EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

US

Syslog-SNMP-SPAN-Netflow Configuration

Syslog-SNMP-SPAN-Netflow Configuration

Syslog

 In order to configure syslog in ACI, we have to follow below steps:

Step 1: Configure and create External Data Collectors as Syslog Destination

Go to Admin| External Data Collectors | Syslog | Right click to Create Syslog Monitoring Destination Group

Now page will open to create the Syslog Monitoring Destination Group, use following parameters

  • Name: dclessons-syslog-grp
  • Format: ACI
  • Admin State: Enable
  • Local File Destination: Admin State: Enable and Severity: Information
  • Console Destination: Admin State: Enable and Severity: Information

Select next to go to Remote destination section and configure below parameters.

  • Host IP: 50.50.50.50
  • Admin State: Enable
  • Severity: Informational
  • Port: 514
  • Forwarding facility: local7
  • Mgmt EPG: default (Out of Band)

Refer Below figure to configure above parameters correctly

Step 2: Create syslog source at Access level, fabric level and tenet level and associate the syslog source with destination.

Option 1: Syslog Source Policy at Access Level:

Go to Fabric | Access Polices | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select Syslog at right side of Work Pane | Select + option.

Use following parameter to configure following

  • Name: dclessons-Syslog-src
  • Min Severity: information
  • Include all Faults : Audit logs , Events , Faults , Session Logs
  • Des Grp : dclessons-syslog-grp

Refer below figure in order to configure these parameters correctly

Option 2: Syslog Source Policy at fabric Level:

Go to Fabric | fabric Polices | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select Syslog at right side of Work Pane | Select + option.

Use following parameter to configure following

  • Name: dclessons-Syslog-src
  • Min Severity: information
  • Include all Faults : Audit logs , Events , Faults , Session Logs
  • Des Grp : dclessons-syslog-grp

Refer below figure in order to configure these parameters correctly

Option 3: Syslog Source Policy at tenant Level:

Go to Tenant | Dclessons | Policies | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select Syslog at right side of Work Pane | Select + option.

Use following parameter to configure following

  • Name: dclessons—tenant-Syslog-src
  • Min Severity: information
  • Include all Faults : Audit logs , Events , Faults , Session Logs
  • Des Grp : dclessons-syslog-grp

Refer below figure in order to configure these parameters correctly

SNMP

Below are some steps that is required to configure SNMP in APIC Environment.

Step1 Create External Data Collector as SNMP trap Destination

Go to Admin| External Data Collection | SNMP | Right click to Create SNMP Monitoring Destination Group

Under SNMP Monitoring Destination Group page, Enter Following parameters

  • Name : dclessons-snmp-trap-grp | Next
  • Under SNMP Trap destination
  • Host IP : 40.40.40.40
  • Port: 162
  • Version v2
  • Community Name: dclessons
  • Management EPG: default

Refer below figure in order to configure these parameters correctly

Step 2: Create SNMP source at Access level, fabric level and tenet level.

Option 1: SNMP Source Policy at Access Level:

Go to Fabric | Access Polices | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select SNMP at right side of Work Pane | Select + option.

Use following parameter to configure following

  • Name: dclessons-snmp-src
  • Des Grp : dclessons-snmp-trap-grp

Refer below figure in order to configure these parameters correctly

Option 2: SNMP Source Policy at fabric Level:

Go to Fabric | fabric Polices | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select SNMP at right side of Work Pane | Select + option.

Use following parameter to configure following

  • Name: dclessons-snmp-src
  • Des Grp : dclessons-snmp-trap-grp

Refer below figure in order to configure these parameters correctly

Option 3: SNMP Source Policy at tenant Level:

Go to Tenant | Dclessons | Policies | Monitoring | default | Call home/smart/call home/SNMP/Syslog/TACACS | Select SNMP at right side of Work Pane | Select + option.

Use following parameter to configure following

  • Name: dclessons—tenant-tenant-snmp-src
  • Des Grp : dclessons-snmp-trap-grp

Refer below figure in order to configure these parameters correctly

Now we will have to create the SNMP read query configuration in ACI

Step 1: Define SNMP Policy

Go to Fabric | Fabric Policies | Policies | Pod | Right click on SNMP | Select Create SNMP policy

Use following Parameters to configure this.

  • Name : dclessons-snmp-policy
  • Admin state : Enable
  • Contact : Enabled
  • Location : VZ
  • Under Community Policy : Name : dclessons-snmp-community

Under Client Group Policies, use below parameters.

  • Name: dclessons-snmp-client-profile
  • Client enteries: 40.40.40.40
  • Associated Management EPG: default (Out of band )
  • Click Submit

Refer Below configure these parameters correctly

Step 2: Add SNMP Policy to POD Policy Group

Go to Fabric | fabric Policies | Pods | Policy Groups

Under Create Pod Policy Group, configure following parameters

  • Name : dclessons-pod-policy-grp
  • SNMP policy : dclessons-snmp-policy

Refer below figure to configure these above parameters

Step 3: Add Pod Policy group to Pod Profile

Go to Fabric | Fabric Policies | Pods | Profiles | Pod Profile default

Click on + sign on Pod Selectors filed and use below parameters

  • Name : dclessons-pod-default
  • Type : all
  • Block: Pod 1
  • Policy Group : dclessons-pod-policy-grp

Refer below figure to configure these parameters correctly

SNMP traffic using OOB management, do not require explicit OOB contract on the APIC using UDP port 161 (for Queries) and port UDP 162 for traps.

SNMP traffic using In-band management requires an explicit INB contract on APIC, using UDP port 161/162. If this contract is not available, SNMP packets will be dropped by border leaf.

Switch Port Analyzer (SPAN)

SPAN provides capability to capture ingress/egress traffic flows from switch interface. ACI captures packet dynamically on APIC as SPAN destination and defines SPAN source based on Endpoints, regardless of their location.

SPAN in ACI can be configured in following mode:

  • Access Mode: To Monitor traffic from originating from access port in leaf switch
  • Fabric Mode:  To Monitor traffic from originating from fabric port between leaf & Spine switch
  • Tenant: To Monitor traffic from originating from EPG in Tenant.

Access SPAN

In Access SPAN we can be able to configure two modes of SPAN, Local SPAN or ERSPAN on leaf switch.

These SPAN session captures ingress, egress or both direction packets. SPAN source can be physical Ports, Port-channel or vPC.

SPAN destination can be a local access port If SPAN source is on same Leaf, or If SPAN Source is on different leaf.

If Packet Analyzer is on VM connected by Virtual Switch then, SPAN destination must be ERSPAN, even though EXSI host running this VM is connected to same local Leaf Switch.

In order to configure Access SPAN , we need to create SPAN destination

Go to Fabric | Access Policies | Policies | Troubleshooting | SPAN| SPAN Destination Group | Right click to configure SPAN Destination group.

Now we can configure SPAN destination using two method

Method 1: For ERSPAN Destination Group

Use below parameters to configure

  • Name: dclessons-span-erspan-dst
  • Destination type: EPG
  • Destination EPG: Tenant/dclessons , Application profile : span-app , EPG: mgmt.
  • SPAN version: Version 2
  • Destination IP : 40.40.40.40
  • Source IP : 1.1.1.1
  • DSCP: CS5

Refer Below figure to configure parameter correctly

Method 2: For SPAN Destination Group


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.