Cisco Firepower Chassis Manager REST API Reference
Table of Contents

Introduction

This document describes the REST API provided for the Firepower 9300 Chassis. It includes both Platform and Firepower Chassis Services RESTful APIs, and describes both Configuration and Monitoring APIs. These APIs are solely for Platform services provided by Firepower eXtensible OS.

Prerequisites

The Firepower Chassis Manager REST API is enabled by default on the machine on port 443, which is configured as the default for both the REST API and CM. You may change the port for both. The chassis only supports HTTPS and does not support HTTP.

Be sure to satisfy the following requirements before using the Firepower Chassis Manager REST API:

  • The Firepower Chassis must be bootstrapped prior to using the APIs. This can be done using the console to run the chassis setup wizard or by using POAP. Click here for additional details on Power-On-Auto-Provisioning.
  • As part of the pre-provisioning process, provide the following information:
    • Chassis Management IP Address (v4 and/or V6)
    • Chassis Management Network Mask or Prefix-length
    • Chassis Default Gateway
  • Management Certificate: by default the chassis will have an auto-generated self-signed certificate. Cisco recommends, but does not require, that a valid certificate be installed on the chassis.
  • Cisco highly recommends that NTP and DNS services be configured on the chassis prior to deploying services.

NOTE: Auto install and EULA support features are not supported for release 1.1.2.

Supported Methods

The following methods are supported by the REST API:

  • HTTP GET: Retrieves the object. The query is submitted in the URL and the output is contained in the response body.
  • HTTP POST: Creates objects. The path is submitted in the URL and the output is contained in the response body.
  • HTTP PUT: Updates objects completely. Implicit properties are ignored and explicit properties are set to default if not specified in the payload. Child objects are deleted if they are not specified in the request payload (except for automatically created objects).
  • HTTP DELETE: Deletes the object specified in the URL.
  • HTTP PATCH: Partially updates the object specified in the URL.

NOTE: HTTP PATCH supports partial updates. Only the included properties of the specified object will be updated. Other existing properties will retain their previous values.

HTTP Error Codes

When executing REST API methods, the following HTTP Error Codes may be returned:

  • 200: Success with output. Method succeeded and equivalent JSON objects are returned.
  • 204: Success with empty output. Method is successful but the content is empty.
  • 400: Request failed. See the error message for more information.
  • 403: Forbidden. Permission Denied. The current user is not allowed to perform the operation.
  • 404: Object not found. The requested object was not found.
  • 405: Method not supported. The requested method is not supported by the API.
  • 406: Not Acceptable. Returned when the client requests anything but application/json.
  • 415: Unsupported Content Type. Returned when the clients sends a content-type that is anything but application/json.
  • 500: Internal Error. The API encountered an error in serving the request.

The model specified below does not contain monitoring data or MAC addresses.

URL Path Format

All API users must use HTTPS on the configured port. In general all API requests will have the following format:

https://<Firepower Chassis_chassis_fqdn>[:management_port]/api/PATH

Cisco highly recommends that chassis_fqdn be used instead of the IP Address in order for the REST Client to be able to authenticate the device being managed. The Firepower Chassis will authenticate the REST Client using the specified credentials. See Client Authentication for additional details.

The following URL paths may be used by API clients:

/api/<object-type> : Get all objects of a given type.

/api/<object-type>/[id] : Get the specified object, or create, update or delete the specified object.

/api/<object-type>/[id1],[id2],[id3] : Get or delete multiple objects.

/api/<object-type>/<id>/[subobj]/[subobj_id] : Retrieve, update, delete child object(s) of the specified object.

/api/class/<class-name> : Get all instances of a given class regardless of the hierarchy.

Accept Header

All REST API clients must send an HTTP Accept Header that is set to application/json . Otherwise a 406 Not Acceptable error will be returned.

Content Type

When uploading JSON objects (POST for creating objects or PUT for updating objects), the Content-type HTTP header must be set to application/json . Otherwise, a 415 Unsupported Content Type error will be returned by the API.

When uploading Firepower Chassis infrastructure bundles or CSP binaries, the REST API client must set the Content-type HTTP header to multipart/binary .

Client Authentication

The following authentication method will be supported:

Session Based Authentication

To authenticate, the client must execute a POST /api/login with the following HTTP HEADERS:

USERNAME = <name of the user>

PASSWORD = <url_encoded_password>

Payload returned on success:

{
   "token" : "token_string"
}

On success, the API will return an HTTP 200 code with this payload:









You must extract the token and include it in HTTP headers when submitting all other API method requests. The field name for the token must be TOKEN .

Payload returned on authentication failure:

{
    "error-code": "551",
    "error-description": "Authentication failed",
    "error-nr": "unidentified-fail"
}

On authentication failure, the API will return an HTTP 400 code with this payload:








Payload returned on authorization failure:

{
    "error-code": "552",
    "error-description": "Authorization required",
    "error-nr": "service-unavailable"
}

On authorization failure, the API will return an HTTP 400 code with the following payload when the token is invalid:








To log out, the client must submit a POST /api/logout request with this HTTP HEADER:

"TOKEN"= "<authentication_token>"

On Success: HTTP 200 is returned when a session was found and that session was terminated.

Valid Session Not Found:

{
    "error-code": "555",
    "error-description": "Authorization required",
    "error-nr": "service-unavailable"
}

On Error: HTTP 555 is returned when a valid session is not found for the specified token. Body: <same error message as for Login>:








All API Requests except /api/login must have the following HTTP Header content:

TOKEN with the value being the actual token obtained in the login response. If the token is not specified in the header, an Authentication Error code will be returned by the REST API.

NOTE: For this release, TOKEN is not validated against the IP address of the client.

Object Model

The following is a diagram of the Service object model:

  • Light blue objects are created by default. They can be updated by users but cannot be deleted.
  • Dark blue objects are ones that users can create, modify, and delete.
  • Gray objects are internal objects not exposed via the rest api

Object Model

Clustered Application Provisioning Flow

This section describes the API to create a Clustered Adaptive Security Appliance (ASA) service on the SSP Chassis.

The following high level steps are required to provision an ASA clustered service:

  1. Create and update Port-Channels objects.
  2. Configure external-ports and Port-Channel as data. Default value: /mgmt/ic .
  3. Create the logical-device object:
    1. Specify the logical-device name.
    2. Specify the template to be used (ASA or NG-FW).
    3. Create the Cluster-Configuration. Attributes: service-type/mode/chassis-id/key .
    4. Create the Clustered-Management-Config:
      1. Provide the Cluster Virtual IP Address (V4 and/or V6).
      2. Management IP Address Pool (for managing /monitoring individual cluster units).
    5. Set the logicalDevice ldMode property to clustered .
  4. ( Optional ) Add DDOS link-decorators to desired links (all links are auto-created and all ports are linked to ASA).
  5. ( Optional ) For each Logical-Device-Unit <slot_id> , add a DDOS MgmtBootstrap configuration. Create an IP or IPV6 bootstrap object, as well as Key and EncryptedKey bootstrap objects as needed.

Upload the Cisco Secure Package Application to the SSP Controller

Security Applications available on the SSP Platform are packaged as Cisco Secure Package (CSP) files. By default, SSP devices are shipped with the default version of the ASA.CSP application. This application can be deployed, or you can upload a newer version of the application. The following steps describe how Security Applications (CSP files) are uploaded to the SSP Controller.

NOTE: Multiple versions of the same Application can be uploaded to the SSP Controller.

Two methods are supported, and both require Admin privileges:

  • Method 1: Instruct the SSP Controller to fetch a specified CSP file from the network.
  • Method 2: POST the CSP file using a REST client.

Method 1: POST /api/sys/app-catalogue:

{
    "applicationDownloader" : {
        "dn"    :   "sys/app-catalogue",
                   "filename" : "CiscoSSP-TestAppOne-1.2.3.4-5678.csp",
        "remotePath"   :   "/tmp",
        "pwd"   :   "mysecret",
        "user"   : "myuser",
        "server"  :   "171.71.71.71",
        "protocol"  :  "scp"
    }
}

Method 1 : Instruct the SSP Controller to fetch a specified CSP file from the network.















POST the CSP file using a REST client:

POST /api/applicationDownloader

Method 2 : Upload the CSP file to the SSP Controller (in multipart binary) by submitting a POST/PUT request:




Show all available Apps (CSP files installed on the SSP Controller):

GET /api/app

{
    "smApp": [
        {
            "aggregator": "unknown",
            "appId": "",
            "appType": "unknown",
            "author": "",
            "buildDate": "",
            "canDowngrade": "no",
            "canUpgrade": "no",
            "dataVNICNR": "0",
            "deployType": "unknown",
            "description": "",
            "dn": "App/asa-9.1",
            "fullInstall": "no",
            "installTimeout": "0",
            "isAggregateVnic": "no",
            "isDefaultApp": "yes",
            "isSecurityControl": "no",
            "longName": "",
            "mgmtVNICNR": "0",
            "minDataDisk": "0",
            "minOS": "",
            "name": "asa",
            "recommendedDataDisk": "0",
            "requiredBinaryDisk": "0",
            "uninstallTimeout": "0",
            "upgradeTimeout": "0",
            "urllink": "http://172.29.191.36:3010/api/App/asa-9.1",
            "version": "9.1"
        }
    ]
}



This example displays all available Apps (CSP files installed on the SSP Controller):

NOTE: The "name" and "version" are unique identifiers for a given application.



























App objects and the corresponding CSP file can be deleted by sending a DELETE request:

DELETE /api/App/{App-ID}

Only unreferenced App objects can be deleted. App objects can be referenced by App-Instance objects. In order to unreference an application, you must delete the referencing AppInstance objects, as shown below.

Pre-Deploying Applications to SSP Blades

This section describes how to pre-deploy security applications to the SSP Blades.

An App Object corresponds to Application binaries available on the SSP Controller.

App Instances correspond to Applications installed on the SSP Blades.

One blade can have one or more applications deployed to it, but can have only one instance of a given application. Slots can be configured even when the blades are not active on the slot. The expectation is that blades will be configured according to the corresponding Slot object when the blades are available.

Provisioning ASA and DDOS apps:

POST /api/slot/1/app-inst

{
    "smAppInstance": [
        {
           "appName": "ASA",
           "startupVersion"  :  "9.2"
        },
        {
            "appName": "DDOS",
        }
    ]
}

The following example provisions two applications (ASA and DDOS) to the blade inserted into the Slot-1.















NOTE: Specific versions of a given application can be deployed. In the above example of an ASA application, version 9.2 is selected for deployment.

Applications can be provisioned with the default version. In general, the last uploaded version of an application is considered the default version. You can also specify the default version by setting the isDefault property of the selected version. In the above example, a DDOS application was installed as its default version.

Creating Port-Channels

The SSP Chassis can be configured to aggregate several external ports into one logical port. Each Port-Channel can have 1 to 8 external member ports (External-Ports).

Use the following naming convention to create External-Ports:

Ethernet<slot_id>/<port_id>/<breakout_id>

OR

Ethernet<slot_id>/<port_id>

Port-Channel port with two external port members:

POST /api/ports/pc

{
    "fabricEthLanPc": [
        {
            "adminState": "enabled",
            "adminSpeed": "10gbps",
            "name": "Port-Channel1",
            "fabricEthLanPcEp": [
                {
                    "adminState": "enabled",
                    "name": "Ethernet1/3"
                },
                {
                    "adminState": "enabled",
                    "name": "Ethernet1/4"
                }
            ],
            "mtu": "1518",
           "portType": "data"
        }
    ]
}

This example creates a data type Port-Channel port with two external port members: Ethernet1/3 and Ethernet1/4.

The port-channel is enabled by default (see the adminState property). Speed is set to 10gbps .

Tagging Ports

All ports (External or Port-Channel) have a port-type property set to one of the following values:

  • data : This is the default value for a port and represent a data-port that will be connected either to a given application on a specified blade or to a cluster application. Note that ports cannot be shared between applications.
  • mgmt : The default value for the Ethernet1/1 port. Ports with a mgmt type can be shared across multiple blades or security applications.
  • Firepower_eventing : This port-type is reserved to be used exclusively with NG-FW applications.
  • Cluster : This can be set for only one port-channel port. This port will be used to interconnect clustered security applications. For intra-chassis deployments, this port-channel is not required to have external member ports. For inter-chassis deployment, it is required that the cluster port-channel have at least one external port configured as a member. Note that Port-Channel255 is auto-configured by the system at provisioning time, with type cluster . This enables you to create clustered applications without having to configure a cluster port-channel. This is called the Cluster-Control-Link (CCL) .

When external ports with types of management or firepower_eventing are assigned to applications, VNICs are created and Global MAC addresses are allocated for each application.

When cluster ports are assigned to applications, Private Pool MAC Addresses are allocated to each Application using these ports.

External interfaces are tagged as data/mgmt or cluster . In addition, you can set other end-user configurable attributes.

Retrieve all External-Ports (EP) present in the system:

POST /api/ports/ep

{
    "fabricEthLanEp": [
        {
            "name": "Ethernet1/1",
            "mtu": "1518",
            "portType": "data"
        },
        {
            "name": "Ethernet1/2",
            "mtu": "1518",
            "portType": "data"
        },
        {
             "name": "Ethernet1/5",
             "mtu": "1518",
             "portType": "mgmt"
        },
        {
            "name": "Ethernet1/6",
            "mtu": "1518",
            "portType": "cluster"
        }
    ]
}

This example retrieves all External-Ports (EP) present in the system. Multiple external ports are configured in one transaction. The MTU value and port-type is set for each of the specified external ports.

Creating Logical Devices

Create a clustered logical-device object and provision the applications:

POST /api/ld

{
    "smLogicalDevice": [
        {
            "description": "",
            "dn": "LogicalDevice/ld1",
            "ldMode": "clustered",
            "name": "ld1",
            "smClusterBootstrap": [
                {
                    "chassisId": "1",
                    "gatewayv4": "1.1.1.1",
                    "gatewayv6": "",
                    "key": "",
                    "lastUpdatedTimestamp": "1970-01-01T00:00:00.000",
                    "netmaskv4": "",
                    "poolEndv4": "0.0.0.0",
                    "poolEndv6": "::",
                    "poolStartv4": "0.0.0.0",
                    "poolStartv6": "::",
                    "prefixLength": "",
                    "rn": "ClusterBootstrap",
                    "serviceTypeName": "",
                    "virtualIPv4": "1.1.1.2",
                    "virtualIPv6": "::"
                }
            ],
            "smMgmtBootstrap": [
                {
                    "appName": "asa",
                    "rn": "MgmtBootstrap-asa",
                    "smEncryptedKey": [
                        {
                            "key": "tunnel1",
                            "value": ""
                        }
                    ],
                    "smIP": [
                        {
                            "gateway": "1.1.1.",
                            "ip": "1.2.2.2",
                            "mask": "2.2.2.2",
                            "mgmtSubType": "default",
                            "slotId": "1"
                        }
                    ],
                    "smIPV6": [
                        {
                            "gateway": "a",
                            "ip": "2001::2002",
                            "mgmtSubType": "default",
                            "prefixLength": "120",
                            "slotId": "1"
                        }
                    ],
                    "smKey": [
                        {
                            "key": "tunnel3",
                            "value": ""
                        },
                        {
                            "key": "tunnel2",
                            "value": "v2"
                        },
                        {
                            "key": "tunnel1",
                            "value": "v1"
                        }
                    ]
                }
            ],
            "templateName": "ASA",
            "urllink": "http://172.29.191.36:3010/api/LogicalDevice/ld1"
        }
    ]
}

This example illustrates how to create a clustered logical-device object and provision the applications as defined in the template: ASA + DDOS or NG-FW (ASA + SNORT) + DDOS.

  • chassisId : In a cluster each chassis must have a unique chassis-id. Valid values: 1 - 16.
  • mode : spanned_etherchannel is the only supported value, and is the default value for this field.
  • key : The secret that is required to join the cluster – this value is optional.
  • serviceTypeName : The cluster name. All chassis must have the same serviceTypeName .

NOTE: Only two deployment templates are supported: ASA and NG-FW.

For clustered LogicalDevices , ExternalPortLink s are auto-created, meaning that all current ExternalPort s and Port-Channel s are mapped to the Clustered LogicalDevice . This is a convenience function and functions like an accelerator. Port-Channel s that are created after the Clustered LogicalDevice is created must be linked to the Clustered Application by creating the specified ExternalPortLink .

NOTE: For intra-chassis deployments, both External-Ports and Port-Channels can be linked to the Clustered LogicalDevice. For an inter-chassis Clustered LogicalDevice, only Port-Channels can be mapped as data ports; management ports can be mapped as either ExternalPorts or Port-Channels.

Link-Decorators represent a category of security applications that can perform various actions on the network traffic between the ports and Security Applications. Link decorators must have input interfaces, output interfaces and management interfaces. Link-Decorators can be daisy-chained on the same link; in such cases the network traffic is routed from external ports to each link-decorator in the order specified in the configuration, and then routed from the last decorator to the Main Application (ASA or NG-FW).

Enable a DDOS Decorator:

POST /api/ld/LogicalDevice1/ext-portlink/Ethernet1_API_SLASH_1

{
    "smLinkDecorator": [
        {
            "appName": "DDOS"
        }
    ]
}

This example shows how DDOS decorators are enabled for a given link. The default version of the decorator will be used if link-decorator applications must be provisioned to the blade. If a version of the link-decorator is already provisioned, that instance will be used to process the link traffic.

Provision Management Bootstrap Information for a LinkDecorator

Provision Management Bootstrap Information for a LinkDecorator:

POST /ld/LogicalDevice1/mgmt-bootstrap/DDOS

{
    "smMgmtBootstrap": [
        {
            "appName": "ddos",
            "dn": "LogicalDevice/ld1/MgmtBootstrap/ddos",
            "smEncryptedKey": [
                {
                    "key": "pass",
                    "value": ""
                }
            ],
            "smIP": [
                {
                    "gateway": "2.2.2.1",
                    "ip": "2.2.2.10",
                    "mask": "255.255.255.0",
                    "mgmtSubType": "default",
                    "slotId": "1"
                }
            ],
            "smIPV6": [
                {
                    "gateway": "2001::2001",
                    "ip": "2001::CAFE",
                    "mgmtSubType": "default",
                    "prefixLength": "80",
                    "slotId": "1"
                }
            ],
            "smKey": [
                {
                    "key": "tkey",
                    "value": "value1"
                }
            ],
            "urllink": "http://172.29.191.36:3010/api/LogicalDevice/ld1/MgmtBootstrap/ddos"
        }
    ]
}

If a LinkDecorator is enabled, its management interface can be bootstrapped as shown in this example.

NOTE: Only one management interface is supported for each LinkDecorator.

Standalone Application Provisioning Flow

This section describes the configuration steps for provisioning a Standalone (non-clustered) Security Application. Configure the following high-level flows for Standalone Deployments:

  • Create a port-channel .
  • Configure ports ( external or port-channel ) as mgmt or data ports.
  • Create a LogicalDevice object:
    • Specify the logical-device name.
    • Specify the template to be used (ASA or NG-FW).
    • Configure ldMode as standalone
  • Create ExternalPortLinks :
    • Set data-links and data-ports to ASA.
    • Set mgmt-links and mgmt-ports to ASA.
    • Optionally add a DDOS link-decorator to the desired links.
    • Optionally add code>mgmt-link to DDOS.
  • Set the slotId to be used by this logical device.
  • Create the ASA MgmtBootstrap configuration:
    • Include IP, IPv6, Key or EncryptedKey as required by the application.
  • Optionally create a DDOS mgmt-bootstrap configuration.

Creating the port-channel and configuring ports is identical to the setup as described in the Provisioning Clustered Application section. Also, you can create all the above objects in one transaction, or group it as part of multiple transactions.

Creating a Standalone Logical Device

Create a Standalone Logical Device:

{
    "smLogicalDevice": [
        {
            "description": "",
            "dn": "LogicalDevice/ld1",
            "ldMode": "standalone",
            "name": "ld1",
            "slotId": "1",
            "smClusterBootstrap": [
                {
                    "chassisId": "1",
                    "gatewayv4": "1.1.1.1",
                    "gatewayv6": "",
                    "key": "",
                    "netmaskv4": "",
                    "poolEndv4": "0.0.0.0",
                    "poolEndv6": "::",
                    "poolStartv4": "0.0.0.0",
                    "poolStartv6": "::",
                    "prefixLength": "",
                    "serviceTypeName": "",
                    "virtualIPv4": "1.1.1.2",
                    "virtualIPv6": "::"
                }
            ],
            "smExternalPortLink": [
                {
                    "appName": "ASA",
                    "description": "",
                    "linkDecorator": "",
                    "linkName": "",
                    "portName": "Ethernet1/1",
                },
                {
                    "appName": "ASA",
                    "description": "",
                    "linkDecorator": "",
                    "linkName": "",
                    "portName": "Ethernet1/2"
                }
            ],
            "smMgmtBootstrap": [
                {
                    "appName": "asa",
                    "rn": "MgmtBootstrap-asa",
                    "smEncryptedKey": [
                        {
                            "key": "tunnel1",
                            "lastUpdatedTimestamp": "1970-01-01T00:00:00.000",
                            "rn": "EncryptedKey-tunnel1",
                            "value": ""
                        }
                    ],
                    "smIP": [
                        {
                            "gateway": "1.1.1.",
                            "ip": "1.2.2.2",
                            "lastUpdatedTimestamp": "1970-01-01T00:00:00.000",
                            "mask": "2.2.2.2",
                            "mgmtSubType": "default",
                            "rn": "IP-1-default",
                            "slotId": "1"
                        }
                    ],
                    "smIPV6": [
                        {
                            "gateway": "a",
                            "ip": "2001::2002",
                            "lastUpdatedTimestamp": "1970-01-01T00:00:00.000",
                            "mgmtSubType": "default",
                            "prefixLength": "510",
                            "rn": "IPV6-1-default",
                            "slotId": "1"
                        }
                    ],
                    "smKey": [
                        {
                            "key": "tunnel3",
                            "lastUpdatedTimestamp": "1970-01-01T00:00:00.000",
                            "rn": "Key-tunnel3",
                            "value": ""
                        },
                        {
                            "key": "tunnel2",
                            "lastUpdatedTimestamp": "1970-01-01T00:00:00.000",
                            "rn": "Key-tunnel2",
                            "value": "v2"
                        },
                        {
                            "key": "tunnel1",
                            "lastUpdatedTimestamp": "1970-01-01T00:00:00.000",
                            "rn": "Key-tunnel1",
                            "value": "v1"
                        }
                    ]
                }
            ],
            "templateName": "ASA",
            "urllink": "https://ssp-chassis-1:8800/api/LogicalDevice/ld1"
        }
    ]
}

For standalone devices:

  • The ldMode flag must be set to standalone .
  • You must create ExternalPortLinks explicitly.
  • You must configure the ASA MgmtBootstrap object.

Application Upgrade or Downgrade

Security Applications deployed to blades can be upgraded or downgraded as supported by each application. This section describes the process of performing Security Application upgrades or downgrades.

In order to trigger a Security Application upgrade or downgrade action, modify the AppInstance object corresponding to the correct slot to point to the desired application version.

The AppInstance object can also be created programmatically for application pre-deployment.

In order to upgrade a Security Application, modify its corresponding AppInstance object to point to the new Application Version. This is done by changing the startupVersion application.

Change the ASA version:

PUT /api/slot/1/app-inst/ASA

{
    "smAppInstance": [
        {
            "appName": "ASA",
            "startupVersion": "9.1"
        }
    ]
}

In this example, the ASA version running on Slot 1 is changed to version 9.1.













Returned object:

{
    "smAppInstance": [
        {
            "dn"   : "Slot/1/AppInstance/ASA",
            "operationStatus" : "upgrading",
            "runningVersion" : "9.0",
            "appName": "ASA",
            "startupVersion": "9.1"
        }
    ]
}

On success, the following object is returned (only the relevant object properties are shown here).












You can monitor the upgrade process using one of these methods:

  • Subscribe for events and wait until this object updates its operationalStatus to OK or failure .
  • Periodically pull this object and monitor the operationalStatus field.

In the case of failure to upgrade or downgrade the application, a fault will also be generated.

Handling Multiple App Versions

If the Supervisor has more than one version of the same App (same app mnemonic), the Service Manager selects the default App. Normally, the default application version is the last version added to the system.

You can specify the application version by setting it explicitly in the startupVersion property or by setting the desired application version as the default using the App object's isDefaultApp property.

Firepower Chassis Service Configuration Objects

This section describes the Firepower Chassis Service Configuration objects.

External-Port

External ports correspond to physical ports on the chassis. These ports are uniquely identified by specifying the slotId , portId , and, if necessary, the breakoutId .

You can only modify the mtu and portType properties.

External ports are automatically created, and you canonly modify existing External-Port objects. You cannot create or delete them. The only possible changes you can make to existing objects are that you can modify the mtu and portType properties.

For the portType property, you may assign one of these values:

  • data
  • mgmt
  • icl

NOTE: External Ports will have the slash character '/' in the port name escaped with the string API_SLASH .

/api/classId/fabricEthLanEp ; get all chassis external-ports
/api/ports
/api/ports/ep ; get all external-ports physical
/api/ports/ep/Ethernet1_API_SLASH_2 ; get a specified external port

Supported HTTP methods

PUT, PATCH, GET

External-Port Object:

{
    "fabricEthLanEp": [
        {
            "operStateReason": "",
            "urllink": "https://server/api/ports/ep/Ethernet1_API_SLASH_2",
            "operState": "up",
            "ifType": "physical",
            "flowCtrlPolicy": "default",
            "locale": "external",
            "peerSlotId": "0",
            "peerAggrPortId": "0",
            "usrLbl": "daniel1",
            "switchId": "A",
            "licGP": "0",
            "peerDn": "",
            "transport": "ether",
            "epDn": "",
            "portId": "1",
            "vlanStatus": "ok",
            "adminSpeed": "10gbps",
            "ifRole": "network",
            "chassisId": "N/A",
            "adminState": "enabled",
            "aggrPortId": "0",
            "type": "lan",
            "dn": " ports/ep/Ethernet1_API_SLASH_2",
            "warnings": "",
            "slotId": "1",
            "overlappingVlans": "",
            "operEthLinkProfileName": "fabric/lan/eth-link-prof-default",
            "peerPortId": "0",
            "name": "Ethernet1/1",
            "licState": "unknown",
            "udldOperState": "unknown",
            "mtu": "1550",
            "ethLinkProfileName": "default",
            "portType": "data"
        }
    ]
}

This example defines an external-port object.

