Command Reference

This chapter describes the following CLI commands:

Command Help

You can use the following tools to display CLI command help:

  • command-name -help—Displays a brief summary of the command. 

    admin@apic1:aci> controller -h
Usage:  controller [TARGETNODE_ID] [commission|decommission] 

Display controller info. Commission or Decommission controllers. 

Options:
  -h --help

  • man command-name—Displays a Linux-style man page for the command. 

    admin@apic1:aci> man controller

attach

The attach command opens an SSH session to a specified fabric node.

attach apic1
attach leaf1
attach spine1

Example

The following example shows how to use the attach command to connect the leaf1 node: 

admin@apic1:aci> attach leaf1
# Executing command: ssh leaf1
Warning: Permanently added 'leaf1,10.0.75.31' (RSA) to the list of known hosts.
admin@leaf1's password:
admin@leaf1:~>

auditlog

An audit log includes auditing information such as login and logout times. To display an audit summary for a given node, module, or interface, use the auditlog command.

auditlog [ auditlog-id]

Syntax Description

auditlog-id Specifies an audit log number to display.

Example

The following example shows how to use the auditlog command: 

admin@apic1:Solar> pwd
/home/admin/aci/tenants/Solar
admin@apic1:Solar> auditlog 4294967305
ID                   : 4294967305
Description          : Tenant Solar created
Affected Object      : uni/tn-Solar
Time Stamp           : 2014-07-21T20:00:25.518+00:00
Cause                : transition
Code                 : E4206326
Severity             : info
Change Set           : name:Solar
Action Performed     : creation
Action Trigger       : config
Transaction ID       : 14411518807585652035
User                 : admin

create

The create command executes a wizard within a given scope; the wizard creates relevant objects in the MIT.

create scope

Example

The following example shows how to use the create command: 

admin@apic1:~> create tenant
# Executing command: 'cd /aci/tenants; ./tenant.wiz'

Create Tenant:
--------------
Name         	: Cisco
Description  	: Cisco Systems
Monitoring Policy:

Security Domains:
-----------------
Name   	:
skipping...

Create new network:
-------------------
Name         	:
skipping...

Do you want to view the corresponding commands? (Yes/No): Yes
-------------------------------------------------------------------------
mocreate Cisco
pushd .
cd Tenant-Test
moset description "Cisco Systems"

pushd .
cd security-domains
popd

pushd .
cd networking

pushd .
cd private-networks
popd
popd
popd
--------------------------------------------------------------------------------

Do you want to commit changes? (Yes/No): Yes
Adding mo tenants/Cisco
All requests processed successfully!
The tenant section of the create YAML file is defined as follows: 
- tenant:
	help: 'Tenant'
	type: alias
	dirFormat: '/aci/tenants/'
	fileType: 'summary'
	createFile: tenant.wiz
	name: tenant

Note
For more information about YAML (.yml) file formats, see Customizing Commands.

controller

To display controller information or to commission or decommission a node, use the controller command.

controller [controller-id] [commission | decommission]

Syntax Description

commission Commissions (creates) a node.
decommission Decommissions a specified node.
controller-id The controller ID.

Example

The following example shows how to use the controller command: 

admin@apic1:> controller 1 decommission

diagnostics

To display equipment diagnostic tests, use the diagnostics command.

diagnostics node-id

Syntax Description

node-id

The target node ID or node name. You can specify a range of node IDs or a list of node names.

Example

The following example shows how to use the diagnostics command: 

admin@apic1:aci> diagnostics 1
Dn                        Group          Model         Subject Class  Test Set                
----------------------------------------------------------------------------------------------
topology/pod-1/node-      internal-conn  N9K-C9396PX   eqptSupC       mgmtp-lb                
19/sys/diag/grptests-                                                                         
eqptSupC-model-[N9K-                                                                          
C9396PX]-grp-internal-                                                                        
conn                                                                                          
topology/pod-1/node-      cpu            N9K-C93128TX  eqptSupC       cpu-cache               
19/sys/diag/grptests-                                                                         
eqptSupC-model-[N9K-                                                                          
C93128TX]-grp-cpu                                                                             
topology/pod-1/node-      sys-mem        N9K-C93128TX  eqptSupC       bios-mem,mem-health     
19/sys/diag/grptests-                                                                         
eqptSupC-model-[N9K-                                                                          
C93128TX]-grp-sys-mem                                                                         
topology/pod-1/node-      peripherals    Nagano        eqptSupC       act2-acc,cons-dev,fpga- 
19/sys/diag/grptests-                                                 reg-chk,ge-             
eqptSupC-model-                                                       eeprom,nvram-           
[Nagano]-grp-                                                         cksum,obfl-acc,spi-     
peripherals                                                           cksum,ssd-acc,usb-bus   
topology/pod-1/node-      fex            NXS8-4532     eqptLC         extch-fp,extch-         
19/sys/diag/grptests-                                                 hp,extch-sprom          
eqptLC-model-[NXS8-                                                                           
4532]-grp-fex                                                                                 

admin@apic1:aci>

eraseconfig

To erase the APIC configuration excluding first-time setup information and reboot the APIC, use the eraseconfig command.


