moquery Cheat Sheet

Introduction

moquery is the command line cousin of Vizore.

I figured we have a CLI Commands cheat sheet list so why not one for moquery. I figured I would break it
up into two separate pieces with one for APICs and one for Switches. Please feel free to add any potential
moquery statements you feel are good for troubleshooting.

moquery usage

moquery --help
usage: Command line cousin to visore [-h] [-i HOST] [-p PORT] [-d DN]
[-c KLASS] [-f FILTER] [-a ATTRS]
[-o OUTPUT] [-u USER]
[-x [OPTIONS [OPTIONS ...]]]

optional arguments:
-h, --help show this help message and exit
-i HOST, --host HOST Hostname or ip of apic
-p PORT, --port PORT REST server port
-d DN, --dn DN dn of the mo
-c KLASS, --klass KLASS
comma seperated class names to query
-f FILTER, --filter FILTER
property filter to accept/reject mos
-a ATTRS, --attrs ATTRS
type of attributes to display (config, all)
-o OUTPUT, --output OUTPUT
Display format (block, table, xml, json)
-u USER, --user USER User name
-x [OPTIONS [OPTIONS ...]], --options [OPTIONS [OPTIONS ...]]
Extra options to the query

Basic moquery commands

BRIDGE DOMAIN
moquery -c fvBD
moquery -c fvBD -f "fv.BD.name==\"BDname\""
moquery -c fvSubnet (BD SVI)

CONTEXT
moquery -c fvCtx

EPG
moquery -c fvAEPg
moquery -c fvAEPg -f 'fv.AEPg.pcTag=="xxxx"'

ENDPOINT
moquery -c fvCEp
moquery -c fvCEp | grep x.x.x.x -A 10 -B 5
moquery -c fvCEp -f 'fv.CEp.name=="aa:bb:cc:dd:11:22:33:44"'
moquery -c fvCEp -f 'fv.CEp.ip=="1.1.1.1"'
moquery -c fvRsCEpToPathEp

CONSUMED CONTRACT
moquery -c vzBrCP

PROVIDED CONTRACT
moquery -c vzBrCP

L3 OUT
moquery -c l3extInstP
moquery -c l3extDomP
moquery -c actrl.PfxEntry
moquery -c l3extSubnet

FAULT
moquery -c faultInst -f 'fault.Inst.code=="F0053"'
moquery -c faultRecord -x order-by="faultRecord.created|desc" 'query-target-
filter=wcard(faultRecord.created,"2017-12-1[2]")'>/home/admin/auditlog.txt

TUNNEL INTERFACES
moquery -c tunnelIf

APIC moquery

Which Tenant and VRF number is a specific EPG in if you know the pcTag?

admin@fab1-apic1:~> moquery -c fvAEPg -f 'fv.AEPg.pcTag=="5481"'

Total Objects shown: 1

# fv.AEPg
name : epg8
childAction :
configIssues :
configSt : applied
descr :
dn : uni/tn-mb-7-8/ap-mb-app1/epg-epg8
lcOwn : local
matchT : AtleastOne
modTs : 2015-08-11T16:49:11.249+00:00
monPolDn : uni/tn-common/monepg-default
pcTag : 5481
prio : unspecified
rn : epg-epg8
scope : 2621441
status :
triggerSt : triggerable
uid : 15374

Which leaf nodes is this EPG deployed on in the fabric?

admin@fab1-apic1:~> moquery -c fvLocale | grep dn | grep epg-mb-new

dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-new]/node-102
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-new]/node-103

Is there a static path for this EPG, if so, what nodes

admin@fab1-apic1:~> moquery -c fvStPathAtt | grep dn | grep epg-mb-static

dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-static]/node-
102/stpathatt-[eth1/35]
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-static]/node-
103/stpathatt-[eth1/35]

Is the EPG using dynamic attachment and what leafs?

admin@fab1-apic1:~> moquery -c fvDyPathAtt | grep dn | grep epg-mb-new

dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-new]/node-102/dyatt-
[topology/pod-1/paths-102/pathep-[eth1/35]]
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-new]/node-103/dyatt-
[topology/pod-1/paths-103/pathep-[eth1/35]]

What is the dynamic VLAN encap used for this EPG?

admin@fab1-apic1:~> moquery -c fvIfConn | grep dn | grep mb-new

dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-new]/node-102/dyatt-
[topology/pod-1/paths-102/pathep-[eth1/35]]/conndef/conn-[vlan-211]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-new]/node-103/dyatt-
[topology/pod-1/paths-103/pathep-[eth1/35]]/conndef/conn-[vlan-211]-[0.0.0.0]

To view a specific Interface Profile:

admin@apic1:~> moquery -c infra.AccPortP | grep LeAF_1-2_ifselector -i -A 10 -B 1

# infra.AccPortP
name : LEAF_1-2_ifselector
childAction :
descr : GUI Interface Selector Generated PortP Profile: LEAF_1-2
dn : uni/infra/accportprof-LEAF_1-2_ifselector
lcOwn : local
modTs : 2015-11-02T16:25:59.586-08:00
monPolDn : uni/fabric/monfab-default
ownerKey :
ownerTag :
rn : accportprof-LEAF_1-2_ifselector
status :
uid : 15374

