Benutzer-Werkzeuge

Webseiten-Werkzeuge


notizen-cw

Notizen vom CW Termin, Rückmeldung USA …

  • „show active policy rule“ sollte auch gematchte Regeln des VM-Snooping anzeigen
  • „Count“ wird für andere Regeln hochgezählt
  • „show qos log“ enthält keine VM-Snooping VXLAN-Regel matches (obwohl „log“ angegeben ist)

Admin-Status!!!!

VXLAN-GW-2-> interfaces 1/1/1 beacon ?
                                    ^
                                    <cr> LED-MODE LED-COLOR ADMIN-STATUS 
 (Interface Command Set)
VXLAN-GW-2-> interfaces 1/1/1 beacon 
Leaf-1-> 
Leaf-1-> show active ?
                    ^
                    POLICY MULTICAST 
 (QoS Command Set)
Leaf-1->             
Leaf-1-> 
Leaf-1-> show vm-snooping ?
                         ^
                         VIRTUAL-MACHINES STATISTICS STATIC-POLICY PORT 
                         LINKAGG FILTERING-RESOURCE DATABASE CONFIG 
 (Vm_Snooping Command Set)
Leaf-1-> show vm-snooping virtual-machines ?
                                          ^
                                          <cr> 
 (Vm_Snooping Command Set)
Leaf-1-> show vm-snooping virtual-machines 
Port       SRC MAC       VLAN 
------+-----------------+-----+
1/1/3  00:50:56:BE:68:95    -  

Leaf-1-> show vm-snooping virtual-machines ?
                                          ^
                                          <cr> 
 (Vm_Snooping Command Set)
Leaf-1-> show vm-snooping st               
static-policy  statistics     
Leaf-1-> show vm-snooping statistics 
Total number of Hardware Statistics: 1

Policy Rule                      Policy List                      Number of pkts        Number of Bytes    
--------------------------------+--------------------------------+---------------------+---------------------+
RESTRICT_VNID_5000               Default                          672                   104832                
Total number of Sampling Statistics: 1

        VXLAN    VXLAN       VM               VM          Pkts 
Port   UDP PORT   VNI       SRC MAC          SRC IP            
-----+---------+------+------------------+---------------+---------+
1/1/3      8472   5000 00:50:56:BE:68:95   172.20.175.135     8

Leaf-1-> show vm-snooping statistics ?
                                    ^
                                    <cr> SAMPLING HARDWARE 
 (Vm_Snooping Command Set)
Leaf-1-> show vm-snooping statistics hardware ?
                                             ^
                                             <cr> 
 (Vm_Snooping Command Set)
Leaf-1-> show vm-snooping statistics hardware 
Total number of Hardware Statistics: 1

Policy Rule                      Policy List                      Number of pkts        Number of Bytes    
--------------------------------+--------------------------------+---------------------+---------------------+
RESTRICT_VNID_5000               Default                          684                   106704                

Leaf-1-> show vm-snooping statistics hardwar  
Leaf-1-> 
Leaf-1-> 
Leaf-1-> show ip interface 
Total 14 interfaces
 Flags (D=Directly-bound)

            Name                 IP Address      Subnet Mask     Status Forward  Device   Flags
--------------------------------+---------------+---------------+------+-------+---------+------
EMP-CMMA-CHAS1                   0.0.0.0         0.0.0.0           DOWN      NO EMP         
Loopback                         127.0.0.1       255.255.255.255     UP      NO Loopback    
Mgmt-CompA                       192.168.110.1   255.255.255.0       UP     YES vlan 110    
Mgmt-CompB                       192.168.120.1   255.255.255.0       UP     YES vlan 120    
Mgmt-Mgmt                        192.168.100.1   255.255.255.0     DOWN      NO vlan 100    
Trans-CompA                      192.168.210.1   255.255.255.0       UP     YES vlan 210    
Trans-CompB                      192.168.220.1   255.255.255.0       UP     YES vlan 220    
Trans-Mgmt                       192.168.200.1   255.255.255.0     DOWN      NO vlan 200    
vMotion-CompA                    10.10.110.1     255.255.255.0       UP     YES vlan 1110    
vMotion-CompB                    10.10.120.1     255.255.255.0       UP     YES vlan 1120    
vMotion-Mgmt                     10.10.100.1     255.255.255.0     DOWN      NO vlan 1100    
vlan1                            10.1.1.1        255.255.255.0       UP     YES vlan 1      
vlan10                           10.99.1.1       255.255.255.0       UP     YES vlan 10     
vlan20                           10.99.2.1       255.255.255.0       UP     YES vlan 20     

