Table Of ContentCisco APIC Troubleshooting Guide, Release 4.1(x)
FirstPublished:2019-01-30
AmericasHeadquarters
CiscoSystems,Inc.
170WestTasmanDrive
SanJose,CA95134-1706
USA
http://www.cisco.com
Tel:408526-4000
800553-NETS(6387)
Fax:408527-0883
THESPECIFICATIONSANDINFORMATIONREGARDINGTHEPRODUCTSINTHISMANUALARESUBJECTTOCHANGEWITHOUTNOTICE.ALLSTATEMENTS,
INFORMATION,ANDRECOMMENDATIONSINTHISMANUALAREBELIEVEDTOBEACCURATEBUTAREPRESENTEDWITHOUTWARRANTYOFANYKIND,
EXPRESSORIMPLIED.USERSMUSTTAKEFULLRESPONSIBILITYFORTHEIRAPPLICATIONOFANYPRODUCTS.
THESOFTWARELICENSEANDLIMITEDWARRANTYFORTHEACCOMPANYINGPRODUCTARESETFORTHINTHEINFORMATIONPACKETTHATSHIPPEDWITH
THEPRODUCTANDAREINCORPORATEDHEREINBYTHISREFERENCE.IFYOUAREUNABLETOLOCATETHESOFTWARELICENSEORLIMITEDWARRANTY,
CONTACTYOURCISCOREPRESENTATIVEFORACOPY.
TheCiscoimplementationofTCPheadercompressionisanadaptationofaprogramdevelopedbytheUniversityofCalifornia,Berkeley(UCB)aspartofUCB'spublicdomainversionof
theUNIXoperatingsystem.Allrightsreserved.Copyright©1981,RegentsoftheUniversityofCalifornia.
NOTWITHSTANDINGANYOTHERWARRANTYHEREIN,ALLDOCUMENTFILESANDSOFTWAREOFTHESESUPPLIERSAREPROVIDED“ASIS"WITHALLFAULTS.
CISCOANDTHEABOVE-NAMEDSUPPLIERSDISCLAIMALLWARRANTIES,EXPRESSEDORIMPLIED,INCLUDING,WITHOUTLIMITATION,THOSEOF
MERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE.
INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUT
LIMITATION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHISMANUAL,EVENIFCISCOORITSSUPPLIERS
HAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.
AnyInternetProtocol(IP)addressesandphonenumbersusedinthisdocumentarenotintendedtobeactualaddressesandphonenumbers.Anyexamples,commanddisplayoutput,network
topologydiagrams,andotherfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesorphonenumbersinillustrativecontentisunintentional
andcoincidental.
Allprintedcopiesandduplicatesoftcopiesofthisdocumentareconsidereduncontrolled.Seethecurrentonlineversionforthelatestversion.
Ciscohasmorethan200officesworldwide.AddressesandphonenumbersarelistedontheCiscowebsiteatwww.cisco.com/go/offices.
CiscoandtheCiscologoaretrademarksorregisteredtrademarksofCiscoand/oritsaffiliatesintheU.S.andothercountries.ToviewalistofCiscotrademarks,gotothisURL:www.cisco.com
gotrademarks.Third-partytrademarksmentionedarethepropertyoftheirrespectiveowners.TheuseofthewordpartnerdoesnotimplyapartnershiprelationshipbetweenCiscoandany
othercompany.(1721R)
©2019CiscoSystems,Inc.Allrightsreserved.