To view a specific Interface Selector:

admin@apic1:~> moquery -c infra.HPortS | grep 101-102_1-ports-25 -i -A 10 -B 1

# infra.HPortS
name : 101-102_1-ports-25
type : range
childAction :
descr :
dn : uni/infra/accportprof-LEAF_1-2_ifselector/hports-101-102_1-ports-25-typ-range
lcOwn : local
modTs : 2015-11-02T16:25:59.586-08:00
monPolDn : uni/fabric/monfab-default
ownerKey :
ownerTag :
rn : hports-101-102_1-ports-25-typ-range
status :
uid : 15374

To collect Audit logs: This will collect audit all changes made from 2016-01-25 (Change the date on
command as you need)
moquery -c aaaModLR -x order-by="aaaModLR.created|desc" 'query-target-
filter=wcard(aaaModLR.created,"2016-01-25")'>/home/admin/Audit20160125.txt

Switch moquery

VPC

<moquery -c fabricExplicitGEp> - Find vPC Domain VIP(s)

moquery -c fabricExplicitGEp
Total Objects shown: 1

# fabric.ExplicitGEp
name : vPCProtectionGroup
childAction :
configQual :
configSt : deployed
dn : uni/fabric/protpol/expgep-vPCProtectionGroup
id : 1
lcOwn : resolveOnBehalf
modTs : 2015-08-07T13:39:58.993-04:00
monPolDn : uni/fabric/monfab-default
rn : expgep-vPCProtectionGroup
status :
uid : 15374
virtualIp : 10.0.152.67/32

What other EPG are configured to use leaf3 port 1/35.

fab1_leaf3# moquery -c fvIfConn | grep dn | grep eth1/35

dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-static]/node-
103/stpathatt-[eth1/35]/conndef/conn-[vlan-2103]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-epg8]/node-
103/dyatt-[topology/pod-1/paths-103/pathep-[eth1/35]]/conndef/conn-[vlan-203]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-new]/node-103/dyatt-
[topology/pod-1/paths-103/pathep-[eth1/35]]/conndef/conn-[vlan-211]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-test2]/node-
103/dyatt-[topology/pod-1/paths-103/pathep-[eth1/35]]/conndef/conn-[vlan-207]-[0.0.0.0]
What VLANs are already allocated to which interfaces on this leaf? (We can grep by tenant
name, or attachment type of dyatt or stpathatt as well.

fab1_leaf3# moquery -c fvIfConn | grep dn | grep vlan

dn : uni/epp/br-[uni/tn-pod1/l2out-pod1-l2-out-1000/instP-pod1-l2-out-
1000]/node-103/stpathatt-[pod1-vpc-l2]/conndef/conn-[vlan-1000]-[0.0.0.0]
dn : uni/epp/br-[uni/tn-pod2/l2out-pod2-l2-out-1002/instP-pod2-l2-out-
1002]/node-103/stpathatt-[pod2-vpc-l2]/conndef/conn-[vlan-1002]-[0.0.0.0]
dn : uni/epp/rtd-[uni/tn-pod1/out-pod1_l3_ext_bgp/instP-L3_ext_bgp]/node-
103/stpathatt-[eth1/45]/conndef/conn-[vlan-3101]-[17.17.17.1/24]
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-static]/node-
103/stpathatt-[eth1/35]/conndef/conn-[vlan-2103]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-epg8]/node-
103/dyatt-[topology/pod-1/paths-103/pathep-[eth1/35]]/conndef/conn-[vlan-203]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-new]/node-103/dyatt-
[topology/pod-1/paths-103/pathep-[eth1/35]]/conndef/conn-[vlan-211]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-mb-tennant1/ap-mb-app-pro/epg-mb-test2]/node-
103/dyatt-[topology/pod-1/paths-103/pathep-[eth1/35]]/conndef/conn-[vlan-207]-[0.0.0.0]
dn : uni/epp/rtd-[uni/tn-pod3/out-pod3_bgp_svi/instP-pod3_bpg_ExNet]/node-
103/stpathatt-[eth1/44]/conndef/conn-[vlan-3103]-[19.19.19.1/24]

What VLAN is associated with an interface?

leaf# moquery -c nwPathEp -f 'nw.PathEp.id=="eth1/1"'

Total Objects shown: 1

# nw.PathEp
id : eth1/1
allocState : allocated
childAction :
descr :
dn : sys/conng/path-[eth1/1]
fabricPathDn : topology/pod-1/paths-404/pathep-[eth1/1]
lcOwn : local
modTs : 2017-11-23T02:00:33.481+00:00
monPolDn : uni/fabric/monfab-default
name :
nativeEncap : 22
rn : path-[eth1/1]
status :
vlanScope : global
vlanScopeSupport : supported

What speeds are the leaf port configured to operate at?

fab1_leaf3# moquery -c ethpmPhysIf | grep -E 'dn|operSpeed'

dn : sys/phys-[eth1/33]/phys
operSpeed : 10G
dn : sys/phys-[eth1/34]/phys
operSpeed : 10G
dn : sys/phys-[eth1/35]/phys
operSpeed : 1G