The ACL output you are getting is normal. An ACL will only show as active and log hits when it's directly applied on an interface to allow/deny traffic, not when it's used to define a class-map.
At first sight, the configuration you are using seems to be fine. How are you testing it? You should start by using the "show service-policy" command to see if this class is getting any hits. Then, if you see hits in this class, you should establish a connection and keep it idle, measuring the time it takes for it to be removed from the connection table.
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
Here is the checklist before customers/partners contact Cisco TAC:
Firmware Version of APIC and Switch
Download Switch and APIC techsupport logs
Problem description (Symptoms with details)
Business impact (eg, what kind of services...
moquery usageAPIC moquerySwitchmoquery
This document discuss a common issue observed during the VMM integration & VM workload migration to ACI fabric.
VMware Virtual machines are hosted in Cisco UCS-B seri...