Leaf-1-> 
Leaf-1-> ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=11.3 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.640 ms
^C
--- 10.1.1.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.640/5.991/11.343/5.352 ms

Leaf-1-> 
Leaf-1-> policy condition test source ip
ip       ip-port  ipv6     
Leaf-1-> policy condition test source ip 10.1.1.1 destination 10.1.1.2 ?
                                                             ^
ERROR: Invalid entry: "10.1.1.2"
Leaf-1-> policy condition test source ip 10.1.1.1 destination ip 10.1.1.2 ?
                                                                         ^
                                                  <cr> 802.1P APPFP-GROUP 
                                                  DESTINATION 
                                                  DPI-APPLICATION-GROUP 
                                                  DPI-APPLICATION-NAME DSCP 
                                                  ESTABLISHED ETHERTYPE 
                                                  FLOW-LABEL FRAGMENTS FROM 
                                                  ICMPCODE ICMPTYPE INNER 
                                                  IP-PROTOCOL IPV6 MASK 
                                                  MULTICAST NO SERVICE SIP 
                                                  SOURCE TCPFLAGS TOS VRF 
 (QoS Command Set)
Leaf-1-> policy condition test source ip 10.1.1.1 destination ip 10.1.1.2 

Leaf-1-> 
Leaf-1-> policy action accept disposition accept ?
                                                ^
                                                <cr> 802.1P CIR COLOR-ONLY CPU 
                                                DISPOSITION DSCP EGRESS FROM 
                                                INGRESS MAP MAXIMUM MIRROR NO 
                                                NO-CACHE PERMANENT 
                                                PORT-DISABLE PRIORITY REDIRECT 
                                                RTCP-DSCP RTCP-MONITORING 
                                                SHARED TOS TRUST-DSCP 
 (QoS Command Set)
Leaf-1-> policy action accept disposition accept dscp ?
                                                     ^
                                                  <num> 
 (QoS Command Set)
Leaf-1-> policy action accept disposition accept dscp 46 ?
                                                        ^
                                                  <cr> 802.1P CIR COLOR-ONLY 
                                                  CPU DISPOSITION DSCP EGRESS 
                                                  FROM INGRESS MAP MAXIMUM 
                                                  MIRROR NO NO-CACHE PERMANENT 
                                                  PORT-DISABLE PRIORITY 
                                                  REDIRECT RTCP-DSCP 
                                                  RTCP-MONITORING SHARED TOS 
                                                  TRUST-DSCP 
 (QoS Command Set)
Leaf-1-> policy action accept disposition accept dscp 46 

Leaf-1-> 
Leaf-1-> policy rule test condition test action accept ?
                                                      ^
                                                  <cr> ACTION CONDITION COUNT 
                                                  DEFAULT-LIST DISABLE ENABLE 
                                                  FROM LOG LOG-INTERVAL NO 
                                                  PRECEDENCE SAVE TRAP 
                                                  VALIDITY-PERIOD 
 (QoS Command Set)
Leaf-1-> policy rule test condition test action accept lo
log           log-interval  
Leaf-1-> policy rule test condition test action accept log

Leaf-1-> 
Leaf-1-> 
Leaf-1-> 
Leaf-1-> ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.881 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.782 ms
64 bytes from 10.1.1.2: icmp_seq=3 ttl=64 time=0.685 ms
64 bytes from 10.1.1.2: icmp_seq=4 ttl=64 time=0.710 ms
64 bytes from 10.1.1.2: icmp_seq=5 ttl=64 time=0.652 ms
64 bytes from 10.1.1.2: icmp_seq=6 ttl=64 time=0.693 ms

--- 10.1.1.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5000ms
rtt min/avg/max/mdev = 0.652/0.733/0.881/0.084 ms
Leaf-1-> show active policy rule 
Rule name                        : RESTRICT_VNID_5000
  Condition name                 = VNID,
  Action name                    = DROP,
  Log                            = Yes


Leaf-1-> 
Leaf-1-> qos apply

Leaf-1-> show active policy rule 
Rule name                        : RESTRICT_VNID_5000
  Condition name                 = VNID,
  Action name                    = DROP,
  Log                            = Yes

Rule name                        : test
  Condition name                 = test,
  Action name                    = accept,
  Log                            = Yes


