LST DA : 0x2f1 ::: GST ING : 0x1616 ::: BCM : Yes
<detail> SDB Data:
is_ns_learn_port_valid : YES ::: ns_learn_port 93
is_bcm_trunk_id_valid : YES ::: bcm_trunk_id 0x3(3)
is_bcm_vrf_id_valid : YES ::: bcm_vrf_id 0x3
is_bcm_l3_if_valid : YES ::: bcm_l3_if 0x62
is_rmac_idx_valid : YES ::: rmac_idx 0x1
::::


------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
# FROM THE LEAF(s)
# Check IP Routing Table for associated VRFs
show ip route vrf TENANT_NAME:VRF_NAME

# Get VLAN list on the associated LEAF Nodes
show vlan extended

rtp-f2-p1-leaf3# show ip route vrf deadbeef-l2ext:l2ext-v1
IP Route Table for VRF "deadbeef-l2ext:l2ext-v1"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

192.2.80.0/24, ubest/mbest: 1/0, attached, direct, pervasive
*via 10.0.32.66%overlay-1, [1/0], 1d09h, static, tag 4294967295
192.2.80.100/32, ubest/mbest: 1/0, attached, pervasive
*via 192.2.80.100, vlan3, [1/0], 1d10h, local, local
192.2.81.0/24, ubest/mbest: 1/0, attached, direct, pervasive
*via 10.0.32.66%overlay-1, [1/0], 1d09h, static, tag 4294967295
192.2.81.100/32, ubest/mbest: 1/0, attached, pervasive
*via 192.2.81.100, vlan12, [1/0], 1d10h, local, local


rtp-f2-p1-leaf3# show vlan extended

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
3 deadbeef-l2ext:l2ext-bd1 active Eth1/50, Eth1/52, Eth1/80, Po2,
Po4, Po7
12 deadbeef-l2ext:l2ext-bd2 active Eth1/50, Eth1/52, Eth1/80, Po2,
Po4, Po7
13 deadbeef-l2ext:l2ext-ap:Net81 active Eth1/80, Po2
-epg-l2ext
18 deadbeef-l2ext:l2ext-ap:Net80 active Eth1/50, Eth1/52, Po4, Po7
-epg-endpoints
88 deadbeef-l2ext:l2ext-ap:Net81 active Eth1/50, Eth1/52, Po4, Po7
-epg-l2ext

VLAN Type Vlan-mode Encap
---- ----- ---------- -------------------------------
3 enet CE vxlan-16056263
12 enet CE vxlan-15990735
13 enet CE vlan-81
18 enet CE vlan-48
88 enet CE vlan-73

# Get VLAN Table (vlan, HW_vlan, Acc_vlan, BD_vlan)
vsh_lc -c "show system internal eltmc info vlan brief"

rtp-f2-p1-leaf3# vsh_lc -c "show system internal eltmc info vlan brief"
vsh_lc -c "show system internal eltmc info vlan brief"
VLAN-Info
VlanId HW_VlanId Type Access_enc Access_enc Fabric_enc Fabric_enc BDVlan
Type Type
==================================================================================
3 5 BD_VLAN Unknown 0 VXLAN 16056263 3
4 9 FD_VLAN 802.1q 80 VXLAN 10192 3
12 14 BD_VLAN Unknown 0 VXLAN 15990735 12
13 15 FD_VLAN 802.1q 81 VXLAN 10193 12
18 20 FD_VLAN 802.1q 48 VXLAN 9210 3
88 88 FD_VLAN 802.1q 73 VXLAN 9235 12


------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
# FROM THE LEAF(s)
# Check HW programming for a specific endpoint
# vsh_lc -c "show system internal epmc endpoint ip 192.2.80.101"
# vsh_lc -c "show system internal epmc endpoint ip 192.2.81.101"

rtp-f2-p1-leaf3# vsh_lc -c "show system internal epmc endpoint ip 192.2.80.101"
vsh_lc -c "show system internal epmc endpoint ip 192.2.80.101"


MAC : 0050.5689.8601 ::: Num IPs : 1
IP# 0 : 192.2.80.101
Vlan id : 18 ::: Vlan vnid : 9210 ::: BD vnid : 16056263
Encap vlan : 802.1Q/48
VRF name : deadbeef-l2ext:l2ext-v1 ::: VRF vnid : 2293761
phy if : 0x16000003 ::: tunnel if : 0 ::: Interface : port-channel4
Ref count : 5 ::: sclass : 32773
Timestamp : 01/02/1970 04:31:34.022065
::: Learns Src: NS
EP Flags : local|IP|MAC|sclass|timer|
Aging: Timer-type : HT ::: Timeout-left : 681 ::: Hit-bit : Yes ::: Timer-reset count : 3