Port-channel

You can create a port-channel. One port-channel can group 1-8 physical external-ports together.

/api?classId=fabricEthLanPc ; get all port-channels
/api/ports/pc ; get all port-channels
/api/ports/pc/1 ; get a specified port channel

You can create, modify, or delete port-channel objects, and may specify the following:

  • Add or delete external-ports from the port channel
  • Change the port-channel type. Available types are: data/mgmt/ccl .

Supported HTTP methods

POST, PUT, PATCH, GET, DELETE

Port-Channel Object:

{
    "fabricEthLanPc": [
        {
            "urllink": "https://server/api/ports/pc/1",
            "operState": "indeterminate",
            "ifType": "aggregation",
            "flowCtrlPolicy": "default",
            "locale": "external",
            "bandwidth": "0",
            "switchId": "A",
            "peerDn": "",
            "transport": "ether",
            "epDn": "",
            "operSpeed": "10gbps",
            "descr": "",
            "vlanStatus": "ok",
            "ifRole": "network",
            "adminState": "enabled",
            "type": "lan",
            "dn": "ports/pc/1",
            "warnings": "",
            "overlappingVlans": "",
            "portId": "1",
            "adminSpeed": "10gbps",
            "name": "Port-Channel",
            "fabricEthLanPcEp": [
                {
                    "operStateReason": "",
                    "operState": "up",
                    "ifType": "physical",
                    "faultInst": [
                        {
                            "changeSet": "",
                            "prevSeverity": "major",
                            "code": "F0727",
                            "highestSeverity": "major",
                            "descr": "lan Member 2/2 of Port-Channel 1 on fabric interconnect A is down, membership: down",
                            "created": "2014-07-07T20:22:51.605",
                            "ack": "no",
                            "cause": "membership-down",
                            "tags": "network,server",
                            "lc": "",
                            "rule": "fabric-eth-lan-pc-ep-down",
                            "lastTransition": "2014-07-07T20:22:51.605",
                            "origSeverity": "major",
                            "id": "36835",
                            "rn": "fault-F0727",
                            "type": "network",
                            "occur": "1",
                            "severity": "major"
                        }
                    ],
                    "ifRole": "network",
                    "locale": "external",
                    "peerSlotId": "0",
                    "peerAggrPortId": "0",
                    "switchId": "A",
                    "licGP": "0",
                    "peerDn": "",
                    "transport": "ether",
                    "epDn": "",
                    "portId": "2",
                    "udldOperState": "unknown",
                    "adminState": "enabled",
                    "chassisId": "N/A",
                    "aggrPortId": "0",
                    "rn": "ep-slot-2-port-2",
                    "type": "lan",
                    "warnings": "",
                    "slotId": "2",
                    "membership": "down",
                    "operEthLinkProfileName": "fabric/lan/eth-link-prof-default",
                    "peerPortId": "0",
                    "licState": "not-applicable",
                    "name": "",
                    "ethLinkProfileName": "default"
                },
                {
                    "operStateReason": "",
                    "operState": "up",
                    "ifType": "physical",
                    "faultInst": [
                        {
                            "changeSet": "",
                            "prevSeverity": "major",
                            "code": "F0727",
                            "highestSeverity": "major",
                            "descr": "lan Member 2/1 of Port-Channel 1 on fabric interconnect A is down, membership: down",
                            "created": "2014-07-07T20:22:51.603",
                            "ack": "no",
                            "cause": "membership-down",
                            "tags": "network,server",
                            "lc": "",
                            "rule": "fabric-eth-lan-pc-ep-down",
                            "lastTransition": "2014-07-07T20:22:51.603",
                            "origSeverity": "major",
                            "id": "36833",
                            "rn": "fault-F0727",
                            "type": "network",
                            "occur": "1",
                            "severity": "major"
                        }
                    ],
                    "ifRole": "network",
                    "locale": "external",
                    "peerSlotId": "0",
                    "peerAggrPortId": "0",
                    "switchId": "A",
                    "licGP": "0",
                    "peerDn": "",
                    "transport": "ether",
                    "epDn": "",
                    "portId": "1",
                    "udldOperState": "unknown",
                    "adminState": "enabled",
                    "chassisId": "N/A",
                    "aggrPortId": "0",
                    "rn": "ep-slot-2-port-1",
                    "type": "lan",
                    "warnings": "",
                    "slotId": "2",
                    "membership": "down",
                    "operEthLinkProfileName": "fabric/lan/eth-link-prof-default",
                    "peerPortId": "0",
                    "licState": "not-applicable",
                    "name": "",
                    "ethLinkProfileName": "default"
                }
            ],
            "stateQual": "",
            "mtu": "1518",
            "portType": "data"
        }
    ]
}

This example defines a port-channel object.

Slot Object

This object represents one slot in the chassis, and stores the user intention for the slot. If blades are swapped, blades in this slot are re-provisioned, after user acknowledgement, based on the Slot's assigned configuration.

NOTE: Blade Monitoring attributes are stored in the Monitor child object (specifying CPU load and memory usage). Blade disk usage is stored under the DiskFileSystem child objects.

/api?classId=smSlot ; get all slots
/api/slot ; get all slots
/api/slot/1 ; get one slot

This object cannot be created or deleted by the end user. The reinitializing of the blade can be triggered by modifying the value of adminState to "reinitialize". Slot objects will also be used for blade monitoring properties (CPU/disk/RAM usage) See the Service Monitoring Objects for more information.

Slot objects are also used for blade monitoring properties (CPU/disk/RAM usage). See Service Monitoring Objects for more information.

Supported HTTP methods

PUT, PATCH, GET

Slot Object:

{
    "smSlot": [
        {
            "dn": "slot/1",
            "urllink": "https://server/api/slot/1",
            "slotId": "1",
            "serviceProfileDn": ""
        }
    ]
}

This example defines a Slot object.

App Object

The App Object represents a CSP Application available on the Supervisor. See the App-Instance object for an actual blade-installed Application.

/api?classId=smApp ; get all available applications
/api/app ; get all applications
/api/app/ASA-9.2.1 ; get a specific application

You can indirectly create this object by installing CSP files into the Supervisor. You cannot directly create an App Object. An App object can be deleted if it is unreferenced.

Supported HTTP methods

PUT, PATCH, GET, DELETE

App Object:

{
    "smApp": [
        {
            "dn": "App/ASA-9.2.1",
            "urllink": "https://server/api/app/ASA-9.2.1",
            "deployType": "native",
            "buildDate": "10/10/2014",
            "isSecurityControl": "yes",
            "description": "Adaptive Security Application",
            "author": "Cisco Systems, Inc",
            "cspFilePath": "",
            "name": "ASA",
            "mnemonic": "asa",
            "canDowngrade": "yes",
            "canUpgrade": "yes",
            "version": "9.2.1",
            "uninstallTimeout": "600",
            "appId": "",
            "upgradeTimeout": "0",
            "isAggregateVnic": "yes",
            "fullInstall": "yes",
            "installTimeout": "0",
            "minOS": "1.0",
            "isDefaultApp": "yes"
        }
    ]
}

This example defines an App object.

App-Instance Object

The App-Instance Object represents one particular Security Application provisioned on a given blade. The parent of this object is the Slot object.

/api?classId=smAppInstance ; get all App Instances
/api/slot/1/app-inst ; get all App-Instances on a given slot
/api/slot/1/app-inst/ASA ; get specified App-Instance

You can create an App-Instance object in order to pre-deploy applications to the specified blade. When not assigned to a LogicalDevice, such applications are in a disabled state. You can enable or disable App-Instances assigned to LogicalDevices by setting the adminState property.

You can modify App-Instances startupVersion property to perform a Security Application upgrade or downgrade on the corresponding blade.

You can also delete App-Instances that are not referenced by the Logical-Device-Unit. In that case, applications will be uninstalled from the respective blades.

Supported HTTP methods

POST, PUT, PATCH, GET, DELETE

App-Instance Object:

{
    "smAppInstance": [
        {
            "dn": "slot/1/app-inst/ASA",
            "urllink": "https://server/api/slot/1/app-inst/ASA",
            "lastJobState": "unknown",
            "adminState": "enabled",
            "operationalState": "running",
            "resourceDn": "",
            "runningVersion": "",
            "appName": "ASA",
            "slotID": "0",
            "lastJobType": "unknown",
            "appDn": "",
            "startupVersion": "9.1",
            "clusterConfigDn": "",
            "lastJobProgress": "0",
            "appInstId": "0"
        }
    ]
}

This example defines an App-Instance object.

LogicalDevice Object

The LogicalDevice Object represents an object in the Unified Manager where policies are applied. Logical Devices consist of one Main Application (ASA or NG-FW) and Link-Decorator applications. A LogicalDevice is a representation of a Security Service-Path.

NOTE: A Logical Device object is a container for included objects for ExternalPortLinks, ClusterConfiguration, Cluster Management Configuration, Application Management Bootstrap, Logical-Device-Unit, and so on.

/api?classId=smLogicalDevice ; get all logical devices
/api/ld ; get all logical devices
/api/ld/LogicalDevice1 ; get a specific logical device

You can create, modify or delete Logical-Device Units.

You can create or modify a ClusterBootstrap object for logical devices that have the cluster mode enabled:

/api/ld/<ld-name>/cluster-bootstrap ; get only cluster bootstrap

You can create or modify Cluster Management object for logical-devices that have the cluster flag enabled:

/api/ld/<ld-name>/cluster-bootstrap/<name> ; get only cluster management info

You can create Links for logical-devices that are not clustered. When logical-devices are clustered, logical-links are automatically created for all external ports and port-channels:

/api/ld/LogicalDevice1/ext-portlink ; get all links for a logical device
/api/ld/LogicalDevice1/ext-portlink/<name> ; get one link for a given logical device

You can create, modify, or delete the management bootstrap configuration for a standalone device:

/api/ld/<name>/mgmt-bootstrap/ASA ; get ASA standalone logical device

Supported HTTP methods

POST, PUT, PATCH, GET, DELETE

LogicalDevice Object:

{
    "smLogicalDevice": [
        {
            "description": "",
            "dn": "ld/ld1",
            "ldMode": "clustered",
            "name": "ld1",
            "operationalState": "incomplete-configuration",
            "slotId": "1,2,3",
            "smClusterBootstrap": [
                {
                    "chassisId": "1",
                    "gatewayv4": "1.1.1.1",
                    "gatewayv6": "",
                    "key": "",
                    "netmaskv4": "",
                    "poolEndv4": "0.0.0.0",
                    "poolEndv6": "::",
                    "poolStartv4": "0.0.0.0",
                    "poolStartv6": "::",
                    "prefixLength": "",
                    "serviceTypeName": "",
                    "virtualIPv4": "1.1.1.2",
                    "virtualIPv6": "::"
                }
            ],
            "smExternalPortLink": [
                {
                    "appName": "ASA",
                    "description": "",
                    "linkDecorator": "",
                    "linkName": "",
                    "portName": "Ethernet1/1"
                },
                {
                    "appName": "ASA",
                    "description": "",
                    "linkDecorator": "",
                    "linkName": "",
                    "portName": "Ethernet1/2"
                }
            ],
            "smMgmtBootstrap": [
                {
                    "appName": "ddos",
                    "smEncryptedKey": [
                        {
                            "key": "pass",
                            "value": ""
                        }
                    ],
                    "smIP": [
                        {
                            "gateway": "2.2.2.1",
                            "ip": "2.2.2.10",
                            "mask": "255.255.255.0",
                            "mgmtSubType": "default",
                            "slotId": "1"
                        }
                    ],
                    "smIPV6": [
                        {
                            "gateway": "2001::2001",
                            "ip": "2001::CAFE",
                            "mgmtSubType": "default",
                            "prefixLength": "80",
                            "slotId": "1"
                        }
                    ],
                    "smKey": [
                        {
                            "key": "tkey",
                            "value": "value1"
                        }
                    ]
                },
                {
                    "appName": "asa",
                    "smEncryptedKey": [
                        {
                            "key": "tunnel1",
                            "value": ""
                        }
                    ],
                    "smIP": [
                        {
                            "gateway": "1.1.1.",
                            "ip": "1.2.2.2",
                            "mask": "2.2.2.2",
                            "mgmtSubType": "default",
                            "slotId": "1"
                        }
                    ],
                    "smIPV6": [
                        {
                            "gateway": "a",
                            "ip": "2001::2002",
                            "mgmtSubType": "default",
                            "prefixLength": "510",
                            "slotId": "1"
                        }
                    ],
                    "smKey": [
                        {
                            "key": "tunnel3",
                            "value": ""
                        },
                        {
                            "key": "tunnel2",
                            "value": "v2"
                        },
                        {
                            "key": "tunnel1",
                            "value": "v1"
                        }
                    ]
                }
            ],
            "templateName": "ASA",
            "urllink": "http://172.29.191.36:3010/api/LogicalDevice/ld1"
        }
    ]
}

This example defines a LogicalDevice object.

Service Monitoring Objects

Some of the Service objects have an operationalStatus property that describes the status of the object. For example, the AppInstance status is described in its operationalState property. This occurs similarly with LogicalDevices.

You can either:

  • Subscribe for events and react when the monitored object changes status (the recommended monitoring API method)
  • Poll these objects periodically to monitor the status changes

Service Monitoring Example:

{
    "smMonitor": [
        {
            "bladeUptime": "00:20:10:15",
            "cpuTotalLoadAvg15min": "0.100000",
            "cpuTotalLoadAvg1min": "0.200000",
            "cpuTotalLoadAvg5min": "0.100000",
            "diskFileSystemCount": "2",
            "dn": "Slot/2/Monitor",
            "memFreeKb": "0",
            "memTotalKb": "0",
            "memUsedKb": "0",
            "osVersion": "null",
            "updateTimestamp": "1970-01-01T00:00:00.000",
            "urllink": "http://171.71.230.251/api/Slot/2/Monitor"
        }
    ]
}

For blade monitoring, each Slot object has a Monitor child attribute with the following monitoring properties for the corresponding blade:

  • Storage_disk_identifier_n
  • disk_space_n (averaged last 1, 5 and 15 minutes)
  • disk_used_n (averaged last 1, 5 and 15 minutes)
  • disk_available_n (averaged last 1, 5 and 15 minutes)
  • memory_total
  • memory_used (averaged last 1, 5 and 15 minutes)
  • memory_free (averaged last 1, 5 and 15 minutes)
  • Total_cores
  • cpuLoadAvg_n (averaged last 1, 5 and 10 minutes)
  • cpuTotalAvg(averaged last 1, 5 and 10 minutes)




The monitor object has a list of DiskFileSystem objects that describe, for each partition, the total space, including both used and available disk space. Use this URL to access a DiskFileSystem object:

/api/slot/{1,2,3}/monitor/disk-file/1

The following monitoring data is provided by the application monitoring APIs for each App-Instance:

Logical-Device:

  • operationalState (possible values: unknown/enabled/disabled)

Logical-Device-Unit

  • operationalStatus in the corresponding AppInstance (enabled/disabled).
  • clusteredStatus property of the AppInstance.

External-Port or Port-Channel

  • adminState enable/disable
  • operState up/down

Firepower Chassis Platform Configuration Objects

This section describes the Firepower Chassis Platform Configuration objects, and lists those properties that can be configured by end users or via the REST API.

Physical Port Configuration Object

A Physical Port Configuration Object represents the physical ports available on the chassis. Ports are identified by the <slot_id> and <port_id> properties.

Set the <slot_id> to 1 for on-board ports, or set it to 2 or 3 for the EPM ports.

Properties that can only be Set by the REST API

classid=fabricEthLanEp

Regular Port Object

Regular port on slot 1 port 1:

adminSpeed  10gbps
adminState  enabled
aggrPortId  0
flowCtrlPolicy  default
fltAggr 0
locale  external
mtu 1518
portType  management (data, mgmt, firepower-eventing)
name          Ethernet1/1
operState   up
operStateReason
portId  1
slotId  1
switchId    A
transport   ether
type    lan
udldOperState   admin-disabled
usrLbl
vlanStatus  ok
warnings

Regular ports are ports used as a whole.

Endpoint

/api/ports/ep/Ethernet1_API_SLASH_API_3

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

(classid=fabricEthLanEp)

Properties that can be Set by the End User

adminSpeed
adminState
flowCtrlPolicy
mtu
portType management (data, mgmt, firepower-eventing)
name

Breakout Configuration

Breakout port on slot 2 port 1:

breakoutType    10g-4x
portId  1     (1-4)
slotId  2     (2-3)

The Firepower Chassis supports breaking a 40Gbit or 100Gbit port into 4 and 10 Gbit breakout ports, respectively. A special breakout cable is required in such cases. Restart the chassis when you switch from a regular port to breakout ports, and vice versa.

Endpoint

/api/ports/ep/Ethernet2_API_SLASH_1/breakout

Supported HTTP methods

POST, PUT, GET, DELETE

Properties You Can Set with the REST API

epDn
UCS_DN: fabric/Cabling/A/breakout-slot-2-port-1 (classid = fabricBreakout)

Properties that can be Set by the End User

breakoutType

Breakout Port Object

Breakout port on slot 2, subgroup 1, port 1:

adminSpeed  10gbps
adminState  enabled
aggrPortId  1
chassisId
epDn    sys/switch-A/slot-2/switch-ether/aggr-port-1/port-1
flowCtrlPolicy  default
locale  external
mtu 1518
portType  management (data, mgmt, firepower-eventing)
name          Ethernet2/1/1
operState   up
operStateReason
portId  1
slotId  2
switchId    A
transport   ether
type    lan
usrLbl
vlanStatus  ok
portType    data

The Firepower Chassis supports breaking a 40Gbit or 100Gbit port into 4 and 10 Gbit breakout ports, respectively. A special breakout cable is required in such cases. Restart the chassis when you switch from a regular port to breakout ports, and vice versa.

Endpoint

/api/ports/ep/ethernet2_API_SLASH_1_API_SLASH_3

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

epDn
UCS_DN:fabric/lan/A/slot-2-aggr-port-1/phys-slot-2-port-3 (classid=fabricEthLanEp)

Properties that can be Set by the End User

adminSpeed
adminState
flowCtrlPolicy
mtu
portType management (data, mgmt, firepower-eventing)
name

Port-Channel Configuration

Port-Channel Configuration Example:

adminSpeed  10gbps
adminState  enabled
bandwidth   0
descr
epDn
flowCtrlPolicy  default
ifType  aggregation
mtu 1518
ssaPortType  management (data, cluster, mgmt, firepower-eventing)
name          PortChannel2
operSpeed   indeterminate
operState   failed
portId  2
stateQual   No operational members
switchId    A
transport   ether
type    lan
vlanStatus  ok

This retrieves or updates the Port-Channel configuration.

Endpoint

/api/ports/pc/2

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

portId
UCS_DN: fabric/lan/A/pc-2 (classid=fabricEthLanPc)

Properties that can be Set by the End User

adminSpeed
adminState
flowCtrlPolicy
mtu
ssaPortType (data, cluster, mgmt, firepower-eventing)
name

Regular Member Port

Port Channel 2 with Regular Member Port on slot 1, port 3:

adminState  enabled
chassisId   N/A
membership  down
name          ethernet1/3
operState   up
operStateReason
portId  3
slotId  2
switchId    A
transport   ether
type        lan

A Regular Member Port object represents a Port-Channel member port. Only physical ports can be member ports.

Endpoint

/api/ports/pc/2/ep/Ethernet1_API_SLASH_3

Supported HTTP methods

POST, PATCH, PUT, GET, DELETE

Properties You Can Set with the REST API

portId
slotId
UCS_DN: fabric/lan/A/pc-2/ep-slot-1-port-3 (classid=fabricEthLanPcEp)

Properties that can be Set by the End User

adminState
name

Breakout Member Port

Port Channel 3 with Breakout Member Port on slot 2, subgroup 1, port 3:

adminState  enabled
chassisId   N/A
membership  down
name          Ethernet2/1/3
operState   up
operStateReason
portId  3
slotId  2
switchId    A
transport   ether
type    lan

A Breakout Member Port object represents a Port-Channel breakout member port.

Endpoint

/api/ports/pc/3/ep/Ethernet2_API_SLASH_1_API_SLASH_3

Supported HTTP methods

POST, PATCH, GET, DELETE

Properties You Can Set with the REST API

portId
slotId
UCS_DN: fabric/lan/A/pc-3/slot-2-aggr-port-1/ep-slot-2-port-3 (classid=fabricEthLanPcEp)

Properties that can be Set by the End User

adminState
name

Download Infrastructure Bundle

Download Infrastructure Bundle Example:

adminState  restart (idle)
fileName    ucs-k9-bundle-infra.2.2.1dS16.A.bin
imageSize   503035
protocol    scp (tftp, ftp, sftp)
pwd
remotePath  /build2/michluo/elcaptain/fcsdS16
server  172.23.58.175
transferState   downloaded
user    michluo

This object instructs the Supervisor to download a new Firepower Chassis Infrastructure Bundle, which includes the operation system for the Supervisor and the operating system for the blades.

NOTE: Uploading the firmware bundle and applying the bundle are two separate operations.

Endpoint

/api/sys/firmware/dnld/<filename>

Supported HTTP methods

POST, PUT, PATCH, GET

NOTE: The GET method queries the download status.

Upload the firmware bundle:

/api/sys/firmware/dnld/Firepower Chassis-k9-bundle-platform.99.1.2.238.gbin
{
    "firmwareDownloader": [
        {
            "adminState": "restart",
            "fileName": "Firepower Chassis-k9-bundle-platform.99.1.2.238.gbin",
            "protocol": "scp",
            "dn": "sys/fw-catalogue/dnld-Firepower Chassis-k9-bundle-platform.99.1.2.238.gbin",
            "pwd": "",
            "user": "skanekal",
            "remotePath": "/tmp",
            "server": "172.29.191.38"
        }
    ]
}

Uploading the firmware bundle and applying the bundle are two distinct operations.

Alternatively, you can upload the Firepower Chassis Platform bundle to Supervisor (in multipart binary) by submitting a POST request:

POST /api/platformDownloader/<Bundlename>










Properties You Can Set with the REST API

UCS_DN: sys/fw-catalogue/dnld- (classid=firmwareDownloader)

Properties that can be Set by the End User

adminState
protocol
pwd
remotePath
server
user

Query/Delete Infrastructure Bundle

Query/Delete Infrastructure Bundle Example:

adminState  deleted
completeness    partial
descr
imagePresence   A
intId   46062
invTag  bundle-bakerstreet-platform
model
name    Firepower Chassis-k9-bundle-platform.99.0.0.146.gbin
policyLevel 0
policyOwner local
transferState   init
type    platform-bundle
vendor
version 99.0(0.146)

This object queries or deletes the Firepower Chassis Infrastructure Bundle.