Note

This command causes the APIC to reboot.


Note

This command is removed in APIC Release 1.2(2) and later releases. Use the acidiag touch command followed by a reboot to erase the configuration. See the acidiag command documentation in the Cisco APIC Troubleshooting Guide.

eraseconfig [ setup ]

Syntax Description

setup Erases first-time setup information. After the reboot, the first-time APIC setup dialog appears on the console.

Example

The following example shows how to use the eraseconfig command: 

admin@apic1:~> eraseconfig

eventlog

To display an event summary for a given node, module, or interface, use the eventlog command.

eventlog controller node-id
eventlog switch node-id
eventlog switch interface interface-name node-id
eventlog switch module module-id node-id
eventlog switch module module-id port port-number node-id

Syntax Description

controller Displays event log for a controller.
switch Displays event log for a switch.
node-id

The target node ID or node name. You can specify a range of node IDs or a list of node names.

interface Specifies an interface ID or interface range.
interface-name The interface ID or range.
module Specifies a module.
module-id The module ID.

Example

The following example shows how to use the eventlog command: 

admin@apic1:/> eventlog switch 101 interface eth1/1

faults

To display a summary of faults on a given node, module, port, or interface, use the faults command.

faults switch node-id { ack | detail | history | interface interface-name | module module-id port port-number | unack } fault-code
faults controller controller-id { ack | detail | history | unack } fault-code

Syntax Description

controller Displays health log for a controller.
controller-id Specifies a controller.
switch Displays health log for a switch.
node-id

The target node ID or node name. You can specify a range of node IDs or a list of node names.

interface Specifies an interface ID or interface range.
interface-name The interface ID or range.
module Specifies a module.
module-id The module ID.
detail Displays fault detail.
ack Displays acknowledged faults.
unack Displays unacknowledged faults.
history Displays historical records.
port Specifies a port range.
port-number The port number(s).
fault-code Specifies a fault code.

Example

The following example shows how to use the faults command: 

admin@apic1:faults> faults controller 1 detail

firmware

To manage firmware images in the repository on a fabric controller node, use the firmware command.


Note
This command is provided for local controller software upgrades; you can use policy-driven firmware upgrades to upgrade firmware on fabric controller nodes within a cluster.
firmware add image-name
firmware delete image-name
firmware upgrade status
firmware upgrade status node node-id
firmware upgrade catalog image-name
firmware upgrade controller image-name
firmware upgrade switch node node-id image-name

Syntax Description

add Adds a firmware image to the repository. You can download the firmware using SCP, FTP, HTTP, or any method for which the user is authorized.
delete Removes a firmware image from the repository.
image-name The name of the image file.
list Lists firmware images in the firmware repository.
upgrade Upgrades the firmware on a switch or the local APIC.
controller Specifies a local image installation the controller.
status Displays the firmware update status.
node-id The target node ID or node name. You can only install firmware on one node at a time.
Note   

In the case of an APIC, the firmware is installed on all APICs in the cluster.

switch Specifies an image installation on a switch.
catalog Upgrades an image within the image catalog.

Example

The following examples show how to use the firmware command: 

admin@apic1:~> firmware list
Name                     Type     Major-Version  Minor-Version  Size(Bytes)  Download-Date
-----------------------  -------  -------------  -------------  -----------  ---------------------
ifabric-k9-catalog-      catalog  1.0            (0.566)        7461         2014-01-
1.0.0-566.bin                                                                28T11:17:36.054+00:00
admin@apic1:~> firmware add ifabric-k9-simsw-1.0.0-559.bin
Firmware Image ifabric-k9-simsw-1.0.0-559.bin is added to the repository

admin@apic1:~> firmware list
Name                     Type     Major-Version  Minor-Version  Size(Bytes)  Download-Date
-----------------------  -------  -------------  -------------  -----------  ---------------------
ifabric-k9-catalog-      catalog  1.0            (0.566)        7461         2014-01-
1.0.0-566.bin                                                                28T11:17:36.054+00:00
ifabric-k9-simsw-1.0.0-  switch   1.0            (0.559)        854412177    2014-01-
559.bin      
admin@apic1:~> firmware upgrade switch node 17 ifabric-k9-simsw-1.0.0-559.bin
Firmware Installation on Switch Scheduled
To check the upgrade status, use 'firmware upgrade status -t <node-id>'
admin@apic1:~> 

admin@apic1:~> firmware upgrade status node 17
Firmware Upgrade Status:
Upgrade-Status  Status  Desired-Version   Install-Stage      Start-Date             End-Date             
--------------  ------  ----------------  -----------------  ---------------------  ---------------------
inprogress              simsw-1.0(0.559)  InstallNotStarted  2014-01-               2014-01-             
                                                             28T11:26:38.313+00:00  28T10:59:37.746+00:00.
admin@apic1:~> firmware upgrade status
Node-Id    Role       Upgrade-Status
--------------------------------------
3          controller notscheduled
17         leaf       completeok
20         spine      notscheduled
1          controller notscheduled
2          controller notscheduled
19         spine      notscheduled
18         leaf       notscheduled

health

To display a health summary of a node, module, interface, or port, use the health command.

