This simple little section took me over 3 weeks to finally complete. Now I wasn’t studying for those whole weeks just failing to get this APIC-EM to boot/install.
I eventually had to upgrade my $180 server to a $380 server by buying more RAM ($120 and two cpus $80).
Now it has just enough compute power to run the APIC-EM (2x 3Ghz CPUs and 64GB RAM).
Now on with the job:
After configuring a very long lab I finally got the APIC-EM path tracing working. On router 4 I configured an ACL blocking all trafic to PC3: interface Ethernet0/1 ip address 172.16.0.1 255.255.255.0 ip access-group 100 out ! snip access-list 100 deny ip any host 172.16.0.2
I confirmed first the ACL worked (here are some wireshark packet captures):
Then ran the APIC-EM Path Trace Tool:
The APIC-EM confirms that the ACL list is in place.
Thanks for the post. Was curious to know how this tool is used to verify ACLs. Seems like a lot of work for little to no recognition, so I just wanted to drop a post to say thank you.
Hey mate it can verify ACLs but it feels like a gimmick. Took me several days to finally get it working. The best way is to sign up and use Cisco’s free cloud based simulator to run the software. I couldn’t get it to run on my own hardware well.
As for how it works – I think it just pulls the configs from the routers and analyses them…. nothing flash