Endpoint

/api/sys/firmware/distrib/<name>

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

UCS_ DN: sys/fw-catalogue/distrib-<name> (classid=firmwareDistributable)

Properties that can be Set by the End User

adminState

Auto Install Infrastructure Bundle (Supervisor software)

Validate Installation:

{
    "configValidateBundle": [
        {
            "dn": "sys/firmware/validate-platform-fw/99.2(1.199g)",
            "outCurrentBundleVersion": "99.1(3.655g)",
            "outCurrentInfraRunningMo": [
                {
                    " firmwareRunning": [
                        {
                            "type": "system",
                            "version": "99.1(3.664g)"
                        },
                        {
                            "type": "switch-software",
                            "version": "5.0(3)N2(99.13.664g)"
                        },
                        {
                            "type": "switch-kernel",
                            "version": "5.0(3)N2(99.13.664g)"
                        }
                    ]
                }
            ],
            "outCurrentServerRunningMo": [
                {
                    "firmwareInstallable": [
                        {
                            "type": "adaptor",
                             "version": "4.0(1.43)"
                        },
                        {
                            "type": "blade-controller",
                            "version": "2.2(3c)"
                        },
                        {
                            "type": "blade-bios",
                            "version": "FXOSSM1.1.0.1.17.083120151924"
                        },
                        {
                           "type": "blade-ssp-os-controller",
                           "version": "100.15(0.42)"
                        },
                        {
                            "type": "storage-controller",
                            "version": "24.5.0-0021|6.19.05.0|NA"
                        },
                        {
                            "type": "board-controller",
                            "version": "6.0"
                        }
                    ]
                }
            ],
            "outReturnCodeBitmap": "0",
            "outUpgradeInfraInstallMo": [
                {
                    "firmwareInstallable": [
                        {
                            "type": "system",
                            "version": "99.2(1.83g)"
                        },
                        {
                              "type": "switch-software",
                              "version": "5.0(3)N2(99.21.83g)"
                        },
                        {
                           "type": "switch-kernel",
                            "version": "5.0(3)N2(99.21.83g)"
                        }
                    ]
                }
            ],
            "outUpgradeRunningAppMo": [
                {
                    "sdAppInstance": [
                        {
"appName": "asa",
"runningVersion": "9.4.1.63",
                             "slotId": "2"
                        },
                        {
"appName": "asa",
"runningVersion": "9.4.1.63",
                             "slotId": "2"
           }
                    ]
                }
            ],
            "outUpgradeServerInstallMo": [
                {
                    "firmwareInstallable": [
                        {
                           "type": "adaptor",
                            "version": "4.0(1.35)"
                        },
                        {
                           "type": "blade-controller",
                           "version": "2.2(3c)"
                        },
                        {
                           "type": "blade-bios",
                           "version": "FXOSSM1.1.0.1.16.060120151854"
                        },
                        {
                           "type": "blade-ssp-os-controller",
                           "version": "100.15(1.66)"
                        },
                        {
                           "type": "storage-controller",
                           "version": "24.5.0-0021|6.19.05.0|NA"
                        },
                        {
                           "type": "board-controller",
                           "version": "6.0"
                        }
                    ]
                }
            ],
            "urllink": "https://172.29.191.45:9043/api/sys/firmware/validate-platform-fw/99.2(1.199g)"
        }
    ]
}

Step 1: Validate the installation:

Endpoint

/api/sys/firmware/validate-platform-fw/<bundle-version>

Supported HTTP methods

GET

Properties You Can Set with the REST API

UCS_DN: sys/firmware/validate-platform-fw (classId=ValidateBundle)

Schedule Installation:

concurCap   unlimited
date    2014-07-12T00:27:36.682
jobCount    0
name    platform-fw
procBreak   none
procCap unlimited
timeCap non

Step 2: Schedule the installation:

Endpoint

/api/sys/firmware/sched-platform-fw

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

UCS_DN: sys/sched-infra-fw/abs-platform-fw (classId=trigAbsWindow)

Properties that can be Set by the End User

date



Set the Version:

descr   Infrastructure Pack
forceDeploy no
platformBundleName  Firepower Chassis-k9-bundle-platform.99.0.0.146.gbin
platformBundleVersion   99.0(0.146)
intId   27839
name    default
policyLevel 0
policyOwner local
stageSize   0
updateTrigger   immediate

Step 3: Set the Version:

Endpoint

/api/sys/firmware/install-platform-fw

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

UCS_DN: org-root/fw-platform-pack-default (classId=firmwarePlatformPack)

Properties that can be Set by the End User

platformBundleVersion



To Cancel the Scheduled Install:

dn=sys/fw-system/fw-platform
adminState   discard

To Cancel the Scheduled Install:

Endpoint

/api/sys/firmware/cancel-platform-fw

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

UCS_DN=sys/fw-system/fw-platform (classId = firmwarePlatform)

Properties that can be Set by the End User

adminState

Supervisor System Management

Manage the Firepower Chassis Management IPv4 Address:

adminInbandIfState  disable
fltAggr 8589934592
id  A
inbandIfGw  0.0.0.0
inbandIfIp  0.0.0.0
inbandIfMask    0.0.0.0
inbandIfVnet    0
inventoryStatus
model   UCS-FI-6248UP
oobIfGw 172.23.33.1
oobIfIp 172.23.33.115
oobIfMask   255.255.255.0
operability operable
revision    0
serial  SSI174807LG
thermal ok
totalMemory 16165
vendor  Cisco Systems, Inc.

This object manages Firepower Chassis Management IP Address.

Endpoint

/api/sys/mgmt-ipv4

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

UCS_DN: sys/switch-A (classId=networkElement)

Properties that can be Set by the End User

oobIfGw
oobIfIp
oobIfMask

Manage the Firepower Chassis Management IPv6 Address:

addr        2001:10::156
defGw     2001:10::1
prefix       64

Endpoint

/api/sys/mgmt-ipv6 (classid=mgmt:Ipv6IfAddr)

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

UCS_DN:sys/switch-A/ifconfig-ipv6/if-ipv6 (classid=mgmtIpv6IfAddr)

Properties that can be Set by the End User

addr
defGw
prefix

Date Time Service

clapton - new property ntpAuthState

Configure the Time Service on the Firepower Chassis:

adminState  enabled
dn sys/service/datetime-svc
configState success
descr
intId   27637
name
operPort    0
operTimezone
policyLevel 0
policyOwner local
port    0
proto   none
timezone
ntpAuthState

This object configures the Time Service on the Firepower Chassis. The adminState property determines whether the service is enabled or disabled.

Endpoint

/api/sys/service/datetime-svc

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

UCS_DN: sys/svc-ext/datetime-svc (classId=commDateTime)

Properties that can be Set by the End User

adminState
timezone

Set Manual System Clock

Set the System Clock:

<commSetClock cookie="1424171424/5abf4b95-7c73-4073-9aa3-1b71d48845ea" inDate="2015-02-16T18:21:01.997"/>

This object sets the system clock on the Firepower Chassis.

Endpoint

/api/sys/service/system-clock

Supported HTTP methods

GET, PUT, PATCH

Properties You Can Set with the REST API

UCS_Method: commSetClock

Properties that can be Set by the End User

currentTime

NTP Service

clapton - new properties sha1KeyId, sha1KeyString

Configure the External NTP source for the Firepower Chassis:

adminState  disabled
descr
sha1KeyId
sha1KeyString
dn  sys/service/datetime-svc/ntp/my_ntp_server
hostname    10.2.32.1
name    stand

This object configures the external NTP source for the Firepower Chassis. More than one NTP server is allowed. External NTP Servers can be enabled or disabled by setting adminState field to enabled or disabled .

Endpoint

/api/sys/service/datetime-svc/ntp
/api/sys/service/datetime-svc/ntp/<hostname>

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/svc-ext/datetime-svc/ntp-10.2.32.1 (classId=commNtpProvider)

Properties that can be Set by the End User

NONE


Telnet Service

Disable the Telnet Service on the Firepower Chassis:

adminState  disabled
descr   Telnet Server
dn  sys/service/telnet-svc
intId   27652
name    telnet
operPort    23
policyLevel 0
policyOwner local
port    23
proto   tcp

This object enables, disables or configures the Telnet service on the Firepower Chassis. The adminState property determines whether the service is enabled or disabled.

Endpoint

/api/sys/service/telnet-svc

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

dn
proto
UCS_DN: sys/svc-ext/telnet-svc (classId=commTelnet)

Properties that can be Set by the End User

adminState
port

SSH Service

Enable the SSH Service on the Firepower Chassis:

adminState  enabled
descr   Secure Shell Server
dn  sys/service/ssh-svc
intId   27644
name    ssh
operPort    22
policyLevel 0
policyOwner local
port    22
proto   tcp

This object enables, disables or configures the ssh service on the Firepower Chassis. The adminState property determines whether the service is enabled or disabled.

Endpoint

/api/sys/service/ssh-svc

Supported HTTP methods

POST, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/svc-ext/ssh-svc (classId=commSsh)

Properties that can be Set by the End User

adminState
port

SNMP Service

This object enables the SNMP Service on the Firepower Chassis. It configures the SNMP community name and additional SNMP attributes. The adminState property determines whether the service is enabled or disabled.

Enabling the SNMP Service on the Firepower Chassis

Enable the SNMP Service on the Firepower Chassis:

adminState  enabled
community
configState ok
descr   SNMP Service
dn  sys/service/snmp-svc
isSetSnmpSecure no
name    snmp
operPort    161
policyLevel 0
policyOwner local
port    161
proto   all
sysContact  jack
sysLocation

The expected behavior for the SNMP service is as follows :

  • isSetSnmpSecure : yes and community : test123 - The community string is set to test123 .
  • isSetSnmpSecure : yes and community is not set or empty community : "" - The community string is the old value itself.
  • isSetSnmpSecure : no and community : test123 - The community string is set to test123 and isSetSnmpSecure will be set to yes . Although, UCS accepts isSetSnmpSecure : no , since we set the community string, this will be YES for further GET operations.
  • isSetSnmpSecure : no and community : "" is set to empty - The community string is deleted.
  • isSetSnmpSecure can be used to determine if the community string is set. If isSetSnmpSecure is yes , the community string is set. Otherwise the community string is not set.
Endpoint

/api/sys/service/snmp-svc

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/svc-ext/snmp-svc (classId=commSnmp)

Properties that can be Set by the End User

adminState
community
port
sysContact
sysLocation

Configuring the SNMP community name and additional SNMP attributes

Configure the SNMP community name and additional SNMP attributes:

community   test
hostname    2.2.2.1
notificationType    traps   (traps, informs)
port    1010
v3Privilege noauth    (auth, noauth, priv)
version                v3           (v1, v2c, v3)
Endpoint

/api/sys/service/snmp-svc/snmp-trap/<host-ip>

Supported HTTP methods

PUT, PATCH, GET, DELETE

Properties You Can Set with the REST API

UCS_DN: sys/svc-ext/snmp-svc/snmp-trap (classId=commSnmpTrap)

Properties that can be Set by the End User

community
hostname
v
port
v3Privilege
version

Configuring the SNMP User

Configure the SNMP User:

auth                   md5 (md5,sha)
configState         ok
configStatusMessage
dn                 sys/service/snmp-svc/snmp-user/sagar
name               sagar
privPwdSet         no
privpwd
pwd
pwdSet                no
useAes                 no
Endpoint

/api/sys/service/snmp-svc/snmp-user/<user>

Supported HTTP methods

PUT, PATCH, GET, DELETE

Properties You Can Set with the REST API

UCS_DN: sys/svc-ext/snmp-svc/snmpv3-user-<user> (classId=commSnmpUser)

Properties that can be Set by the End User

auth
name
privPwdSet
privpwd
pwd
pwdSet
useAes

DNS Service

Configure the DNS Server:

adminState  enabled
descr
dn  /api/sys/service/dns-svc/dns/10.2.3.2
hostname
name    10.2.3.2

This object configures External DNS Servers for name resolution. The adminState property determines whether the service is enabled or disabled.

Endpoint

/api/sys/service/dns-svc/dns/<ip>

Supported HTTP methods

POST, PUT, PATCH, GET, DELETE

Properties You Can Set with the REST API

dn
UCS_DN: sys/svc-ext/dns-svc/dns-10.2.3.2 (classId=commDnsProvider

Properties that can be Set by the End User

adminState
name

HTTPS Service

Key Ring

Create PKI Private Keys on the Firepower Chassis:

adminState  started
cert
certStatus  emptyCert
configState ok
configStatusMessage
descr
dn  sys/pki/key-ring/kr220
intId   235099
key
modulus mod1024
name    kr220
policyLevel 0
policyOwner local
regen   no
tp  test1

This object creates PKI private keys on the Firepower Chassis.

Endpoint

/api/sys/pki/key-ring/<name>

Supported HTTP methods

POST, PUT, PATCH, GET, DELETE

Properties You Can Set with the REST API

UCS_DN: sys/pki-ext/keyring-kr220 (classId=pkiKeyRing)

Properties that can be Set by the End User

modulus
name
regen
tp

Certificate Request

Create Certificate Requests:

country
dn  sys/pki/key-ring/kr220/certreq
dns
email
ip  172.23.33.115
ipA 0.0.0.0
ipB 0.0.0.0
ipv6    ::
ipv6A   ::
ipv6B   ::
locality
orgName
orgUnitName
pwd
req
state
subjName    hello

This object creates certificate requests.

Endpoint

/api/sys/pki/key-ring/<name>/certreq

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/pki-ext/keyring-kr220/certreq (classId=pkiCertReq)

Properties that can be Set by the End User

dns
email
ip
ipv6
locality
orgName
orgUnitName
pwd
state
subjName

Trusted Point

Create a Trusted Point:

certChain  " ... "
dn         sys/pki/tp/tp-test1
fp
name       test1
numCerts   2

This object creates a trusted point.

Endpoint

/api/sys/pki/tp/<name>

Supported HTTP methods

POST, PUT, PATCH, GET, DELETE

Properties You Can Set with the REST API

dn
UCS_DN: sys/pki-ext/tp-test1 (classId=pkiTP)

Properties that can be Set by the End User

certChain
name

HTTPS Configuration

clapton - new property authType

Configure HTTPS:

adminState  enabled
cipherSuite ALL:!ADH:!EXPORT40:!EXPORT56:!LOW:RC4+RSA:+HIGH:+MEDIUM:+EXP:+eNULL
cipherSuiteMode medium-strength
descr   Secure HTTP Service
dn  sys/service/https-svc
intId   27640
keyRing default
name    https
operPort    443
port    443
proto   tcp
authType cred-auth (cred-auth, cert-auth)

This object configures HTTPS on the Firepower Chassis.

NOTE: The API client may be affected if the service is disabled or if the port is changed.

Endpoint

/api/sys/service/https-svc

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/svc-ext/https-svc (classId=commHttps)

Properties that can be Set by the End User

adminState
cipherSuite
cipherSuiteMode
keyRing
port

Syslog Service

Enable the Syslog Service:

adminState  enabled
descr   Syslog Service
dn  sys/service/syslog-svc
intId   53492
name    syslog
operPort    514
port    514
proto   tcp
severity    critical

This object enables, disables, or configures the Syslog service.

Endpoint

/api/sys/service/syslog-svc

Supported HTTP methods

GET, PATCH, PUT

Properties You Can Set with the REST API

dn
UCS_DN: sys/svc-ext/syslog (classId=commSyslog)

Properties that can be Set by the End User

adminState
port
severity

Syslog Monitor

Configure the Syslog Monitor:

adminState  disabled
descr
dn  sys/service/syslog-svc/monitor
severity    critical

This object configures the Syslog Monitor.

Endpoint

/api/sys/service/syslog-svc/monitor

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/svc-ext/syslog/monitor (classId=commSyslogMonitor)

Properties that can be Set by the End User

adminState
severity

Syslog Console

Configure the Syslog Console output:

adminState  disabled
descr
dn  sys/service/syslog-svc/console
severity    critical

This object configures the Syslog Console output.

Endpoint

/api/sys/service/syslog-svc/console

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/svc-ext/syslog/console (classId=commSyslogConsole)

Properties that can be Set by the End User

adminState
severity

Syslog File Log

Configure the Local Syslog File:

adminState  enabled
descr
dn  sys/service/syslog-svc/file
name    messages
severity    critical
size    4194304

This object configures the local Syslog file.

Endpoint

/api/sys/service/syslog-svc/file

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/svc-ext/syslog/file (classId=commSyslogFile)

Properties that can be Set by the End User

adminState
severity
size

Syslog Server Configuration

Configure the Syslog Remote Server:

adminState  enabled
dn  sys/service/syslog-svc/client-primary
forwardingFacility  local7
hostname    log-host
name    primary
severity    critical

This object configures the remote Syslog server.

Endpoint

/api/sys/service/syslog-svc/client-primary

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/svc-ext/syslog/client-primary (classId=commSyslogClient)
UCS_DN: sys/svc-ext/syslog/client-secondary
UCS_DN: sys/svc-ext/syslog/client-tertiary

Properties that can be Set by the End User

adminState
hostname
severity

Core File Management

Core File Information

Retrieve the SAM/Fabric Interconnect Core Dump:

    adminState  init
    descr   SAM/Fabric Interconnect Core Dump
    name    1331580040_0x101_qd_log.6503.tar.gzaa
    operState   available
    size    16777216
    switchId    A
    ts  2012-03-12T19:20:40.000
    uri corefile/1331580040_0x101_qd_log.6503.tar.gzaa

This object retrieves the core file information.

Endpoints

/api/sys/corefiles retrieves all core files
/api/sys/corefiles/<name> retrieves a particular core file

Supported HTTP methods

GET

Properties You Can Set with the REST API

UCS_DN: sys/corefiles/file-<name> (classId=sysdebugCore)

Properties that can be Set by the End User

NONE

Clear Core File

Export the Core File:

{
    "sysfileMutation": [
        {
            "dn": "sys/corefiles/clear"
        }
    ]
}

This object clears the core file information.

Endpoints

/api/sys/corefile/clear clears all the core files

Supported HTTP methods

POST

Properties You Can Set with the REST API

UCS_DN: sys/corefiles/mutation (classId=sysfileMutation)

Properties that can be Set by the End User

NONE

Core File Exporter

Export the Core File:

adminState  enabled
exportFailureReason
exportStatus    success
hostname    192.168.1.10
intId   30170
name
path    /root/coreFiles/
port    69
postAction  none
proto   tftp

This object exports the core file information.

Endpoint

/api/sys/sysdebug/core-export

Supported HTTP methods

POST, PATCH

Properties You Can Set with the REST API

UCS_DN: sys/sysdebug/file-export (classId=sysdebugAutoCoreFileExportTarget)

Properties that can be Set by the End User

adminState
hostname
path
port

Supervisor Authentication/Authorize/Accounting (AAA)

Remote User Auth Policy

Define a Policy for a Remote User:

 conLogin   local
 defLogin   local
 defRolePolicy     assign-default-role  (no-login)
 descr

This object defines a policy for a remote user.

Endpoint

/api/sys/remote-default

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

UCS_DN:sys/auth-realm (classId = aaaAuthRealm)

Properties that can be Set by the End User

defRolePolicy

Auth Defaults

clapton new properties: sessionTimeout, abSoluteSessionTimeout, conSessionTimeout, conAbsoluteSessionTimeout

Set Auth Defaults:

descr
operRealm   local
sessionTimeout
abSoluteSessionTimeout
conSessionTimeout
conAbsoluteSessionTimeout
realm   local   (ldap, local, none, radius, tacacs)

This object defines auth defaults.

Endpoint

/api/sys/auth-default

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

UCS_DN: sys/auth-realm/default-auth (classid=aaaDefaultAuth)

Properties that can be Set by the End User

realm

Auth Domain

clapton new properties: sessionTimeout, abSoluteSessionTimeout, conSessionTimeout, conAbsoluteSessionTimeout

Set Auth Domain:

descr
name
sessionTimeout
abSoluteSessionTimeout
conSessionTimeout
conAbsoluteSessionTimeout
operRealm   tacacs
realm   tacacs  (ldap, local, none, radius, tacacs)

This object sets the auth domain.

Endpoint

/api/sys/auth-domain/<name>

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

UCS_DN: sys/auth-realm/domain-<name> (classid=aaaDomain)
UCS_DN: sys/auth-realm/domain-<name>/domain-auth (classid=aaaDomainAuth)

Properties that can be Set by the End User

realm

LDAP

Configure LDAP:

{
    "aaaLdapEp": [
        {
            "dn": "sys/ldap",
            "name": "",
            "descr": "",
            "retries": "1",
            "attribute": "",
            "basedn": "",
            "filter": "cn=$userid",
            "timeout": "30"
        }
    ]
}

This object configures LDAP.

Endpoint

/api/sys/ldap/

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/ldap-ext (classId=aaaLdapEp)

Properties that can be Set by the End User

descr
retries
timeout

LDAP Provider

Configure the LDAP Provider Server:

{
    "aaaLdapProvider": [
        {
            "urllink": "https://10.89.147.211/api/sys/ldap/provider/server",
            "dn": "sys/ldap/provider/server",
            "vendor": "OpenLdap",
            "name": "server",
            "descr": "",
            "retries": "1",
            "attribute": "",
            "basedn": "",
            "rootdn": "",
            "order": "1",
            "filter": "",
            "keySet": "no",
            "timeout": "30",
            "key": "",
            "port": "389",
            "enableSSL": "no"
        }
    ]
}

This object configures the LDAP Provider server.

Endpoints

/api/sys/ldap/provider/ to list the LDAP Provider Server
/api/sys/ldap/provider/<name> to configure the LDAP Provider Server

Supported HTTP methods

PUT, POST, PATCH, GET, DELETE

Properties You Can Set with the REST API

dn
UCS_DN: sys/ldap-ext/provider-ldp10.23.2.1 (classId=aaaLdapProvider)

Properties that can be Set by the End User

vendor
descr
retries
attribute
basedn
rootdn
order
filter
timeout
key
port
enableSSL

Radius

Configure the Global Radius Attributes:

{
    "aaaRadiusEp": [
        {
            "urllink": "https://10.89.147.211/api/sys/radius",
            "dn": "sys/radius",
            "name": "",
            "descr": "",
            "retries": "1",
            "timeout": "5"
        }
    ]
}

This object configures the Global Radius Attributes.

Endpoint

/api/sys/radius

Supported HTTP methods

POST, GET, PATCH

Properties You Can Set with the REST API

dn
UCS_DN: sys/radius-ext (classId=aaaRadiusEp)

Properties that can be Set by the End User

descr
retries
timeout

Radius Provider

Configure the Radius Provider:

{
    "aaaRadiusProvider": [
        {
            "urllink": "https://10.89.147.211/api/sys/radius/provider/s2",
            "dn": "sys/radius/provider/s2",
            "name": "s2",
            "descr": "",
            "retries": "1",
            "authPort": "1812",
            "order": "2",
            "key": "",
            "keySet": "no",
            "timeout": "5",
            "service": "authorization"
        }
    ]
}

This object configures the Radius Provider.

Endpoints

/api/sys/radius/provider to show the Radius Provider
/api/sys/radius/provider/<name> to configure the Radius Provider

Supported HTTP methods

PUT, POST, PATCH, GET, DELETE

Properties You Can Set with the REST API

dn
UCS_DN: sys/radius-ext/provider-rad-10.45.2.1 (classId=aaaRadiusProvider)

Properties that can be Set by the End User

descr
retries
authPort
order
key
timeout

TACACS+

Configure the Global TACACS Attributes:

{
    "aaaTacacsPlusEp": [
        {
            "urllink": "https://10.89.147.211/api/sys/tacacs",
            "dn": "sys/tacacs",
            "name": "",
            "descr": "",
            "retries": "1",
            "timeout": "5"
        }
    ]
}

This object configures the global TACACS attributes.

Endpoint

/api/sys/tacacs/

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/tacacs-ext (classId=aaaTacacsPlusEp)

Properties that can be Set by the End User

descr
retries
timeout

TACACS Provider

Configure the TACACS Provider:

{
    "aaaTacacsPlusProvider": [
        {
            "urllink": "https://10.89.147.211/api/sys/tacacs/provider/tac1",
            "dn": "sys/tacacs/provider/tac1",
            "name": "tac1",
            "descr": "",
            "retries": "1",
            "order": "1",
            "key": "",
            "keySet": "no",
            "timeout": "5",
            "port": "49"
        }
    ]
}

This object configures the TACACS Provider.

Endpoints

/api/sys/tacacs/provider/ to list all the TACACS+ Providers
/api/sys/tacacs/provider/<name> to configure the TACACS+ Provider

Supported HTTP methods

POST, PATCH, GET, DELETE

Properties You Can Set with the REST API

dn
UCS_DN: sys/tacacs-ext/provider-tac1 (classId=aaaTacacsPlusProvider)

Properties that can be Set by the End User

descr
retries
order
key
timeout
port

RBAC

Configure a User Account:

{
    "aaaUserEp": [
        {
            "urllink": "https://10.89.147.211/api/sys/user",
            "dn": "sys/user",
            "name": "",
            "descr": "",
            "pwdStrengthCheck": "no"
        }
    ]
}

This object configures user accounts.

Endpoint

/api/sys/user/

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/user-ext (classId=aaaUserEp)

Properties that can be Set by the End User

pwdStrengthCheck

User-Role

Configure a User Role:

{
    "aaaRole": [
        {
            "urllink": "https://10.89.147.211/api/sys/user/role/admin",
            "dn": "sys/user/role/admin",
            "name": "admin",
            "descr": "",
            "configState": "ok",
            "configStatusMessage": "",
            "priv": "admin"
        }
    ]
}

This object configures user roles. The supported roles are admin and read-only .

Endpoints

/api/sys/user/role/ to list the user role
/api/sys/user/role/<name> (name=admin.read-only) to configure the user role

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn

Properties that can be Set by the End User

priv

Local User Account

Configure a Local User Account:

{
    "aaaUser": [
        {
            "urllink": "https://10.89.147.211/api/sys/user/mon",
            "dn": "sys/user/user-admin",
            "clearPwdHistory": "no",
            "firstName": "",
            "descr": "",
            "expiration": "never",
            "lastName": "",
            "configState": "ok",
            "expires": "no",
            "configStatusMessage": "",
            "email": "",
            "phone": "",
            "pwd": "",
            "pwdLifeTime": "no-password-expire",
            "accountStatus": "active",
            "encPwd": "",
            "priv": "read-only",
            "pwdSet": "no",
            "name": "danp"
            "aaaSshAuth":[
                 {
                      "dn": "sys/user/user-admin/sshauth",
                       "data":""
                        "strType" :"none"  | "key"
                 }
             ]
        }
    ]
}

This object configures local user accounts.

Endpoints

/api/sys/user/local/ to list all users
/api/sys/user/local/<name> to configure a user account
/api/sys/user/local/<name>/role to show all roles for the user
/api/sys/user/local/<name>/role/<name> to configure the user role
/api/sys/user/local/<name>/sshkey to configure the user SSH key

Supported HTTP methods

PUT, POST, PATCH, GET, DELETE

Properties You Can Set with the REST API

dn
UCS_DN: sys/user-ext/user-admin (classId=aaaUser)
UCS_DN: sys/user-ext/user-admin/role-name (classId=aaaUserRole)
UCS_DN: sys/user-ext/user- /sshauth (classId=aaaSshAuth)

Properties that can be Set by the End User

firstName
descr
expiration
lastName
email
phone
pwd
accountStatus
pwdSet
name

Password Profile

Configure a Password Policy for Local Users:

changeCount 2
changeDuringInterval    enable
changeInterval  48
descr
dn  sys/user/pwd-profile
expirationWarnTime  15
historyCount    5
intId   33225
name
noChangeInterval    24
policyLevel 0
policyOwner local

This object configures a passowrd policy for local users.

Endpoint

/api/sys/user/pwd-profile/

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN:sys/user-ext/pwd-profile (classId=aaaPwdProfile)

Properties that can be Set by the End User

changeCount
changeDuringInterval
changeInterval
expirationWarnTime

Remote User Information

Show All Remote Users:

{
     "name" : "admin"
      "aaaSession" : [
          {
             dn sys/user-ext/remoteuser-admin/term-web_26439_A
             host   171.71.232.238
             id web_26439_A
              intDel    no
             loginTime  2015-03-12T01:28:04.000
              pid   8787
               refreshPeriod    600
               sessionTimeout   7200
               switchId A
                term    web_26439
                ui  web
                user    admin
           }
        ]
         "aaaUserRole" : [
              { configState ok
                 configStatusMessage
                 descr
                 dn sys/user-ext/remoteuser-admin/role-read-only
                 name   read-only
               }
            ]
           "aaaUserRole" : [
                {
                   configState  ok
                    configStatusMessage
                    descr
                    dn  sys/user-ext/remoteuser-admin/role-admin
                    name    admin
                }
            ]
}

This object configures a passowrd policy for local users.

