Cisco Nexus 3000 and 9000 Series NX-API REST SDK and API, Release 7.x
NX-OS 7(x)
Adding ACE to an Existing IPv4 ACL (deny)
DME
YANG
Copy
POST http://<mgmt0_IP>/api/mo/sys/acl/ipv4.json

{
  "ipv4aclAF": {
    "children": [
      {
        "ipv4aclACL": {
          "attributes": {
            "name": "acl_tcp"
          },
          "children": [
            {    
              "ipv4aclACE": {
                "attributes": {
                  "action": "deny",
                  "dstPrefix": "13.235.46.97",
                  "dstPrefixLength": "9",
                  "protocol": "udp",
                  "seqNum": "2",
                  "srcPrefix": "12.234.56.97",
                  "srcPrefixLength": "13",
                  "userSetBit": "1"
}}}]}}]}}

Response
{
    imdata": []
}

Copy
<System>
  <acl-items>
    <ipv4-items>
      <name-items>
        <ACL-list>
          <name>acl_tcp</name>
          <seq-items>
            <ACE-list>
              <seqNum>2</seqNum>
              <action>deny</action>
              <dstPrefix>13.235.46.97</dstPrefix>
              <dstPrefixLength>9</dstPrefixLength>
              <protocol>udp</protocol>
              <srcPrefix>12.234.56.97</srcPrefix>
              <srcPrefixLength>13</srcPrefixLength>
              <userSetBit>1</userSetBit>
            </ACE-list>
          </seq-items>
        </ACL-list>
      </name-items>
    </ipv4-items>
  </acl-items>
</System>

ACE Configuration Examples

This section uses examples to demonstrate many of the ACL configuration options and to show how the REST APIs correspond to the CLI commands.

Adding ACE to an Existing IPv4 ACL (deny)

Adding ACE to an Existing IPv4 ACL (deny)

Adds ACE to an existing IPV4 ACL (configured to reject packets).


CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list acl_tcp
 2 deny udp 12.234.56.97/13 13.235.46.97/9

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Adding ACE to an Existing IPv6 ACL

Adding ACE to an Existing IPv6 ACL

Adds ACE to an existing IPv6 ACL (configured to reject packets).


CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ipv6 access-list L1
 32 deny tcp 1::2/127 3::4/96

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Adding ACE to an Existing IPv4 ACL (permit)

Adding ACE to an Existing IPv4 ACL (permit)

Adds ACE to an existing IPv4 ACL (configured to forward packets).


CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list ipv4_test_ace
 2 permit udp 5.5.5.5/4 6.6.6.6/4

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE with a Log that Matches Against an Entry

Configuring ACE with a Log that Matches Against an Entry

Configures ACE with a log that matches against an entry.

Note: This example was added in Release 7.0(3)I6(1).


CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list L1
 20 permit tcp 1.1.1.1/2 2.2.2.2/3 log

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE to Check Non-Initial Fragments

Configuring ACE to Check Non-Initial Fragments

Configures ACE to check non-initial fragments

Note: This example was added in Release 7.0(3)I6(1).


CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list L1
 20 permit tcp 1.1.1.1/2 2.2.2.2/3 fragments

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE to Match Packets Based on the HTTP Method

Configuring ACE to Match Packets Based on the HTTP Method

Configures ACE to match packets based on the HTTP method.

Note: This example was added in Release 7.0(3)I6(1).


CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list L1
 20 permit tcp any any http-method head

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE to Make VLAN-Based Matches

Configuring ACE to Make VLAN-Based Matches

Configures ACE to make VLAN-based matches.

Note: This example was added in Release 7.0(3)I6(1).


CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list L1
 40 permit ip any any vlan 5

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE to Specify the TCP Options Size

Configuring ACE to Specify the TCP Options Size

Configures ACE to specify the TCP options size.

Note: This example was added in Release 7.0(3)I6(1).


CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list ipv4_test_ace
 20 permit tcp any any tcp-option-length 36

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE with a User-Defined Field Match

Configuring ACE with a User-Defined Field Match

Configurs ACE with a user-defined field match.

Note: This example was added in Release 7.0(3)I6(1).


CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list ipv4_test_ace
 10 permit ip 1.1.1.1/2 2.2.2.2/2 udf name1 0x1 0x2 udf name2 0xff 0xee

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Time Range

Applying a Time Range

Configures a time range.

Note: This example was added in Release 7.0(3)I6(1).


CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list L1
 10 permit ip 1.1.1.1/2 2.2.2.2/3 time-range t1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Next