health switch node-id { ack | detail | history | interface interface-name | module module-id port port-number | unack }
health controller controller-id { ack | detail | history | unack }

Syntax Description

controller Displays faults for a controller.
switch Displays faults for a switch.
node-id

The target node ID or node name. You can specify a range of node IDs or a list of node names.

interface Specifies an interface or interface range.
interface-name The interface name or range.
module Specifies one or more modules by ID.
module-id The module name.
port Specifies a port or port range.
port_id The port number or range.
history Displays historical records.

Example

The following example shows how to use the health command: 

admin@apic1:admin> health switch 101 interface eth1/1
Current Score  Previous Score  Timestamp            
-------------  --------------  ---------------------
95             96              2014-07-             
                               21T15:25:24.092+00:00

Total : 1

loglevel

To display the logging settings on the APIC, use the loglevel command.

loglevel get node node-name dme dme-name
loglevel set node node-name dme dme-name topic topic-name severity severity-level

Syntax Description

get Returns the service log level on a node.
set Sets the service log level on a node.
node Specifies a node.
node-name The node name.
dme Identifies a service process running on the node.
dme-name The service process (DME) name. Available DMEs vary by node and include:
  • ae
  • appliancedirector
  • bootmgr
  • dbgr
  • eventmgr
  • nginx
  • observer
  • policymgr
  • scripthandler
  • topomgr
  • vmmmgr
topic Specifies a logging subsystem.
topic-name The logging subsystem.
severity Specifies a logging severity level.
severity-level The logging severity level. You can set the following values:
  • CRIT—Critical error
  • ERROR—Major error
  • WARN—Warning
  • INFO—Informational error
  • DBG4—Debug level 4
  • DBG3—Debug level 3
  • DBG2—Debug level 2

Example

The following example shows how to use the loglevel command: 

admin@apic1:pod-1> loglevel get node spine1 dme dbgrelem
logDefault : DBG4

man

To display the man (manual) page for a command, use the man command.

man command-name

Syntax Description

command-name

The command name.

Example

The following example shows how to use the man command: 

admin@apic1> man trafficmap

mobrowser

To launch the managed object (MO) browser, use the mobrowser command.

mobrowser [scope]

Syntax Description

scope Specifies a scope within the MIT, such as aaa or access.

Example

The following example shows how to use the mobrowser command: 

admin@apic1:> mobrowser

moconfig

To commit or discard a configuration stored in the configuration buffer, use the moconfig command.

moconfig { commit | discard | diff | running }

Syntax Description

commit

Commits the configuration stored in the configuration buffer.

discard

Discards the configuration stored in the configuration buffer.

diff

Displays a summary of the difference between the active configuration and the configuration buffer.

running Shows the CLI commands used to create a configuration for a given context. This option simplifies the process of creating template configurations. For more information about configuration templates, see Creating Configuration Templates.

Example

The following examples show how to use the moconfig command: 

admin@apic1:local-users> moconfig diff
--- ./mario/mo  2013-10-01 21:17:06.000000000 -0700
+++ ./mario/mo.buffer   2013-10-01 21:17:53.000000000 -0700
@@ -2,8 +2,8 @@
 local-user        	:
 ----------
 login-id           	: george
-first-name         	:
-last-name          	:
+first-name         	: George
+last-name          	: Washington
 phone              	:
 email              	:
 description        	:

admin@apic1:local-users> moconfig commit
Commit Successful
admin@apic1:local-users> moconfig diff
admin@apic1:local-users>

admin@apic1:aci > cd tenants/
admin@apic1:tenants> moconfig running
cd /aci/viewfw/tenants
cd networking
mocreate fv-tenant-common
moconfig commit
mocreate fv-tenant-test
moconfig commit
mocreate fv-tenant-mgmt
moconfig commit
cd external-routed-networks
mocreate l3ext-out-x
moconfig commit
mocreate l3-outside-x
moconfig commit
cd l3-outside-x
cd logical-node-profiles
mocreate nodex
cd nodex
moset tag yellow-green
moconfig commit

mocreate

To create a managed object (MO), use the mocreate command.


Note
If you do not specify a scope, the command creates an MO in the current context.

mocreate [context] name property-name property-value

Syntax Description

context

The context for the MO.

name

(Optional) The MO name.

property-name

(Optional) Specifies a property of the MO.

property-value

(Optional) Specifies a value for the property.