Leaf-1-> ping 10.1.1.2           
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.945 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.681 ms
64 bytes from 10.1.1.2: icmp_seq=3 ttl=64 time=0.672 ms
64 bytes from 10.1.1.2: icmp_seq=4 ttl=64 time=0.664 ms
64 bytes from 10.1.1.2: icmp_seq=5 ttl=64 time=0.674 ms
64 bytes from 10.1.1.2: icmp_seq=6 ttl=64 time=0.648 ms

--- 10.1.1.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4999ms
rtt min/avg/max/mdev = 0.648/0.714/0.945/0.103 ms
Leaf-1-> 
Leaf-1-> show active policy rule 
Rule name                        : RESTRICT_VNID_5000
  Condition name                 = VNID,
  Action name                    = DROP,
  Log                            = Yes

Rule name                        : test
  Condition name                 = test,
  Action name                    = accept,
  Log                            = Yes,
  Packets                        = 6


Leaf-1-> show qos log
**QOS Log**
 8/03/15 14:37:52 Log Init (55bf7cc0).
 8/03/15 14:37:52 qosMuxGroupRegisterApp: registered handler 0x10072834 for appid ab
 8/03/15 14:37:52 qosNIStateInit: allocated id 0 for all NI mux group.
 8/03/15 14:37:52 Reactor initialized
 8/03/15 14:37:52 QoS registered with Chassis Supervisor
 8/03/15 14:37:52 QoS registered with MIP library
 8/03/15 14:37:52 QoS registered with Port Manager
 8/03/15 14:37:52 QoS registered with Vlan Manager
 8/03/15 14:37:52 Got eoic (55bf7cc0)
 8/03/15 14:37:52 Apply QoS configuration (cli)
 8/03/15 14:37:52 Calling cslib_unblock (55bf7cc0)
 8/03/15 14:37:52 QoS registered with ipedr
 8/03/15 14:37:52 QoS registered with ipv6
 8/03/15 14:37:52 PM Link Status register for slot 1/1 ports 28 - 2b
 8/03/15 14:37:52 Connect from API 1/1
 8/03/15 14:37:52 Connect from API 1/2
 8/03/15 14:37:53 Connect from API 1/3
 8/03/15 14:37:53 Connect from API 1/4
 8/03/15 14:37:53 Connect from API 1/5
 8/03/15 14:37:54 Connect from API 1/6
 8/03/15 14:37:56 Connect from API 1/7
 8/03/15 14:37:58 Connect from API 1/8
 8/03/15 14:38:03 Connect from API 1/9
 8/03/15 14:38:05 Connect from API 1/10
 8/03/15 14:38:05 Connect from API 1/11
 8/03/15 14:38:05 Connect from API 1/12
 8/03/15 14:38:05 add VRF [id 0] name ""
 8/03/15 14:38:08 Connect from API 1/13
 8/03/15 14:38:08 qosApiHandleOpenFlowMsg: got message ab0100 [CfgTables] 00000000
 8/03/15 14:38:08 muxid 1 allocated for OpenFlow.
 8/03/15 14:38:47 Connect from slot 1/1