PD handles:
Bcm l2 hit-bit : Yes
[L2]: Asic : NS ::: ADJ : 0x25 ::: LST SA : 0x1 ::: LST DA : 0x1 ::: GST ING : 0x16ca ::: BCM : Yes
[L3-0]: Asic : NS ::: ADJ : 0x25 ::: LST SA : 0xce ::: LST DA : 0xce ::: GST ING : 0x1636 ::: BCM : Yes
<detail> SDB Data:
is_ns_learn_port_valid : YES ::: ns_learn_port 95
is_bcm_trunk_id_valid : YES ::: bcm_trunk_id 0x6(6)
is_bcm_vrf_id_valid : YES ::: bcm_vrf_id 0x3
is_bcm_l3_if_valid : YES ::: bcm_l3_if 0x1e
is_rmac_idx_valid : YES ::: rmac_idx 0x1
::::


rtp-f2-p1-leaf3# vsh_lc -c "show system internal epmc endpoint ip 192.2.81.101"
vsh_lc -c "show system internal epmc endpoint ip 192.2.81.101"


MAC : 0050.5689.ae49 ::: Num IPs : 1
IP# 0 : 192.2.81.101
Vlan id : 88 ::: Vlan vnid : 9235 ::: BD vnid : 15990735
Encap vlan : 802.1Q/73
VRF name : deadbeef-l2ext:l2ext-v1 ::: VRF vnid : 2293761
phy if : 0x16000006 ::: tunnel if : 0 ::: Interface : port-channel7
Ref count : 6 ::: sclass : 16386
Timestamp : 01/02/1970 04:31:04.567064
::: Learns Src: EPM
EP Flags : local|vPC|IP|MAC|sclass|timer|
Aging: Timer-type : HT ::: Timeout-left : 290 ::: Hit-bit : Yes ::: Timer-reset count : 180

PD handles:
Bcm l2 hit-bit : Yes
[L2]: Asic : NS ::: ADJ : 0x60 ::: LST SA : 0xf37 ::: LST DA : 0xf37 ::: GST ING : 0x10c5 ::: BCM : Yes
[L3-0]: Asic : NS ::: ADJ : 0x60 ::: LST SA : 0x2f1 ::: LST DA : 0x2f1 ::: GST ING : 0x1616 ::: BCM : Yes
<detail> SDB Data:
is_ns_learn_port_valid : YES ::: ns_learn_port 93
is_bcm_trunk_id_valid : YES ::: bcm_trunk_id 0x3(3)
is_bcm_vrf_id_valid : YES ::: bcm_vrf_id 0x3
is_bcm_l3_if_valid : YES ::: bcm_l3_if 0x62
is_rmac_idx_valid : YES ::: rmac_idx 0x1
::::


rtp-f2-p1-leaf3# show zoning-rule scope 2293761
Rule ID SrcEPG DstEPG FilterID operSt Scope Action Priority
======= ====== ====== ======== ====== ===== ====== ========
4098 0 32770 implicit enabled 2293761 permit any_dest_any(15)
4099 0 0 implicit enabled 2293761 deny,log any_any_any(20)
4100 0 0 implarp enabled 2293761 permit any_any_filter(16)
4101 0 15 implicit enabled 2293761 deny,log any_vrf_any_deny(21)
4114 0 32771 implicit enabled 2293761 permit any_dest_any(15)
4202 32772 32773 default enabled 2293761 permit src_dst_any(8)
4203 32773 32772 default enabled 2293761 permit src_dst_any(8)
4271 16386 32773 default enabled 2293761 permit src_dst_any(8)
4270 32773 16386 default enabled 2293761 permit src_dst_any(8)
4487 32772 16386 default enabled 2293761 permit src_dst_any(8)
4489 16386 32772 default enabled 2293761 permit src_dst_any(8)

rtp-f2-p1-leaf3# show zoning-rule scope 2293761 | grep 32773
4202 32772 32773 default enabled 2293761 permit src_dst_any(8)
4203 32773 32772 default enabled 2293761 permit src_dst_any(8)
4271 16386 32773 default enabled 2293761 permit src_dst_any(8)
4270 32773 16386 default enabled 2293761 permit src_dst_any(8)

rtp-f2-p1-leaf3# show zoning-rule scope 2293761 | grep 16386
4271 16386 32773 default enabled 2293761 permit src_dst_any(8)
4270 32773 16386 default enabled 2293761 permit src_dst_any(8)
4487 32772 16386 default enabled 2293761 permit src_dst_any(8)
4489 16386 32772 default enabled 2293761 permit src_dst_any(8)