Example

The following example shows how to use the mocreate command to create an MO representing a user: 

admin@apic1:node-associations> mocreate LS-all/
admin@apic1:node-associations> moconfig commit
Committed mo 'fabric/policies/fabric-policy-associations/leaf/node/LNP/node-associations/LS-all'
All mos committed successfully.
admin@apic1:node-associations> ls
LS-all
To override default settings, you can specify additional properties with the mocreate command, as shown in the following example. 
admin@apic1:private-networks> pwd
/aci/tenants/common/networking/private-networks
admin@apic1:private-networks> mocreate Private1 monitoring-policy Monitor1

modelete

To remove a managed object (MO), use the modelete command.


Note
This command is typically used to remove a lower-level scope.

modelete mo-name

Syntax Description

mo-name

The directory name containing the MO.

Example

admin@apic1:node-associations> modelete LS-all/

mofind

To search for a selected MO within the management information tree (MIT), use the mofind command.

mofind scope class package.class mo-value

Syntax Description

class

Class argument; specifies a class of MO to return

package

The name of the MO package.

class

The name of the MO class

mo-value

The MO name

Example

The following example shows how to use the mofind command: 

admin@apic1:aci> mofind . class fv.Tenant /.aci/viewfs/tenants/t14/mo
/.aci/viewfs/tenants/infra/mo
/.aci/viewfs/tenants/common/mo
/.aci/viewfs/tenants/Solar/mo
/.aci/viewfs/tenants/mgmt/mo

admin@apic1:aci> mofind . class aaa.User /.aci/mitfs/uni/userext/user-admin/mo
/.aci/viewfs/admin/aaa/security-management/local-users/admin/mo

moprint

To specify an output format for managed objects and managed object buffer files, use the moprint command.


Note
This command is useful for automation because it provides standardized output.

moprint { exclude-help | include-help } { json | pretty | xml }

Syntax Description

exclude-help

Specifies that the output omit property descriptions

include-help

Specifies that the output contain property descriptions

json

Specifies JSON output

pretty

Specifies XML output in a tabular format

xml

Specifies XML output

Example

The following example shows how to use the moprint command to provide JSON output displaying MO properties: 

admin@apic1:local-users> moprint json
admin@apic1:local-users> cat ./mario/mo
{
  "aaaUser": {
	"attributes": {
  	"aaaUserclearPwdHistory": {
    	"value": "no"
  	},
  	"aaaUseremail": {
    	"value": ""
  	},
  	"aaaUserlastName": {
    	"value": "Washington"
  	},
  	"aaaUserphone": {
    	"value": ""
  	},
  	"aaaUserdescr": {
    	"value": ""
  	},
  	"aaaUserexpiration": {
    	"value": "never"
  	},
  	"aaaUserexpires": {
    	"value": "no"
  	},
  	"aaaUserencPwd": {
    	"value": ""
  	},
  	"aaaUseraccountStatus": {
    	"value": "active"
  	},
  	"aaaUsername": {
    	"value": "george"
  	},
  	"aaaUserfirstName": {
    	"value": "George"
  	},
  	"aaaUserpwdLifeTime": {
    	"value": "no-password-expiration"
  	},
  	"aaaUserpwd": {
    	"value": ""
  	}
	}
  }
}

moquery

To run a query for a managed object (MO), use the moquery command.

moquery { --help | --host host-id | --port portname | --dn dn | --klass classname | --filter property | --attrs attributes | --output output | -user username | --options options }

Syntax Description

--help or –h Specifies an APIC host.
--host or –i Specifies an APIC host.
host-id The host name or IP address of an APIC.
--port or –p Specifies a port for a REST interface.
portname The REST interface port number.
--dn or –d Specifies a distinguished name (DN) for a managed object (MO).
dn The DN of an MO.
--klass or –c Specifies a class name for the query.
classname Specifies a class. You can enter multiple classes separated by commas.
--filter or –f Specifies a property on which to filter MOs.
property The property on which to filter MOs.
--attrs or –a Specifies the attributes that the query displays.
attributes The type of attributes to display. You can choose config (configuration attributes) or all. If config is selected, only configurable attributes are displayed. Unless the table output format is specified, the default is all.
--output or –o Specifies a query output format.
output The query output format. You can choose json, xml, block, or table.
--user or –u Specifies a user name.
username The user name.
--options or –x Specifies query options.
options The query options to enable. For more information, see Usage Guidelines.

Usage Guidelines

Using --options (or –x), you can specify query options as supported by the REST API. You can add multiple options statements to the command, using syntax such as the following:

-x [OPTIONS [OPTIONS ...]] [-x [OPTIONS [OPTIONS ...]]]

