Network Enhancers - "Delivering Beyond Boundaries" Headline Animator

Thursday, March 12, 2015

Cisco ACI CLI Commands "Cheat Sheet"

The goal of this document is to provide a concise list of useful commands to be used in the ACI environment. For in-depth information regarding these commands and their uses, please refer to the ACI CLI Guide.

Please note that legacy style commands (show firmware, show version, etc) will not be included in this guide. The below commands are new for ACI. Legacy commands may be added later on, but the point of this document is to be short and sweet.

This document is formatted in the following way: commands are surrounded by <> in bold and possible user-given arguments within commands (if necessary) are surrounded by () with a | in between multiple arguments. Brackets [] will be used for mandatory verbatim arguments. A dash (-) will be the barrier between a command and the explanation for a command. For example:

     - shows the status of a given interface as well as statistics
        interface ID is in () because it is a user-specified argument, you can put any interface you want

     - show the MAC port status
        ns|alp and 0|1 are in brackets because you must use either one of those arguments

Command Completion and Help
Context sensitive help and command completion in ACI is a bit different than in other command line interfaces from Cisco.  Since iShell builds mostly on Bash, these features tend to build off of the standard bash Programmable Completion feature.  

  • Tab - Use the tab key to auto complete commands.  In cases where there are multiple commands that match the typed characters, all options should be displayed horizontally.  

    Example Usage:

    admin@tsi-apic1-211:~> mo
    moconfig     mocreate     modelete     modinfo      modprobe     modutil      mofind       moprint      more         moset        mostats      mount        mount.fuse   mount.nfs    mount.nfs4   mountpoint   mountstats   mount.tmpfs
    admin@tsi-apic1-211:~> mo

    This is more than just iShell, it includes all Bash commands.  Hitting Tab before typing any CLI command on the APIC results in:
    Display all 1430 possibilities? (y or n)
  • Esc Esc - Use Double escape to get context sensitive help for available ishell commands.  This will display short help for each command.  [Side note: In early beta code, Double Escape after typing a few characters would only show one of the matching commands rather than all of them.  This is addressed via CSCup27989 ]

    Example Usage:

     attach           Show a filesystem object
     auditlog         Display audit-logs
     controller       Controller configuration
     create           create an MO via wizard
     diagnostics      Display diagostics tests for equipment groups
     dn               Display the current dn
     eraseconfig      Erase configuration, restore to factory settings
     eventlog         Display event-logs
     fabricnode       Commission/Decommission/Wipeout a fabric node
     faults           Display faults
     firmware         Add/List/Upgrade firmware
     health           Display health info
     loglevel         Read/Write loglevels
     man              Show man page help
     moconfig         Configuration commands
     mocreate         Create an Mo
     modelete         Delete an Mo
  • man  - All commands should have man pages.  [Side note: If you find an iShell command without a man page - open a bug]  The manual page for the commands will give you more detailed info on what the commands do and how to use them.

Cisco Application Centric Infrastructure CLI Commands (APIC, Leaf/Spine)

Clustering User Commands
 - shows the current cluster size and state of APICs
- changes the size of the cluster
 - Decommissions the APIC of the given ID
 - Factory resets APIC and after reboot will load into setup script
 - Reboots the APIC of the given ID
 - shows replica which are not healthy
 - shows the state of one replica
 - large output which will show cluster size, chassisID, if node is active, and summary of replica health
 - shows fabric node vector
 - shows appliance vector
 - verifies APIC hardware
 - shows link status
 - shows the status of bond link
 - shows dhcp client information to confirm dhcp address from APIC
 - commissions, decommissions, or wipes out given node. wipeout will completely wipeout the node including configuration. Use sparingly.