CONTEN TS
PREFACE Preface xiii
Audience xiii
DocumentConventions xiii
RelatedDocumentation xv
DocumentationFeedback xv
CHAPTER 1 NewandChanged 1
NewandChangedInformation 1
CHAPTER 2 TroubleshootingOverview 3
TroubleshootingBasics 4
CHAPTER 3 TroubleshootingAPICCrashScenarios 7
CiscoAPICClusterFailureScenarios 7
ClusterTroubleshootingScenarios 7
ClusterFaults 10
TroubleshootingApplicationCentricInfrastructureCrashScenarios 11
TroubleshootingFabricNodeandProcessCrash 11
APICProcessCrashVerificationandRestart 13
TroubleshootinganAPICProcessCrash 15
CHAPTER 4 RecoveringCiscoAPICPasswordsandAccessingSpecialLogins 17
RecoveringtheAPICPassword 17
UsingtheRescue-userAccounttoErasetheCiscoAPICConfigurationUsingtheNX-OSStyleCLI 18
UsingtheFallbackLoginDomaintoLogintotheLocalDatabase 18
CiscoAPICTroubleshootingGuide,Release4.1(x)
iii
Contents
CHAPTER 5 CiscoAPICTroubleshootingOperations 21
ShuttingDowntheAPICSystem 21
ShuttingDowntheAPICControllerUsingtheGUI 21
UsingtheAPICReloadOptionUsingtheGUI 22
ControllingtheLEDLocatorUsingtheGUI 23
CHAPTER 6 UsingtheCiscoAPICTroubleshootingTools 25
EnablingandViewingACLContractandDenyLogs 26
AboutACLContractPermitandDenyLogs 26
EnablingACLContractPermitandDenyLoggingUsingtheGUI 27
EnablingACLContractPermitLoggingUsingtheNX-OSCLI 28
EnablingACLContractPermitLoggingUsingtheRESTAPI 28
EnablingTabooContractDenyLoggingUsingtheGUI 29
EnablingTabooContractDenyLoggingUsingtheNX-OSCLI 30
EnablingTabooContractDenyLoggingUsingtheRESTAPI 30
ViewingACLPermitandDenyLogsUsingtheGUI 31
ViewingACLPermitandDenyLogsUsingtheRESTAPI 32
ViewingACLPermitandDenyLogsUsingtheNX-OSCLI 33
UsingAtomicCounterPoliciesforGatheringStatistics 35
AtomicCounters 35
AtomicCountersGuidelinesandRestrictions 36
ConfiguringAtomicCounters 37
EnablingAtomicCounters 37
TroubleshootingUsingAtomicCounterswiththeRESTAPI 38
EnablingandViewingDigitalOpticalMonitoringStatistics 39
EnablingDigitalOpticalMonitoringUsingtheGUI 39
EnablingDigitalOpticalMonitoringUsingtheRESTAPI 40
ViewingDigitalOpticalMonitoringStatisticsWiththeGUI 41
TroubleshootingUsingDigitalOpticalMonitoringWiththeRESTAPI 41
ViewingandUnderstandingHealthScores 42
HealthScoreTypes 42
FilteringbyHealthScore 43
ViewingTenantHealth 43
CiscoAPICTroubleshootingGuide,Release4.1(x)
iv
Contents
ViewingFabricHealth 43
ViewingMOHealthinVisore 43
DebuggingHealthScoresUsingLogs 44
ViewingFaults 44
EnablingPortTrackingforUplinkFailureDetection 45
PortTrackingPolicyforFabricPortFailureDetection 45
ConfiguringPortTrackingUsingtheGUI 46
PortTrackingUsingtheNX-OSCLI 46
PortTrackingUsingtheRESTAPI 47
ConfiguringSNMPforMonitoringandManagingDevices 47
AboutSNMP 47
SNMPAccessSupportinACI 48
ConfiguringtheSNMPPolicyUsingtheGUI 48
ConfiguringanSNMPTrapDestinationUsingtheGUI 50
ConfiguringanSNMPTrapSourceUsingtheGUI 50
MonitoringtheSystemUsingSNMP 51
ConfiguringSPANforTrafficMonitoring 51
AboutSPAN 51
MultinodeSPAN 52
SPANGuidelinesandRestrictions 53
ConfiguringSPANUsingtheGUI 56
ConfiguringaTenantSPANSessionUsingtheCiscoAPICGUI 56
ConfiguringaSPANFilterGroupUsingtheAPICGUI 57
ConfiguringanAccessSPANPolicyUsingtheCiscoAPICGUI 58
ConfiguringaFabricSPANPolicyUsingtheCiscoAPICGUI 59
ConfiguringaLayer3EPGSPANSessionforExternalAccessUsingtheAPICGUI 60
ConfiguringaDestinationGroupforanAccessSPANPolicyUsingtheCiscoAPICGUI 61