For example:

moquery -c firmwareCtrlrFwStatusCont -x query-target=subtree target-subtree-class=firmwareCtrlrRunning

Example

The following example shows how to use the moquery command: 

admin@apic1:~> moquery --dn unallocencap-[uni/infra]
Total Objects shown: 1

# stp.UnAllocEncapCont
infraPKey    : uni/infra
allocSize    : 0
childAction  : 
descr        : 
dn           : unallocencap-[uni/infra]
lastAssigned : 8192
lcOwn        : local
modTs        : 2014-07-26T16:46:27.176+00:00
name         : 
ownerKey     : 
ownerTag     : 
rn           : unallocencap-[uni/infra]
size         : 0
status       :

moset

To set the properties for a managed object (MO), use the moset command.

moset { property-name property-value [add | remove ] }

Syntax Description

property-name Property name
property-value Property value
add Adds a property to the managed object
remove Removes a property from the managed object

Example

The following example shows how to use the moset command to set the properties of a managed object: 

admin@apic0:local-users> cat george/mo
# aaa.User
local-user            :
----------
login-id               : george
first-name             :
last-name              :
phone                  :
email                  :
description            :
account-status         : active
account-expires        : no
expiration-date        : never
clear-password-history : no
encrypted-password     :
password               :  
password-life-time     : no-password-expiration
admin@apic0:local-users> moset first-name George last-name Washington
admin@apic0:local-users> cat mario/mo.buffer
# aaa.User
local-user            :
----------
login-id               : george
first-name             : George
last-name              : Washington
phone                  :
email                  :
description            :
account-status         : active
account-expires        : no
expiration-date        : never
clear-password-history : no
encrypted-password     :
password               :  
password-life-time     : no-password-expiration
admin@ifc0:local-users>

mostats

To display statistics for a MO, use the mostats command.

mostats [stats-class] [sampling-interval interval] [location location-name] [counter counter-name] [values values-name] [from date-from] [to date-to] [thresholded thresholded-flags] [output-to outputname]

Syntax Description

stats-class

Statistics type; use Tab autocomplete to display a list of available statistics in the current scope

sampling-interval

Specifies a sampling interval for the statistic

interval

Sampling interval; you can choose the following values:

  • 5min
  • 15min
  • 1h
  • 1d
  • 1w
  • 1mo
  • 1qtr
  • 1year

5 minutes is the default value

location

Specifies a location from which to display statistics

location-name

Location from which to display statistics; you can chose history or current

counter

Specifies a specific counter to display. If you omit this keyword, the command displays all counters.

counter-name

Counter name. If you do not specify a counter name, the command displays the value of all counters.

You can use autocomplete to display a list of available counters.

values

Specifies specific values to display

values-name

Type of values to display. You can use autocomplete to display a list of available values.

Note    Statistics values vary according to the specified counter and location.
from

Specifies a start date and time for statistics. This keyword is used for historical statistics.

date-from

Start date for the query

to

Specifies an end date and time for statistics. This keyword is used for historical statistics.

date-to

End date for the query

thresholded Specifies historical statistics that have crossed exceeded a threshold value
thresholded-flags The threshold flag value
output-to

Specifies a specific output type

output-name

Output type; you can choose the following values:

  • table
  • graph

Example

The following example shows how to use the mostats command: 

admin@apic0:leafport-17> mostats ingress-byte-counters location history 
Counters:
    flood (bytes) : periodic value
    multicastRate (bytes-per-second) : average value
    multicast (bytes) : periodic value
    unicastRate (bytes-per-second) : average value
    unicast (bytes) : periodic value


        Time Interval            flood     multicastRate  multicast   unicastRate   unicast   
 2013-10-23 13:40:10 + 300sec  1692622494     6038011     1811403699    5959938    1787981697 
 2013-10-23 13:45:10 + 290sec  1701770043     5896513     1709988944    6350713    1841707150 
 2013-10-23 13:50:00 + 300sec  1875699742     6327240     1898172394    5204047    1561214263 
 2013-10-23 13:55:00 + 300sec  1991025635     6407343     1922203057    5961950    1788585183 
 2013-10-23 14:00:00 + 310sec  2020555778     6857403     2125795303    7152710    2217340307 
 2013-10-23 14:05:10 + 290sec  1884001802     6545303     1898138103    5878862    1704870238 
 2013-10-23 14:10:00 + 310sec  2037567241     5880848     1823063295    6927670    2147577849 
 2013-10-23 14:15:10 + 300sec  1651084097     6128338     1838501627    5696007    1708802494 
 2013-10-23 14:20:10 + 300sec  2119253728     5719718     1715322961    5606184    1681939173 
 2013-10-23 14:25:10 + 300sec  1824918785     6553074     1965922597    6167935    1850380704 
 2013-10-23 14:30:10 + 300sec  1794072506     6508516     1952555134    6745063    2023519193 
 2013-10-23 14:35:10 + 290sec  2305467846     6493923     1883237807    6693507    1941117370

password

To change the password on the APIC , use the password command.

password

Example

The following example shows how to use the password command: 

admin@apic1:aci> passwd
Changing password for user admin.
(current) password: 
New password: 
Retype new password: 
Password for user admin is changed successfully.
admin@apic1:aci>

reload

To reload a specified node or module, use the reload command.