Endpoints

/api/sys/user/remote to show all remote users
/api/sys/user/remote/<name> to retrieve the specified remote user

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN:sys/usr-ext/remoteuser-<name> (classId=aaaRemoteUser)

Properties that can be Set by the End User

NONE

Change Self Password

Change Self Password:

{
        "UserName" : "test",
        "OldPassword": "ucs123",
        "NewPassword": "cisco123",
        "ConfirmNewPassword": "cisco123"
}

XML Usage:

<aaaChangeSelfPassword cookie="1427725677/0f62d9bd-1dd3-4dc5-9bcf-8354e566bb77" inUserName="test" inOldPassword="hand" inNewPassword="foot" inConfirmNewPassword="foot"/>

This object retrieves the user's change password detail.

Supported Characters for Passwords

Supported Characters for Passwords:

\  a-z  A-Z  0-9 ' " [ ] ! # % & ( ) * + , - . / : ; @ _ { | } ~ ` < > ^

The following are supported password characters:

Endpoint

/api/sys/user/change-self-password

Supported HTTP methods

PUT, PATCH

Properties You Can Set with the REST API

dn
UCS_DN:/api/sys/user/change-self-password (classId=aaaChangeSelfPassword)

Properties that can be Set by the End User

UserName
OldPassword
NewPassword
ConfirmNewPassword

Get User Information

XML Usage:

<restaggrGetUserInfo cookie="1428200010/680ce27d-35b7-4a6a-883f-7574ebe485bc" inUserName="remoteuser"/>

<restaggrGetUserInfo cookie="1428429306/c2da1d2e-5df2-4c57-83b7-8b467f647800" response="yes">
    <outUserConfig>
        <aaaUser accountStatus="active" childAction="deleteNonPresent" clearPwdHistory="no" configState="ok"
                   configStatusMessage="" descr="" dn="sys/user-ext/user-admin" email="" encPwd="" encPwdSet="no"
                    expiration="never" expires="no" firstName="" lastName="" name="admin" phone=""
                    priv="admin,read-only" pwd="" pwdLifeTime="no-password-expire" pwdSet="yes">
            <aaaSession childAction="deleteNonPresent" host="10.24.10.212" id="pts_0_1_6869" intDel="no"
                    loginTime="2015-04-07T15:19:54.000" pid="6869" refreshPeriod="0" rn="term-pts_0_1_6869"
                    sessionTimeout="1800" switchId="A" term="pts/0" ui="shell" user="admin"/>
             <aaaUserRole childAction="deleteNonPresent" configState="ok" configStatusMessage="" descr=""
                    name="read-only" rn="role-read-only"/>
             <aaaUserRole childAction="deleteNonPresent" configState="ok" configStatusMessage="" descr=""
                     name="admin" rn="role-admin"/>
             <aaaUserData childAction="deleteNonPresent" descr="" intId="30466" name="" policyLevel="0"
                     policyOwner="local" pwdChangeCount="0" pwdChangeIntervalBegin="1970-01-01T00:00:00.000"
                     pwdChangedDate="1970-01-01T00:00:00.000" pwdHistory="" rn="user-data"/>
             <aaaSshAuth childAction="deleteNonPresent" data="" oldStrType="none" rn="sshauth" strType="none"/>
        </aaaUser>
    </outUserConfig>
</restaggrGetUserInfo>

This object retrieves the user's information.

Endpoint

/api/sys/user/expand/<user-name>

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN:/api/sys/user/expand/<user-name> (classId=restaggrGetUserInfo)

Properties that can be Set by the End User

NONE

Login Banner

Login Banner:

dn  sys/user/pre-login-banner
message This is Cisco SSP
descr     Login banner
 name   banner

This object configures the login banner.

Endpoint

/api/sys/user/pre-login-banner

Supported HTTP methods

POST, PATCH, PUT, GET, DELETE

Properties You Can Set with the REST API

dn
UCS_DN:sys/user-ext/pre-login-banner (classid= aaaPreLoginBanner)

Properties that can be Set by the End User

message

Export and Import Configuration

Export

Export the Configuration to a Remote Host:

adminState  enabled (enabled,disabled)
descr
dn  /api/sys/config-export/task
hostname    drs
intId   218950
job immediate
maxFiles    0
name
ownerPolicy
policyLevel 0
policyOwner local
postAction  remove
preservePooledValues    no
proto   scp (SCP/SFTP/FTP/TFTP)
pwd
remoteFile  /build2
user    skanekal


{
    "mgmtBackup": [
        {
            "descr": "",
            "proto": "scp",
            "hostname": "file1.cisco.com",
            "adminState": "enabled",
            "dn": "sys/export-config/task/file1.cisco.com",
            "remoteFile": "/tmp/backup",
            "user": "danp",
            "name": "",
            "pwd": ""
        }
    ]
}

This object exports the configuration to the specified host.

Endpoints

/api/sys/export-config/task to display the configuration
/api/sys/export-config/task/<hostname> to export the configuration to the specified hostname

Supported HTTP methods

POST, PATCH, PUT, GET, DELETE

Properties You Can Set with the REST API

dn
UCS_DN: sys/backup-<hostname> (classId=mgmtBackup)

Properties that can be Set by the End User

adminState
hostname
proto
pwd
remoteFile
user

Import

Import the Configuration from the Specified Host (file1.cisco.com):

{
    "mgmtImporter": [
        {
            "descr": "",
            "proto": "scp",
            "hostname": "file1.cisco.com",
            "adminState": "enabled",
            "dn": "sys/import-config/task/file1.cisco.com",
            "remoteFile": "/tmp/tftp",
            "pwd": "",
            "user": "david"
        }
    ]
}

This object imports the configuration from the specified host.

Endpoints

/api/sys/import-config/task/ to display the configuration
/api/sys/import-config/task/<hostname> to import the configuration from the specified hostname

Supported HTTP methods

POST, PATCH, PUT, GET, DELETE

Properties You Can Set with the REST API

dn
UCS_DN: sys/import-config-<hostname> (classId=mgmtImporter)

Properties that can be Set by the End User

proto
hostname
adminState
remoteFile
pwd
user
action

Export Status

Export Status:

adminState    trigger / triggered/ untriggered
autoDelete    yes/no
backupDate    2015-09-28T21:26:08.783 (or never)
backupIssue   none/outdated
ignoreCap     yes/no
initId        any uint_32
Name          default
operScheduler sys/sched-exp-bkup-outdate (it is a ucs dn)
operState     waiting–for-user/ applied/ none/ expired/pending/active
policyLevel   0
policyOwner   local
Scheduler     exp–bkup-outdate

This object exports the status.

Endpoints

/api/sys/export-config/status to display the configuration

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/export-config/status (classId= mgmtBackupPolicyConfig)

Import Status

Import Status:

importDate 2015-09-28T21:26:08.783 (or never)

This object imports the status.

Endpoints

/api/sys/import-config/status to display the configuration

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/import-config/status (classId= mgmtImportConfigInfo)

Schedule Export

Schedule Export:

descr      Configuration Export Policy
host       172.29.191.78
port       0
proto      scp (ftp/scp/sftp/tftp/https)
remoteFile /data/adrhe/tmp/1.bak
schedule   1day ( “1week�, “2week� )
user       adrhe
pwd        secret
adminState  enable/disable
initId      any uint_32
lastBackup  timestamp
maxFiles    0
Name        default
policyLevel 0
policyOwner  local

This object schedules the export.

Endpoints

/api/sys/export-config/schedule to display the configuration

Supported HTTP methods

GET, PUT, PATCH

Properties You Can Set with the REST API

dn
UCS_DN: sys/export-config/schedule (classId= mgmtCfgExportPolicy)

Properties that can be Set by the End User

descr
host
port
proto
remoteFile
schedule
user
pwd
adminState

Export Reminder

Export Reminder:

adminState   disable (disable,enable)
frequency    20     ( acceptable value: 1 – 365 )
initId       any uint_32
Name         default
policyLevel  0
policyOwner  local

This object sets the export reminder.

Endpoints

/api/sys/export-config/remind to display the configuration

Supported HTTP methods

GET, PUT, PATCH

Properties You Can Set with the REST API

dn
UCS_DN: sys/export-config/remind (classId= mgmtBackupExportExtPolicy)

Properties that can be Set by the End User

adminState
frequency

Call Home Configuration

/api/sys/call-home/:

adminState  off
alertThrottlingAdminState   on
configState ok
descr
dn  sys/call-home
intId   10004
name
policyLevel 0
policyOwner local

/api/sys/call-home/source:

addr    341 Baker St.
contact jack
contract    900
customer    123
dn  sys/call-home/source
email   jwu@cisco.com
from    jsu@cisco.com
phone   +1-011-408-555-1212
replyTo frum@cisco.com
site    819
urgency debug

/api/sys/call-home/smtp:

dn  sys/call-home/smtp
host    11.2.3.1
port    233

/api/sys/call-home/profile/<name>:

Dn   sys/call-home/profile-<name>
alertGroups  system
level        critical
maxSize      (max size of email message 1-5000000)
format       xml

/api/sys/call-home/profile/<name>/<email>:

DN: sys/call-home/profile-&lt;name>/email-&lt;email>
email

Complete example:

{
    "callhomeEp": [
        {
            "urllink": "https://10.89.147.211/api/sys/call-home",
            "dn": "sys/call-home",
            "name": "",
            "descr": "",
            "callhomeSource": [
                {
                    "customer": "",
                    "from": "",
                    "addr": "",
                    "replyTo": "",
                    "site": "",
                    "contract": "",
                    "phone": "",
                    "contact": "",
                    "rn": "source",
                    "email": "",
                    "urgency": "debug"
                }
            ],
            "callhomeTestAlert": [
                {
                    "group": "unknown",
                    "description": "",
                    "level": "unknown",
                    "sendNow": "no",
                    "messageType": "unknown",
                    "messageSubtype": "unknown",
                    "rn": "testalert"
                }
            ],
            "configState": "ok",
            "adminState": "off",
            "callhomeSmtp": [
                {
                    "host": "",
                    "rn": "smtp",
                    "port": "25"
                }
            ],
            "intId": "none",
            "alertThrottlingAdminState": "on"

        }
    ]
}

This object configures telemetry.

Endpoints

/api/sys/call-home
/api/sys/call-home/source
/api/sys/call-home/smtp
/api/sys/call-home/profile/<name>
/api/sys/call-home/profile/<name>/dest/<email>

Supported HTTP methods

POST, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: call-home (classId=callHomeEp)
UCS_DN: sys/call-home/source (classId=callhomeSource)
UCS_DN: sys/call-home/smtp (classId=callhomeSmtp)
UCS_DN: sys/call-home/profile-<name> (classId=callhomeProfile)
UCS_DN: sys/call-home/profile-<name>/email-<email> (classId=callhomeDest)

Properties that can be Set by the End User

adminState
alertThrottlingAdminState
addr
contact
contract
customer
email
from
phone
replyTo
site
urgency
host
port
alertGroups
level
maxSize
format

Smart License

License Status

Get the License Status:

Smart Licensing is ENABLED

Registration:
  Status: UNREGISTERED - REGISTRATION FAILED
  Initial Registration: FAILED on Jan  2 00:52:27 2014 UTC

License Authorization:
  Status: No Licenses in Use

This object retrieves the license status.

Endpoints

/api/sys/license/status

Supported HTTP methods

GET

Properties You Can Set with the REST API

NONE

Properties that can be Set by the End User

NONE

License Summary

Get the License Summary:

Smart Licensing is ENABLED

Registration:
  Status: UNREGISTERED - REGISTRATION FAILED

License Authorization:
  Status: No Licenses in Use

This object retrieves the license summary.

Endpoints

/api/sys/license/summary

Supported HTTP methods

GET

Properties You Can Set with the REST API

NONE

Properties that can be Set by the End User

NONE

License Tech Support

Get License Tech Support Information:

Smart Licensing Tech Support info

Smart Licensing Status
======================

Smart Licensing is ENABLED

Registration:
  Status: REGISTERING - REGISTRATION IN PROGRESS
  Initial Registration: FAILED on Jan 13 22:24:15 2015 UTC
  Next Registration Attempt: Jan 13 22:43:00 2015 UTC

License Authorization:
  Status: No Licenses in Use

Evaluation Period:
  Evaluation Mode: Not In Use
  Evaluation Period Remaining: 90 days, 0 hours, 0 minutes, 0 seconds

License Usage
=============
No Licenses in use

Product Information
===================
UDI: PID:Firepower Chassis_test,SN:FOC746325XM

Agent Version
=============
Smart Agent for Licensing: 1.2.0_dev/14

Upcoming Scheduled Jobs
=======================
Current time: Jan 13 22:24:15 2015 UTC
Daily: Jan 14 21:15:27 2015 UTC (22 hours, 51 minutes, 12 seconds remaining)
Init Flag Check: Not Available
Register Period Expiration Check: Jan 13 22:42:59 2015 UTC (18 minutes, 44 seconds remaining)

License Certificates
====================
Production Cert: False
Not registered. No certificates installed

HA Info
==========
RP Role: Active
Chassis Role: Active
Behavior Role: Active
RMF: False
CF: False
CF State: Invalid

Other Info
==========
Software ID: regid.com.cisco,ASR9000
Agent State: unidentified
TS enable: True
Transport: Callhome
Locale: en_US.UTF-8
Debug flags: 0x0
Privacy Send Hostname: True
Privacy Send IP: True
Build type:: Production
sizeof(char)  : 1
sizeof(int)   : 4
sizeof(long)  : 4
sizeof(char *): 4
sizeof(time_t): 4
sizeof(size_t): 4
Endian: Little
WaitForHaRole: False
standbyIsHot: False
chkPtType: 0
delayCommInit: False
roleByEvent: False
maxTraceLength: 0
traceAlwaysOn: False
debugFlags: 0

This object retrieves license tech support information.

Endpoints

/api/sys/license/techsupport

Supported HTTP methods

GET

Properties You Can Set with the REST API

NONE

Properties that can be Set by the End User

NONE

License Unique Device Identifier

Get the Chassis Serial Number:

UDI: PID:PADDINGTON BRIDGE,SN:JAD1835017M

This object retrieves the chassis serial number.

Endpoints

/api/sys/license/udi

Supported HTTP methods

GET

Properties You Can Set with the REST API

NONE

Properties that can be Set by the End User

NONE

License Usage

Get the License Usage Authorization:

License Authorization:
  Status: No Licenses in Use

This object retrieves the license authorization.

Endpoints

/api/sys/license/usage

Supported HTTP methods

GET

Properties You Can Set with the REST API

NONE

Properties that can be Set by the End User

NONE

License Configuration

Call Home Configuration

Get the License Call Home Configuration:

DN               sys/callhome/Dest/SLDest
name             SLDest
protocol         https
email            https://tools.cisco.com/its/service/oddce/services/DDCEService

This object retrieves the license call home configuration.

Endpoints

/api/sys/callhome/dest/SLDest

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/call-home/profile-SLProfile/dest-SLDest (classid=callhomeDest)

Properties that can be Set by the End User

protocol
email

HTTP Proxy Support Configuration

Get the HTTP Proxy Support Configuration:

DN                    sys/call-home/httpproxy
proxyServerEnable     on (on,off)
proxyServerUrl        https://tools.cisco.com/its/service/oddce/services/DDCEService
proxyServerPort       80

This object retrieves the HTTP proxy support configuration.

Endpoints

/api/sys/callhome/httpproxy

Supported HTTP methods

PUT, PATCH, GET

Properties You Can Set with the REST API

dn
UCS_DN: call-home/httpproxy (classid=callhomeHttpProxy)

Properties that can be Set by the End User

proxyServerEnable
proxyServerUrl
proxyServerPort

Smart License Configuration

Register the Smart License Configuration

Register the Smart License Configuration:

DN               sys/license/license-config/register
operation        register  (register, unregister)
tokenid          xxxxxxx

This object registers the smart license configuration.

Endpoints

/api/sys/license/license-config/register

Supported HTTP methods

POST

Properties You Can Set with the REST API

dn
UCS_DN: UCS_DN: sys/license/license-config-register (classid=licenseSmartConfig)

Properties that can be Set by the End User

operation
tokenid

Unregister the Smart License Configuration

Unregister the Smart License Configuration:

DN               sys/license/license-config/unregister
operation        unregister

This object unregisters the smart license configuration.

Endpoints

/api/sys/license/license-config/unregister

Supported HTTP methods

POST

Properties You Can Set with the REST API

dn
UCS_DN: UCS_DN: sys/license/license-config-unregister (classid=licenseSmartConfig)

Properties that can be Set by the End User

operation

Permanent License Reservation (PLR)

License Reservation Code

License Reservation Code:

If this CLI is executed after 8.1.4
Reservation request code:
{{PID:CSR1000V, SN:9JAG1XHQHGO}{reg.cisco.com,myidtag}{903292}}

If this CLI is executed after 8.1.6
Reservation return code: {{UDI:PID:CiscoPIDDefault,SN:1234465}{PIID:98347509231740}{signature:0sdnmsdca90234jkdwo309jasdj}

This object gets the license reservation code.

Endpoints

/api/sys/license/reservation-code to display the configuration

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: not applicable (file=/bootflash/license/sla_resvcode)

Enable PLR

Enable PLR:

{
"dn" :  "sys/license/license-config/enableresv",
"operation" :  "enableResv"
}

This object enables the PLR.

Endpoints

/api/sys/license/license-config/enableresv to display the configuration

Supported HTTP methods

POST

Properties You Can Set with the REST API

dn
UCS_DN:sys/license/license-config-enableresv (classId=licenseSmartConfig)

Disable PLR

Disable PLR:

{
"dn" : "sys/license/license-config/disableresv",
"operation" :  "disableResv"
}

This object disables the PLR.

Endpoints

/api/sys/license/license-config/disableresv to display the configuration

Supported HTTP methods

POST

Properties You Can Set with the REST API

dn
UCS_DN:sys/license/license-config-disableresv (classId=licenseSmartConfig)

License Reservation Request

License Reservation Request:

{
"dn" :  "sys/license/license-config/request",
"operation" :  "request",
mode :  "universal"
}

This object requests a license reservation.

Endpoints

/api/sys/license/license-config/request to display the configuration

Supported HTTP methods

POST

Properties You Can Set with the REST API

dn
UCS_DN:sys/license/license-config-request (classId=licenseSmartConfig)

License Reservation Install

License Reservation Install:

{
"dn" :  "sys/license/license-config/install",
"operation" :  "install",
"code" : <license reservation code>
}

This object installs a license reservation.

Endpoints

/api/sys/license/license-config/install to display the configuration

Supported HTTP methods

POST

Properties You Can Set with the REST API

dn
UCS_DN:sys/license/license-config-install (classId=licenseSmartConfig)

License Reservation Return

License Reservation Return:

{
"dn" :  "sys/license/license-config/return",
"operation" :  "return"

}

This object returns a license reservation.

Endpoints

/api/sys/license/license-config/return to display the configuration

Supported HTTP methods

POST

Properties You Can Set with the REST API

dn
UCS_DN:sys/license/license-config-return (classId=licenseSmartConfig)

License Reservation Cancel

License Reservation Cancel:

{
"dn" :  "sys/license/license-config/cancel",
"operation" :  "cancel"

}

This object returns a license reservation.

Endpoints

/api/sys/license/license-config/cancel to display the configuration

Supported HTTP methods

POST

Properties You Can Set with the REST API

dn
UCS_DN:sys/license/license-config-cancel (classId=licenseSmartConfig)

Blade Management

Blade Reset / Cycle / Power Control

Blade Reset / Cycle / Power Control:

state     (see list below)

State Enum Value:
down                        --    Power Down
up                      --     Power Up
cycle-immediate                 --     Power Cycle Immediately
cycle-wait                  --     Power Cycle Wait
hard-reset-immediate    --     Hard Reset  Immediately
hard-reset-wait                 --     Hard Reset Wait

This object resets the specified blade.

Endpoints

/api/sys/server/<id>

Supported HTTP methods

GET, PUT, POST

Properties You Can Set with the REST API

UCS_DN: org-root/ls-Firepower Chassis-sprof-<id>/power (classId=lsPower)

Properties that can be Set by the End User

state

Blade Power Status

Blade Power Status:

"operPower": "off"

This object gets the blade power status.

Endpoints

/api/sys/chassis/blade/<id>

Supported HTTP methods

GET

Properties You Can Set with the REST API

UCS_DN: : sys/chassis-1/blade-<id>/power (classId=computeBlade)

Properties that can be Set by the End User

NONE

Blade Decommission

Blade Decommission:

"lc":  "decommission"

This object decommissions the blade.

Endpoints

/api/sys/chassis/blade/<id>

Supported HTTP methods

GET, PUT, PATCH

Properties You Can Set with the REST API

UCS_DN: sys/chassis-1/blade-<id> (classId=computeBlade)

Properties that can be Set by the End User

lc

Slot Status / Acknowledge

Slot Status / Acknowledge:

   "adminState": "reacknowledge"
   "presence": "equipped"  (empty, mismatch, . . .)
   "discovery": "complete"
   "operState": "up"
   (other properties omitted)

This object gets and sets the slot status and acknowledge state.

Endpoints

/api/sys/slot/<id>

Supported HTTP methods

GET, PUT, PATCH

Properties You Can Set with the REST API

UCS_DN: fabric/server/chassis-1/slot-<id> (classId=fabricComputeSlotEp)

Properties that can be Set by the End User

adminState

Firepower Chassis Platform Monitoring Objects

Firepower Chassis/Blade/Adaptor Inventory & Status

Chassis

Get Chassis Information:

{
    "equipmentChassis": [
        {
            "urllink": "https://127.0.0.1/api/sys/chassis",
            "operState": "power-problem",
            "operQualifier": "chassis-power,psu-power",
            "vid": "05",
            "fsmTry": "0",
            "configState": "ok",
            "thermal": "ok",
            "lcTs": "1970-01-01T00:00:00.000",
            "operability": "operable",
            "serial": "FOX1725G9YX",
            "managingInst": "A",
            "id": "1",
            "ackProgressIndicator": "ack-not-in-progress",
            "versionHolder": "no",
            "fsmRmtInvErrCode": "none",
            "connStatus": "A",
            "presence": "unknown",
            "connPath": "A",
            "adminState": "acknowledged",
            "fsmRmtInvErrDescr": "",
            "revision": "0",
            "dn": "sys/chassis",
            "model": "N20-C6508",
            "fsmPrev": "PowerCapSuccess",
            "vendor": "Cisco Systems Inc",
            "fsmStatus": "nop",
            "power": "redundancy-failed",
            "mfgTime": "2013-07-11T00:00:00.000",
            "fsmStageDescr": "",
            "operQualifierReason": "N/A",
            "fsmDescr": "",
            "fsmStamp": "2014-07-12T00:51:10.849",
            "fsmProgr": "100",
            "partNumber": "68-4777-02",
            "licState": "license-ok",
            "thermalStateQualifier": "",
            "fabricEpDn": "fabric/server/chassis-1",
            "usrLbl": "",
            "licGP": "0",
            "seepromOperState": "operable",
            "fsmRmtInvRslt": ""
        }
    ]
}

This object retrieves specific chassis information.

Endpoint

/api/sys/chassis

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/chassis-1 (classId= equipmentChassis)

Supervisor

Get Supervisor Information:

{
    "equipmentSwitchIOCard": [
        {
            "urllink": "https://127.0.0.1/api/sys/chassis/slot/1",
            "operState": "operable",
            "operQualifier": "",
            "vid": "V03",
            "fsmTry": "0",
            "fsmRmtInvErrCode": "none",
            "configState": "ok",
            "thermal": "ok",
            "switchId": "A",
            "lcTs": "1970-01-01T00:00:00.000",
            "operability": "operable",
            "peerDn": "",
            "serial": "FCH17327KL8",
            "peerCommStatus": "disconnected",
            "id": "1",
            "perf": "not-supported",
            "feReadyTs": "never",
            "presence": "equipped",
            "chassisId": "1",
            "fsmRmtInvErrDescr": "",
            "discovery": "online",
            "dn": "sys/chassis/slot/1",
            "fsmPrev": "FeConnSuccess",
            "vendor": "Cisco Systems Inc",
            "fsmStatus": "nop",
            "power": "not-supported",
            "mfgTime": "2013-08-18T00:00:00.000",
            "fsmStageDescr": "",
            "feOfflineTs": "never",
            "operQualifierReason": "N/A",
            "fsmDescr": "",
            "fsmStamp": "2014-07-15T17:03:14.071",
            "fsmProgr": "100",
            "upgradeStatus": "",
            "model": "UCS-IOM-2204XP",
            "fsmFlags": "",
            "adminPowerState": "policy",
            "usrLbl": "",
            "baseAddr": "127.5.1.0",
            "lcName": "",
            "processorThermalState": "unknown",
            "partNumber": "73-14488-03",
            "revision": "0",
            "fsmRmtInvRslt": "",
            "side": "left",
            "voltage": "not-supported"
        }
    ]
}

This object retrieves Supervisor information.

