Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference, Release 10.5(x)

Latest

Cisco Nexus 3000 and 9000 Series NX-API REST Documentation

Attaching an IPv4 Access List to an Interface in the Ingress Direction

DME

YANG

Copy
POST http://<mgmt0_IP>/api/mo/sys/acl/ipv4/policy/ingress.json
{
  "aclIngress": {
    "children": [
      {
        "aclIf": {
          "attributes": {
            "name": "eth1/1"
          },
          "children": [
            {
              "aclInst": {
                "attributes": {
                  "name": "foo"
}}}]}}]}}
Response
{
    imdata": []
}

Copy
<System>
  <acl-items>
    <ipv4-items>
      <policy-items>
        <ingress-items>
          <intf-items>
            <If-list>
              <name>eth1/1</name>
              <acl-items>
                <name>foo</name>
              </acl-items>
            </If-list>
          </intf-items>
        </ingress-items>
      </policy-items>
    </ipv4-items>
  </acl-items>
</System>

Ingress ACL Configuration Examples

This section uses examples to demonstrate many of the ACL configuration options and to show how the REST APIs correspond to the CLI commands.

Specifying IPv4 Access Control to an Interface in the Ingress Direction

Attaching an IPv4 Access List to an Interface in the Ingress Direction

Attaches an IPv6 ACL to an interface in the egress direction.

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

interface eth1/1
ip access-group foo in

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aclIngress	sys/acl/mpls/policy/ingress
aclIf	sys/acl/mpls/policy/egress/intf-{[name]}
aclInst	sys/acl/mpls/policy/egress/vty/acl

aclIf Properties

The following table contains information about the aclIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	nw:IfId (base:IfIndex)	Interface to which ACL is applied	eth1/1(Ethernet1/1) or pc1(port-channel), short name for interface Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

aclInst Properties

The following table contains information about the aclInst properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Access Control List name	MAX SIZE: 63

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Specifying IPv6 Access Control for Inbound Packets

Specifying IPv6 access control for inbound packets.