Cool Cisco ACI Show Commands

Using username "admin".
Application Policy Infrastructure Controller
admin@10.10.20.42's password:
Last login: 2020-06-07T14:19:13.000+00:00 UTC
apic1#

After connecting to the CLI, press the tab key to list all possible commands:

apic1#
attach-ave configure export-config logit show
attach-avs debug fabric passwd terminal
bash end firmware reload trigger
callhome eraseconfig import-config replace-controller where
clear exit lastlogin
apic1#
apic1# show endpoints
Legends:
(P):Primary VLAN
(S):Secondary VLAN


Total Dynamic Endpoints: 0
Total Static Endpoints: 0
apic1#
apic1#

There is also the variation “show endpoint mac {MAC_ADDR}”. And the MAC address can be typed in one of the four possible formats:

apic1# show endpoint mac ?
E.E.E MAC address (Option 1)
EE-EE-EE-EE-EE-EE MAC address (Option 2)
EE:EE:EE:EE:EE:EE MAC address (Option 3)
EEEE.EEEE.EEEE MAC address (Option 4)
apic1#
apic1# show health tenant
Score Change(%) UpdateTS Dn
----- ----- ------------------- ------------------------------
100 0 2020-06-28T03:00:33 uni/tn-mgmt/health
.600+00:00
100 0 2020-06-28T03:00:33 uni/tn-common/health
.597+00:00
100 0 2020-06-28T03:00:33 uni/tn-infra/health
.598+00:00
100 0 2020-06-28T03:00:33 uni/tn-test-session/health
.601+00:00
98 4 2020-06-10T09:33:17 uni/tn-test-session-01/health
.572+00:00
100 0 2020-06-28T03:00:33 uni/tn-19191919/health
.601+00:00
100 0 2020-06-28T03:00:33 uni/tn-TEST-TENANT1/health
.601+00:00
100 0 2020-06-28T03:00:33 uni/tn-Test-2020/health
.598+00:00
98 -2 2020-06-24T00:10:34 uni/tn-tutorial/health
.220+00:00
100 0 2020-06-28T03:00:33 uni/tn-cjsc/health
.599+00:00

apic1#
apic1# show running-config
# Command: show running-config
# Time: Sun Jun 28 03:02:09 2020
aaa banner 'Application Policy Infrastructure Controller'
aaa authentication login console
exit
aaa authentication login default
exit
aaa authentication login domain fallback
exit
bgp-fabric
route-reflector spine 201
asn 65503
exit
coop-fabric
exit
no password pwd-strength-check
crypto aes
exit
crypto webtoken
session-record-flags login,logout,refresh
exit
rbac security-domain "mgmt"
exit
--More--

show run snapshot

apic1# show run snapshot
# Command: show running-config snapshot
# Time: Sun Jun 28 03:06:13 2020
snapshot export DailyAutoBackup
schedule EveryEightHours
exit
snapshot export defaultOneTime
exit
apic1#

Typing “show running-config” and two times the TAB key gives you the possible options:

apic1# show running-config
aaa errdisable lldp quota syslog
all fabric-external logging radius-server system
analytics fabric-internal mcp rbac tacacs-server
bd-enf-exp-ip fex-profile mgmt-connectivity-pref remote template
bgp-fabric fips microsoft-domain rhev-domain tenant
callhome firmware monitor rsa-server troubleshoot
clock flow node-control scale-profile try
comm-policy latency password scheduler usage
controller ldap-group-map pod snapshot username
coop-fabric ldap-group-map-rule pod-profile spanning-tree vlan-domain
crypto ldap-server policy-map spine vmware-domain
debug-switch leaf porttrack spine-interface-profile vpc
decommission leaf-interface-profile power spine-profile vsan-domain
dns leaf-profile ptp switch zones
endpoint link-failover-policy qos

Show run leaf

apic1# show run leaf
# Command: show running-config leaf
# Time: Sun Jun 28 03:06:50 2020
leaf 101
template hsrp group-policy default tenant common
exit
vrf context tenant TEST-TENANT1 vrf default l3out Palo_test_L3out
router-id 1.1.1.1
ip route 0.0.0.0/0 10.126.1.26 1 bfd
route-map Palo_test_L3out_in
scope global
exit
route-map Palo_test_L3out_out
scope global
exit
route-map Palo_test_L3out_shared
scope global
ip prefix-list PALO_L3OUT permit 0.0.0.0/0
match prefix-list PALO_L3OUT
exit
exit
exit
vrf context tenant Test-2020 vrf Test2020 l3out Static_L3
router-id 1.1.1.1
--More--