Endpoint

/api/sys/chassis/slot/1

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/chassis-1/sw-slot-1 (classId= equipmentSwitchIOCard)

Chassis / Supervisor Aggregated Inventory

Get Supervisor Aggregated Inventory:

<restaggrGetChassisInventory cookie="1428201474/3731410f-a5db-4b6d-827c-2df371813f95" inChassisId="1"/>

<restaggrGetChassisInventory cookie="1428428170/bc3242b0-d767-45b0-9137-8a42e920a6ca" response="yes">
    <outChassisConfig>
        <equipmentChassis adminState="acknowledged" configState="ok" connPath="A" connStatus="A"
                    dn="sys/chassis-1" fltAggr="1717987311619" id="1" managingInst="A" model="FPR-C9300"
                    operQualifier="psu-power" operQualifierReason="N/A" operState="power-problem"
                    operability="operable" power="ok" presence="unknown" revision="0" seepromOperState="operable"
                     serial="JMX19000013" thermal="unknown" thermalStateQualifier="" usrLbl="�
                     vendor="Cisco Systems Inc">
         <equipmentSwitchIOCard adminPowerState="policy" chassisId="1" configState="ok" discovery="online"
                     fltAggr="1" id="1" model="FPR9K-SUP" operQualifier="" operQualifierReason="N/A"
                     operState="operable" operability="operable" perf="not-supported" power="not-supported"
                     presence="equipped" revision="0" rn="sw-slot-1" serial="JSJ18280004" side="left" switchId="A"
                     thermal="unknown" upgradeStatus="" usrLbl="" vendor="Cisco Systems, Inc."
                     voltage="not-supported"/>
        </equipmentChassis>
    </outChassisConfig>
    <outChassisCapProviderConfig>
                    <equipmentChassisCapProvider dn="capabilities/manufacturer-Cisco Systems Inc-model-FPR-C9300-
                        revision-0" model="FPR-C9300" revision="0" vendor="Cisco Systems Inc">
                   <equipmentManufacturingDef caption="Cisco Firepower Chassis 9300 Blade Server Chassis" descr=""
                         description="Cisco Blade Server Chassis, 3U with Three Blade Server Slots" fruMajorType="1"
                         fruMinorType="1" name="Cisco Firepower Chassis 9300" oemName="" oemPartNumber=""
                          partNumber="FPR-C9300" pid="FPR-C9300" rn="manufacturing" sku="FPR-C9300" vid="V01"/>
        </equipmentChassisCapProvider>
    </outChassisCapProviderConfig>
    <outCardCapProviderConfig>
                <equipmentSwitchIOCardCapProvider dn="capabilities/manufacturer-Cisco Systems, Inc.-model-
                              FPR9K-SUP-revision-0" model="FPR9K-SUP" revision="0" vendor="Cisco Systems, Inc.">
                        <equipmentManufacturingDef caption="Cisco FPR9K-SUP 8 Port Fabric Interconnect" descr=""
                               description="Cisco FPR9K-SUP 8 Port IOM Fabric Interconnect" fruMajorType="" fruMinorType=""
                               name="Cisco FPR9K-SUP" oemName="" oemPartNumber="" partNumber="FPR9K-SUP"
                               pid="FPR9K-SUP" rn="manufacturing" sku="FPR9K-SUP" vid="V01"/>
        </equipmentSwitchIOCardCapProvider>
    </outCardCapProviderConfig>
</restaggrGetChassisInventory>

This object retrieves Supervisor information.

Endpoint

/api/sys/chassis/get-inventory

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: /api/sys/chassis/get-inventory (classId= restaggrGetChassisInventory)

Supervisor Stats

Get Supervisor Statistics:

{
    "equipmentIOCardStats": [
        {
            "urllink": "https://127.0.0.1/api/sys/chassis/slot/1/stats",
            "ambientTempMax": "35.000000",
            "dimmTempMax": "not-applicable",
            "procTempAvg": "not-applicable",
            "intervals": "58982460",
            "ambientTemp": "35.000000",
            "procTemp": "not-applicable",
            "tempAvg": "46.000000",
            "thresholded": "",
            "dimmTemp": "not-applicable",
            "suspect": "no",
            "dimmTempAvg": "not-applicable",
            "dn": "sys/chassis/slot/1/stats",
            "update": "65541",
            "ambientTempAvg": "35.000000",
            "tempMin": "46.000000",
            "procTempMax": "not-applicable",
            "tempMax": "46.000000",
            "temp": "46.000000",
            "ambientTempMin": "35.000000",
            "dimmTempMin": "not-applicable",
            "procTempMin": "not-applicable",
            "timeCollected": "2014-07-15T18:52:14.659"
        }
    ]
}

This object retrieves Supervisor statistics.

Endpoint

sys/chassis-1/sw-slot-1/stats

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/chassis-1/sw-slot-1/stats (classId= equipmentIOCardStats)

Blade

Get Blade Information:

{
    "computeBlade": [
        {
            "urllink": "https://127.0.0.1/api/sys/chassis/blade/1",
            "model": "UCSB-B200-M3",
            "operState": "inoperable",
            "policyLevel": "0",
            "localId": "",
            "vid": "V03",
            "fsmTry": "16",
            "policyOwner": "local",
            "adminPower": "policy",
            "checkPoint": "deep-checkpoint",
            "usrLbl": "",
            "lcTs": "1970-01-01T00:00:00.000",
            "operability": "operable",
            "intId": "35844",
            "numOfThreads": "24",
            "numOfAdaptors": "2",
            "availability": "unavailable",
            "operPower": "off",
            "operQualifier": "adaptor-inoperable",
            "lc": "undiscovered",
            "descr": "",
            "managingInst": "A",
            "connStatus": "A",
            "presence": "equipped",
            "chassisId": "1",
            "originalUuid": "a206faca-575e-46d2-8bf0-d0127e4d211c",
            "connPath": "A",
            "numOfCoresEnabled": "12",
            "adminState": "in-service",
            "fsmRmtInvErrDescr": "",
            "numOfEthHostIfs": "0",
            "assignedToDn": "",
            "discovery": "illegal-fru",
            "dn": "sys/chassis/blade/1",
            "memorySpeed": "1333",
            "fsmPrev": "DiscoverBmcInventory",
            "vendor": "Cisco Systems Inc",
            "fsmStatus": "DiscoverBmcInventory",
            "fsmRmtInvErrCode": "none",
            "mfgTime": "2012-12-17T00:00:00.000",
            "totalMemory": "98304",
            "fsmStageDescr": "getting inventory of server 1/1 via CIMC(FSM-STAGE:sam:dme:ComputeBladeDiscover:BmcInventory)",
            "slotId": "1",
            "numOfCpus": "2",
            "fsmDescr": "blade discovery 1/1(FSM:sam:dme:ComputeBladeDiscover)",
            "fsmStamp": "2014-07-15T18:55:23.080",
            "fsmProgr": "3",
            "serverId": "1/1",
            "serial": "FCH1650JQ8Q",
            "fsmFlags": "",
            "association": "none",
            "availableMemory": "98304",
            "name": "",
            "lowVoltageMemory": "regular-voltage",
            "uuid": "a206faca-575e-46d2-8bf0-d0127e4d211c",
            "numOfFcHostIfs": "0",
            "numOfCores": "12",
            "partNumber": "73-13217-08",
            "revision": "0",
            "fsmRmtInvRslt": ""
        }
    ]
}

This object retrieves specific blade information.

Endpoint

/api/sys/chassis/blade/1

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/chassis-1/blade-1 (classId= computeBlade)

Blade Motherboard

Get Blade Motherboard Information:

{
    "computeBoard": [
        {
            "dn": "sys/chassis/blade/1/board",
            "urllink": "https://127.0.0.1/api/sys/chassis/blade/1/board",
            "operState": "not-supported",
            "vendor": "Cisco Systems Inc",
            "perf": "ok",
            "power": "ok",
            "presence": "not-supported",
            "operPower": "off",
            "operQualifierReason": "N/A",
            "thermal": "ok",
            "voltage": "ok",
            "cmosVoltage": "ok",
            "id": "0",
            "serial": "FCH1650JQ8Q",
            "revision": "0",
            "model": "UCSB-B200-M3",
            "powerUsage": "ok",
            "operability": "not-supported"
        }
    ]
}

This object retrieves blade motherboard information.

Endpoint

/api/sys/chassis/blade/1/board

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/chassis-1/blade-1/board (classId= computeBoard)

Blade Processor Information

Get Blade Processor Information:

arch    Xeon
cores   12
coresEnabled    12
id  1
locationDn
model   Intel(R) Xeon(R) CPU E5-2658 v3 @ 2.20GHz
operQualifierReason N/A
operState   operable
operability operable
perf    unknown
power   not-supported
presence    equipped
revision    0
serial
socketDesignation   CPU1
speed   2.200000
stepping    2
thermal ok
threads 24
vendor  Intel(R) Corporation
visibility  yes
voltage not-supported

This object retrieves blade processor information.

Endpoint

/api/sys/chassis/blade/1/board/cpu/
/api/sys/chassis/blade/1/board/cpu/<id>

Supported HTTP methods

GET

Properties You Can Set with the REST API

UCS_DN: sys/chassis-1/blade-2/board/cpu-1 (classid=processorUnit)

Blade Memory Information

Get Blade Memory Information:

cpuId   2
currCapacity    131072
errorCorrection undiscovered
id  1
locationDn
maxCapacity 1572864
maxDevices  24
model
operQualifierReason N/A
operState   not-supported
operability not-supported
perf    unknown
populated   8
power   not-supported
presence    equipped
revision    0
serial
thermal not-supported
vendor
voltage not-supported

This object retrieves blade memory information.

Endpoint

/api/sys/chassis/blade/1/board/mem-all
/api/sys/chassis/blade/1/board/memory/<id>

Supported HTTP methods

GET

Properties You Can Set with the REST API

UCS-DN: sys/chassis-1/blade-2/board/memarray-1 (classId=memoryArray)

Blade Power Stats

Get Motherboard Power Statistics:

{
    "computeMbPowerStats": [
        {
            "consumedPower": "0.000000",
            "dn": "sys/chassis/blade/1/board/power-stats",
            "inputVoltage": "0.000000",
            "consumedPowerAvg": "0.000000",
            "inputCurrentMax": "0.000000",
            "thresholded": "",
            "inputCurrent": "0.000000",
            "update": "393217",
            "inputVoltageMin": "0.000000",
            "intervals": "58982460",
            "suspect": "no",
            "consumedPowerMax": "0.000000",
            "inputCurrentMin": "0.000000",
            "inputVoltageMax": "0.000000",
            "timeCollected": "2014-07-15T18:58:53.061",
            "urllink": "https://127.0.0.1/api?dn=sys/chassis-1/blade-1/board/power-stats",
            "consumedPowerMin": "0.000000",
            "inputCurrentAvg": "0.000000",
            "inputVoltageAvg": "0.000000"
        }
    ]
}

This object retrieves blade motherboard power statistics.

Endpoint

/api/sys/chassis/blade/1/board/power-stats

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/chassis-1/blade-1/board/power-stats (classId=computeMbPowerStats)

NIC Adaptor

Get Specific NIC Adaptor Information:

{
    "adaptorUnit": [
        {
            "urllink": "https://127.0.0.1/api/sys/chassis/blade/1/adaptor/1",
            "operState": "operable",
            "presence": "equipped",
            "thermal": "unknown",
            "operability": "operable",
            "serial": "FCH165271GA",
            "managingInst": "A",
            "id": "1",
            "perf": "not-supported",
            "bladeId": "1",
            "connPath": "A",
            "chassisId": "1",
            "integrated": "no",
            "revision": "0",
            "dn": "sys/chassis/blade/1/adaptor/1",
            "vendor": "Cisco Systems Inc",
            "power": "off",
            "mfgTime": "2012-12-28T00:00:00.000",
            "baseMac": "00:06:F6:9C:A0:BC",
            "pciAddr": "",
            "operQualifierReason": "N/A",
            "partNumber": "73-14641-02",
            "adminPowerState": "none",
            "reachability": "",
            "pciSlot": "N/A",
            "model": "UCSB-MLOM-40G-01",
            "connStatus": "A",
            "voltage": "not-supported"
        }
    ]
}

This object retrieves specific NIC adaptor information.

Endpoint

/api/sys/chassis/blade/1/adaptor
/api/sys/chassis/blade/1/adaptor/1

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN: sys/chassis-1/blade-1/adaptor-1 (classId= adaptorUnit)

Blade Storage Inventory

This object retrieves SAS, SATA, FLASH, and SD storage controller inventory.

Endpoint

/api/sys/chassis/blade/1/board/storage

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCSDN: sys/chassis-1/blade-1/board/storage- - (classId= storageController)

Power Supply Unit

This object retrieves power supply unit information.

Endpoint

/api/sys/chassis/psu
/api/sys/chassis/psu/1

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN=sys/chassis-1/psu-1 (classId= equipmentPsu)

Fan Unit

This object retrieves fan unit information.

Endpoint

/api/sys/chassis/fan-module
/api/sys/chassis/fan-module/tray/1/id/3/fan/2

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN=sys/chassis-1/fan-module-1-3/fan-2 (classId= equipmentFan)

clapton -- new section Chassis Environment

Chassis Environment

This object retrieves chassis environment information.

Endpoint

/api/sys/chassis/chassis-env

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN=sys/chassis-1/ch-env

Get Specific Chassis Environment Information:

{
    " equipmentChassisEnv ": [
        {
            "urllink": "https://10.89.147.211/api/sys/chassis/ch-env",
            "dn": "sys/chassis-1/ch-env",
            "cpuTemp": "48.00",
            "inletTemp": "34.00",
            " lastUpdatetime": " 2016-11-23T01:29:53.585",
            " totalPower": "638.00",
            "equipmentPusEnv": [
                {
                    "id": "1",
                    "operStatus": "ok",
                    "psuInput": "ok",
                    "psuOutput": "ok",
                    "psuType": "AC",

                },
          ]
          "equipmentFanEnv": [
               {
                    "id": "1",
                    "FanSpeed": "3021",
                    "FanStatus": "ok",
                    " FanPerf": "operable",
             },
          ]
          "equipmentBladeEnv": [
               {
                    "id": "1",
                    "CpuTemp": "61.00",
                    "powerConsumption": "216.00",
             },
        ]
    ]
  }
}

Firepower Chassis Switch Inventory & Status

Switch

Get Switch Information:

adminInbandIfState  disable
dn  sys/switch
inbandIfGw  0.0.0.0
inbandIfIp  0.0.0.0
inbandIfMask    0.0.0.0
inbandIfVnet    0
inventoryStatus
model   ASA-MIO-9K
oobIfGw 10.193.211.254
oobIfIp 10.193.211.134
oobIfMask   255.255.255.0
operability operable
revision    0
serial  FCH18097WXC
thermal ok
totalMemory 8058
vendor  Cisco Systems, Inc.

This object retrieves specific switch information.

Endpoint

/api/sys/mgmt-ipv4

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN=sys/switch-A (classId=networkElement)

Switch Slot

Get Switch Slot Information:

descr   Firepower Chassis MIO 8x10G SFP+, 2xEPM slots
dn  sys/switch/slot/1
id  1
model   ASA-MIO-9K
numPorts    8
operState   operable
operability operable
perf    unknown
power   online
presence    equipped
revision    0
serial
state   online
thermal unknown
ts  2012-01-09T20:54:04.184
vendor  Cisco Systems, Inc.
voltage unknown

This object retrieves specific switch slot information.

Endpoint

/api/sys/switch/slot/1

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN = sys/switch-A/slot-1 (classId= equipmentSwitchCard)

Physical Port Inventory, Transceiver and Stats

Get Physical Port Inventory, Transceiver and Statistics:

adminState  disabled
adminTransport  ether
aggrPortId  0
chassisId   N/A
dn  sys/switch/slot/1/switch-ether/Ethernet1/1
encap   unknown
epDn
ifRole  unknown
ifType  physical
isPortChannelMember no
lc  available
licGP   0
licState    unknown
locale
mac 00:01:64:49:00:08
mode    access
model
name
operSpeed   indeterminate
operState   sfp-not-present
peerAggrPortId  0
peerDn
peerPortId  0
peerSlotId  0
portId  1
revision    0
serial
slotId  1
stateQual   Unknown
switchId    A
transport   ether
ts  2012-01-09T20:59:04.184
type
unifiedPort no
usrLbl
vendor
xcvrType    unknown

Get Transceiver Information:

dn  sys/switch/ports/slot/1/port/1/transceiver
id  1
model   1-2053783-1
revision    0
serial  TED1517A5VF
ts  2014-08-22T17:49:24.539
type    h10gcu1m
vendor  CISCO-TYCO

This object retrieves physical port inventory, transceiver information, and the following statistics:

  • pause statistics
  • loss statistics
  • error statistics
  • transmission (TX) statistics
  • rate, signal and noise (RX) statistics

Endpoints

/api/sys/switch/ports/ethernet1_API_SLASH_1
Breakout Port: /api/sys/switch/ports/ethernet2%2F1%2F3
Port Channel: /api/ports/pc/<id>
Transceiver: /api/sys/switch/ports/slot/1/port/1/transceiver
Pause Statistics: /api/sys/switch/slot/1/port/1/etherPauseStats , /api/ports/pc/<id>/etherPauseStats
Loss Statistics: /api/sys/switch/slot/1/port/1/etherLossStats, /api/ports/pc/<id>/etherLossStats
Error Statistics: /api/sys/switch/slot/1/port/1/etherErrStats, /api/ports/pc/<id>/etherErrStats
TX Statistics: /api/sys/switch/slot/1/port/1/etherTxStats, /api/ports/pc/<id>/etherTxStats
RX Statistics: /api/sys/switch/slot/1/port/1/etherRxStats, /api/ports/pc/<id>/etherRxStats

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN = sys/switch-A/slot-1/switch-ether/port-1 (classId= etherPIo)
UCS_DN: fabric/lan/A/pc-<id>
UCS_DN: sys/switch-A/slot-1/switch-ether/port-1/transceiver (classId=equipmentXcvr)
UCS_DN: sys/switch-A/slot-1/switch-ether/port-1/pause-stats, fabric/lan/A/pc- /pause-stats (classId=etherPauseStats)
UCS_DN: sys/switch-A/slot-1/switch-ether/port-1/loss-stats, fabric/lan/A/pc-<id>/loss-stats (classId= etherLossStats)
UCS_DN: sys/switch-A/slot-1/switch-ether/port-1/err-stats, fabric/lan/A/pc-<id>/err-stats (classId=etherErrStats)
UCS_DN: sys/switch-A/slot-1/switch-ether/port-1/tx-stats, fabric/lan/A/pc-<id>/tx-stats (classId=etherTxStats)
UCS_DN: sys/switch-A/slot-1/switch-ether/port-1/rx-stats, fabric/lan/A/pc-<id>/rx-stats (classId=etherRxStats)

Local Storage

Get Local Storage Information:

name    bootflash
operState   clean
size    106490
used    5

This object retrieves local storage information.

Endpoints

/api/sys/switch/storage
/api/sys/switch/storage/<name>

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
DN=sys/switch-A/stor-part-<name> (name="bootflash","opt","workspace","spare") (classid = storageItem)

Firmware Information

Available Images

This object retrieves information about the available images.

Endpoint

/api/sys/firmware/image

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN= sys/fw-catalogue/image-ucs-mgmtext.3.0.0.154.gbin (classId= firmwareImage)

Available Firmware Bundle

This object retrieves information about the available firmware bundle.

Endpoint

/api/sys/firmware/distrib

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN=sys/fw-catalogue/distrib-mini-ucs-k9-bundle-infra.3.0.0.163.A.gbin (classid= firmwareDistributable)

Running Version

Get Running Version:

{
    deployment  system
    dn  sys/switch-A/mgmt/fw-system
    invTag  paddington-system
    packageVersion  3.0(0.390)
    type    switch-software
    version 5.0(3)N2(3.00.390)
}

This object retrieves information about the running version.

Endpoint

Switch Management Version: /api/sys/firmware/version/mgmt
Switch Kickstart Running Version: /api/sys/firmware/version/kernel
Switch System Running Version: /api/sys/firmware/version/system
Switch Chassis Manager Version: /api/sys/firmware/version/chassis-manager
Firepower Chassis OS Version: /api/sys/chassis/blade-1/os-ctrl/fw-system

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
Switch Management Version: UCS_DN=sys/mgmt/fw-system (classId=firmwareRunning )
Switch Kickstart Running Version: UCS_DN=sys/switch-A/mgmt/fw-kernel (classId=firmwareRunning )
Switch System Running Version: UCS_DN=sys/switch-A/mgmt/fw-system (classId=firmwareRunning )
Switch Chassis Manager Version: UCS_DN=capabilities/ep/mgmt-ext/fw-system (classId=firmwareRunning )
Firepower Chassis OS Version: UCS_DN=sys/chassis-1/blade-1/os-ctrl/fw-system (classId=firmwareRunning )

Fault

This object retrieves faults for the system or chassis.

Endpoints

All faults in the system: /api/sys/fault-all
All faults in the chassis: /api/sys/chassis/fault
To get a particular fault: /api/sys/chassis/blade/2/adaptor/2/host-eth-2/fault/F0207

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
Chassis Only: UCS_DN: sys/chassis-1 & classid=faultInst
Particular Fault: UCS_DN: sys/chassis-1/blade-2/adaptor-2/host-eth-2/fault-F0207

Acknowledge Fault

Acknowledge Fault:

ack yes
cause   link-down
changeSet
code    F0207
created 2012-02-13T04:53:40.153
descr   Adapter host interface 1/1/1/13 link state: down
interface 1/1/1/13 link state: down
highestSeverity major
id  63806
lastTransition  2012-02-13T20:29:16.400
lc
occur   4
origSeverity    major
prevSeverity    cleared
rule    adaptor-host-if-link-down
severity    major
tags    network,server
type    network

This object acknowledges a specific fault for the system or chassis.

Endpoints

/api/sys/chassis/blade/2/adaptor/2/host-eth-2/fault/F0207

Supported HTTP methods

PUT, PATCH

Properties You Can Set with the REST API

UCS_DN: sys/chassis-1/blade-2/adaptor-2/host-eth-2/fault-F0207

Properties that can be Set by the End User

ack

Event

Get the Event Log:

maxSize 10000
purgeWindow 100
size    9917

This object retrieves the event log or all event records.

Endpoints

Event log: /api/sys/event-log
All event records: /api/sys/event-log/all

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
Event log: UCS_DN: event-log (classId = eventLog)
All event records: UCS_DN: N/A (classId = eventRecord)

Fail-to-Wire

Fail-to-Wire:

{
aggrPortId  0
epDn
mode       disabled (standby, bypass)
name
operMode    disabled (standby, bypass)
peerAggrPortId  0
peerDn
peerPortId  6
peerPortName    Ethernet3/6
peerSlotId  3
portId  5
portName    Ethernet3/5
slotId  3
switchId    A
wdtStart    10
wdtState    disabled (enabled)
}

This object retrieves information about the fail-to-wire status.

Endpoints

/api/sys/fail-to-wire
/api/sys/fail-to-wire/ethernet1_API_SLASH_API_3-ethernet1_API_SLASH_API_4
/api/sys/fail-to-wire/ethernet2_API_SLASH_1_API_SLASH_3-ethernet2_API_SLASH_1_API_SLASH_4

Supported HTTP methods

GET

Properties You Can Set with the REST API

dn
UCS_DN=sys/switch-A/fail-to-wire/ftw-port-<slot>-<aggrId>-<port1Id>-port-<slot>-<aggrId>-<port2Id> (classId=etherFtwPortPair )

Event Subscription

New Object Created Notification:

{
    "configMoChangeEvent":
    [
        {
            "cookie": "",
            "inEid": "196392",
            "inConfig":
            [
                {
                    "smAppInstance":
                    [
                        {
                            "urllink": "http://171.71.230.251/api/Slot/1/AppInstance/ddos3",
                            "dn": "Slot/1/AppInstance/ddos3",
                            "runningVersion": "",
                            "appName": "ddos3",
                            "adminState": "enabled",
                            "status": "created",
                            "startupVersion": "",
                            "operationalState": "not-installed",
                            "appInstId": ""
                        }
                    ]
                }
            ]
        }
    ]
}

Firepower Chassis API provides a mechanism to register and get notified when objects are modified. Modifications mean new objects are created or existing objects are updated or objects are being deleted. To subscribe to an event notification, send a POST request to /api/events with a valid token. Events will be sent back to clients in the following format:

<message_length><new line>
<json_event_string><new line>

When objects are created, a notification is sent to registered clients. The content of the new object has all properties. The status field is set to created .



















Object Modified Event:

{
    "configMoChangeEvent":
    [
        {
            "cookie": "",
            "inEid": "196408",
            "inConfig":
            [
                    {
                        "smApp":
                            [
                                {
                                    "urllink": "http://171.71.230.251/api/App/ddos2-1.0",
                                    "dn": "App/ddos2-1.0",
                                    "status": "modified",
                                    "installTimeout": "130"
                                }
                            ]
                    }
            ]
        }
    ]
}

When objects are modified, the event contains the object with its modified properties only. The status field is set to modified .






















Object Deleted Event:

{
    "configMoChangeEvent":
    [
        {
            "cookie": "",
            "inEid": "196435",
            "inConfig":
            {
                "smAppInstance":
                [
                    {
                        "urllink": "http://171.71.230.251/api/Slot/1/AppInstance/ddos3",
                        "dn": "Slot/1/AppInstance/ddos3",
                        "status": "deleted"
                    }
                ]
            }
        }
    ]
}

When objects are deleted, the event contains the object with the DN and its status field set to deleted .

Bulk API

The Firepower Chassis API allows you to perform multiple requests at the same time, executing them in a single transaction. Either all requests succeed or all requests fail. If at least one object fails the operation, all the operations in the same request fail.

Note that only bulk operations of the same type can be performed:

  • Multiple GETs
  • Multiple object creation or modification.
  • Multiple object deletion.

DN Consideration

When single objects are posted, if the DN field is not specified, the URL will be included as the DN field.

If the DN field is specified, the URL path will be ignored. In such cases Cisco recommends that the URL be /api .

Bulk GET Operation

Multiple objects can be retrieved at the same time specifying the DN attribute in the URL multiple times. Cisco recommends that the URL length not to exceed 2000 characters.

GET /api?dn=Slot/1&dn=App/ddos-1.0&dn=Slot/1/AppInstance/ddos

NOTE: Only leaf objects can be used in a bulk GET operation. Non-leaf objects cannot be used in a bulk GET operation.

