ACE Packet Capture Only Capturing Front-End Packets
I have an ACE pair in HA mode running A5.2(2) in one-armed configuration, therefore, doing source NAT. I'm researching a problem with an web serverfarm (L7 "/.*" rule) where one particular URL doesn't work, but it works when going to the back-end server directly. Anyway, my question has to do with: When I attempt to run the packet capture on the ACE of this event, I'm only capturing the front-end transation and never see anything on the backend. I've done this several times. I don't even see packets sourced from 10.11.39.2 (NATed address) go towards the realserver, and I know they must since pointing my browser to the VIP 10.11.39.2 on all other URLs work. Any ideas?
capture cap1 interface vlan 1201 access-list cap capture cap1 start
access-list access_in line 8 extended permit tcp any any
access-list cap line 8 extended permit ip host 10.11.39.2 any access-list cap line 16 extended permit ip any host 10.11.39.2
class-map match-all REPORT_VIP 2 match virtual-address 10.11.39.2 tcp eq www
class-map type management match-any remote_access 2 match protocol xml-https any 3 match protocol icmp any 4 match protocol telnet any 5 match protocol ssh any 6 match protocol http any 7 match protocol https any 8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy class remote_access permit
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
Here is the checklist before customers/partners contact Cisco TAC:
Firmware Version of APIC and Switch
Download Switch and APIC techsupport logs
Problem description (Symptoms with details)
Business impact (eg, what kind of services...
moquery usageAPIC moquerySwitchmoquery
This document discuss a common issue observed during the VMM integration & VM workload migration to ACI fabric.
VMware Virtual machines are hosted in Cisco UCS-B seri...