Note
If you do not specify a node, the command reloads the node in the current context.

reload { controller | switch } node-id

Syntax Description

controller Reloads a controller
switch Reloads a switch
node-id

The target node ID or node name. You can specify a range of node IDs or a list of node names.

Example

The following example shows how to use the reload command: 

admin@apic1:aci> reload switch 118

scope

To jump to the directory for a scope, use the scope command.


Note
The where command displays the MIT directory for a context, while scope opens the directory.

scope scope-name

Syntax Description

scope-name

The scope name, such as aaa or access-policies

Example

The following examples show how to use the scope command: 

admin@apic1:~> pwd
/home/admin
admin@apic1:/> scope tenant
Changing directory to /.aci/tenants/
admin@apic1:tenants> pwd
/aci/tenants

show

The show command displays the APIC configuration in a format similar to Cisco IOS and NX-OS. The command is similar to the alias Linux command.

show context

Syntax Description

context

The context name, such as aaa or access-policies

Contexts

The following example shows the standard show options: 

admin@apic1:~> show <Esc><Esc>
 aaa                   	aaa
 access                	Fabric Access Policies
 auditlog              	Show auditlog on current path
 bgp                   	Show BGP information
 cdp                   	Show Cisco Discovery Protocol information
 controller            	Controller Node
 cores                 	cores
 eventlog              	Show eventlog on current path
 external-data-collectors  external-data-collectors
 fabric                	Fabric Details
 faults                	Show faults current path
 fex                   	Show fex information
 firmware              	Show firmware
 health                	Show health on current path
 historical-record-policy  historic-record-policies
 import-export         	Import/Export
 interface             	Show interface status and information
 interface-policies    	interface-policies
 ip                    	Display IP information
 isis                  	Display IS-IS status and configuration
 l4-l7                 	L4-L7 Sevices Details
 lldp                  	Show information about lldp
 module                	Show module information
 schedulers            	schedulers
 switch                	Switch Node
 tenant                	Tenant
 trafficmap            	Show trafficmap
 version               	Show version
 vmware                	VMware vCenter/vShield Controllers
 vpc                   	Show vpc information

Customizing the show Command

You can customize the show command with a simple YAML (.yml) configuration. For examples, see the .yml files in the /etc/scopedefs directory.

You can define custom show commands by creating a .yml file in your /home/username/scopedefs/ directory. You can ignore specific show scopes by adding them to the /home/username/scopedefs/.ignore.yml file.

You can also define custom show commands that execute at that specific scope, as shown in the cmdFormat value in the following example: 

 vmware :
	type: alias
	help: "VMware vCenter/vShield Controllers"
	name: vmware
	label: vmware
	sub:
     	- name: controllers
       	label: controllers
       	type: keyword
       	cmdFormat: "find /aci/vm-networking/inventory/VMware/vmm-domains/ -name controllers -exec echo ';' -exec echo {} ';' -exec cat '{}/summary' ';'"
       	help: "Status of all Controllers"
     	- name: domain
       	label: domain
       	type: keyword
       	help: "Domain"

Note
For more information about YAML (.yml) file formats, see Customizing Commands.

Example

The following example shows how to use show to view local users. 

admin@apic1:~> show aaa local-users
# Executing command: cat /aci/admin/aaa/security-management/local-users/summary

local-users:
login-id  first-name  last-name  email  phone
--------  ----------  ---------  -----  -----
admin

The following excerpt shows the YAML definition for the aaa scope of the show command. 

- aaa:
	name: aaa
	help: 'aaa'
	type: alias
	dirFormat: ' '
	sub:
   		- name: local-users
     	 	  label: local-users
     		  type: keyword
     		  dirFormat: '/aci/admin/aaa/security-management/local-users/'
     		  fileType: 'summary'
     		  help: 'local users'

svcping

To ping the management interface of a service device, use the svcping command.


Note
This command is supported within the Management Information Tree file system (mit); the command is not supported within the aci file system.

svcping path

Syntax Description

path

The path of the service device (CDev) within the mit file system

techsupport

To display troubleshooting information, use the techsupport command.

techsupport all { [status] | [remotename fname ] }

techsupport controllers [status]

techsupport controllers remotename fname

techsupport db svc svcname [delete]

techsupport local

techsupport remote { list | name} [ fname ] {delete | [ {host remoteport protocol username password remotepath } ] }

techsupport switch nodeid { [status] | [remotename fname ] }

Syntax Description

all Displays tech support information for all nodes in the ACI fabric
controllers Displays faults for fabric controllers

db

Collects a snapshot of database information.
delete Removes a tech support file
fname The name of the remote destination
host The remote host name
list Lists all remote destinations
local Collects tech support information locally
name Specifies a remote destination
node-id

The target node ID or node name. You can specify a range of node IDs or a list of node names.

remote Lists, adds, or deletes remote destinations for tech support information
remotename The name of a remote destination
remotepath The path to the remote destination
remoteport The remote port number
password The passport for the remote destination
protocol The protocol for the remote destination
status Status of the tech support output

svc

Specifies a service

svcname

The service name
switch Displays faults for a switch
username The username for the remote destination

The techsupport command exports a file containing information about the current state of the ACI fabric or nodes. This information is very helpful to Cisco support and frequently provides the information needed to identify the source of a problem. The file is exported to the specified remote destination.