Examples of non-leaf objects are:

  • Slot
  • App
  • Slot/<slot_nr>/AppInstance
  • LogicalDevice
  • LogicalDevice/<ld_name>/ExternalPortLink

Use one query for each of these objects.

As an alternative, you can submit bulk requests for multiple classId s:

GET /api?classId=smSlot&classId=smApp&classId=smExternalPortLink

Bulk POST Operation

Single Request to Create one App Object and one AppInstance Object

POST: /api
{
    "smApp": [
        {
            "appId": "ddos",
            "appType": "application",
            "author": "Company A",
            "buildDate": "Dec 20, 2014",
            "canDowngrade": "yes",
            "canUpgrade": "yes",
            "deployType": "vm",
            "description": "This is a DDOS app",
            "dn": "App/ddos-1.0",
            "fullInstall": "yes",
            "installTimeout": "120",
            "isAggregateVnic": "no",
            "isSecurityControl": "yes",
            "longName": "DDOS Company A",
            "minDiskData": "120",
            "minOS": "1.0",
            "name": "ddos",
            "uninstallTimeout": "120",
            "upgradeTimeout": "60",
            "version": "1.0"
        }
    ],
    "smAppInstance": [
        {
            "adminState": "enabled",
            "appName": "ddos",
            "dn": "Slot/1/AppInstance/ddos",
            "startupVersion": ""
        }
    ]
}

Multiple objects can be created or modified at the same time. Specify /api for the URL in such cases.

The DN field specifies the location of each object in the MIT (Management Information Tree).

NOTE: When performing bulk POST operations, all JSON objects must specify the DN field.

In this example, a single POST request is used to create one App object and one AppInstance object.

Bulk DELETE Operation

Multiple objects can be deleted simultaneously by specifying the list of DN objects to be deleted. The syntax is identical to that used in Bulk GET Operations .

DELETE /api?dn=Slot/1/AppInstance/ddos&dn=App/ddos-1.0

REST API Objects

For a list of HTTP methods supported by the REST API, see Supported Methods

AAA

LDAP Configuration Object

Retrieve All LDAP Providers:

{
    "aaaLdapProvider": [
        {
            "urllink": "https://10.89.147.211/api/sys/ldap/provider/danp-lnx",
            "dn": "sys/ldap/provider/danp-lnx",
            "vendor": "OpenLdap",
            "name": "danp-lnx",
            "descr": "",
            "retries": "1",
            "attribute": "",
            "basedn": "",
            "rootdn": "",
            "order": "1",
            "filter": "",
            "keySet": "no",
            "timeout": "30",
            "key": "",
            "port": "389",
            "enableSSL": "no"
        },
        {
            "urllink": "https://10.89.147.211/api/sys/ldap/provider/danp1",
            "dn": "sys/ldap/provider/danp1",
            "vendor": "MS-AD",
            "name": "danp1",
            "descr": "",
            "retries": "1",
            "attribute": "test3",
            "basedn": "bla bla",
            "rootdn": "binddn",
            "order": "2",
            "filter": "",
            "keySet": "yes",
            "timeout": "10",
            "key": "",
            "port": "100",
            "enableSSL": "yes"
        }
    ]
}

Retrieve One LDAP Provider:

{
    "aaaLdapProvider": [
        {
            "urllink": "https://10.89.147.211/api/sys/ldap/provider/danp-lnx",
            "dn": "sys/ldap/provider/danp-lnx",
            "vendor": "OpenLdap",
            "name": "danp-lnx",
            "descr": "",
            "retries": "1",
            "attribute": "",
            "basedn": "",
            "rootdn": "",
            "order": "1",
            "filter": "",
            "keySet": "no",
            "timeout": "30",
            "key": "",
            "port": "389",
            "enableSSL": "no"
        }
    ]
}

Create an LDAP Provider:

{
    "aaaLdapProvider": [
        {
            "dn": "sys/ldap/provider/danp-lnx2",
            "vendor": "OpenLdap",
            "name": "danp-lnx2",
            "descr": "ldap-provider 1",
            "retries": "1",
            "attribute": "",
            "basedn": "",
            "rootdn": "",
            "order": "4",
            "filter": "",
            "timeout": "30",
            "key": "secret",
            "port": "389",
            "enableSSL": "no"
        }
    ]
}

The LDAP Configuration Object can be used to:

  • Create an LDAP Provider
  • Retrieve an LDAP Provider
  • Retrieve all LDAP Providers
  • Delete an LDAP Provider

Endpoints

Retrieve the LDAP Configuration

https://10.89.147.211/api/sys/ldap

Retrieve All LDAP Providers

https://10.89.147.211/api/sys/ldap/provider

Retrieve One LDAP Provider

https://10.89.147.211/api/sys/ldap/provider/danp-lnx

Delete an LDAP Provider

DELETE /api/ldap/provider/danp-lnx2

Radius Configuration Object

Retrieve Radius Configuration:

{
    "aaaRadiusEp": [
        {
            "urllink": "https://10.89.147.211/api/sys/radius",
            "dn": "sys/radius",
            "name": "",
            "descr": "",
            "retries": "1",
            "timeout": "5"
        }
    ]
}

Retrieve One Radius Provider:

{
    "aaaRadiusProvider": [
        {
            "urllink": "https://10.89.147.211/api/sys/radius/provider/s2",
            "dn": "sys/radius/provider/s2",
            "name": "s2",
            "descr": "",
            "retries": "1",
            "authPort": "1812",
            "order": "2",
            "key": "",
            "keySet": "no",
            "timeout": "5",
            "service": "authorization"
        }
    ]
}

Create a Radius Provider:

{
    "aaaRadiusProvider": [
        {
            "dn": "sys/radius/provider/rad1",
            "name": "rad1",
            "descr": "radius provider",
            "retries": "4",
            "authPort": "1812",
            "order": "4",
            "key": "rad-key",
            "timeout": "5"
        }
    ]
}

The Radius Configuration Object can be used to:

  • Create a Radius Provider
  • Retrieve a Radius Configuration
  • Retrieve all Radius Providers
  • Delete a Radius Provider

Endpoints

Retrieve the Radius Configuration

https://10.89.147.211/api/sys/radius

Retrieve All LDAP Providers

https://10.89.147.211/api/sys/radius/provider

Retrieve One Radius Provider

https://10.89.147.211/api/sys/radius/provider/s2

Delete a Radius Provider

DELETE /api/radius/provider/rad1

TACACS Configuration Object

Retrieve TACACS Configuration:

{
    "aaaTacacsPlusEp": [
        {
            "urllink": "https://10.89.147.211/api/sys/tacacs",
            "dn": "sys/tacacs",
            "name": "",
            "descr": "",
            "retries": "1",
            "timeout": "5"
        }
    ]
}

Retrieve One TACACS Provider:

{
    "aaaTacacsPlusProvider": [
        {
            "urllink": "https://10.89.147.211/api/sys/tacacs/provider/tac1",
            "dn": "sys/tacacs/provider/tac1",
            "name": "tac1",
            "descr": "",
            "retries": "1",
            "order": "1",
            "key": "",
            "keySet": "no",
            "timeout": "5",
            "port": "49"
        }
    ]
}

Retrieve All TACACS Providers:

{
    "aaaTacacsPlusProvider": [
        {
            "urllink": "https://10.89.147.211/api/sys/tacacs/provider/tac1",
            "dn": "sys/tacacs/provider/tac1",
            "name": "tac1",
            "descr": "",
            "retries": "1",
            "order": "1",
            "key": "",
            "keySet": "no",
            "timeout": "5",
            "port": "49"
        }
    ]
}

Create a TACACS Provider:

{
    "aaaTacacsPlusProvider": [
        {
            "dn": "sys/tacacs/provider/tac-server",
            "name": "tac-server",
            "descr": "Tacacs SErver",
            "retries": "2",
            "order": "4",
            "key": "secret",
            "timeout": "4",
            "port": "49"
        }
    ]
}

The TACACS Configuration Object can be used to:

  • Create a TACACS Provider
  • Retrieve the TACACS Configuration
  • Retrieve all TACACS Providers
  • Delete a TACACS Provider

Endpoints

Retrieve the TACACS Configuration

https://10.89.147.211/api/sys/tacacs

Retrieve All TACACS Providers

https://10.89.147.211/api/sys/tacacs/provider

Retrieve One TACACS Provider

https://10.89.147.211/api/sys/tacacs/provider/tac1

Delete a TACACS Provider

DELETE /api/tacacs/provider/tac-server

User Roles Configuration Object

Get One User Role:

{
    "aaaRole": [
        {
            "urllink": "https://10.89.147.211/api/sys/user/role/admin",
            "dn": "sys/user/role/admin",
            "name": "admin",
            "descr": "",
            "configState": "ok",
            "configStatusMessage": "",
            "priv": "admin"
        }
    ]
}

The User Roles Configuration Object can be used to:

  • Retrieve one User Role
  • Retrieve all User Roles

Endpoints

Retrieve One User Role

https://10.89.147.211/api/sys/user/role/admin

Retrieve All User Roles

https://10.89.147.211/cgi-bin/api/sys/user/role

Local Users

Get One Local User Configuration:

{
    "aaaUserEp": [
        {
            "urllink": "https://10.89.147.211/api/sys/user",
            "dn": "sys/user",
            "name": "",
            "descr": "",
            "pwdStrengthCheck": "no"
        }
    ]
}

Get All Local User Configurations:

{
    "aaaUser": [
        {
            "urllink": "https://10.89.147.211/api/sys/user/local",
            "dn": "sys/user/local",
            "clearPwdHistory": "no",
            "firstName": "",
            "descr": "",
            "expiration": "never",
            "lastName": "",
            "configState": "ok",
            "expires": "no",
            "configStatusMessage": "",
            "email": "",
            "phone": "",
            "pwd": "",
            "pwdLifeTime": "no-password-expire",
            "accountStatus": "active",
            "priv": "admin,read-only",
            "pwdSet": "yes",
            "name": "admin"
        },
        {
            "urllink": "https://10.89.147.211/api/sys/user/user-danp2",
            "dn": "sys/user/user-danp2",
            "clearPwdHistory": "no",
            "firstName": "",
            "descr": "",
            "expiration": "never",
            "lastName": "",
            "configState": "ok",
            "expires": "no",
            "configStatusMessage": "",
            "email": "",
            "phone": "",
            "pwd": "",
            "pwdLifeTime": "no-password-expire",
            "accountStatus": "active",
            "priv": "read-only",
            "pwdSet": "no",
            "name": "danp2"
        },
        {
            "urllink": "https://10.89.147.211/api/sys/user/user-danp",
            "dn": "sys/user/user-danp",
            "clearPwdHistory": "no",
            "firstName": "",
            "descr": "",
            "expiration": "never",
            "lastName": "",
            "configState": "ok",
            "expires": "no",
            "configStatusMessage": "",
            "email": "",
            "phone": "",
            "pwd": "",
            "pwdLifeTime": "no-password-expire",
            "accountStatus": "active",
            "priv": "read-only",
            "pwdSet": "no",
            "name": "danp"
        }
    ]
}

Create a Local User:

{
    "aaaUser": [
        {
            "dn": "sys/user/local/Firepower Chassis",
            "clearPwdHistory": "no",
            "firstName": "FirstName",
            "descr": "This is a test user",
            "expiration": "never",
            "lastName": "LastName",
            "expires": "no",
            "email": "Firepower Chassis@cisco.com",
            "phone": "4085555555",
            "pwd": "secret",
            "pwdLifeTime": "no-password-expire",
            "accountStatus": "active",
            "name": "Firepower Chassis"
        }
    ]
}

The Local Users Object can be used to:

  • Retrieve one Local User Configuration
  • Retrieve all Local User Configurations
  • Create a Local User

Endpoints

Retrieve One Local User Configuration

https://10.89.147.211/api/sys/user

Retrieve All Local User Configurations

https://10.89.147.211/api/sys/user/local

Configuration Management

Export/Backup Configuration Object

Create an Export Configuration:

POST https://10.89.147.211/api/sys/backup/file1.cisco.com
{
    "mgmtBackup": [
        {
            "descr": "",
            "proto": "scp",
            "hostname": "file1.cisco.com",
            "adminState": "enabled",
            "type": "config-all",
            "dn": "sys/backup/file1.cisco.com",
            "remoteFile": "/tmp/backup",
            "job": "immediate",
            "user": "danp",
            "name": "",
            "pwd": "",
            "preservePooledValues": "no"
        }
    ]
}

The Export/Backup Configuration Object can be used to:

  • Create an Export Configuration
  • Retrieve one Export Configuration
  • Retrieve all Export Configurations
  • Delete an Export Configuration

Endpoints

Create an Export Configuration

POST https://10.89.147.211/api/sys/backup/file1.cisco.com

Retrieve One Export Configuration

GET https://10.89.147.211/api/sys/backup/danp-lnx.cisco.com

Retrieve All Export Configurations

GET https://10.89.147.211/api/sys/backup

Delete the LDAP Configuration

DELETE https://10.89.147.211/api/sys/backup/file1.cisco.com

Import Configuration Object

Create an Import Configuration:

{
    "mgmtImporter": [
        {
            "descr": "",
            "proto": "scp",
            "hostname": "file1.cisco.com",
            "adminState": "enabled",
            "dn": "sys/import-config/file1.cisco.com",
            "remoteFile": "/tmp/tftp",
            "pwd": "",
            "user": "",
            "action": "merge"
        }
    ]
}

Delete an Import Configuration:

{
    "callhomeEp": [
        {
            "dn": "sys/call-home",
            "name": "",
            "descr": "",
            "adminState": "off",
            "alertThrottlingAdminState": "on"
        }
    ]
}

The Import Configuration Object can be used to:

  • Create an Import Configuration
  • Retrieve one Import Configuration
  • Retrieve all Import Configurations
  • Delete an Import Configuration

Endpoints

Create an Export Configuration

POST https://10.89.147.211/api/sys/import-config/file1.cisco.com

Retrieve One Export Configuration

GET https://10.89.147.211/api/sys/import-config/danp-lnx.cisco.com

Retrieve All Export Configurations

GET https://10.89.147.211/api/sys/import-config

Delete the LDAP Configuration

DELETE https://10.89.147.211/api/sys/import-config/file1.cisco.com

Call Home Configuration Object

Retrieve the Call Home Configuration:

{
    "callhomeEp": [
        {
            "urllink": "https://10.89.147.211/api/sys/call-home",
            "dn": "sys/call-home",
            "name": "",
            "descr": "",
            "callhomeProfile": [
                {
                    "name": "CiscoTAC-1",
                    "descr": "Built-in XML Cisco-TAC profile",
                    "format": "xml",
                    "alertGroups": "ciscoTac",
                    "level": "normal",
                    "maxSize": "5000000",
                    "rn": "profile-CiscoTAC-1"
                },
                {
                    "name": "short_txt",
                    "descr": "Built-in text profile",
                    "format": "shortTxt",
                    "alertGroups": "all,ciscoTac,diagnostic,environmental,inventory,license,lifeCycle,linecard,supervisor,syslogPort,system,test",
                    "level": "warning",
                    "maxSize": "5000000",
                    "rn": "profile-short_txt"
                },
                {
                    "name": "full_txt",
                    "descr": "Built-in full text profile",
                    "format": "fullTxt",
                    "alertGroups": "all,ciscoTac,diagnostic,environmental,inventory,license,lifeCycle,linecard,supervisor,syslogPort,system,test",
                    "level": "warning",
                    "maxSize": "5000000",
                    "rn": "profile-full_txt"
                }
            ],
            "callhomeSource": [
                {
                    "customer": "",
                    "from": "",
                    "addr": "",
                    "replyTo": "",
                    "site": "",
                    "contract": "",
                    "phone": "",
                    "contact": "",
                    "rn": "source",
                    "email": "",
                    "urgency": "debug"
                }
            ],
            "callhomeTestAlert": [
                {
                    "group": "unknown",
                    "description": "",
                    "level": "unknown",
                    "sendNow": "no",
                    "messageType": "unknown",
                    "messageSubtype": "unknown",
                    "rn": "testalert"
                }
            ],
            "configState": "ok",
            "callhomePeriodicSystemInventory": [
                {
                    "minimumSendNowIntervalSeconds": "5",
                    "nextDeadline": "never",
                    "maximumRetryCount": "1",
                    "timeOfDayMinute": "0",
                    "retryDelayMinutes": "10",
                    "pollIntervalSeconds": "300",
                    "sendNow": "no",
                    "lastDeadline": "1970-01-01T00:00:00.000",
                    "adminState": "off",
                    "timeOfLastAttempt": "1970-01-01T00:00:00.000",
                    "retryCount": "0",
                    "timeOfDayHour": "0",
                    "timeOfLastSuccess": "never",
                    "rn": "periodicsysteminventory",
                    "intervalDays": "7"
                }
            ],
            "adminState": "off",
            "callhomeSmtp": [
                {
                    "host": "",
                    "rn": "smtp",
                    "port": "25"
                }
            ],
            "intId": "none",
            "alertThrottlingAdminState": "on",
            "callhomeEpFsm": [
                {
                    "descr": "",
                    "instanceId": "286",
                    "currentFsm": "configCallhome",
                    "rmtRslt": "",
                    "rmtErrCode": "none",
                    "completionTime": "2014-09-04T20:44:58.388",
                    "callhomeEpFsmStage": [
                        {
                            "retry": "2",
                            "name": "configCallhomeSetLocal",
                            "descr": "call-home configuration on primary(FSM-STAGE:sam:dme:CallhomeEpConfigCallhome:SetLocal)",
                            "stageStatus": "success",
                            "lastUpdateTime": "2014-09-04T20:44:58.387",
                            "rn": "stage-configCallhomeSetLocal",
                            "order": "1"
                        },
                        {
                            "retry": "0",
                            "name": "configCallhomeSetPeer",
                            "descr": "call-home configuration on secondary(FSM-STAGE:sam:dme:CallhomeEpConfigCallhome:SetPeer)",
                            "stageStatus": "skip",
                            "lastUpdateTime": "2014-09-04T20:44:58.388",
                            "rn": "stage-configCallhomeSetPeer",
                            "order": "2"
                        }
                    ],
                    "progress": "100",
                    "rmtErrDescr": "",
                    "rn": "fsm"
                }
            ]
        }
    ]
}

The Call Home Configuration Object can be used to:

  • Create/Update the Call Home Configuration
  • Retrieve the Call Home Configuration source
  • Retrieve the Call Home Configuration profile
  • Test a Call Home Configuration alert

Endpoints

Create/Update the Call Home Configuration

POST https://10.89.147.211/api/sys/call-home

Retrieve the Call Home Configuration source

GET https://10.89.147.211/api/sys/call-home/source

Retrieve the Call Home Configuration profile

GET https://10.89.147.211/api/sys/call-home/profile

Test a Call Home Configuration alert

https://10.89.147.211/api/sys/call-home/testalert

Time Configuration Object

Retrieve the System Clock:

GET https://172.29.191.45:9003/api/sys/service/system-clock
{
"currentTime": "2015-02-26T09:38:55.969"
}

The Call Home Configuration Object can be used to:

  • Retrieve the System Clock

Endpoints

Retrieve the System Clock

GET https://172.29.191.45:9003/api/sys/service/system-clock

Smart License Object

Retrieve the HTTP Configuration:

GET https://172.29.191.45:9003/api/sys/callhome/httpproxy
{
    "callhomeHttpProxy": [
        {
            "dn": "sys/call-home/httpproxy",
            "proxyServerEnable": "on",
            "proxyServerPort": "8080",
            "proxyServerUrl": "",
            "urllink": "https://172.29.191.45:9003/api/sys/callhome/httpproxy"
        }
    ]
}

Retrieve the Call Home Configuration:

GET https://172.29.191.45:9003/api/sys/callhome/dest/SLDest
{
    "callhomeDest": [
        {
            "dn": "sys/call-home/profile/SLProfile/dest/SLDest",
            "address": "https://tset.com/its/service/oddce/services/DDCEService",
            "name": "SLDest",
            "protocol": "https",
            "urllink": "https://172.29.191.45:9003/api/sys/call-home/profile/SLProfile/dest/SLDest"
        }
    ]
}

Register the License Configuration:

POST https://172.29.191.45:9013/api/sys/license/license-config/register
{
    "licenseSmartConfig": [
        {
            "debug": "all",
            "dn": "sys/callhome/license-config/register",
            "operation": "register",
            "tokenid": "1423853783/33bd2771-79ec-4ef4-b0c8-3e39efadb6f5",
            "urllink": "https://172.29.191.45:9003/api/sys/callhome/license-config/register"
        }
    ]
}

Unregister the License Configuration:

POST https://172.29.191.45:9003/api/sys/license/license-config/unregister
{
    "licenseSmartConfig": [
        {
            "debug": "all",
            "dn": "sys/callhome/license-config/unregister",
            "operation": "unregister",
            "tokenid": "",
            "urllink": "https://172.29.191.45:9003/api/sys/callhome/license-config/unregister"
        }
    ]
}

Retrieve the Registration Status:

GET https://172.29.191.45:9043/api/sys/license/register/status
{
    "Status": "UNREGISTERED"
}

The Smart License Configuration Object can be used to:

  • Retrieve the HTTP Configuration
  • Retrieve the Call Home Configuration
  • Register the License Configuration
  • Unregister the License Configuration
  • Retrieve the Registration Status

Endpoints

Retrieve the HTTP Configuration

GET https://172.29.191.45:9003/api/sys/callhome/httpproxy

Retrieve the Call Home Configuration

GET https://172.29.191.45:9003/api/sys/callhome/dest/SLDest

Register the License Configuration

POST https://172.29.191.45:9013/api/sys/license/license-config/register

Unregister the License Configuration

POST https://172.29.191.45:9003/api/sys/license/license-config/unregister

Retrieve the Registration Status

GET https://172.29.191.45:9043/api/sys/license/register/status

Service Objects JSON Schema

This section describes the schema for the Service Configuration Objects.

Model Types

The data types described on the right are used in the Service Objects. Each has the following fields:

  • default : The default type value.
  • values : The enumerated list of supported values.
  • name : The type name.
        {
            "default": "not-installed",
            "values": [
                "not-installed",
                "offline",
                "starting",
                "online",
                "not-responding"
            ],
            "name": "sd:AppInstState"
        },
        {
            "default": "disabled",
            "values": [
                "enabled",
                "disabled"
            ],
            "name": "sd:AppInstAdminState"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "install",
                "uninstall",
                "upgrade",
                "start",
                "stop"
            ],
            "name": "sd:JobType"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "queued",
                "failed",
                "succeeded"
            ],
            "name": "sd:JobState"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "ok",
                "incomplete-configuration"
            ],
            "name": "sd:LdOperState"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "active",
                "suspended"
            ],
            "name": "sd:LduOperState"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "joined",
                "left"
            ],
            "name": "sd:ClusterStatus"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "up",
                "down"
            ],
            "name": "sd:LinkOperState"
        },
        {
            "default": "",
            "values": [
                "bundled",
                "unbundled"
            ],
            "name": "sd:BundleType"
        },
        {
            "default": "",
            "values": [
                "success",
                "failure",
                "partial"
            ],
            "name": "sd:BundleStatus"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "native",
                "lxc",
                "vm"
            ],
            "name": "sm:DeployType"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "application",
                "os-patch"
            ],
            "name": "sm:CspType"
        },
        {
            "default": "ASA",
            "values": [
                "ASA"
            ],
            "name": "sm:TemplateName"
        },
        {
            "default": "spanned-etherchannel",
            "values": [
                "spanned-etherchannel"
            ],
            "name": "sm:ClusterMode"
        },
        {
            "default": "info",
            "values": [
                "debug",
                "info",
                "warning",
                "error",
                "critical"
            ],
            "name": "sm:LogLevel"
        },
        {
            "default": "standalone",
            "values": [
                "clustered",
                "standalone"
            ],
            "name": "sm:LogicalDeviceMode"
        },
       {
            "default": "default",
            "values": [
                "default",
                "firepower"
            ],
            "name": "sm:MgmtSubType"
        },
        {
            "default": "enable",
            "values": [
                "disable",
                "enable"
            ],
            "name": "sm:HeartbeatState"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "none",
                "partial",
                "full"
            ],
            "name": "sm:AppAggregatorType"
        },
        {
            "default": "not-available",
            "values": [
                "not-available",
                "offline",
                "starting",
                "online",
                "not-responding",
                "restarting",
                "formatting",
                "fault"
            ],
            "name": "sm:SlotOperState"
        },
        {
            "default": "not-applicable",
            "values": [
                "not-applicable",
                "incluster",
                "notincluster"
            ],
            "name": "sm:AppClusterOperState"
        }

LDTemplate

Description

The LDTemplate represents supported deployment templates, including ASA.

Endpoints

/api?classId=smLDTemplate retrieves all the ld-templates
/api/ld-template/{template-name}-{version} Select the template required from the available templates.

Supported HTTP Methods

GET

Retrieve the LDTemplate:

GET /api/ld-template
{
"children": [
                "TemplateApp"
            ],
            "type": "ld-template",
            "title": "ld-template Object Schema",
            "properties": {
                "version": {
                    "access": "read-only",
                    "type": "str",
                    "description": "The version of the Logical Device Template"
                },
                "name": {
                    "access": "read-only",
                    "type": "sm:TemplateName",
                    "description": "The name of the Logical Device Template"
                },
                "description": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Description of the Logical Device Template"
                }
            }
}

LDTemplateApp

Description

The LDTemplateApp represents an application contained in a template, such as ASA and DDOS.

Endpoint

/api?classId=smTemplateApp to retrieve all applications.
/api/ld-template/{template-name}-{version}/template-app/{app-name} to retrieve the specified application.

Supported HTTP Methods

GET

Retrieve the LDTemplateApp:

GET /api/template-app
{
            "type": "template-app",
            "title": "template-app Object Schema",
            "properties": {
                "isLinkDecorator": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "True if this Application can decorate ExternalPort Links"
                },
                "appName": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Short Name of the Application"
                }
            }
}

PortRequirement

Description

The PortRequirement retrieves the port information.