ConfiguringaDestinationGroupforaFabricSPANPolicyUsingtheCiscoAPICGUI 61
ConfiguringSPANUsingtheNX-OSStyleCLI 62
ConfiguringLocalSPANinAccessMode 62
ConfiguringaSPANFilterGroup 65
AssociatingaSPANFilterGroup 66
ConfiguringERSPANinAccessMode 68
ConfiguringERSPANinFabricMode 71
CiscoAPICTroubleshootingGuide,Release4.1(x)
v
Contents
ConfiguringERSPANinTenantMode 73
ConfiguringaGlobalSPAN-On-DropSessionUsingtheCLI 75
ConfiguringSPANUsingtheRESTAPI 77
ConfiguringaFabricDestinationGroupforanERSPANDestinationUsingtheRESTAPI 77
ConfiguringaGlobalDropSourceGroupUsingtheRESTAPI 77
ConfiguringaLeafPortasaSPANDestinationUsingtheRESTAPI 77
ConfiguringaSPANAccessSourceGroupUsingtheRESTAPI 78
ConfiguringaSPANFabricSourceGroupUsingtheRESTAPI 78
ConfiguringanAccessDestinationGroupforanERSPANDestinationUsingtheRESTAPI 79
UsingStatistics 79
ViewingStatisticsintheGUI 80
SwitchStatisticsCommands 80
ManagingStatisticsThresholdsUsingtheGUI 81
StatisticsTroubleshootingScenarios 82
StatisticsCleanup 83
SpecifyingSyslogSourcesandDestinations 84
AboutSyslog 84
CreatingaSyslogDestinationandDestinationGroup 85
CreatingaSyslogSource 86
EnablingSyslogtoDisplayinNX-OSCLIFormat,UsingtheRESTAPI 87
DiscoveringPathsandTestingConnectivitywithTraceroute 88
AboutTraceroute 88
AboutWindowsandLinuxTraceroute 89
TracerouteGuidelinesandRestrictions 90
PerformingaTracerouteBetweenEndpoints 91
UsingtheTroubleshootingWizard 92
GettingStartedwiththeTroubleshootingWizard 92
GeneratingTroubleshootingReports 94
TopologyintheTroubleshootingWizard 95
UsingtheFaultsTroubleshootingScreen 96
UsingtheDrop/StatisticsTroubleshootingScreen 97
UsingtheContractsTroubleshootingScreen 99
UsingtheEventsTroubleshootingScreen 100
UsingtheTracerouteTroubleshootingScreen 100
CiscoAPICTroubleshootingGuide,Release4.1(x)
vi
Contents
UsingtheAtomicCounterTroubleshootingScreen 102
UsingtheSPANTroubleshootingScreen 102
CreatingaSPANSessionUsingtheCiscoAPICTroubleshootingCLI 102
L4-L7ServicesValidatedScenarios 103
ListofAPIsforEndpointtoEndpointConnections 104
interactiveAPI 105
createsessionAPI 106
modifysessionAPI 107
atomiccounterAPI 107
tracerouteAPI 107
spanAPI 108
generatereportAPI 109
schedulereportAPI 109
getreportstatusAPI 110
getreportslistAPI 110
getsessionslistAPI 111
getsessiondetailAPI 111
deletesessionAPI 111
clearreportsAPI 112
contractsAPI 112
ListofAPIsforEndpointtoLayer3ExternalConnections 112
interactiveAPI 113
createsessionAPI 113
modifysessionAPI 114
atomiccounterAPI 115
tracerouteAPI 116
spanAPI 117
generatereportAPI 118
schedulereportAPI 119
getreportstatusAPI 120
getreportslistAPI 120
getsessionslistAPI 120
getsessiondetailAPI 121
deletesessionAPI 122
CiscoAPICTroubleshootingGuide,Release4.1(x)
vii
Contents
clearreportsAPI 123
contractsAPI 123
ratelimitAPI 124
13extAPI 124
CheckingforConfigurationSynchronizationIssues 125
ViewingUserActivities 125
AccessingUserActivities 126
EmbeddedLogicAnalyzerModule 126
AbouttheEmbeddedLogicAnalyzerModule 126
GeneratinganELAMReportintheSimplifiedOutputforModularSwitches 126
GeneratinganELAMReportintheSimplifiedOutputforFixedForm-FactorSwitches 128
CHAPTER 7 ManuallyRemovingDisabledInterfacesandDecommissionedSwitchesfromtheGUI 129
ManuallyRemovingDisabledInterfacesandDecommissionedSwitchesfromtheGUI 129
CHAPTER 8 DecommissioningandRecommissioningSwitches 131