show run leaf-interface-profile

apic1# show run leaf-interface-profile
# Command: show running-config leaf-interface-profile
# Time: Sun Jun 28 03:09:43 2020
leaf-interface-profile IP-11
leaf-interface-group 11
interface ethernet 1/11
policy-group LAPP-T001
exit
exit
leaf-interface-profile IP-12
leaf-interface-group 12
interface ethernet 1/12
policy-group LAAP2-T001
exit
exit
leaf-interface-profile leaf-1-2-vpc-prof
leaf-interface-group vpc-int
interface ethernet 1/5-7
channel-group ipg-vpc-01 vpc
exit
exit
leaf-interface-profile leaf-1-eth-1-prof
leaf-interface-group eth1
interface ethernet 1/1
--More--

show run leaf-profile

apic1# show run leaf-profile
# Command: show running-config leaf-profile
# Time: Sun Jun 28 03:10:19 2020
leaf-profile leaf-1-prof
leaf-group leaf-1
leaf 101
exit
leaf-interface-profile leaf-1-eth-1-prof
leaf-interface-profile leaf-1-2-vpc-prof
leaf-interface-profile leaf-1-pc-1-prof
exit
leaf-profile leaf-2-prof
leaf-group leaf-2
leaf 102
exit
leaf-interface-profile leaf-1-2-vpc-prof
leaf-interface-profile leaf-2-pc-1-prof
leaf-interface-profile leaf-2-eth-1-prof
exit
leaf-profile leaf-3
leaf-group leaf-3
leaf 103
exit
leaf-interface-profile leaf-3-vpc-01
--More--

show run spanning-tree

apic1# show run spanning-tree
# Command: show running-config spanning-tree
# Time: Sun Jun 28 03:10:52 2020
spanning-tree mst configuration
exit
apic1#
ACI show run spine

The command show run system displays hardware information about the switches in the fabric, as well as the TEP pool subnet mask:

apic1# show run system
# Command: show running-config system
# Time: Sun Jun 28 03:11:48 2020
system cluster-size 3
system switch-id SAL18380V1W 103 Leaf3-103 pod 1
system switch-id SAL18432WL7 104 Leaf4-104 pod 1
system switch-id SAL184642GL 201 Spine1-201 pod 1
system switch-id SAL18464AC7 101 Leaf1-101 pod 1
system switch-id SAL18464ADA 102 Leaf2-102 pod 1
system pod 1 tep-pool 10.0.0.0/16
no system use-infra-gipo enable
no system enforce-subnet-check
apic1#

The same information can be drawn graphically:

show run tenant

apic1# show run tenant
# Command: show running-config tenant
# Time: Sun Jun 28 03:12:28 2020
tenant 19191919
exit
tenant cjsc
name-alias 12
exit
tenant common
access-list arp
match arp
exit
access-list default
match raw default
exit
access-list est
match raw est etherT ip prot 6 tcpRules est
exit
access-list icmp
match icmp
exit
contract default
subject default
access-group default both
exit
exit
contract default type deny
subject default
access-group default both
exit
exit
vrf context copy
exit
vrf context default
exit
l3out default
exit
bridge-domain default
exit
application default
exit
interface bridge-domain default
exit
policy-map type data-plane default
exit
policy-map type qos default
exit
rtr-cfg default
exit
security domain default
template dhcp option policy default
exit
template endpoint retention policy default
exit
template ip igmp interface-policy default
exit
template ip igmp snooping policy default
exit
template ip pim interface-policy default
exit
template ipv6 nd prefix policy default
exit
template ipv6 nd policy default
exit
flow record default
exit
flow monitor default
exit
first-hop-security
security-policy default
exit
trust-control default
exit
exit
exit
tenant infra
vrf context ave-ctrl
exit
vrf context overlay-1
exit
bridge-domain ave-ctrl
endpoint retention policy ave-ctrl
vrf member ave-ctrl
exit
bridge-domain default
vrf member overlay-1
exit
application access
epg default
bridge-domain member default
exit
exit
application ave-ctrl
epg ave-ctrl
bridge-domain member ave-ctrl
exit
exit
interface bridge-domain ave-ctrl
exit
interface bridge-domain default
exit
template endpoint retention policy ave-ctrl
endpoint retention bounce-age-interval 150
endpoint retention hold-interval 5
endpoint retention local-age-interval 120
endpoint retention move-frequency 1
endpoint retention remote-age-interval 120
exit
template ip igmp snooping policy default
ip igmp snooping querier
exit
qos dscp-map default
set dscp-code control CS0
set dscp-code span CS0
set dscp-code level1 CS0
set dscp-code level2 CS0
set dscp-code level3 CS0
set dscp-code policy CS0
set dscp-code traceroute CS0
exit
exit
tenant mgmt
access-list any
match ip
exit
contract allowANY
subject filterany
access-group any both
exit
exit
vrf context inb
exit
vrf context oob
exit
bridge-domain inb
vrf member inb
exit
application mgnt
epg vlan20
bridge-domain member inb
exit
exit
inband-mgmt epg inBand
contract consumer allowANY
contract provider allowANY
bridge-domain inb
vlan 20
exit
interface bridge-domain inb
exit
oob-mgmt epg default
exit
exit
tenant Test-2020
vrf context Test2020
exit
l3out Static_L3
vrf member Test2020
exit
external-l3 epg l3epg l3out Static_L3
--More--