Beginning in Cisco APIC Release 1.1, three files are created and exported by this command:

  • filename.tar.gz—Contains configuration files, faults, events, debug counters, and other system information.

  • filename_db.tar.gz—Contains databases (.db files) collected from the node, one for each shard and replica.

  • filename_logs.tar.gz—Contains all logs collected from the node. For a switch node, the NX-OS techsupport data is included in this file.

Example

The following example shows how to use the techsupport command in releases earlier than Cisco APIC Release 1.1.

admin@apic1:~> techsupport switch 101
Triggering techsupport for Switch 101 using policy supNode101
Triggered on demand tech support successfully for node 101, will be available at: /data/techsupport on the controller.
Use 'status' option with your command to check techsupport status

trafficmap

To display a summary of traffic between two nodes, use the trafficmap command.

controller srcnode source-node-id destnode dest-node-id

Syntax Description

srcnode Specifies a node name
source-node-id The source node name
destnode Specifies a destination node
dest-node-id The destination node name

Example

The following example shows how to use the trafficmap command: 

admin@apic1:> trafficmap srcnode 102 destnode 112

troubleshoot eptoep session (IP and MAC)

To create an IP troubleshooting session, use the troubleshoot eptoep session <session_name> srcip <src_ip> tenant <src_tenant> app <src_app> epg <src_epg> destip <dest_ip> tenant <dest_tenant> app <dest_app> epg <dest_epg> command.

To create a MAC troubleshooting session, use the troubleshoot eptoep session <session_name> srcmac <src_mac> tenant <src_tenant> app <src_app> epg <src_epg> destmac <dest_mac> tenant <dest_tenant> app <dest_app> epg <dest_epg> command.

Once the session is created, the following configuration options are available:

  • atomiccounter start

  • atomiccounter stop

  • traceroute start

  • traceroute stop

  • traceroute protocol <prot> dstport <dst_port>

  • report [<format>]

  • delete

  • description <descr>

  • latestminutes <num_min>

  • starttime <start_time> endtime <end_time>

  • monitor destination tenant <tenant_name> application <appln> epg <epg_name> ip_addr <ip_address> srcipprefix <ip_prefix> [(flowid <flow_id>)]

  • monitor stop

  • scheduler <scheduler-name>

  • scheduler delete

Examples

The following example shows how to create the IP troubleshoot eptoep session session: 

admin@apic1:/> troubleshoot eptoep session <session_name> srcip <src_ip> tenant <src_tenant> app <src_app> epg <src_epg> destip <dest_ip> tenant <dest_tenant> app <dest_app> epg <dest_epg>

The following example shows how to create the MAC troubleshoot eptoep session session: 

admin@apic1:/> troubleshoot eptoep session <session_name> srcmac <src_mac> tenant <src_tenant> app <src_app> epg <src_epg> destmac <dest_mac> tenant <dest_tenant> app <dest_app> epg <dest_epg>

troubleshoot epext session EP-to-External-IP and External-IP-to-EP

To create an EP to external IP troubleshooting session, use the troubleshoot epext session <session_name> srcip <src_ip> tenant <src_tenant> app <src_app> epg <src_epg> destextip <dest_ip> command.

To create an external IP to EP troubleshooting session, use the troubleshoot epext session <session_name> srcextip <src_ip> destip <dest_ip> tenant <dest_tenant> app <dest_app> epg <dest_epg> command.

Once the session is created, the following configuration options are available:

  • atomiccounter start

  • atomiccounter stop

  • traceroute start

  • traceroute stop

  • traceroute protocol <prot> dstport <dst_port>

  • report [<format>]

  • delete

  • description <descr>

  • latestminutes <num_min>

  • starttime <start_time> endtime <end_time>

  • monitor destination tenant <tenant_name> application <appln> epg <epg_name> ip_addr <ip_address> srcipprefix <ip_prefix> [(flowid <flow_id>)]

  • monitor stop

  • scheduler <scheduler-name>

  • scheduler delete

Examples

The following example shows how to create the external IP troubleshoot epext session session: 

admin@apic1:/> troubleshoot epext session <session_name> srcextip <src_ip> destip <dest_ip> tenant <dest_tenant> app <dest_app> epg <dest_epg>

troubleshoot eptoep session <session name>

To schedule a troubleshooting session, use the schedule troubleshoot eptoep session <session name>option command.