 8/03/15 14:38:47 Enabling ipmsv4
 8/03/15 14:38:47 Enabling ipmsv6
 8/03/15 14:38:50 Connect reply from 1:1 (seq 0, insync 0: 80000000)
 8/03/15 14:38:57 NI 1/1 Up
 8/03/15 14:38:57 PM Link Status register for slot 1/1 ports 0 - 13
 8/03/15 14:39:12 qosLDAPIdFileGet: LDAP Id is e8:e7:32:77:f7:29:20130418:025448
 8/03/15 14:39:12 Config sent to Slot 1/1
 8/03/15 14:39:12 Send 2 vpa status, 0 ip interface messages for slot 1
 8/03/15 14:39:12 Slot 1/1 Ready.
 8/03/15 14:39:12 Disabling ipmsv4
 8/03/15 14:39:12 Disabling ipmsv6
 8/03/15 14:39:12 qosApiHandleOpenFlowMsg: got message ab0100 [CfgTables] 00000000
 8/03/15 14:39:17 VC Takeover in progress (55bf7d15).
 8/03/15 14:39:17 VC Takeover complete (55bf7d15).
 8/03/15 14:39:17 qosSocketClose 234:parent socket API disconnected, fd 95
 8/03/15 14:39:17 Disconnect from API 1/4
 8/03/15 14:39:17 Connect from API 1/4
 8/03/15 14:39:18 Connect from API 1/14
 8/03/15 14:39:18 Connect from API 1/15
 8/03/15 14:39:19 NI[1/1]: Apply QoS configuration (cli)
 8/03/15 14:39:19 NI[1/1]: Apply QoS configuration (cli)
 8/03/15 14:46:17 AppFp takeover timer handler running.
 8/03/15 14:53:17 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 15:14:58 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 15:15:09 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:19:50 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:19:55 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:20:01 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:20:04 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:20:08 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:20:14 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:20:19 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:20:22 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:20:29 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:20:35 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 16:20:38 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:38:36 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:38:36 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:38:36 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:38:51 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:38:51 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:38:51 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:42:16 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:42:16 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:42:16 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:42:34 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:42:34 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:42:34 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:42:43 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:42:43 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/03/15 17:42:43 qosNIMsgSendRtrMac: mac e8:e7:32:77:f7:29 send to 0:0, 1 nis
 8/04/15 10:36:19 Apply QoS configuration (cli)
 8/04/15 10:36:20 NI[1/1]: Apply QoS configuration (cli)
 8/04/15 10:38:48 Apply QoS configuration (cli)
 8/04/15 10:38:50 NI[1/1]: Apply QoS configuration (cli)
 8/04/15 11:05:08 Apply QoS configuration (cli)
 8/04/15 11:05:10 NI[1/1]: Apply QoS configuration (cli)
 8/04/15 11:05:15 [@11:05:14] rule 'test' matched:accept
 8/04/15 11:05:15  svlan 1 port 1/0/0 -> 1/1/42 
 8/04/15 11:05:15  MAC E8:E7:32:77:F7:29 -> E8:E7:32:77:FC:75
 8/04/15 11:05:15  TOS 0x00 (ICMP 8:0) 10.1.1.1 -> 10.1.1.2
 8/04/15 11:05:20 [@11:05:15] rule 'test' matched:accept
 8/04/15 11:05:20  svlan 1 port 1/0/0 -> 1/1/42 
 8/04/15 11:05:20  MAC E8:E7:32:77:F7:29 -> E8:E7:32:77:FC:75
 8/04/15 11:05:20  TOS 0x00 (ICMP 8:0) 10.1.1.1 -> 10.1.1.2
 8/04/15 11:05:20 [@11:05:16] rule 'test' matched:accept
 8/04/15 11:05:20  svlan 1 port 1/0/0 -> 1/1/42 
 8/04/15 11:05:20  MAC E8:E7:32:77:F7:29 -> E8:E7:32:77:FC:75
 8/04/15 11:05:20  TOS 0x00 (ICMP 8:0) 10.1.1.1 -> 10.1.1.2
 8/04/15 11:05:20 [@11:05:17] rule 'test' matched:accept
 8/04/15 11:05:20  svlan 1 port 1/0/0 -> 1/1/42 
 8/04/15 11:05:20  MAC E8:E7:32:77:F7:29 -> E8:E7:32:77:FC:75
 8/04/15 11:05:20  TOS 0x00 (ICMP 8:0) 10.1.1.1 -> 10.1.1.2
 8/04/15 11:05:20 [@11:05:18] rule 'test' matched:accept
 8/04/15 11:05:20  svlan 1 port 1/0/0 -> 1/1/42 
 8/04/15 11:05:20  MAC E8:E7:32:77:F7:29 -> E8:E7:32:77:FC:75
 8/04/15 11:05:20  TOS 0x00 (ICMP 8:0) 10.1.1.1 -> 10.1.1.2
 8/04/15 11:05:20 [@11:05:19] rule 'test' matched:accept
 8/04/15 11:05:20  svlan 1 port 1/0/0 -> 1/1/42 
 8/04/15 11:05:20  MAC E8:E7:32:77:F7:29 -> E8:E7:32:77:FC:75
 8/04/15 11:05:20  TOS 0x00 (ICMP 8:0) 10.1.1.1 -> 10.1.1.2

Leaf-1-> show configuration snapshot qos
! QOS:
policy condition VNID vxlan  vxlan-port 8472 vni 5000 inner source ip 172.20.175.135 
policy condition test source ip 10.1.1.1 destination ip 10.1.1.2 
policy action DROP disposition drop 
policy action accept dscp 46 
policy rule RESTRICT_VNID_5000 condition VNID action DROP log  
policy rule test condition test action accept log  
qos apply
notizen-cw.txt · Zuletzt geändert: 2015/08/06 13:49 von benny