Pressing TAB one time displays the list of available tenants, including the user-defined ones!

apic1# sh run tenant
19191919 TEST-TENANT1 Test-2020 cjsc common infra mgmt test-session test-session-01 tutorial
apic1# sh run tenant

For example let us read the config of tenant Test-2020:

apic1# show run tenant Test-2020
# Command: show running-config tenant Test-2020
# Time: Sun Jun 28 03:17:12 2020
tenant Test-2020
vrf context Test2020
exit
l3out Static_L3
vrf member Test2020
exit
external-l3 epg l3epg l3out Static_L3
vrf member Test2020
exit
exit
apic1#

show run vlan-domain

apic1# show run vlan-domain
# Command: show running-config vlan-domain
# Time: Sun Jun 28 03:13:27 2020
vlan-domain L3-Palo type l3ext
vlan-pool PALO-VLAN-126-Pool
vlan 126
exit
vlan-domain L3_Dom type l3ext
vlan-pool TEST_VLAN_POOL
vlan 10-50
exit
vlan-domain PHY-T001 type phys
vlan-pool VLAN_POOL_T001
vlan 100-110
exit
vlan-domain TEST_DOMAIN type phys
vlan-pool TEST_VLAN_POOL
vlan 10-50
exit
vlan-domain phys type phys
exit
vlan-domain physical type phys
vlan-pool vlan-201
vlan 201
exit
vlan-domain physical-001 dynamic type phys
vlan-pool vlan-100-200
vlan 100-200 dynamic
exit
apic1#
show run vmware-domain

show run zones

apic1# show run zones
# Command: show running-config zones
# Time: Sun Jun 28 03:14:41 2020
zones
exit
apic1#

A network engineer can display all interfaces of a particular leaf with “show interfaces” command on the APIC:

apic1# fabric 103 show interface
----------------------------------------------------------------
Node 103 (Leaf3-103)
----------------------------------------------------------------
mgmt0 is up
admin state is up,
Hardware: GigabitEthernet, address: f8c2.8823.7e04 (bia f8c2.8823.7e04)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is routed
full-duplex, 1000 Mb/s
Beacon is turned off
Auto-Negotiation is turned on
Input flow-control is off, output flow-control is off
Auto-mdix is turned off
EtherType is 0x0000
30 seconds input rate 96 bits/sec, 0 packets/sec
30 seconds output rate 0 bits/sec, 0 packets/sec
Rx
54828 input packets 0 unicast packets 31611 multicast packets
23217 broadcast packets 17361801 bytes
Tx
8 output packets 0 unicast packets 8 multicast packets
0 broadcast packets 752 bytes

Ethernet1/1 is down (sfp-missing)
admin state is up, Dedicated Interface
Hardware: 1000/10000 Ethernet, address: f8c2.8823.7e05 (bia f8c2.8823.7e05)
MTU 9000 bytes, BW 0 Kbit, DLY 1 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is trunk
full-duplex, 10 Gb/s
FEC (forward-error-correction) : disable-fec
--More--


Ethernet1/1 is down (sfp-missing)
admin state is up, Dedicated Interface
Hardware: 1000/10000 Ethernet, address: f8c2.8823.7e05 (bia f8c2.8823.7e05)
MTU 9000 bytes, BW 0 Kbit, DLY 1 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is trunk
full-duplex, 10 Gb/s
FEC (forward-error-correction) : disable-fec
--More--
fabric 103 show interface eth1/3
show vrf
fabric show ip int brief vrf all
apic1# show version
Role Pod Node Name Version
---------- ---------- ---------- ------------------------ --------------------
controller 1 1 apic1 3.1(2v)
leaf 1 101 Leaf1-101 n9000-13.1(2v)
leaf 1 103 Leaf3-103 n9000-13.1(2v)
leaf 1 104 Leaf4-104 n9000-13.1(2v)
spine 1 201 Spine1-201 n9000-13.1(2v)

apic1#
show bridge-domain
show epg
show epg EPG_NAME

Leave a Comment