Example: Creating an ACL with a port using REST APIs
This example shows creating the following ACL and port configuration on a switch at IP address 192.0.2.5:
interface 1/1/2
no shutdown
apply access-list ip ACLv4 out
access-list ip ACLv4
10 permit tcp 10.0.100.101 eq 80 10.0.100.102 eq 8000Creating the ACL.
$ curl -k --noproxy 192.0.2.5 POST \ -b /tmp/auth_cookie -d '{ "cfg_version": 0, "list_type": "ipv4", "name": "ACLv4"}' "https://192.0.2.5/rest/v1/system/acls"Creating an ACL entry.
$ curl -k --noproxy 192.0.2.5 POST \ -b /tmp/auth_cookie -d '{ "action": "permit", "dst_ip": "10.0.100.102/255.255.255.255", "dst_l4_port_max": 8000, "dst_l4_port_min": 8000, "protocol": 6, "sequence_number": 10, "src_ip": "10.0.100.101/255.255.255.255", "src_l4_port_max": 80, "src_l4_port_min": 80}' "https://192.0.2.5/rest/v1/system/acls/ACLv4/ipv4/cfg_aces"Getting the ACL configuration information to use in the next step. Ellipses (…) represent data not shown in the example.
$ curl -k --noproxy 192.0.2.5 GET \ -b /tmp/auth_cookie \ "https://192.0.2.5/rest/v1/system/acls/ACLv4/ipv4?selector=configuration" { ... "cfg_aces": {}, "cfg_version": 0 ... "list_type": "ipv4", "name": "ACLv4" ... }Updating the ACL configuration using the return body received from the GET request performed in the previous step.
When you send a PUT request, the JSON request body must not contain immutable attributes. The AOS-CX REST API Reference model for the PUT method of the resource shows the mutable attributes. Any mutable attributes you do not include in the PUT request body are set to their defaults, which could be empty.
The AOS-CX REST API Reference JSON model for the PUT method of the
/system/acls/{id1}/{id2}resource shows the following example:{ "cfg_aces": { "integer": "URL" }, "cfg_version": 0 }The following example shows the request to update the ACL configuration:
$ curl -k --noproxy 192.0.2.5 -X PUT \ -b /tmp/auth_cookie -d '{ "cfg_aces":{"10":"/rest/v1/system/acls/ACLv4/ipv4/cfg_aces/10"}, "cfg_version":1}' \ "https://192.0.2.5/rest/v1/system/acls/ACLv4/ipv4"Creating port 1/1/2.
$ curl -k --noproxy 192.0.2.5 POST \ -b /tmp/auth_cookie -d '{ "name": "1/1/2", "admin":"up", "interfaces":["/rest/v1/system/interfaces/1%2F1%2F2"], "vrf":"/rest/v1/system/vrfs/default"}' \ "https://192.0.2.5/rest/v1/system/ports"Getting the configuration information for the interface.
The GET response body includes only the configuration attributes that have been set.
$ curl -k --noproxy 192.0.2.5 GET \ -b /tmp/auth_cookie \ "https://192.0.2.5/rest/v1/system/interfaces/1%2F1%2F2?selector=configuration" { "options": {}, "other_config": {}, "udld_arubaos_compatibility_mode": "forward_then_verify", "udld_compatibility": "aruba_os", "udld_enable": false, "udld_interval": 7000, "udld_retries": 4, "udld_rfc5171_compatibility_mode": "normal", "user_config": {} }Verifying which configuration attributes are mutable and therefore can be included in the PUT request.
When you send a PUT request, the JSON request body must not contain immutable attributes. The AOS-CX REST API Reference JSON model for the PUT method of the resource shows the mutable attributes. Any mutable attributes you do not include in the PUT request body are set to their defaults, which could be empty.
The AOS-CX REST API Reference JSON model for the PUT method of the
/system/interfaces/{id}resource shows the following example:{ "description": "string", "options": {}, "other_config": {}, "udld_arubaos_compatibility_mode": "string", "udld_compatibility": "string", "udld_enable": true, "udld_interval": 0, "udld_retries": 0, "udld_rfc5171_compatibility_mode": "string", "user_config": {} }Enabling the interface using all the attributes in the return body received from the GET request, modifying the
user_configattribute to be:"user_config":{"admin":"up"}$ curl -k --noproxy 192.0.2.5 -X PUT \ -b /tmp/auth_cookie -d '{ "options": {}, "other_config": {}, "udld_arubaos_compatibility_mode": "forward_then_verify", "udld_compatibility": "aruba_os", "udld_enable": false, "udld_interval": 7000, "udld_retries": 4, "udld_rfc5171_compatibility_mode": "normal", "user_config": { "admin": "up" } }' \ "https://192.0.2.5/rest/v1/system/interfaces/1%2F1%2F2"In the preceding example, the following mutable attribute listed in the previous step was not included, so it is set to its default, which could be empty:
selftest_disable
Getting the port configuration information to use in the next step.
Ellipses (…) represent data not shown in the example.
$ curl -k --noproxy 192.0.2.5 GET \ -b /tmp/auth_cookie \ "https://192.0.2.5/rest/v1/system/ports/1%2F1%2F2?selector=configuration" { "aclv4_out_cfg": {}, "aclv4_out_cfg_version": {}, "admin": {}, "arp_timeout": 1800, ... }, ... "virtual_ip4_routers": {}, "virtual_ip6_routers": {}, "vlan_trunks": [] }Adding the ACL information to the port using the return body received from the GET request performed in the previous step after verifying the values that are permitted in the JSON model for the PUT method. The modified values are shown in the following example.
Ellipses (…) represent data not shown in the example.
$ curl -k --noproxy 192.0.2.5 -X PUT \ -b /tmp/auth_cookie -d '{ ... "admin":"up", "interfaces":["/rest/v1/system/interfaces/1%2F1%2F2"], "aclv4_out_cfg":"/rest/v1/system/acls/ACLv4/ipv4", "aclv4_out_cfg_version":0, ... }' -D- \ "https://192.0.2.5/rest/v1/system/ports/1%2F1%2F2"