DecommissioningandRecommissioningSwitches 131
CHAPTER 9 TroubleshootingStepsforEndpointConnectivityProblems 133
TroubleshootingEndpointConnectivity 133
InspectingEndpointandTunnelInterfaceStatus 134
InspectingtheEndpointStatus 134
InspectingtheTunnelInterfaceStatus 135
ConnectinganSFPModule 135
CHAPTER 10 TroubleshootingEVPNType-2RouteAdvertisement 137
TroubleshootingEVPNType-2RouteDistributiontoaDCIG 137
CHAPTER 11 PerformingaRebuildoftheFabric 141
RebuildingtheFabric 141
CHAPTER 12 VerifyingIP-BasedEPGConfigurations 143
VerifyingIP-BasedEPGConfigurationsUsingtheGUI 143
CiscoAPICTroubleshootingGuide,Release4.1(x)
viii
Contents
VerifyingIP-EPGConfigurationsUsingSwitchCommands 144
CHAPTER 13 RecoveringaDisconnectedLeaf 147
RecoveringaDisconnectedLeafUsingtheRESTAPI 147
CHAPTER 14 TroubleshootingaLoopbackFailure 149
IdentifyingaFailedLineCard 149
CHAPTER 15 DeterminingWhyaPIMInterfaceWasNotCreated 151
APIMInterfaceWasNotCreatedForanL3OutInterface 151
APIMInterfaceWasNotCreatedForaMulticastTunnelInterface 152
APIMInterfaceWasNotCreatedForaMulticast-EnabledBridgeDomain 152
CHAPTER 16 ConfirmingthePortSecurityInstallation 153
ConfirmingYourPortSecurityInstallationUsingVisore 153
ConfirmingYourHardwarePortSecurityInstallationUsingtheCiscoNX-OSCLI 153
CHAPTER 17 TroubleshootingQoSPolicies 157
TroubleshootingCiscoAPICQoSPolicies 157
CHAPTER 18 DeterminingtheSupportedSSLCiphers 159
AboutSSLCiphers 159
DeterminingtheSupportedSSLCiphersUsingtheCLI 160
CHAPTER 19 RemovingUnwanted_ui_Objects 161
RemovingUnwanted_ui_ObjectsUsingtheRESTAPI 163
CHAPTER 20 TroubleshootingMultipodandMulti-SiteIssues 165
TroubleshootingMultipodandMulti-Site 165
APPENDIX A acidiagCommand 167
APPENDIX B ConfiguringExportPoliciesforTroubleshooting 175
CiscoAPICTroubleshootingGuide,Release4.1(x)
ix
Contents
AboutExportingFiles 175
FileExportGuidelinesandRestrictions 175
ConfiguringaRemoteLocation 176
ConfiguringaRemoteLocationUsingtheGUI 176
ConfiguringaRemoteLocationUsingtheRESTAPI 176
ConfiguringaRemoteLocationUsingtheNX-OSStyleCLI 177
SendinganOn-DemandTechSupportFile 178
SendinganOn-DemandTechSupportFileUsingtheGUI 178
SendinganOn-DemandTechSupportFileUsingtheRESTAPI 178
APPENDIX C FindingtheSwitchInventory 181
FindingYourSwitchInventoryUsingtheGUI 181
FindingYourSwitchInventoryUsingtheNX-OSCLI 181
FindingYourSwitchInventoryUsingtheRESTAPI 184
APPENDIX D CiscoAPICClusterManagement 187
ExpandingtheCiscoAPICCluster 187
ContractingtheCiscoAPICCluster 187
ClusterManagementGuidelines 188
ExpandingtheAPICClusterSize 189
ReducingtheAPICClusterSize 189
ReplacingCiscoAPICControllersintheCluster 190
ExpandingtheClusterExamples 191
ExpandingtheAPICClusterUsingtheGUI 191
ExpandingtheAPICClusterUsingtheRESTAPI 192
ContractingtheClusterExamples 192
ContractingtheAPICClusterUsingtheGUI 192
ContractingtheAPICClusterUsingtheRESTAPI 193
CommissioningandDecommissioningCiscoAPICControllers 194
CommissioningaCiscoAPICintheClusterUsingtheGUI 194
DecommissioningaCiscoAPICControllerintheClusterUsingtheGUI 194
ReplacingaCiscoAPICinaClusterUsingtheCLI 195
APPENDIX E CiscoAPICSSDReplacement 197
CiscoAPICTroubleshootingGuide,Release4.1(x)
x
Description:Contract or subject exceptions. • ACL contract chassisId=71355d49-6fe7-3a78-a361-72d6c1e3360c lm(t):3(2014-07-12T19:54:05.361+00:00).
