Viewing Consistency Check

This chapter contains the following sections:

Consistency Check

Consistency check shows the number of controller or node inconsistencies for each device and provides option to resolve the inconsistency issues. The consistency check feature shows three types of inconsistencies:

  • Controller flows inconsistency: Flows are present in Cisco NDB, but missing from the device.

  • Node flows inconsistency: Flows are present in the switch, but missing from Cisco NDB.

  • ACL attachment on port inconsistency (applicable only for NX-API): Incorrect ACLs are attached to the interface(s) of an NDB device. To fix this type of inconsistency, see Fixing Inconsistent ACL Attachment on a Port procedure.

Viewing Consistency Check

To check for inconsistency for an OpenFlow or NX-API based device, complete the following steps:

On the Consistency Check tab, the following details are displayed:

Procedure

Step 1

Navigate to ADMINISTRATION > Consistency Check.

Step 2

Click FLOW CHECK NX-API/OpenFlow tab to view the summary of inconsistencies for the NX-API/OpenFlow based devices. On the Consistency Check tab, the following details are displayed:

  • Node Name

  • Inconsistent Controller Flow

  • Inconsistent Node Flow

  • Non NDB Flows

  • Inconsistent ACL Attachment on Port

Note

 

To fix an inconsistent flow, select the devices from the list and click Fix Inconsistent Flow.

Step 3

To view detailed inconsistency information:

  • Click Inconsistent Controller Flows to view the controller inconsistencies.
  • Click Inconsistent Node Flows to view the node inconsistencies.
  • Click Non NDB Flows (available only for NX-API) to view the ACLs present in the device by default or added manually.

Step 4

To resolve the inconsistency issues:

  • Click Fix Inconsistent Flows on the Controller Inconsistent page, to add the missing controller flows to the device.
  • Click Fix Inconsistent Flows on the Node Inconsistent page, to remove the stale flows from the device.

Fixing Inconsistent ACL Attachment on a Port

Use this procedure to fix the incorrect acls attached to a port of an NDB switch.

A few example scenarios that indicates inconsistent port ACL attachment:

  • A configured port should have a port acl attached, and not a global acl.

  • Default acls, such as MAC, ipv4, ipv6 are not attached to the port.

  • When ISLs are discovered, globalacl is indicated on the port, instead of portacl.

Procedure

Step 1

Log in to Cisco Nexus Data Broker.

Step 2

Navigate to Administration > Consistency Check > Flow Check NX-API.

Step 3

Select the device by checking the check-box and click the Inconsistent ACL Attachment on Port button.

A new window is displayed with the interface details of the inconsistent ACL attachment on ports for the selected device. The inconsistencies are categorized as:

  • Inconsistent attachment—incorrect ACL(s) attached to a port.

  • Not attached—ACLs are not attached to a port.

  • Attachement to be removed—a port channel member should not have any ACL(s) attached to it, but in case it has, then it will be displayed under this heading.

Step 4

Select the inconsistency to be fixed by checking the corresponding check-box.

Step 5

Click the Fix Inconsistencies button. This action sets the correct ACL(s) on the interface(s) of the NDB switch.

Click the Export All button to get a .csv file of all the inconsistencies for the selected device.