SSL Troubleshooting
 - tries to connect ssl between APIC and Node and gives output of SSL information
 -shows logging of DME-logs for node
 - shows policy-element logs for SSL connectivity
Can also check logs in the /var/log/dme/log directory

Switch Cert Verification
 - Next to PRINTABLESTRING, it will list Insieme or Cisco Manufacturing CA. Cisco means new secure certs are installed, Insieme means old unsecure are installed
- Shows start and end dates of certificate. Must be within range for APIC to accept
- Shows keypairs of specified cert

Switch Diagnostics
 - shows bootup tests and diagnostics of given module
 - shows ongoing tests of given module
 - shows diagnostic result of given module or all modules
 - shows diagnostic result of given test on given module
 - show debug information for the diagnostic modules

Debug Commands
 - shows debug output of given argument
 - enables/disables given argument on all modules
 - gets the interval of given argument
 - EPC mon statistics
 - EPC mon statistics
 - EOBC/EPC switch status (0: EOBC, 1: EPC)
 - SC card broadcom switch status

Insieme ELTM VRF, VLAN, Interface Commands
 - dumps ELTM trace to output file
 - dumps eltm trace to console
 - shows vrf table of given vrf
 - vrf summary, shows ID, pcTag, scope
 - shows vlan information. Can substitute (brief) for a vlan ID

OSPF CLI Commands
 - shows OSPF neighbors of given vrf
 - shows OSPF routes of given vrf
 - shows ospf interfaces of given vrf
 - shows ospf information of given vrf
 - shows ospf traffic of given vrf

External Connectivity
 - shows arp entries for given vrf
 - shows ospf neighbors for given vrf
 - shows bgp sessions/peers for given vrf
 - shows ospf routes for given vrf
 - shows bgp unicast routes for given vrf
 - shows static routes for given vrf
 - shows routes for given vrf
 - shows external LPMs
 - shows next hops towards NorthStar ASIC or external router
 - HigigDstMapTable Indexed using DMOD/DPORT coming from T2. Provides a pointer to DstEncapTable. 
 - DstEncapTable Indexed using the HigigDstMapTable’s result. Gives tunnel forwarding data.
 - RwEncapTable Indexed using the HigigDstMapTable’s result. Gives tunnel encap data.

ISIS Fabric Unicast Debugging
 - shows ISIS statistics
 - shows ISIS adjacencies for given vrf. Can also add detail
 - shows lldp neigbor status
 - shows interface status information and statistics
 - shows isis database, can also add detail
 - shows isis route information
 - shows isis traffic information
 - shows all discovered tunnel end points
 - shows isis statistics of given vrf
 - shows isis event history
 - shows isis memory statistics
 - provides isis tech-support output for TAC

ASIC Platform Commands
 - shows the MAC port status
 - shows the MAC port counters
 - shows ASIC block counters for given ASIC. Can also add [detail] for more details
 - shows interrupts for given ASIC

ASIC Platform Commands - T2 Specific
 - shows receive counters for T2
 - shows transmit counters for T2
 - shows per port packet type counters
 - shows ingress drop counters
 - shows egress drop counters
&  - setting register to specific trigger. 9 registers per port (0-8)
    ex -   - sets 4th register to select RFILDR selector (bit 13)
 - checking the stats for above command

ASIC Platform Commands - NS Specific
 - shows port counters
 - shows internal port counters
 - shows vlan counters
 - shows per-tunnel counters
 - shows ASIC block counters
 - shows well-defined tables

Fabric Multicast - General
 - shows currecnt state of FTAG, cost, root port, OIF list
 - shows GM-LSP database
 - shows GIPO routes, Local/transit, OIF list
 - shows topology and compute stats, MRIB update stats, Sync+Ack packet stats, Object store stats
 - shows isis multicast event history logs
 - more detailed than above command, specifically dealing with forwarding events and forwarding updates

Fabric Multicast Debugging - MFDM
 - flood/OMF/GIPi membership
 per BD

 - GIPi membership
 - specific
 - per BD
 - specific per BD

 - flood membership
 - per BD

 - OMF membership
 - per BD

 - IPMC membership 
 - specific IPMC

Fabric Multicast Debugging - L2 Multicast
 - flood/OMF/GIPi membership
 - per BD

 - GIPi membership
 - specific
 - per BD
 - specific per BD

 - flood membership
 - per BD

 - MET membership
 - specific MET
 - flood MET
 - per BD
 - specific per BD
 - IPMC membership
 - specific IPMC

Fabric Multicast Debugging - MRIB
 - shows IP multicast routing table for given vrf

Fabric Multicast Debugging - MFIB
 - shows FTAGs
 - shows GIPO routes

Fabric Multicast Debugging - IGMP
 - shows multicast route information in IGMP
 - shows multicast router information IGMP
 - FD to BD vlan mapping. IGMP gets FD and G from Istack. It needs to know the BD to create (BD, G)
 - verify BD membership of a port in IGMP. Only when ports are part of BD joins are processed
 - verify the tunnel to IF mapping in IGMP. IGMP uses this to get the groups on VPC and only sync them.