Endpoint

/api?classId=smPortRequirement
/api/app/{app-name}/port-requirement/{port-type}

Supported HTTP Methods

GET

Retrieve the PortRequirement:

{
            "type": "PortRequirement",
            "title": "PortRequirement Object Schema",
            "children": [
                "PortSubType"
            ],
            "properties": {
                "portType": {
                    "access": "read-only",
                    "type": "fabric:SSAPortType"
                },
                "maxPorts": {
                    "access": "read-only",
                    "type": "int32"
                },
                "minPorts": {
                    "access": "read-only",
                    "type": "int32"
                }
            }
}

NetMgmtBootstrapValue

Description

The NetMgmtBootstrapValue retrieves the net management bootstrap value.

Endpoint

/api?classId=smNetMgmtBootstrapValue
/api/app/{app-name}/bootstrap-key/{key} : For the exact keys to be used, you can fetch them by making a GET request on the corresponding app object.

Supported HTTP Methods

GET

Retrieve the NetMgmtBootstrapValue:

{
            "type": "NetMgmtBootstrapValue",
            "title": "NetMgmtBootstrapValue Object Schema",
            "children": [
                "NetMgmtBootstrapKeyEnumValue"
            ],
            "properties": {
                "isEncrypted": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "True if the key data is encrypted"
                },
                "descryption": {
                    "access": "read-only",
                    "type": "str",
                    "description": "That describes what the key is"
                },
                "key": {
                    "access": "read-only",
                    "type": "naming:Name",
                    "description": "Key that describes the associated value"
                }
            }
}

App

Description

The App represents an application object schema.

Endpoint

/api/app/{app-name}

Supported HTTP Methods

GET, PUT, PATCH, DELETE

App Object Schema:

{
            "type": "App",
            "title": "App Object Schema",
            "children": [
                "PortRequirement",
                "NetMgmtBootstrapValue",
                "AppAttributeValue"
            ],
            "properties": {
                "minCpuCores": {
                    "access": "read-only",
                    "type": "int64",
                    "description": "Minimum required cpu cores"
                },
                "upgradeTimeout": {
                    "access": "read-only",
                    "type": "int64",
                    "description": "Maximum allowed application upgrade duration"
                },
                "buildDate": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Date when the Application CSP was generated"
                },
                "appType": {
                    "access": "read-only",
                    "type": "sm:CspType",
                    "description": ""
                },
                "minDataDisk": {
                    "access": "read-only",
                    "type": "int64",
                    "description": "Minimum required disk space for data storage"
                },
                "mgmtVNICNR": {
                    "access": "read-only",
                    "type": "int32",
                    "description": ""
                },
                "incompatibleApps": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Apps that cannot co-exist with this App"
                },
                "requiredBinaryDisk": {
                    "access": "read-only",
                    "type": "int32",
                    "description": ""
                },
                "dataVNICNR": {
                    "access": "read-only",
                    "type": "int32",
                    "description": ""
                },
                "longName": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Application Name UTF-8 Encoded"
                },
                "appAgentSupported": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "True if application agent is available"
                },
                "recommendedDataDisk": {
                    "access": "read-only",
                    "type": "int32",
                    "description": ""
                },
                "isSecurityControl": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "True if application is integrated with SSA"
                },
                "deployType": {
                    "access": "read-only",
                    "type": "sm:DeployType",
                    "description": "Application Deployment Type (native,vm)"
                },
                "author": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Publisher"
                },
                "isDefaultApp": {
                    "access": "read-write",
                    "type": "bool",
                    "description": "Default version to be installed when version is not specified"
                },
                "aggregator": {
                    "access": "read-only",
                    "type": "sm:AppAggregatorType",
                    "description": ""
                },
                "adminState": {
                    "access": "read-write",
                    "type": "AppAdminState",
                    "description": ""
                },
                "version": {
                    "access": "read-only",
                    "type": "naming:Name",
                    "description": "Application Version"
                },
                "installTimeout": {
                    "access": "read-only",
                    "type": "int64",
                    "description": "Maximum allowed application installation duration"
                },
                "minRam": {
                    "access": "read-only",
                    "type": "int64",
                    "description": "Minimum required memory"
                },
                "fullInstall": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "True if application can be installed from scratch"
                },
                "netMgmtBootstrapType": {
                    "access": "read-only",
                    "type": "sm:NetMgmtBootstrapType",
                    "description": ""
                },
                "description": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Application Description"
                },
                "canDowngrade": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "True if application allows to be downgraded"
                },
                "appId": {
                    "access": "read-only",
                    "type": "str",
                    "description": ""
                },
                "isAggregateVnic": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "True if application can user one interface for multiple ports"
                },
                "isDecorator": {
                    "access": "read-only",
                    "type": "bool",
                    "description": ""
                },
                "name": {
                    "access": "read-only",
                    "type": "naming:Name",
                    "description": "Short Name of the application. Eg: ASA, NG-FW, etc."
                },
                "canUpgrade": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "True if application can upgrade previous versions"
                },
                "uninstallTimeout": {
                    "access": "read-only",
                    "type": "int64",
                    "description": "Maximum allowed application uninstallation duration"
                },
                "recommendedCpuCores": {
                    "access": "read-only",
                    "type": "int32",
                    "description": ""
                },
                "recommendedRam": {
                    "access": "read-only",
                    "type": "int32",
                    "description": ""
                },
                "minOS": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Minimum required SSA Firmware"
                }
            }
}

AppAttribute

Description

The AppAttribute object represents generic application discovery attributes.

Endpoint

/api/slot/{slot-id}/app-inst/{app-name}-{app-version}/app-attribute/{key}

Supported HTTP Methods

GET

AppAttribute Object Schema:

{
            "type": "AppAttribute",
            "properties": {
                "key": {
                    "access": "read-only",
                    "type": "str"
                },
                "value": {
                    "access": "read-only",
                    "type": "str"
                },
                "peerDn": {
                    "access": "read-only",
                    "type": "object"
                }
            },
            "title": "AppAttribute Object Schema"
}

AppAttributeValue

Description

The AppAttributeValue retrieves the name and description of the attribute value.

Endpoint

/api?classId=smAppAttributeValue
/api/app/{app-name}/attribute-key/{key}

Supported HTTP Method

GET

Retrieve the AppAttributeValue:

{
            "type": "AppAttributeValue",
            "title": "AppAttributeValue Object Schema",
            "properties": {
                "description": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Its description"
                },
                "key": {
                    "access": "read-only",
                    "type": "naming:Name",
                    "description": "Name of the attribute value"
                }
            }
}

Slot

Description

The Slot object represents an slot in the Firepower Chassis.

Endpoint

/api/slot/{slot-id}

Supported HTTP Methods

GET, PUT, PATCH

Slot Object Schema:

{
            "type": "Slot",
            "title": "Slot Object Schema",
            "children": [
                "AppInstance",
                "Heartbeat",
                "HeartbeatConfig",
                "Monitor"
            ],
            "properties": {
                "adminState": {
                    "access": "read-write",
                    "type": "SlotAdminState",
                    "description": ""
                },
                "diskState": {
                    "access": "read-only",
                    "type": "DiskState",
                    "description": ""
                },
                "serviceProfileDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": ""
                },
                "logLevel": {
                    "access": "read-write",
                    "type": "sm:LogLevel",
                    "description": "log level for the blade on this slot"
                },
                "slotToken": {
                    "access": "read-only",
                    "type": "str",
                    "description": ""
                },
                "slotId": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "Id of the slot: 1,2 or 3"
                },
                "clearLogData": {
                    "access": "read-write",
                    "type": "sm:ActionStages",
                    "description": "Clears platform log data"
                }
            }
}

Monitor

Description

The Monitor object contains operational data for the blade on that slot.

Endpoint

/api/slot/{slot-id}/monitor

Supported HTTP Methods

GET

Monitor Object Schema:

{
            "type": "Monitor",
            "title": "Monitor Object Schema",
            "children": [
                "DiskFileSystem"
            ],
            "properties": {
                "cpuTotalLoadAvg5min": {
                    "access": "read-only",
                    "type": "scalar:Float",
                    "description": "All CPUs Load Average for the last 5 minute"
                },
                "cpuTotalLoadAvg1min": {
                    "access": "read-only",
                    "type": "scalar:Float",
                    "description": "All CPUs Load Average for the last one minute"
                },
                "memTotalKb": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "Total memory present on the blade in this slot (in KB)"
                },
                "cpuTotalLoadAvg15min": {
                    "access": "read-only",
                    "type": "scalar:Float",
                    "description": "All CPUs Load Average for the last 15 minute"
                },
                "diskFileSystemCount": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "Number of file systems available on the blade"
                },
                "memUsedKb": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "Used memory on the blade in this slot (in KB)"
                },
                "memFreeKb": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "Free memory on the blade in this slot (in KB)"
                },
                "bladeUptime": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Blade Uptime"
                },
                "updateTimestamp": {
                    "access": "read-only",
                    "type": "scalar:Date",
                    "description": "Last time this object was updated"
                },
                "osVersion": {
                    "access": "read-only",
                    "type": "str",
                    "description": "SSA-OS version running on this slot"
                },
                "memAppTotalKb": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "Total memory for applications present on the blade in this slot (in KB)"
                }
            }
}

DiskFileSystem

Description

The DiskFileSystem object contains operational data for a file system or partition on the corresponding Slot.

Endpoint

/api/slot/{slot-id}/monitor/disk-file/{disk-nr}

Supported HTTP Methods

GET

DiskFileSystem Object Schema:

{
            "type": "DiskFileSystem",
            "title": "DiskFileSystem Object Schema",
            "properties": {
                "diskName": {
                    "access": "read-only",
                    "type": "naming:Name",
                    "description": "Disk Name of the file system"
                },
                "totalKb": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "Total space of this partition in kilobytes"
                },
                "fileSystem": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Description of the file system"
                },
                "mountPoint": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Blade mount point for this partition"
                },
                "freeKb": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "The Free Space of this partition in kilobytes"
                },
                "usedKb": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "The used space on this partition in kilobytes"
                }
            }
}

Heartbeat

Description

The Heartbeat object contains operational data for the blade on the corresponding Slot.

Endpoint

/api/slot/{slot-id}/heartbeat

Supported HTTP Methods

GET

Heartbeat Object Schema:

{
            "type": "Heartbeat",
            "title": "Heartbeat Object Schema",
            "properties": {
                "lastHeartbeatTime": {
                    "access": "read-only",
                    "type": "int64",
                    "description": "Absolute Time when last monitoring Heartbeat was received"
                },
                "interval": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "The Next Time HeartBeat is expected"
                },
                "maxMissedCount": {
                    "access": "read-only",
                    "type": "int32",
                    "description": ""
                },
                "lastReceived": {
                    "access": "read-only",
                    "type": "scalar:Date",
                    "description": ""
                }
            }
}

HeartbeatConfig

Description

The HeartbeatConfig object is optionally used for configuring a user-defined heartbeat.

Endpoint

/api/slot/{slot-id}/heartbeatConfig

Supported HTTP Methods

GET, POST, PUT, PATCH, DELETE

HeartbeatConfig Object Schema:

{
            "type": "Heartbeat",
            "title": "Heartbeat Object Schema",
            "properties": {
                "lastHeartbeatTime": {
                    "access": "read-only",
                    "type": "int64",
                    "description": "Absolute Time when last monitoring Heartbeat was received"
                },
                "interval": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "The Next Time HeartBeat is expected"
                },
                "maxMissedCount": {
                    "access": "read-only",
                    "type": "int32",
                    "description": ""
                },
                "lastReceived": {
                    "access": "read-only",
                    "type": "scalar:Date",
                    "description": ""
                }
            }
}

AppInstance

Description

The AppInstance object represents an application instance running on the specified Slot.

Endpoint

/api/slot/{slot-id}/app-inst/{app-name}-{app-version}

Supported HTTP Methods

GET, POST, PUT, PATCH, DELETE

AppInstance Object Schema:

{
            "type": "AppInstance",
            "title": "AppInstance Object Schema",
            "children": [
                "Heartbeat",
                "HeartbeatConfig",
                "Resource",
                "AppAttribute",
                "Resource"
            ],
            "properties": {
                "clusterOperationalState": {
                    "access": "read-only",
                    "type": "sm:AppClusterOperState",
                    "description": "Cluster state of the running application"
                },
                "currentJobState": {
                    "access": "read-only",
                    "type": "sd:JobState",
                    "description": ""
                },
                "runningVersion": {
                    "access": "read-only",
                    "type": "str",
                    "description": "The current running version of this Application"
                },
                "appName": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": ""
                },
                "errorMsg": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Error message for operation failures"
                },
                "currentJobType": {
                    "access": "read-only",
                    "type": "sd:JobType",
                    "description": ""
                },
                "currentJobProgress": {
                    "access": "read-only",
                    "type": "int32",
                    "description": ""
                },
                "adminState": {
                    "access": "read-write",
                    "type": "sd:AppInstAdminState",
                    "description": "Application administrative state"
                },
                "executeCmd": {
                    "access": "read-write",
                    "type": "sm:AppCommand",
                    "description": "User triggered commands on application instance"
                },
                "startupVersion": {
                    "access": "read-write",
                    "type": "str",
                    "description": "Specify the configured application version"
                },
                "clearLogData": {
                    "access": "read-write",
                    "type": "sm:ActionStages",
                    "description": "Clears application log data"
                },
                "appInstId": {
                    "access": "read-only",
                    "type": "str",
                    "description": ""
                }
            }
}

Resource

Description

The Resource object represents blade resources allocated to this application.

Endpoint

/api/slot/{slot-id}/app-inst/{app-name}-{app-version}/resource

Supported HTTP Methods

GET

Resource Object Schema:

{
            "type": "Resource",
            "properties": {
                "allocatedCoreNR": {
                    "access": "read-only",
                    "type": "int32"
                },
                "allocatedDataDisk": {
                    "access": "read-only",
                    "type": "int32"
                },
                "allocatedBinaryDisk": {
                    "access": "read-only",
                    "type": "int32"
                },
                "allocatedRAM": {
                    "access": "read-only",
                    "type": "int32"
                }
            },
            "title": "Resource Object Schema"
}

LogicalDevice

Description

The LogicalDevice object represents a service chain. Policies are applied to this object in the Unified Manager.

Endpoint

/api/ld/{name}

Supported HTTP Methods

GET, POST, PUT, PATCH, DELETE

LogicalDevice Object Schema:

{
            "type": "LogicalDevice",
            "title": "LogicalDevice Object Schema",
            "children": [
                "MgmtBootstrap",
                "ClusterBootstrap",
                "MgmtBootstrap"

            ],
            "properties": {
                "name": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": "Name of the logical-device"
                },
                "templateName": {
                    "access": "read-write",
                    "type": "str",
                    "description": "Template Name to use"
                },
                "errorMsg": {
                    "access": "read-only",
                    "type": "str",
                    "description": "Error description if logical device configuration is incomplete"
                },
                "ldMode": {
                    "access": "read-write",
                    "type": "sm:LogicalDeviceMode",
                    "description": "Deployment mode: standalone or clustered"
                },
                "slotId": {
                    "access": "read-write",
                    "type": "str",
                    "description": "Specify the slot(s) to be used for the logical device"
                },
                "switchConfigStatus": {
                    "access": "read-only",
                    "type": "nh:ConfMode",
                    "description": "Switch configuration status for LogicalDevice"
                },
                "description": {
                    "access": "read-write",
                    "type": "str",
                    "description": ""
                }
            }
}

ClusterBootstrap

Description

The ClusterBootstrap object represents ASA Clustering attributes.

Endpoint

/api/ld/{ld-name}/cluster-bootstrap/{name}

Supported HTTP Methods

GET, POST, PUT, PATCH, DELETE

ClusterBootstrap Object Schema:

{
            "type": "cluster-bootstrap",
            "properties": {
                "poolStartv6": {
                    "access": "read-write",
                    "type": "ipv6"
                },
                "netmaskv4": {
                    "access": "read-write",
                    "type": "str"
                },
                "poolStartv4": {
                    "access": "read-write",
                    "type": "ipv4"
                },
                "lastUpdatedTimestamp": {
                    "access": "read-only",
                    "type": "scalar:Date"
                },
                "peerDn": {
                    "access": "read-only",
                    "type": "object"
                },
                "serviceTypeName": {
                    "access": "read-write",
                    "type": "str"
                },
                "virtualIPv6": {
                    "access": "read-write",
                    "type": "ipv6"
                },
                "chassisId": {
                    "access": "read-write",
                    "type": "str"
                },
                "virtualIPv4": {
                    "access": "read-write",
                    "type": "ipv4"
                },
                "mode": {
                    "access": "read-write",
                    "type": "sm:ClusterMode"
                },
                "key": {
                    "access": "read-write",
                    "type": "str"
                },
                "gatewayv6": {
                    "access": "read-write",
                    "type": "str"
                },
                "poolEndv6": {
                    "access": "read-write",
                    "type": "ipv6"
                },
                "poolEndv4": {
                    "access": "read-write",
                    "type": "ipv4"
                },
                "prefixLength": {
                    "access": "read-write",
                    "type": "str"
                },
                "gatewayv4": {
                    "access": "read-write",
                    "type": "str"
                }
            },
            "title": "ClusterBootstrap Object Schema"
}

MgmtBootstrap

Description

The MgmtBootstrap object represents the management bootstrap for non-cluster applications.

Endpoint

/api/ld/{ld-name}/mgmt-bootstrap/{name}

Supported HTTP Methods

GET, POST, PUT, PATCH, DELETE

MgmtBootstrap Object Schema:

{
            "children": [
                "IP",
                "IPV6",
                "Key",
                "EncryptedKey"
            ],
            "type": "MgmtBootstrap",
            "properties": {
                "peerDn": {
                    "access": "read-only",
                    "type": "object"
                },
                "appName": {
                    "access": "read-write",
                    "type": "str",
                    "description": "Name of the Application to be bootstrapped"
                }
            },
            "title": "MgmtBootstrap Object Schema"
}

IP

Description

The IP object represents the management IPv4 address and related properties.

Endpoint

/api/ld/{ld-name}/mgmt-bootstrap/{name}/ip/{name}

Supported HTTP Methods

GET, POST, PUT, DELETE

IP Object Schema:

{
            "children": [
                "IP",
                "IPV6",
                "Key",
                "EncryptedKey"
            ],
            "type": "MgmtBootstrap",
            "properties": {
                "peerDn": {
                    "access": "read-only",
                    "type": "object"
                },
                "appName": {
                    "access": "read-write",
                    "type": "str",
                    "description": "Name of the Application to be bootstrapped"
                }
            },
            "title": "MgmtBootstrap Object Schema"
}

IPV6

Description

The IPV6 object represents the management IPv6 address and related properties.

Endpoint

/api/ld/{ld-name}/mgmt-bootstrap/{name}/ipv6/{name}

Supported HTTP Methods

GET, POST, PUT, DELETE

IPV6 Object Schema:

{
            "type": "IPV6",
            "properties": {
                "mgmtSubType": {
                    "access": "read-write",
                    "type": "sm:MgmtSubType"
                },
                "ip": {
                    "access": "read-write",
                    "type": "ipv6",
                    "description": "IPv6 Management Address"
                },
                "lastUpdatedTimestamp": {
                    "access": "read-only",
                    "type": "scalar:Date"
                },
                "slotId": {
                    "access": "read-write",
                    "type": "int32",
                    "description": "SlotID for the bootstrapped object"
                },
                "peerDn": {
                    "access": "read-only",
                    "type": "object"
                },
                "prefixLength": {
                    "access": "read-write",
                    "type": "str",
                    "description": "IPv6 Management prefix length"
                },
                "gateway": {
                    "access": "read-write",
                    "type": "str",
                    "description": "IPv6 default gateway"
                }
            },
            "title": "IPV6 Object Schema"
}

Key

Description

The EncryptedKey object represents the generic app bootstrap and contains key/value/value-encrypted pairs.

Endpoint

/api/ld/{ld-name}/mgmt-bootstrap/key

Supported HTTP Methods

GET, POST, PUT, PATCH, DELETE

Key Object Schema:

{
            "type": "Key",
            "properties": {
                "peerDn": {
                    "access": "read-only",
                    "type": "object"
                },
                "lastUpdatedTimestamp": {
                    "access": "read-only",
                    "type": "scalar:Date"
                },
                "value": {
                    "access": "read-write",
                    "type": "str"
                },
                "key": {
                    "access": "read-write",
                    "type": "str"
                }
            },
            "title": "Key Object Schema"
}

EncryptedKey

Description

The EncryptedKey object represents the generic app bootstrap and contains key/value/value-encrypted pairs.

Endpoint

/api/ld/{ld-name}/mgmt-bootstrap/encrypted-key

Supported HTTP Methods

GET, POST, PUT, PATCH, DELETE

EncryptedKey Object Schema:

{
            "type": "encrypted-key",
            "properties": {
                "peerDn": {
                    "access": "read-only",
                    "type": "object"
                },
                "lastUpdatedTimestamp": {
                    "access": "read-only",
                    "type": "scalar:Date"
                },
                "value": {
                    "access": "read-write",
                    "type": "string:Password"
                },
                "key": {
                    "access": "read-write",
                    "type": "str"
                }
            },
            "title": "EncryptedKey Object Schema"
}

Description

The ExternalPortLink object represents the external port to application link.

Endpoint

/api/ld/{ld-name}/ext-portlink/{external-port-name}

Supported HTTP Methods

GET, POST, PUT, DELETE

ExternalPortLink Object Schema:

{
            "type": "ExternalPortLink",
            "title": "ExternalPortLink Object Schema",
            "children": [
                "Mac",
                "Mac"
            ],
            "properties": {
                "portDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": ""
                },
                "description": {
                    "access": "read-write",
                    "type": "str",
                    "description": ""
                },
                "appName": {
                    "access": "read-write",
                    "type": "str",
                    "description": "Link Destination Application Name"
                },
                "portName": {
                    "access": "read-write",
                    "type": "str",
                    "description": "Name of the Source Chassis Port"
                },
                "linkDecorator": {
                    "access": "read-write",
                    "type": "str",
                    "description": "Comma separated list of LinkDecorators"
                },
                "name": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": ""
                }
            }
}

Platform Objects JSON Schema

AAA JSON Schema

AAA JSON Schema:

"types": [
        {
            "default": "",
            "values": [],
            "name": "aaa:Key"
        },
        {
            "default": "",
            "values": [],
            "name": "aaa:LdapKey"
        },
       {
            "default": "",
            "values": [],
            "name": "aaa:ProviderName"
        },
        {
            "default": "",
            "values": [
                "lowest-available"
            ],
            "name": "aaa:Order"
        },
        {
            "default": "local",
            "values": [
                "local",
                "radius",
                "tacacs",
                "ldap",
                "none"
            ],
            "name": "aaa:Realm"
        },
        {
            "default": "no-login",
            "values": [
                "no-login",
                "assign-default-role"
            ],
            "name": "aaa:NoRolePolicy"
        },
        {
            "default": "5",
            "values": [],
            "name": "aaa:TimeSec"
        },
        {
            "default": "",
            "values": [],
            "name": "aaa:TimeMin"
        },
        {
            "default": "1",
            "values": [],
            "name": "aaa:Retries"
        },
        {
            "default": "",
            "values": [],
            "name": "aaa:Port"
        },
        {
            "default": "64",
            "values": [],
            "name": "aaa:Priority"
        },
        {
            "default": "",
            "values": [
                "ipv4",
                "ipv6",
                "dns"
            ],
            "name": "aaa:Addr"
        },
        {
            "default": "1",
            "values": [
                "all",
                "authorization",
                "accounting"
            ],
            "name": "aaa:RadiusService"
        },
        {
            "default": "rsa",
            "values": [
                "rsa",
                "dsa"
            ],
            "name": "aaa:SshAlg"
        },
        {
            "default": "",
            "values": [],
            "name": "aaa:LdapDn"
        },
        {
            "default": "",
            "values": [],
            "name": "aaa:LdapFilter"
        },
        {
            "default": "",
            "values": [],
            "name": "aaa:LdapAttribute"
        },
        {
            "default": "",
            "values": [],
            "name": "aaa:ProviderGroupName"
        },
        {
            "default": "",
            "values": [
                "enable",
                "disable"
            ],
            "name": "aaa:LdapGroupAuthorization"
        },
        {
            "default": "",
            "values": [
                "recursive",
                "non-recursive"
            ],
            "name": "aaa:LdapGroupTraversal"
        },
        {
            "default": "",
            "values": [
                "MS-AD",
                "OpenLdap"
            ],
            "name": "aaa:LdapVendor"
        }
    ],
    "package": "aaa"

The AAA JSON Schema is shown on the right.

AAA EP JSON Schema

AAA EP JSON Schema:

{
            "type": "Ep",
            "properties": {
                "retries": {
                    "access": "read-write",
                    "type": "Retries"
                },
                "timeout": {
                    "access": "read-write",
                    "type": "TimeSec"
                }
            },
            "title": "Ep Object Schema"
}

The AAA EP JSON Schema is shown on the right.

LDAP EP JSON Schema

LDAP EP JSON Schema:

{
            "children": [
                "ProviderGroup",
                "LdapProvider",
                "LdapGroupRule",
                "LdapGroup"
            ],
            "type": "LdapEp",
            "properties": {
                "filter": {
                    "access": "read-write",
                    "type": "LdapFilter"
                },
                "attribute": {
                    "access": "read-write",
                    "type": "LdapAttribute"
                },
                "basedn": {
                    "access": "read-write",
                    "type": "LdapDn"
                },
                "retries": {
                    "access": "read-write",
                    "type": "Retries",
                    "description": "TBD"
                },
                "timeout": {
                    "access": "read-write",
                    "type": "TimeSec",
                    "description": "TBD"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "LdapEp Object Schema"
}

The LDAP EP JSON Schema is shown on the right.

