Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Logging packets dropped between EPG's

Hi

 

Is it possible to have an historical view of what traffic has been permitted and denied between EPG's?

 

This would be very useful for troubleshooting. For example, my Netscaler probes (tcp port 80) to a web server are failing and the cause of issue could be either web service is not enabled on server or the contract between Netscaler and server is dropping the traffic. It would be good to confirm from a log that the traffic is being dropped/accepted by the contract.

 

Thanks

Ben

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hello,Yes there is a way to

Hello,

Yes there is a way to check what contracts/filters have been hit by a packet between EPGs and yes you can tell if it has hit the implicit deny between two EPGs. On the other hand, the most you would be able to determine is that you have counters incrementing for a particular rule/contract. As far as i know there is no logging of every packet that goes inter-EGP. Its just a show command on the switch to see which rules/contracts have incrementing counters. 

show zoning-rules - use this command to find the right rule ID by using your EPG PCTags

show system internal policy-mgr stats | grep <context segment id> - use this command to see incrementing counters. 

2 REPLIES
Cisco Employee

Hello,Yes there is a way to

Hello,

Yes there is a way to check what contracts/filters have been hit by a packet between EPGs and yes you can tell if it has hit the implicit deny between two EPGs. On the other hand, the most you would be able to determine is that you have counters incrementing for a particular rule/contract. As far as i know there is no logging of every packet that goes inter-EGP. Its just a show command on the switch to see which rules/contracts have incrementing counters. 

show zoning-rules - use this command to find the right rule ID by using your EPG PCTags

show system internal policy-mgr stats | grep <context segment id> - use this command to see incrementing counters. 

New Member

Thanks.Its a shame we can not

Thanks.

Its a shame we can not see more specific flows:- e.g. src-ip -> dst-ip on http permit

Ben

 

 

425
Views
0
Helpful
2
Replies
CreatePlease login to create content