cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4001
Views
2
Helpful
4
Replies

ACI filter misses?

tigephillips
Level 4
Level 4

In ACI is it possible to see what traffic (IP ports) are being dropped by a contract?  It often happens that a contract has been put in place and some part of the application is still work working.  Rather than setting up a sniffer, snapping the traffic, etc, is there a way to show what's hitting the contract but is being dropped?  IP Port numbers would be fine, but that can be parsed out of anything if it's available in the system somewhere.  Or, if a monitor policy needs to be placed on it, that's fine too, I just can't find anything.

Thanks for any help.

4 Replies 4

davbark2
Level 1
Level 1

Hi tigephillips,

You should be able to see what packets are dropped by contracts with the “show logging ip access-list internal packet-log” CLI command. You may need to add the “deny” option to this depending on the ACI version.  But this does not show what contract is hit by the dropped packet.


You could be able to estimate it from “show system internal policy-mgr stats”.


Hope this

davbark2
Level 1
Level 1

From further input from one of our experts, you may have to "enable" feature by going to Fabric -> Fabric Policies -> Monitoring Policies -> Common Policy -> Syslog Message Policies -> Policy for system syslog messages -> Change ‘default’ to ‘information’. Then you can also view the logs in  the GUI by going to Fabric -> Inventory -> POD 1 -> History -> Events.  It will be logged as ACLLOG, see the attached image.


Dave

history.png

Hello,

Does the above configuration work for ACI Version: 2.2(1o)? I tried it in my lab but I didn't get any entry in the Event tab.


Thanks,

Helena.

I'll answer myself: it do work..I was doing the wrong test and not hiting a contract.

But then, the concern is ¿would this afect performance in a large environment with around 100 contracts?.

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


This community is intended for developer topics around Data Center technology and products. If you are looking for a non-developer topic about Data Center, you might find additional information in the Data Center and Cloud community