EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFSyslog-SNMP-SPAN-Netflow Configuration
Syslog
In order to configure syslog in ACI, we have to follow below steps:
Step 1: Configure and create External Data Collectors as Syslog Destination
Go to Admin| External Data Collectors | Syslog | Right click to Create Syslog Monitoring Destination Group
Now page will open to create the Syslog Monitoring Destination Group, use following parameters
- Name: dclessons-syslog-grp
- Format: ACI
- Admin State: Enable
- Local File Destination: Admin State: Enable and Severity: Information
- Console Destination: Admin State: Enable and Severity: Information
Select next to go to Remote destination section and configure below parameters.
- Host IP: 50.50.50.50
- Admin State: Enable
- Severity: Informational
- Port: 514
- Forwarding facility: local7
- Mgmt EPG: default (Out of Band)
Refer Below figure to configure above parameters correctly
Step 2: Create syslog source at Access level, fabric level and tenet level and associate the syslog source with destination.
Option 1: Syslog Source Policy at Access Level:
Go to Fabric | Access Polices | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select Syslog at right side of Work Pane | Select + option.
Use following parameter to configure following
- Name: dclessons-Syslog-src
- Min Severity: information
- Include all Faults : Audit logs , Events , Faults , Session Logs
- Des Grp : dclessons-syslog-grp
Refer below figure in order to configure these parameters correctly
Option 2: Syslog Source Policy at fabric Level:
Go to Fabric | fabric Polices | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select Syslog at right side of Work Pane | Select + option.
Use following parameter to configure following
- Name: dclessons-Syslog-src
- Min Severity: information
- Include all Faults : Audit logs , Events , Faults , Session Logs
- Des Grp : dclessons-syslog-grp
Refer below figure in order to configure these parameters correctly
Option 3: Syslog Source Policy at tenant Level:
Go to Tenant | Dclessons | Policies | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select Syslog at right side of Work Pane | Select + option.
Use following parameter to configure following
- Name: dclessons—tenant-Syslog-src
- Min Severity: information
- Include all Faults : Audit logs , Events , Faults , Session Logs
- Des Grp : dclessons-syslog-grp
Refer below figure in order to configure these parameters correctly
SNMP
Below are some steps that is required to configure SNMP in APIC Environment.
Step1 Create External Data Collector as SNMP trap Destination
Go to Admin| External Data Collection | SNMP | Right click to Create SNMP Monitoring Destination Group
Under SNMP Monitoring Destination Group page, Enter Following parameters
- Name : dclessons-snmp-trap-grp | Next
- Under SNMP Trap destination
- Host IP : 40.40.40.40
- Port: 162
- Version v2
- Community Name: dclessons
- Management EPG: default
Refer below figure in order to configure these parameters correctly
Step 2: Create SNMP source at Access level, fabric level and tenet level.
Option 1: SNMP Source Policy at Access Level:
Go to Fabric | Access Polices | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select SNMP at right side of Work Pane | Select + option.
Use following parameter to configure following
- Name: dclessons-snmp-src
- Des Grp : dclessons-snmp-trap-grp
Refer below figure in order to configure these parameters correctly
Option 2: SNMP Source Policy at fabric Level:
Go to Fabric | fabric Polices | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select SNMP at right side of Work Pane | Select + option.
Use following parameter to configure following
- Name: dclessons-snmp-src
- Des Grp : dclessons-snmp-trap-grp
Refer below figure in order to configure these parameters correctly
Option 3: SNMP Source Policy at tenant Level:
Go to Tenant | Dclessons | Policies | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select SNMP at right side of Work Pane | Select + option.
Use following parameter to configure following
- Name: dclessons—tenant-tenant-snmp-src
- Des Grp : dclessons-snmp-trap-grp
Refer below figure in order to configure these parameters correctly
Now we will have to create the SNMP read query configuration in ACI
Step 1: Define SNMP Policy
Go to Fabric | Fabric Policies | Policies | Pod | Right click on SNMP | Select Create SNMP policy
Use following Parameters to configure this.
- Name : dclessons-snmp-policy
- Admin state : Enable
- Contact : Enabled
- Location : VZ
- Under Community Policy : Name : dclessons-snmp-community
Under Client Group Policies, use below parameters.
- Name: dclessons-snmp-client-profile
- Client enteries: 40.40.40.40
- Associated Management EPG: default (Out of band )
- Click Submit
Refer Below configure these parameters correctly
Step 2: Add SNMP Policy to POD Policy Group
Go to Fabric | fabric Policies | Pods | Policy Groups
Under Create Pod Policy Group, configure following parameters
- Name : dclessons-pod-policy-grp
- SNMP policy : dclessons-snmp-policy
Refer below figure to configure these above parameters
Step 3: Add Pod Policy group to Pod Profile
Go to Fabric | Fabric Policies | Pods | Profiles | Pod Profile default
Click on + sign on Pod Selectors filed and use below parameters
- Name : dclessons-pod-default
- Type : all
- Block: Pod 1
- Policy Group : dclessons-pod-policy-grp
Refer below figure to configure these parameters correctly
SNMP traffic using OOB management, do not require explicit OOB contract on the APIC using UDP port 161 (for Queries) and port UDP 162 for traps.
SNMP traffic using In-band management requires an explicit INB contract on APIC, using UDP port 161/162. If this contract is not available, SNMP packets will be dropped by border leaf.
Switch Port Analyzer (SPAN)
SPAN provides capability to capture ingress/egress traffic flows from switch interface. ACI captures packet dynamically on APIC as SPAN destination and defines SPAN source based on Endpoints, regardless of their location.
SPAN in ACI can be configured in following mode:
- Access Mode: To Monitor traffic from originating from access port in leaf switch
- Fabric Mode: To Monitor traffic from originating from fabric port between leaf & Spine switch
- Tenant: To Monitor traffic from originating from EPG in Tenant.
Access SPAN
In Access SPAN we can be able to configure two modes of SPAN, Local SPAN or ERSPAN on leaf switch.
These SPAN session captures ingress, egress or both direction packets. SPAN source can be physical Ports, Port-channel or vPC.
SPAN destination can be a local access port If SPAN source is on same Leaf, or If SPAN Source is on different leaf.
If Packet Analyzer is on VM connected by Virtual Switch then, SPAN destination must be ERSPAN, even though EXSI host running this VM is connected to same local Leaf Switch.
In order to configure Access SPAN , we need to create SPAN destination
Go to Fabric | Access Policies | Policies | Troubleshooting | SPAN| SPAN Destination Group | Right click to configure SPAN Destination group.
Now we can configure SPAN destination using two method
Method 1: For ERSPAN Destination Group
Use below parameters to configure
- Name: dclessons-span-erspan-dst
- Destination type: EPG
- Destination EPG: Tenant/dclessons , Application profile : span-app , EPG: mgmt.
- SPAN version: Version 2
- Destination IP : 40.40.40.40
- Source IP : 1.1.1.1
- DSCP: CS5
Refer Below figure to configure parameter correctly
Method 2: For SPAN Destination Group
Comment
TABLE OF CONTENTS
- ACI Initial Fabric Configuration
- ACI Configure Tenant VRF & Bridge Domain
- ACI Configure Filters and Contracts
- ACI Configure Three-Tier Application Profile
- ACI Configure Baseline Interface Policies
- ACI Integration with VMWARE
- ACI Inter Tenant Connectivity
- ACI Extend Bridge Domain by External Layer 2 Connection
- ACI External Network Connectivity to External Switch via Trunk
- ACI Static Routing for External Layer 3 Connectivity
- ACI OSPF Routing for External Layer 3 Connectivity
- ACI EIGRP Routing for External Layer 3 Connectivity
- ACI EBGP Routing for External Layer 3 Connectivity
- IPN Configuration
- ACI Multipod Overview
- ACI Multi-Pod Building Control Plane
- ACI Multi-Pod Data Traffic Flow
- Multi-Pod Connectivity via External L3
- Host Tracking Subnet Check & Limit IP Learning
- Service Graph Introduction
- BD VRF & EPG Design consideration – Service Chaining
- IP Routing & VRF Design Consideration – Service Chaining
- L3Out for Routing to L4-L7 Devices
- Routed Mode ( Go-To mode ) for L4-L7 Appliance
- Transparent & One ARM mode for L4-L7 Appliance
- Policy Based Redirect in ACI
RECENT POSTS
- Advancing Your Career with Cisco Data Center Mastery: A Comprehensive Guide to Nexus Training
- Securing Networks in the Digital Age: Your Guide to Mastering Cisco Identity Services Engine (ISE)
- Becoming an AWS Solution Architect: Your Path to Cloud Expertise
- Navigating Your Journey to Docker Expertise: Master Docker with Comprehensive Training and Certification
- Transform Your Azure Networking Expertise Through AZ-700 Training
- Why Choose DClessons for Your SD-WAN Velocloud Training Needs
- Next-Level Networking: Unlocking Cisco ACI and DCACIA Potential with DClessons
- Mastering Data Center Technologies with DClessons: A Comprehensive Guide to Cisco CCIE Data Center Training
- Why Choose Cisco SD-WAN Solutions with DClessons?
- What is Docker and Why is It Important?
LEAVE A COMMENT
Please login here to comment.