# FROM THE APIC
# Get EPG Names & EPG pcTags (vrf has scopeID of 2293761)
moquery -c fvAEPg -f 'fv.ATg.scope=="2293761"' | egrep "name|pcTag"

rtp-f2-p1-apic1# moquery -c fvAEPg -f 'fv.ATg.scope=="2293761"' | egrep "name|pcTag"

name : Net80-epg-endpoints
nameAlias :
pcTag : 32773

name : Net81-epg-l2ext
nameAlias :
pcTag : 16386

# FROM THE APIC
# Get L2out External EPG Names & pcTags (vrf which has scopeID of 2293761)
moquery -c l2extInstP -f 'l2.extInstP.scope=="2293761"' | egrep "name|scope|dn|pcTag"

rtp-f2-p1-apic1# moquery -c l2extInstP -f 'l2.extInstP.scope=="2293761"' | egrep "name|scope|dn|pcTag"

name : Net80-epg-l2ext
dn : uni/tn-deadbeef-l2ext/l2out-Net80-l2ext/instP-Net80-epg-l2ext
nameAlias :
pcTag : 32772
scope : 2293761

# FROM THE LEAF(s)
rtp-f2-p1-leaf3# show zoning-rule scope 2293761 | grep 32772
4202 32772 32773 default enabled 2293761 permit src_dst_any(8)
4203 32773 32772 default enabled 2293761 permit src_dst_any(8)
4487 32772 16386 default enabled 2293761 permit src_dst_any(8)
4489 16386 32772 default enabled 2293761 permit src_dst_any(8)


------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------

rtp-f2-p1-apic1# show running-config tenant deadbeef-l2ext
# Command: show running-config tenant deadbeef-l2ext
# Time: Mon Oct 24 08:50:33 2016
tenant deadbeef-l2ext
description 'This deadbeef tenant is for testing L2 Extension. Configuration will utilize the static path and Bridged Outside methods.'
contract brc-l2ext-vrf
description 'Contract for L2 Extension of VLAN80 and VLAN81'
subject brc-l2ext-subject
access-group default both
description 'Subject for L2 Extension of VLAN80 and VLAN81'
exit
exit
vrf context l2ext-v1
description 'VRF for the L2 Extension of VLAN80 and VLAN81'
endpoint retention default
exit
bridge-domain l2ext-bd1
endpoint retention policy default
vrf member l2ext-v1
exit
bridge-domain l2ext-bd2
endpoint retention policy default
vrf member l2ext-v1
exit
application l2ext-ap
description 'Application profile for the L2 Extension of VLAN80 and VLAN81'
epg Net80-epg-endpoints
bridge-domain member l2ext-bd1
contract consumer brc-l2ext-vrf
contract provider brc-l2ext-vrf
description 'EPG for endpoints in VLAN80'
vmware-domain member deadbeef-dc-rtp2 deploy immediate
exit
exit
epg Net81-epg-l2ext
bridge-domain member l2ext-bd2
contract consumer brc-l2ext-vrf
contract provider brc-l2ext-vrf
description 'External Network EPG for the L2 Extension of VLAN81'
vmware-domain member deadbeef-dc-rtp2 deploy immediate
exit
exit
exit
interface bridge-domain l2ext-bd1
description 'Bridge Domain for the L2 Extension of VLAN80'
ip address 192.2.80.100/24
ipv6 address 2002:192:2:80::100/64 preferred
exit
interface bridge-domain l2ext-bd2
description 'Bridge Domain for the L2 Extension of VLAN81'
ip address 192.2.81.100/24
ipv6 address 2002:192:2:81::100/64 preferred
exit
external-l2 epg Net80-l2ext:Net80-epg-l2ext
bridge-domain member l2ext-bd1
contract consumer brc-l2ext-vrf
contract provider brc-l2ext-vrf
description 'External Network EPG for the L2 Extension of VLAN80'
exit
exit

Preview file
21 KB

Tomas de Leon
Cisco Employee
Cisco Employee
In response to Tomas de Leon

‎10-24-2016 06:11 AM

Also take a look at:

Unicast Data Plane Forwarding and Reachability

http://aci-troubleshooting-book.readthedocs.io/en/latest/unicast.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License