04-17-2018 09:15 PM - edited 03-01-2019 06:07 AM
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
moquery --help usage: Command line cousin to visore [-h] [-i HOST] [-p PORT] [-d DN] [-c KLASS] [-f FILTER] [-a ATTRS] [-o OUTPUT] [-u USER] [-x [OPTIONS [OPTIONS ...]]] optional arguments: -h, --help show this help message and exit -i HOST, --host HOST Hostname or ip of apic -p PORT, --port PORT REST server port -d DN, --dn DN dn of the mo -c KLASS, --klass KLASS comma seperated class names to query -f FILTER, --filter FILTER property filter to accept/reject mos -a ATTRS, --attrs ATTRS type of attributes to display (config, all) -o OUTPUT, --output OUTPUT Display format (block, table, xml, json) -u USER, --user USER User name -x [OPTIONS [OPTIONS ...]], --options [OPTIONS [OPTIONS ...]] Extra options to the query
Basic moquery commands
BRIDGE DOMAIN moquery -c fvBD moquery -c fvBD -f "fv.BD.name==\"BDname\""
moquery -c fvSubnet (BD SVI) CONTEXT moquery -c fvCtx EPG moquery -c fvAEPg
moquery -c fvAEPg -f 'fv.AEPg.pcTag=="xxxx"'
ENDPOINT
moquery -c fvCEp
moquery -c fvCEp | grep x.x.x.x -A 10 -B 5
moquery -c fvCEp -f 'fv.CEp.name=="aa:bb:cc:dd:11:22:33:44"'
moquery -c fvCEp -f 'fv.CEp.ip=="1.1.1.1"'
moquery -c fvRsCEpToPathEp CONSUMED CONTRACT moquery -c vzBrCP PROVIDED CONTRACT moquery -c vzBrCP L3 OUT moquery -c l3extInstP
moquery -c l3extDomP
moquery -c actrl.PfxEntry
moquery -c l3extSubnet
FAULT
moquery -c faultInst -f 'fault.Inst.code=="F0467"'
moquery -c faultRecord -x order-by="faultRecord.created|desc" 'query-target-filter=wcard(faultRecord.created,"2017-12-1[2]")'>/home/admin/auditlog.txt
TUNNEL INTERFACES
moquery -c tunnelIf
On APIC, please enter into 'bash' mode, then you can start with moquery
<moquery -c fabricExplicitGEp> - Find vPC Domain VIP(s)
lindawa@apic1:~> moquery -c fabricExplicitGEp Total Objects shown: 1 # fabric.ExplicitGEp name : leaf103-104 childAction : configQual : configSt : deployed dn : uni/fabric/protpol/expgep-leaf103-104 id : 2 lcOwn : local modTs : 2017-12-12T01:29:24.470+00:00 monPolDn : uni/fabric/monfab-default rn : expgep-leaf103-104 status : uid : 15374 virtualIp : 10.0.120.65/32
Which leaf nodes is this EPG(name known) deployed on in the fabric?
lindawa@apic1:~> moquery -c fvLocale | grep dn | grep lindawa-web
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-101
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-102
Is the EPG (keyword for filtering) using dynamic attachment and what leafs?
lindawa@apic1:~> moquery -c fvDyPathAtt | grep dn | grep lindawa-web
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-101/dyatt-[topology/pod-1/protpaths-101-102/pathep-[lindawa-vpc-to-srv37]]
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-102/dyatt-[topology/pod-1/protpaths-101-102/pathep-[lindawa-vpc-to-srv37]]
lindawa@apic1:~>
What is the dynamic VLAN encap used for this EPG?
lindawa@apic1:~> moquery -c fvIfConn | grep dn | grep lindawa-web
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-101/dyatt-[topology/pod-1/protpaths-101-102/pathep-[lindawa-vpc-to-srv37]]/conndef/conn-[vlan-826]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-102/dyatt-[topology/pod-1/protpaths-101-102/pathep-[lindawa-vpc-to-srv37]]/conndef/conn-[vlan-826]-[0.0.0.0]
What is the BD name if I know the VLAN encap used for L2Out?
lindawa@apic1:~> moquery -c l2extRsEBd | grep -A 20 -B 2 vlan-43
childAction :
dn : uni/tn-lindawa/l2out-l2out-test/rseBd
encap : vlan-43
forceResolve : yes
lcOwn : local
modTs : 2018-04-12T05:23:44.593+00:00
monPolDn : uni/tn-common/monepg-default
rType : mo
rn : rseBd
state : formed
stateQual : none
status :
tCl : fvBD
tContextDn :
tDn : uni/tn-lindawa/BD-recreate
tRn : BD-recreate
tType : name
tnFvBDName : recreate
uid : 0
<moquery -c fabricExplicitGEp> - Find vPC Domain VIP(s), same command is applicable to switch as well.
What other EPG are configured to use leaf101 port 1/34.
leaf101# moquery -c fvIfConn | grep dn | grep eth1/34
dn : uni/epp/rtd-[uni/tn-lindawa/out-l3out-ospf/instP-all-ext]/node-101/stpathatt-[eth1/34]/conndef/conn-[unknown]-[192.168.33.3/24]
What VLAN is associated with an interface?
leaf101# moquery -c nwPathEp -f 'nw.PathEp.id=="eth1/16"'
Total Objects shown: 1
# nw.PathEp
id : eth1/16
allocState : allocated
childAction :
descr :
dn : sys/conng/path-[eth1/16]
fabricPathDn : topology/pod-1/paths-101/pathep-[eth1/16]
lcOwn : local
modTs : 2018-03-26T05:51:53.874+00:00
monPolDn : uni/fabric/monfab-default
name :
nativeEncap : vlan-1940
rn : path-[eth1/16]
status :
vlanScope : global
vlanScopeSupport : supported
leaf101#
What speeds are the leaf port configured to operate at?
leaf101# moquery -c ethpmPhysIf | grep -E 'dn|operSpeed'
dn : sys/phys-[eth1/33]/phys
operSpeed : 10G
dn : sys/phys-[eth1/34]/phys
operSpeed : 1G
@lindawa can you run moquery using API's?
do you know how CISCO NAE gets information from CISCO APIC or ACI switches, does it run any API or does it get information through commands.
Hi @kunal.2.puri1,
Everything you run through moquery, you can get through API. In the end, moquey is simply a query tool for managed objects.
For more details about how to use REST API, I would recommend the following two links:
Also, you can find a lot of labs on https://developer.cisco.com/site/aci/
Regards,
Sergiu
Nice blog, Linda. Thank you.
For more moquery commands, check my blog here: The ACI Moquery: Your Ultimate Guide For ACI Moquery Commands
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: