11-11-2014 03:23 AM - edited 03-01-2019 04:47 AM
Hi
Is it possible to have an historical view of what traffic has been permitted and denied between EPG's?
This would be very useful for troubleshooting. For example, my Netscaler probes (tcp port 80) to a web server are failing and the cause of issue could be either web service is not enabled on server or the contract between Netscaler and server is dropping the traffic. It would be good to confirm from a log that the traffic is being dropped/accepted by the contract.
Thanks
Ben
Solved! Go to Solution.
11-11-2014 04:48 AM
Hello,
Yes there is a way to check what contracts/filters have been hit by a packet between EPGs and yes you can tell if it has hit the implicit deny between two EPGs. On the other hand, the most you would be able to determine is that you have counters incrementing for a particular rule/contract. As far as i know there is no logging of every packet that goes inter-EGP. Its just a show command on the switch to see which rules/contracts have incrementing counters.
show zoning-rules - use this command to find the right rule ID by using your EPG PCTags
show system internal policy-mgr stats | grep <context segment id> - use this command to see incrementing counters.
11-11-2014 04:48 AM
Hello,
Yes there is a way to check what contracts/filters have been hit by a packet between EPGs and yes you can tell if it has hit the implicit deny between two EPGs. On the other hand, the most you would be able to determine is that you have counters incrementing for a particular rule/contract. As far as i know there is no logging of every packet that goes inter-EGP. Its just a show command on the switch to see which rules/contracts have incrementing counters.
show zoning-rules - use this command to find the right rule ID by using your EPG PCTags
show system internal policy-mgr stats | grep <context segment id> - use this command to see incrementing counters.
11-11-2014 06:59 AM
Thanks.
Its a shame we can not see more specific flows:- e.g. src-ip -> dst-ip on http permit
Ben
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide