ACI object moquery Cheat Sheet (2023)

Table of Contents
moquery usage VPC

Moquery is the command line cousin of Vizore, it's very helpful and efficientsometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.

(Video) ACI Configuration Search using moquery

moquery usage

moquery --helpusage: Command line cousin to visore [-h] [-i HOST] [-p PORT] [-d DN] [-c KLASS] [-f FILTER] [-a ATTRS] [-o OUTPUT] [-u USER] [-x [OPTIONS [OPTIONS ...]]]optional arguments: -h, --help show this help message and exit -i HOST, --host HOST Hostname or ip of apic -p PORT, --port PORT REST server port -d DN, --dn DN dn of the mo -c KLASS, --klass KLASS comma seperated class names to query -f FILTER, --filter FILTER property filter to accept/reject mos -a ATTRS, --attrs ATTRS type of attributes to display (config, all) -o OUTPUT, --output OUTPUT Display format (block, table, xml, json) -u USER, --user USER User name -x [OPTIONS [OPTIONS ...]], --options [OPTIONS [OPTIONS ...]] Extra options to the query

Basic moquery commands

See Also
Enable ACL “deny” or “permit” logging

BRIDGE DOMAINmoquery -c fvBDmoquery -c fvBD -f "fv.BD.name==\"BDname\""
moquery -c fvSubnet (BD SVI)CONTEXTmoquery -c fvCtxEPGmoquery -c fvAEPg
moquery -c fvAEPg -f 'fv.AEPg.pcTag=="xxxx"'
ENDPOINT
moquery -c fvCEp
moquery -c fvCEp | grep x.x.x.x -A 10 -B 5
moquery -c fvCEp -f 'fv.CEp.name=="aa:bb:cc:dd:11:22:33:44"'
moquery -c fvCEp -f 'fv.CEp.ip=="1.1.1.1"'
moquery -c fvRsCEpToPathEp CONSUMED CONTRACTmoquery -c vzBrCPPROVIDED CONTRACTmoquery -c vzBrCPL3 OUTmoquery -c l3extInstP
moquery -c l3extDomP
moquery -c actrl.PfxEntry
moquery -c l3extSubnet
FAULT
moquery -c faultInst -f 'fault.Inst.code=="F0467"'
moquery -c faultRecord -x order-by="faultRecord.created|desc" 'query-target-filter=wcard(faultRecord.created,"2017-12-1[2]")'>/home/admin/auditlog.txt
TUNNEL INTERFACES
moquery -c tunnelIf
(Video) Under the Covers with moquery

On APIC, please enter into 'bash' mode, then you can start with moquery

VPC

<moquery -c fabricExplicitGEp> -Find vPC Domain VIP(s)

lindawa@apic1:~> moquery -c fabricExplicitGEpTotal Objects shown: 1# fabric.ExplicitGEpname : leaf103-104childAction :configQual :configSt : deployeddn : uni/fabric/protpol/expgep-leaf103-104id : 2lcOwn : localmodTs : 2017-12-12T01:29:24.470+00:00monPolDn : uni/fabric/monfab-defaultrn : expgep-leaf103-104status :uid : 15374virtualIp : 10.0.120.65/32

Which leaf nodes is this EPG(name known) deployed on in the fabric?

lindawa@apic1:~> moquery -c fvLocale | grep dn | grep lindawa-web
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-101
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-102

Is the EPG (keyword for filtering) using dynamic attachment and what leafs?

(Video) ACI TCPUMP

lindawa@apic1:~> moquery -c fvDyPathAtt | grep dn | grep lindawa-web
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-101/dyatt-[topology/pod-1/protpaths-101-102/pathep-[lindawa-vpc-to-srv37]]
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-102/dyatt-[topology/pod-1/protpaths-101-102/pathep-[lindawa-vpc-to-srv37]]
lindawa@apic1:~>

What is the dynamic VLAN encap used for this EPG?

lindawa@apic1:~> moquery -c fvIfConn | grep dn | grep lindawa-web
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-101/dyatt-[topology/pod-1/protpaths-101-102/pathep-[lindawa-vpc-to-srv37]]/conndef/conn-[vlan-826]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-lindawa/ap-lindawa-vmm/epg-lindawa-web]/node-102/dyatt-[topology/pod-1/protpaths-101-102/pathep-[lindawa-vpc-to-srv37]]/conndef/conn-[vlan-826]-[0.0.0.0]

What is theBD name if I know theVLAN encap used for L2Out?

lindawa@apic1:~> moquery -c l2extRsEBd | grep -A 20 -B 2 vlan-43
childAction :
dn : uni/tn-lindawa/l2out-l2out-test/rseBd
encap : vlan-43
forceResolve : yes
lcOwn : local
modTs : 2018-04-12T05:23:44.593+00:00
monPolDn : uni/tn-common/monepg-default
rType : mo
rn : rseBd
state : formed
stateQual : none
status :
tCl : fvBD
tContextDn :
tDn : uni/tn-lindawa/BD-recreate
tRn : BD-recreate
tType : name
tnFvBDName : recreate
uid : 0

<moquery -c fabricExplicitGEp> -Find vPC Domain VIP(s), same command is applicable to switch as well.

What other EPG are configured to useleaf101 port 1/34.

(Video) Using Healthscores in ACI to troubleshoot issues

leaf101# moquery -c fvIfConn | grep dn | grep eth1/34
dn : uni/epp/rtd-[uni/tn-lindawa/out-l3out-ospf/instP-all-ext]/node-101/stpathatt-[eth1/34]/conndef/conn-[unknown]-[192.168.33.3/24]

What VLAN is associated with an interface?

leaf101# moquery -c nwPathEp -f 'nw.PathEp.id=="eth1/16"'
Total Objects shown: 1
# nw.PathEp
id : eth1/16
allocState : allocated
childAction :
descr :
dn : sys/conng/path-[eth1/16]
fabricPathDn : topology/pod-1/paths-101/pathep-[eth1/16]
lcOwn : local
modTs : 2018-03-26T05:51:53.874+00:00
monPolDn : uni/fabric/monfab-default
name :
nativeEncap : vlan-1940
rn : path-[eth1/16]
status :
vlanScope : global
vlanScopeSupport : supported
leaf101#

What speeds are the leaf port configured to operate at?

leaf101# moquery -c ethpmPhysIf | grep -E 'dn|operSpeed'
dn : sys/phys-[eth1/33]/phys
operSpeed : 10G
dn : sys/phys-[eth1/34]/phys
operSpeed : 1G
Top Articles
Latest Posts
Article information

Author: Trent Wehner

Last Updated: 08/06/2023

Views: 5944

Rating: 4.6 / 5 (76 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Trent Wehner

Birthday: 1993-03-14

Address: 872 Kevin Squares, New Codyville, AK 01785-0416

Phone: +18698800304764

Job: Senior Farming Developer

Hobby: Paintball, Calligraphy, Hunting, Flying disc, Lapidary, Rafting, Inline skating

Introduction: My name is Trent Wehner, I am a talented, brainy, zealous, light, funny, gleaming, attractive person who loves writing and wants to share my knowledge and understanding with you.