Operations for Logs VIP not accessible on browser
Article ID: 402017
Updated On:
Products
Issue/Introduction
Attempting to access the Aria Operations for Logs by the IP/FQDN configured for the VIP (ILB), the page does not load correctly as shown in the screenshot below:
Directly accessing the nodes by their IP / FQDN works as expected and the page loads correctly.
Environment
Aria Operations for Logs
Cause
VIP and its MAC(s) were not added to Cisco ACI's 'Rogue/COOP Exception List' before creating in Aria Operations for Logs.
Doing so causes the fabric to see the new IP moving before the protections are in place, so it flags the address as rogue and later configuration can't undo that history.
Resolution
Note: When using the Aria Operation for Logs VIP (ILB) in a Cisco ACI environment, the VIP and its MAC(s) must be added to the ACI's 'Rogue/COOP Exception List' before creating it in Aria Operation for Logs and sending traffic.
If the VIP was created in Aria Operations for Logs prior to adding ACI's 'Rogue/COOP Exception List':
- Remove VIP from Aria Operations for Logs.
- Clear the VIP from learned data on Cisco ACI. (see Cisco - ACI - How to clear endpoint manually)
- Tell ACI that the VIP is special:
Tenant -> App Profile -> EPG -> L4/L7 Virtual IPs -> Create -> Enter the VIP
Note: This tags the address as VIP so the fabric will learn it only from ARP/GARP, not from every data-plane packet.
- Enable GARP-based move detection on the bridge domain:
Tenant -> Networking -> Bridge Domain -> L3 Config -> tick GARP-based EP move detection -
Recreate the VIP in Aria Operations for Logs
Additional Information
Feedback