Syntax Description

atomiccounter

Configure atomic counter between the source and destination end-points

delete

Delete this troubleshoot session

description

Textual description of this troubleshooting session

latestminutes

Enter time window in number of minutes from current time

monitor

Configure monitor session to span the source and destination interfaces

report

Generate troubleshooting report

scheduler

Configure a scheduler for this session

srcip

Configure source endpoint IP

srcmac

Configure source endpoint MAC

starttime

Time when the problem started

traceroute

Configure traceroute session between two endpoints

Example

The following example shows how to use the troubleshoot eptoep session <session name> command: 

admin@apic1:/> troubleshoot eptoep session <session name>report

troubleshoot eptoep session <session name> atomiccounter

To configure a new endpoint (ep) to endpoint atomic counter session, use the troubleshoot eptoep session newSession atomiccounteroption command.

Syntax Description

start

Start atomiccounter session

stop

Stop atomiccounter session

Example

The following example shows how to use the troubleshoot eptoep session <session name> atomiccounter command: 

admin@apic1:/> troubleshoot eptoep session <session name> atomiccounter start

troubleshoot eptoep session <session name> traceroute

To configure a new endpoint (ep) to endpoint traceroute session, use the troubleshoot eptoep session <session name> tracerouteoption command.

Syntax Description

protocol

Configure traceroute protocol

start

Start traceroute policy

stop

Stop traceroute policy

Example

The following example shows how to use the troubleshoot eptoep session <session name> traceroute command: 

admin@apic1:/> troubleshoot eptoep session <session name> traceroute start

troubleshoot eptoep session <session name> traceroute protocol

To configure a new endpoint (ep) to endpoint traceroute protocol session, use the troubleshoot eptoep session <session name> traceroute protocoloption command.

Syntax Description

<prot>

Specify IP protocol (tcp|udp|icmp)

Example

The following example shows how to use the troubleshoot eptoep session <session name> traceroute protocol command: 

admin@apic1:/> troubleshoot eptoep session <session name> traceroute protocol icmp

troubleshoot eptoep session <session name> traceroute protocol tcp dst port

To configure a new endpoint (ep) to endpoint traceroute protocol session, use the troubleshoot eptoep session <session name> traceroute protocol tcpoption command.

Syntax Description

<dstport>

Specify destination L4 port to be used by traceroute

Example

The following example shows how to use the troubleshoot eptoep session <session name> traceroute protocol command: 

admin@apic1:/> troubleshoot eptoep session <session name> traceroute protocol tcp dstport 80

show troubleshoot eptoep

To show an endpoint (ep) to endpoint connection, use the show troubleshoot eptoepoption command.

Syntax Description

session

Show session information

sessions

Show all session names

Example

The following example shows how to use the show troubleshoot eptoep command: 

admin@apic1:/> show troubleshoot eptoep

show troubleshoot eptoep session <session name>

To show an endpoint (ep) to endpoint MAC session, use the show troubleshoot eptoep session <session name>option command.

Syntax Description

atomiccounter

Show atomic counters

audit

Show audit information

contracts

Show contract information

deployments

Show deployment changes

events

Show events

faults

Show faults

monitor

Show monitor status

reports

Show reports

statistics

Show statistics

topology

Show topology

traceroute

Show traceroute results

Example

The following example shows how to use the show troubleshoot eptoep session <session name> command: 

admin@apic1:/> show troubleshoot eptoep session <session name>

version

To display the current software version of a node, use the version command.


Note
If you do not specify a node, the command displays the current software version of all configured nodes.

version { controller | switch } [node-id ]

Syntax Description

controller Displays the version for a controller
switch Displays the version for a switch
node-id

The target node ID or node name. You can specify a range of node IDs or a list of node names.

Example

The following examples show how to use the version command: 

admin@apic1:~> version switch 101
node type  node id  node name  version         
---------  -------  ---------  ----------------
leaf       101      leaf1      simsw-1.0(0.450)


admin@apic1:~> version
node type   node id  node name  version         
----------  -------  ---------  ----------------
controller  1        apic1      1.0(0.450)      
controller  2        apic2      1.0(0.450)      
controller  3        apic3      1.0(0.450)      
leaf        101      leaf1      simsw-1.0(0.450)
leaf        102      leaf2      simsw-1.0(0.450)
leaf        103      leaf3      simsw-1.0(0.450)
spine       104      spine1     simsw-1.0(0.450)
spine       105      spine2     simsw-1.0(0.450)

where

To display the management information tree (MIT) directory path for a scope, use the where command.

where scope-name

Syntax Description

scope-name

The scope name, such as aaa or access-policies.

Example

The following examples show how to use the where command: 

admin@apic1:~> where aaa local-users admin
/aci/admin/aaa/security-management/local-users/admin