Clearing ACLs

This section contains payload examples and CLIs to demonstrate how to use the NX-API REST API to clear ACLs on Cisco Nexus 3000 and 9000 Series switches and to show how the REST APIs correspond to the CLI commands. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Clearing an IPv4 Access List

 Clearing an IPv4 Access List 

POST http://<mgmt0_IP>/api/mo/sys/action.json

{
"actionLSubj": {
"attributes": {
"dn": "sys/action/lsubj-[sys/acl]"
}
"children": [{
"aclInstClearAclStatLTask": {
"attributes": {
"adminSt": "start",
"dn": "sys/action/lsubj-[sys/acl]/aclInstClearAclStatLTask",
"acltype": "1",
"name": "ipv4_acl_traffic",
"freq": "one-shot"
}
}
}]
}
}

{
    imdata": []
}

<System>
  <acl-items>
    <ipv4-items>
      <statClear-items>
        <name>ipv4_acl_traffic</name>
      </statClear-items>
    </ipv4-items>
  </acl-items>
</System>

Clears an IPv4 access list.


CLI Command

The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

clear ip access-list counters ipv4_acl_traffic

Note: The property information for this example was added in Release 9.3(3).


Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
ipv4aclAF sys/acl/ipv4
aclStatClear sys/acl/ipv4/statClear


aclStatClear Properties

The following table contains information about the aclStatClear properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
nameacl:Name
(string:Basic)		ACL Name to clear the statistics
MAX SIZE: 63


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Clearing an IPv6 Access List

 Clearing an IPv6 Access List

POST http://<mgmt0_IP>/api/mo/sys/action.json

{
"actionLSubj": {
"attributes": {
"dn": "sys/action/lsubj-[sys/acl]"
}
"children": [{
"aclInstClearAclStatLTask": {
"attributes": {
"adminSt": "start",
"dn": "sys/action/lsubj-[sys/acl]/aclInstClearAclStatLTask",
"acltype": "2",
"name": "ipv6_acl_traffic",
"freq": "one-shot"
}
}
}]
}
}

{
    imdata": []
}

<System>
  <acl-items>
    <ipv6-items>
      <statClear-items>
        <name>ipv6_acl_traffic</name>
      </statClear-items>
    </ipv6-items>
  </acl-items>
</System>

Clears an IPv6 access list.


CLI Command

The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

clear ipv6 access-list counters ipv6_acl_traffic

Note: The property information for this example was added in Release 9.3(3).


Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
ipv6aclAF sys/acl/ipv6
aclStatClear sys/acl/ipv6/statClear


aclStatClear Properties

The following table contains information about the aclStatClear properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
nameacl:Name
(string:Basic)		ACL Name to clear the statistics
MAX SIZE: 63


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Clearing a Mac Access List

 Clearing a Mac Access List 

POST http://<mgmt0_IP>/api/mo/sys/action.json

{
"actionLSubj": {
"attributes": {
"dn": "sys/action/lsubj-[sys/acl]"
}
"children": [{
"aclInstClearAclStatLTask": {
"attributes": {
"adminSt": "start",
"dn": "sys/action/lsubj-[sys/acl]/aclInstClearAclStatLTask",
"acltype": "3",
"name": "mac_acl_traffic",
"freq": "one-shot"
}
}
}]
}
}

{
    imdata": []
}

<System>
  <acl-items>
    <mac-items>
      <statClear-items>
        <name>mac_acl_traffic</name>
      </statClear-items>
    </mac-items>
  </acl-items>
</System>

Clears a Mac access list.


CLI Command

The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

clear mac access-list counters mac_acl_traffic

Note: The property information for this example was added in Release 9.3(3).


Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
macaclAF sys/acl/mac
aclStatClear sys/acl/mac/statClear


aclStatClear Properties

The following table contains information about the aclStatClear properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
nameacl:Name
(string:Basic)		ACL Name to clear the statistics
MAX SIZE: 63


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html