16-3
Cisco Nexus 1000V Troubleshooting Guide, Release 5.2(1)SV3(1.1)
OL-31593-01
Chapter 16 ACLs
Debugging Policy Verification Issues
AclId RefCnt Type Rules StatId AclName (Stats: Permit/Deny/NoMatch)
----- ------ ---- ----- ------ ------------------------------------
1 0 IPv4 1 1 v4 (Enb: 0/0/0)
2 0 IPv6 0 2 v6 (Dis: 0/0/0)
The Acl-id is the local ACLID for this VEM. Ref-cnt refers to the number of instances of this ACL in
this VEM.
Use the following command to list the interfaces on which ACLs have been installed
~ # module vem 3 execute vemcmd show acl pinst
LTL Acl-id Dir
16 1 ingress
Debugging Policy Verification Issues
You can debug a policy verification failure.
Note This section is applicable only to VEMs that are available in older releases. The VEMs in the latest
release do not have any policy verification failure issue.
Step 1 On the VSM, redirect the output to a file in bootflash.
debug logfile filename
Step 2 Enter the debug aclmgr all command.
Step 3 Enter the debug aclcomp all command.
For the VEMs where the policy exists, or is being applied, enter the following these steps from the VSM.
The output goes to the console.
Step 4 Enter the module vem module-number execute vemdpalog debug sfaclagent all command.
Step 5 Enter the module vem module-number execute vemdpalog debug sfpdlagent all command.
Step 6 Enter the module vem module-number execute vemlog debug sfacl all command.
Step 7 Enter the module vem module-number execute vemlog start command.
Step 8 Enter the module vem module-number execute vemlog start command.
Step 9 Configure the policy that was causing the verify error.
Step 10 Enter the module vem module-number execute vemdpalog show all command.
Step 11 Enter module vem module-number execute vemlog show all command.
Save the Telnet or SSH session buffer to a file. Copy the logfile created in bootflash.
Troubleshooting ACL Logging
This section includes the following topics:
• Using the CLI to Troubleshoot ACL Logging on a VEM, page 16-4
To Next Page
Loading...
Need help?
General