Fabric Multicast Debugging - MFDM
 - shows IPv4 multicast routing table for given vrf
 - Verify FD to BD vlan mapping. MFDM gets (FD,port) memberships from vlan_mgr and uses this information go create BD floodlists.
 - BD to GIPO mapping. GIPO is used by Mcast in Fabric
 - FD-vxlan to GIPO mapping
 - tunnel to phy mapping

Fabric Multicast Debugging - M2rib
 - shows multicast route information in M2rib
 - shows multicast route informatino in M2rib

Fabric Multicast Debugging - PIXM
 - RID to IPMC mapping. IFIDX is RID and LTL is IPMC

Fabric Multicast Debugging - VNTAG Mgr
 - IPMC to DVIF mapping. LTL is IPMC

EP Announce - Debugging

iBash CLI

 - show endpoint information

BCM Table Dump

Fabric QoS Debugging - CoPP CLI

 - CoPP statistics (red = dropped, green = allowed)
 - shows QoS classes configured
 - shows QoS classes/policices configured per vlan
 - shows ppf details
 - shows QoS classes configured in hardware
 - shows the QoS DSCP/dot1p policy configured for a vlan in HW
 - shows QoS DSCP/dot1p policy summary
 - shows QoS DSCP/dot1p policy in detail
 - shows T2 TCAM entries for specified group
 - shows QoS counters on each port
 - shows QoS counters on each port (internal)
 - shows QoS counters for each class for all ports

 - shows the edge port config on the HIF (FEX) ports, the internal VLAN mapping and the STP TCN packet statistics received on the fabric ports
 - shows mcp information by interface
 - shows stats for all interfaces
 - shows mcp information per vlan
 - shows stats for all vlans
 - shows mcp information per msti region
 - shows stats for all msti regions

iTraceroute CLI
 - node traceroute
 - Tenant traceroute for vlan encapped source EP
 - Tenant traceroute for vxlan encapped source EP

ELAM Setup and debugging (follow commands in order)
 - starts ELAM on given ASIC
 - sets trigger for ELAM
 - sets source and destination mac addresses
 - Starts capture
 - shows capture status
 - shows report of the capture

VMM Troubleshooting
 - shows VM controllers and their attributes such as IP/hostname, state, model, serial number
 - shows hypervisor inventory of given VM controller

TOR Sync Troubleshooting

 - can see which VLAN is learn disable
 - can see which VLAN is learn disable
 - see if timer is attached on the VLAN/vrf

OpFlex Debugging
 - shows if OpFlex is online (status = 12 means OpFlex is online, remoteIP is anycast IP, intra vlan is vlan used by VTEP, FTEP IP is the iLeaf's IP)
 - check if DPA is running

 - uplinks and vtep should be in forwarding state. PC-LTL of uplink port should be non-zero
 - Check port channel type
 - if port channel type is LACP, can use this command to see the individual uplink LACP state
 - verify if the VTEP received a valid DHCP IP address

SPAN Debugging

BPDU Debugging
 - shows if BPDU Guard/Filter is enabled or disabled
 - check if the bpdu-drop stats are incrementing on the uplinks/virtual ports

VEM Misc Commands
 - show channel status
 - check port status
 - check per EPG flood lists
 - check vLeaf multicast membership
 - show packet stats
 - show packet counters

 - debug vxlan packet path
 - debug vxlan packet path
 - show above logging output

FEX Troubleshooting
 - shows all FEXs and their states
 - gives detailed stats of given FEX
 - gives environmental stats of FEX
 - shows FEX version
 - shows FEX fabric interface information
 - shows logging information for FEX
 - shows transceiver information for FEX
 - show FEX reset reason
 - shows FEX module information
 - shows debugging information and you can grep to find what you want
 - use to find out which service is failing the sequence and you can debug that process further

No comments:

Post a Comment

My Blog List

Networking Domain Jobs