Radius EP JSON Schema

Radius EP JSON Schema:

{
            "children": [
                "RadiusProvider",
                "ProviderGroup"
            ],
            "type": "RadiusEp",
            "properties": {
                 "retries": {
                    "access": "read-write",
                    "type": "Retries",
                    "description": "TBD"
                },
                "timeout": {
                    "access": "read-write",
                    "type": "TimeSec",
                    "description": "TBD"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "RadiusEp Object Schema"
}

The Radius EP JSON Schema is shown on the right.

Tacacs EP JSON Schema

Tacacs EP JSON Schema:

{
            "children": [
                "TacacsPlusProvider",
                "ProviderGroup"
            ],
            "type": "TacacsPlusEp",
            "properties": {
                "retries": {
                    "access": "read-write",
                    "type": "Retries",
                    "description": "TBD"
                },
                "timeout": {
                    "access": "read-write",
                    "type": "TimeSec",
                    "description": "TBD"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                },
                "policyLevel": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "TBD"
                }
             },
            "title": "TacacsPlusEp Object Schema"
}

The Tacacs EP JSON Schema is shown on the right.

Provider JSON Schema

Provider JSON Schema:

{
            "type": "Provider",
            "properties": {
                "retries": {
                    "access": "read-write",
                    "type": "Retries"
                },
                "key": {
                    "access": "read-write",
                    "type": "Key"
                },
                "keySet": {
                    "access": "read-only",
                    "type": "bool"
                },
                "timeout": {
                    "access": "read-write",
                    "type": "TimeSec"
                },
                "order": {
                    "access": "read-write",
                    "type": "Order"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                },
                "policyLevel": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "TBD"
                }
            },
            "title": "Provider Object Schema"
}

The Provider JSON Schema is shown on the right.

LDAP Provider JSON Schema

LDAP Provider JSON Schema:

{
            "children": [
                "LdapGroupRule"
            ],
            "type": "LdapProvider",
            "properties": {
                "filter": {
                    "access": "read-write",
                    "type": "LdapFilter"
                },
                "vendor": {
                    "access": "read-write",
                    "type": "LdapVendor"
                },
                "attribute": {
                    "access": "read-write",
                    "type": "LdapAttribute"
                },
                "basedn": {
                    "access": "read-write",
                    "type": "LdapDn"
                },
                "rootdn": {
                    "access": "read-write",
                    "type": "LdapDn"
                },
                "enableSSL": {
                    "access": "read-write",
                    "type": "bool"
                },
                "port": {
                    "access": "read-write",
                    "type": "Port"
                },
                "retries": {
                    "access": "read-write",
                    "type": "Retries",
                    "description": "TBD"
                },
                "key": {
                    "access": "read-write",
                    "type": "Key",
                    "description": "TBD"
                },
                "keySet": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "TBD"
                },
                "timeout": {
                    "access": "read-write",
                    "type": "TimeSec",
                    "description": "TBD"
                },
                "order": {
                    "access": "read-write",
                    "type": "Order",
                    "description": "TBD"
                }
            },
            "title": "LdapProvider Object Schema"
}

The LDAP Provider JSON Schema is shown on the right.

Radius Provider JSON Schema

Radius Provider JSON Schema:

{
            "type": "RadiusProvider",
            "properties": {
                "authPort": {
                    "access": "read-write",
                    "type": "Port"
                },
                "service": {
                    "access": "read-only",
                    "type": "RadiusService"
                }
               "retries": {
                    "access": "read-write",
                    "type": "Retries",
                    "description": "TBD"
                },
                "key": {
                    "access": "read-write",
                    "type": "Key",
                    "description": "TBD"
                },
                "keySet": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "TBD"
                },

                "timeout": {
                    "access": "read-write",
                    "type": "TimeSec",
                    "description": "TBD"
                },
                "order": {
                    "access": "read-write",
                    "type": "Order",
                    "description": "TBD"
                }
            },
            "title": "RadiusProvider Object Schema"
}

The Radius Provider JSON Schema is shown on the right.

Tacacs Provider JSON Schema

Tacacs Provider JSON Schema:

{
            "type": "TacacsPlusProvider",
            "properties": {
                "port": {
                    "access": "read-write",
                    "type": "Port"
                },
                "retries": {
                    "access": "read-write",
                    "type": "Retries",
                    "description": "TBD"
                },
                "key": {
                    "access": "read-write",
                    "type": "Key",
                    "description": "TBD"
                },
                "keySet": {
                    "access": "read-only",
                    "type": "bool",
                    "description": "TBD"
                },
               "timeout": {
                    "access": "read-write",
                    "type": "TimeSec",
                    "description": "TBD"
                },
                "order": {
                    "access": "read-write",
                    "type": "Order",
                    "description": "TBD"
                }
            },
            "title": "TacacsPlusProvider Object Schema"
}

The Tacacs Provider JSON Schema is shown on the right.

UserEP JSON Schema

UserEP JSON Schema:

{
            "children": [
                "PreLoginBanner",
                "ShellLogin",
                "WebLogin",
                "EpLogin",
                "ExtMgmtCutThruTkn",
                "RemoteUser",
                "User",
                "Role",
                "Locale",
                "PwdProfile"
            ],
            "type": "UserEp",
            "properties": {
                "pwdStrengthCheck": {
                    "access": "read-write",
                    "type": "bool"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "UserEp Object Schema"
}

The UserEP JSON Schema is shown on the right.

User JSON Schema

User JSON Schema:

{
            "children": [
                "UserRole",
                "SshAuth",
                "UserLocale",
                "Session",
                "UserData"
            ],
            "type": "User",
            "properties": {
                "pwdLifeTime": {
                    "access": "read-write",
                    "type": "aaa:PwdLifeTime"
                },
                "clearPwdHistory": {
                    "access": "read-write",
                    "type": "aaa:Clear"
                },
                "firstName": {
                    "access": "read-write",
                    "type": "naming:Name"
                },
                "lastName": {
                    "access": "read-write",
                    "type": "naming:Name"
                },
                "expires": {
                    "access": "read-write",
                    "type": "bool"
                },
                "accountStatus": {
                    "access": "read-write",
                    "type": "aaa:AccountStatus"
                },
                "phone": {
                    "access": "read-write",
                    "type": "address:Phone"
                },
                "expiration": {
                    "access": "read-write",
                    "type": "Date"
                },
                "email": {
                    "access": "read-write",
                    "type": "address:Email"
                },
                "priv": {
                    "access": "read-only",
                    "type": "aaa:Access"
                }
            },
            "title": "User Object Schema"
}

The User JSON Schema is shown on the right.

Session JSON Schema

Session JSON Schema:

{
            "type": "Session",
            "properties": {
                "term": {
                    "access": "read-only",
                    "type": "aaa:Term"
                },
                "intDel": {
                    "access": "read-only",
                    "type": "bool"
                },
                "refreshPeriod": {
                    "access": "read-only",
                    "type": "int32"
                },
                "pid": {
                    "access": "read-only",
                    "type": "int32"
                },
                "loginTime": {
                    "access": "read-only",
                    "type": "Date"
                },
                "host": {
                    "access": "read-only",
                    "type": "os:Hostname"
                },
                "switchId": {
                    "access": "read-only",
                    "type": "network:SwitchId"
                },
                "ui": {
                    "access": "read-only",
                    "type": "aaa:UserInterface"
                },
                "user": {
                    "access": "read-only",
                    "type": "naming:Name"
                },
                "sessionTimeout": {
                    "access": "read-only",
                    "type": "int32"
                },
                "id": {
                    "access": "read-only",
                    "type": "aaa:SessionId"
                }
            },
            "title": "Session Object Schema"
}

The Session JSON Schema is shown on the right.

PwdProfile JSON Schema

PwdProfile JSON Schema:

{
            "type": "PwdProfile",
            "properties": {
                "historyCount": {
                    "access": "read-write",
                    "type": "aaa:HistoryDepth"
                },
                "changeInterval": {
                    "access": "read-write",
                    "type": "aaa:PwdChangeInterval"
                },
                "noChangeInterval": {
                    "access": "read-write",
                    "type": "aaa:PwdChangeInterval"
                },
                "changeDuringInterval": {
                    "access": "read-write",
                    "type": "aaa:PwdPolicy"
                },
                "expirationWarnTime": {
                    "access": "read-write",
                    "type": "aaa:PwdExpWarnTime"
                },
                "changeCount": {
                    "access": "read-write",
                    "type": "aaa:PwdChangeCount"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "PwdProfile Object Schema"
}

The PwdProfile JSON Schema is shown on the right.

UserData JSON Schema

UserData JSON Schema:

{
            "type": "UserData",
            "properties": {
                "pwdChangedDate": {
                    "access": "read-only",
                    "type": "scalar:Date"
                },
                "pwdChangeCount": {
                    "access": "read-only",
                    "type": "aaa:PwdChangeCount"
                },
                "pwdHistory": {
                    "access": "read-only",
                    "type": "aaa:PwdHistory"
                },
                "pwdChangeIntervalBegin": {
                    "access": "read-only",
                    "type": "scalar:Date"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "UserData Object Schema"
}

The UserData JSON Schema is shown on the right.

Configuration Backup and Import JSON Schema

Configuration Backup and Import JSON Schema:

"types": [
        {
            "default": "unknown",
            "values": [
                "unknown",
                "blade",
                "chassis",
                "system",
                "switch",
                "adaptor",
                "iocard",
                "board-controller"
            ],
            "name": "mgmt:Subject"
        },
        {
            "default": "unspecified",
            "values": [
                "unspecified",
                "in-band",
                "out-of-band",
                "internal",
                "virtual"
            ],
            "name": "mgmt:Access"
        },
        {
            "default": "unspecified",
            "values": [
                "unspecified",
                "valid",
                "misconnected"
            ],
            "name": "mgmt:StateQual"
        },
        {
            "default": "nop",
            "values": [
                "nop",
                "download-success",
                "config-success"
            ],
            "name": "mgmt:ImportStatus"
        },
        {
            "default": "merge",
            "values": [
                "merge",
                "replace"
            ],
            "name": "mgmt:ImportAction"
        },
        {
            "default": "enable",
            "values": [
                "enable",
                "disable"
            ],
            "name": "mgmt:AdminState"
        },
        {
            "default": "unasserted",
            "values": [
                "unasserted",
                "hw-change-detected",
                "fw-change-detected",
                "hw-incompatible",
                "fw-incompatible",
                "unsupported-hw-version ",
                "unsupported-fw-version",
                "hw-change-success",
                "fw-change-success"
            ],
            "name": "mgmt:UpgradeStatus"
        },
        {
            "default": "config-all",
            "values": [
                "full-state",
                "config-all",
                "config-system",
                "config-logical"
            ],
            "name": "mgmt:BackupType"
        },
        {
            "default": "immediate",
            "values": [
                "immediate"
            ],
            "name": "mgmt:BackupJob"
        },
        {
            "default": "immediate",
            "values": [
                "scheduled",
                "immediate"
            ],
            "name": "mgmt:BackupSchedule"
        },
        {
            "default": "",
            "values": [],
            "name": "mgmt:RemoteFile"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "ok",
                "openError",
                "readError",
                "writeError"
            ],
            "name": "mgmt:deviceIoState"
        },
        {
            "default": "",
            "values": [],
            "name": "mgmt:Passwd"
        },
        {
            "default": "un-initialized",
            "values": [
                "un-initialized",
                "acknowledged",
                "unsupported-connectivity"
            ],
            "name": "mgmt:ConnectionState"
        },
        {
            "default": "unspecified",
            "values": [
                "unspecified",
                "shared-lom",
                "sideband"
            ],
            "name": "mgmt:Source"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "uninitialized",
                "initializing",
                "initialized",
                "unsupported "
            ],
            "name": "mgmt:StorageSubsystemState"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "enabled",
                "disabled",
                "unsupported"
            ],
            "name": "mgmt:DimmBlacklistingOperState"
        }
    ],
    "package": "mgmt"
}

The Configuration Backup and Import JSON Schema is shown on the right.

Configuration Backup JSON Schema

Configuration Backup JSON Schema:

{
            "type": "Backup",
            "properties": {
                "maxFiles": {
                    "access": "read-only",
                    "type": "int32"
                },
                "remoteFile": {
                    "access": "read-write",
                    "type": "RemoteFile"
                },
                "preservePooledValues": {
                    "access": "read-write",
                    "type": "bool"
                },
                "job": {
                    "access": "create",
                    "type": "BackupJob"
                },
                "pwd": {
                    "access": "read-write",
                    "type": "mgmt:Passwd"
                },
                "user": {
                    "access": "read-write",
                    "type": "str"
                },
                "ownerPolicy": {
                    "access": "read-only",
                    "type": "object"
                },
                "type": {
                    "access": "read-write",
                    "type": "BackupType"
                },
                "postAction": {
                    "access": "read-write",
                    "type": "scalar:Enum8",
                    "description": "TBD"
                },
                "proto": {
                    "access": "read-write",
                    "type": "comm:FileTransferProtocol",
                    "description": "TBD"
                },
                "adminState": {
                    "access": "read-write",
                    "type": "AdminState",
                    "description": "TBD"
                },
                "hostname": {
                    "access": "read-write",
                    "type": "Hostname",
                    "description": "TBD"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "Backup Object Schema"
}

The Configuration Backup JSON Schema is shown on the right.

Configuration Import JSON Schema

Configuration Import JSON Schema:

{
            "type": "Importer",
            "properties": {
                "action": {
                    "access": "read-write",
                    "type": "ImportAction"
                },
                "operStatus": {
                    "access": "read-only",
                    "type": "ImportStatus"
                },
                "pwd": {
                    "access": "read-write",
                    "type": "mgmt:Passwd"
                },
                "remoteFile": {
                    "access": "read-write",
                    "type": "RemoteFile"
                },
                "user": {
                    "access": "read-write",
                    "type": "str"
                },
                "postAction": {
                    "access": "read-write",
                    "type": "scalar:Enum8",
                    "description": "TBD"
                },
                "proto": {
                    "access": "read-write",
                    "type": "comm:FileTransferProtocol",
                    "description": "TBD"
                },
                "adminState": {
                    "access": "read-write",
                    "type": "AdminState",
                    "description": "TBD"
                },
                "hostname": {
                    "access": "read-write",
                    "type": "Hostname",
                    "description": "TBD"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "Importer Object Schema"
}

The Configuration Import JSON Schema is shown on the right.

Call Home JSON Schema

Call Home JSON Schema:

{
    "types": [
        {
            "default": "unknown",
            "values": [
                "diagnostic",
                "environmental",
                "unknown"
            ],
            "name": "callhome:AlertGroup"
        },
        {
            "default": "unknown",
            "values": [
                "debug",
                "normal",
                "notify",
                "warning",
                "minor",
                "major",
                "critical",
                "fatal",
                "unknown"
            ],
            "name": "callhome:AlertLevel"
        },
        {
            "default": "",
            "values": [
                "diagnostic_debug",
                "diagnostic_normal",
                "diagnostic_notify",
                "diagnostic_warning",
                "diagnostic_minor",
                "diagnostic_major",
                "diagnostic_critical",
                "diagnostic_fatal",
                "environmental_debug",
                "environmental_normal",
                "environmental_notify",
                "environmental_warning",
                "environmental_minor",
                "environmental_major",
                "environmental_critical",
                "environmental_fatal",
                "lifecycle_minor",
                "inventory_normal"
            ],
            "name": "callhome:AlertType"
        },
        {
            "default": "unknown",
            "values": [
                "inventory",
                "syslog",
                "test",
                "diag",
                "env",
                "conf",
                "unknown"
            ],
            "name": "callhome:AlertMessageType"
        },
        {
            "default": "unknown",
            "values": [
                "nosubtype",
                "test",
                "full",
                "delta",
                "minor",
                "major",
                "goldnormal",
                "goldminor",
                "goldmajor",
                "unknown"
            ],
            "name": "callhome:AlertMessageSubtype"
        },
        {
            "default": "",
            "values": [
                "all",
                "system",
                "environmental",
                "linecard",
                "supervisor",
                "inventory",
                "test",
                "ciscoTac",
                "syslogPort",
                "license",
                "lifeCycle",
                "diagnostic"
            ],
            "name": "callhome:AlertGroups"
        },
        {
            "default": "debug",
            "values": [
                "emergency",
                "alert",
                "critical",
                "error",
                "warning",
                "notice",
                "info",
                "debug"
            ],
            "name": "callhome:Urgency"
        },
        {
            "default": "debug",
            "values": [
                "debug",
                "normal",
                "notification",
                "warning",
                "minor",
                "major",
                "critical",
                "fatal",
                "disaster"
            ],
            "name": "callhome:Level"
        },
        {
            "default": "off",
            "values": [
                "off",
                "on"
            ],
            "name": "callhome:AdminState"
        },
        {
            "default": "enabled",
            "values": [
                "enabled",
                "disabled"
            ],
            "name": "callhome:PolicyAdminState"
        },
        {
            "default": "on",
            "values": [
                "off",
                "on"
            ],
            "name": "callhome:AlertThrottlingAdminState"
        },
        {
            "default": "xml",
            "values": [
                "xml",
                "fullTxt",
                "shortTxt"
            ],
            "name": "callhome:Format"
        },
        {
            "default": "",
            "values": [],
            "name": "callhome:CallhomeContactName"
        },
        {
            "default": "",
            "values": [],
            "name": "callhome:CallhomeContactAddress"
        },
        {
            "default": "",
            "values": [],
            "name": "callhome:CallhomeContractId"
        },
        {
            "default": "",
            "values": [],
            "name": "callhome:CallhomeEmail"
        },
        {
            "default": "",
            "values": [],
            "name": "callhome:CallhomePhone"
        },
        {
            "default": "0",
            "values": [],
            "name": "callhome:PeriodicSystemInventoryTimeOfDayHour"
        },
        {
            "default": "0",
            "values": [],
            "name": "callhome:PeriodicSystemInventoryTimeOfDayMinute"
        },
        {
            "default": "30",
            "values": [],
            "name": "callhome:PeriodicSystemInventoryIntervalDays"
        },
        {
            "default": "1",
            "values": [],
            "name": "callhome:PeriodicSystemInventoryMaximumRetryCount"
        },
        {
            "default": "10",
            "values": [],
            "name": "callhome:PeriodicSystemInventoryRetryDelayMinutes"
        },
        {
            "default": "300",
            "values": [],
            "name": "callhome:PeriodicSystemInventoryPollIntervalSeconds"
        },
        {
            "default": "5",
            "values": [],
            "name": "callhome:PeriodicSystemInventoryMinimumSendNowIntervalSeconds"
        },
        {
            "default": "ok",
            "values": [
                "ok",
                "not-applied"
            ],
            "name": "callhome:ConfigState"
        }
    ],
    "package": "callhome"
}

The Call Home JSON Schema is shown on the right.

Call Home EP JSON Schema

Call Home EP JSON Schema:

"objects": [
        {
            "type": "Item",
            "properties": {},
            "title": "Item Object Schema"
        },
        {
            "children": [
                "Source",
                "Smtp",
                "PeriodicSystemInventory",
                "Profile",
                "TestAlert",
                "Policy"
            ],
            "type": "Ep",
            "properties": {
                "adminState": {
                    "access": "read-write",
                    "type": "AdminState"
                },
                "configState": {
                    "access": "read-only",
                    "type": "ConfigState"
                },
                "alertThrottlingAdminState": {
                    "access": "read-write",
                    "type": "AlertThrottlingAdminState"
                },
              intId": {
                "access": "read-only",
                "type": "InternalId",
                "description": "TBD"
            }
           },
            "title": "Ep Object Schema"
        }
]

The Call Home EP JSON Schema is shown on the right.

Call Home Source JSON Schema

Call Home Source JSON Schema:

{
            "type": "Source",
            "properties": {
                "customer": {
                    "access": "read-write",
                    "type": "str"
                },
                "from": {
                    "access": "read-write",
                    "type": "CallhomeEmail"
                },
                "addr": {
                    "access": "read-write",
                    "type": "CallhomeContactAddress"
                },
                "replyTo": {
                    "access": "read-write",
                    "type": "CallhomeEmail"
                },
                "site": {
                    "access": "read-write",
                    "type": "str"
                },
                "contract": {
                    "access": "read-write",
                    "type": "CallhomeContractId"
                },
                "phone": {
                    "access": "read-write",
                    "type": "CallhomePhone"
                },
                "contact": {
                    "access": "read-write",
                    "type": "CallhomeContactName"
                },
                "email": {
                    "access": "read-write",
                    "type": "CallhomeEmail"
                },
                "urgency": {
                    "access": "read-write",
                    "type": "Urgency"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "Source Object Schema"
}

The Call Home Source JSON Schema is shown on the right.

Call Home SMTP JSON Schema

Call Home SMTP JSON Schema:

{
            "type": "Smtp",
            "properties": {
                "host": {
                    "access": "read-write",
                    "type": "address:HostNameOrDottedQuadOrIPv6"
                },
                "port": {
                    "access": "read-write",
                    "type": "int32"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "Smtp Object Schema"
}

The Call Home SMTP JSON Schema is shown on the right.

Call Home Profile JSON Schema

Call Home Profile JSON Schema:

{
            "children": [
                "Dest"
            ],
            "type": "Profile",
            "properties": {
                "alertGroups": {
                    "access": "read-write",
                    "type": "callhome:AlertGroups"
                },
                "maxSize": {
                    "access": "read-write",
                    "type": "int32"
                },
                "format": {
                    "access": "read-write",
                    "type": "Format"
                },
                "level": {
                    "access": "read-write",
                    "type": "callhome:Level"
                },
                           "adminState": {
                    "access": "read-write",
                    "type": "AdminState"
                },
                "configState": {
                    "access": "read-only",
                    "type": "ConfigState"
                },
                "alertThrottlingAdminState": {
                    "access": "read-write",
                    "type": "AlertThrottlingAdminState"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "Profile Object Schema"
}

The Call Home Profile JSON Schema is shown on the right.

Call Home Policy JSON Schema

Call Home Policy JSON Schema:

{
            "type": "Policy",
            "properties": {
                "adminState": {
                    "access": "read-write",
                    "type": "callhome:PolicyAdminState"
                },
                "cause": {
                    "access": "read-write",
                    "type": "condition:CallHomeCause"
                },
                "adminState": {
                    "access": "read-write",
                    "type": "AdminState"
                },
                "configState": {
                    "access": "read-only",
                    "type": "ConfigState"
                },
                "alertThrottlingAdminState": {
                    "access": "read-write",
                    "type": "AlertThrottlingAdminState"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "Policy Object Schema"
}

The Call Home Policy JSON Schema is shown on the right.

Call Home TestAlert JSON Schema

Call Home TestAlert JSON Schema:

{
            "type": "TestAlert",
            "properties": {
                "group": {
                    "access": "read-write",
                    "type": "AlertGroup"
                },
                "description": {
                    "access": "read-write",
                    "type": "str"
                },
                "level": {
                    "access": "read-write",
                    "type": "AlertLevel"
                },
                "sendNow": {
                    "access": "read-write",
                    "type": "bool"
                },
                "messageType": {
                    "access": "read-write",
                    "type": "AlertMessageType"
                },
                "messageSubtype": {
                    "access": "read-write",
                    "type": "AlertMessageSubtype"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                },
                "policyLevel": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "TBD"
                }
            },
            "title": "TestAlert Object Schema"
}

The Call Home TestAlert JSON Schema is shown on the right.

Download Infrastructure Bundle JSON Schema

Download Infrastructure Bundle JSON Schema:

{
    "types": [
        {
            "default": "",
            "values": [],
            "name": "firmware:Version"
        },
        {
            "default": "",
            "values": [],
            "name": "firmware:HardwareType"
        },
        {
            "default": "",
            "values": [],
            "name": "firmware:ImageName"
        },
        {
            "default": "",
            "values": [],
            "name": "firmware:ImageLocation"
        },
        {
            "default": "",
            "values": [],
            "name": "firmware:ImageSize"
        },
        {
            "default": "0",
            "values": [],
            "name": "firmware:Count"
        },
        {
            "default": "0",
            "values": [],
            "name": "firmware:InstallInprogress"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "A",
                "B"
            ],
            "name": "firmware:ImagePresence"
        },
        {
            "default": "none",
            "values": [
                "none",
                "A",
                "B"
            ],
            "name": "firmware:ImageDeleted"
        },
        {
            "default": "",
            "values": [
                "kernel",
                "system",
                "combined",
                "boot-loader"
            ],
            "name": "firmware:ComponentType"
        },
        {
            "default": "",
            "values": [
                "maint-policy"
            ],
            "name": "firmware:AckMode"
        },
        {
            "default": "",
            "values": [
                "fex",
                "diag",
                "catalog",
                "mgmt-ext",
                "debug-plug-in",
                "switch"
            ],
            "name": "firmware:Type"
        },
        {
            "default": "",
            "values": [],
            "name": "firmware:ItemType"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "system",
                "switch",
                "iocard",
                "server",
                "cimc",
                "adaptor",
                "storage-controller",
                "board-controller",
                "graphics-card",
                "bios",
                "service-profile"
            ],
            "name": "firmware:EquipmentType"
        },
        {
            "default": "noimpact",
            "values": [
                "activate",
                "noimpact",
                "reset",
                "update"
            ],
            "name": "firmware:ImpactType"
        },
        {
            "default": "unspecified",
            "values": [
                "unspecified"
            ],
            "name": "firmware:Deployment"
        },
        {
            "default": "secondary",
            "values": [
                "preferred",
                "secondary"
            ],
            "name": "firmware:Preference"
        },
        {
            "default": "active",
            "values": [
                "active",
                "deleted"
            ],
            "name": "firmware:AdminState"
        },
        {
            "default": "UCS",
            "values": [
                "UCS",
                "UCS-MINI"
            ],
            "name": "firmware:PlatformType"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "image",
                "full-bundle",
                "infrastructure-bundle",
                "b-series-bundle",
                "c-series-bundle",
                "catalog"
            ],
            "name": "firmware:DistributableType"
        },
        {
            "default": "partial",
            "values": [
                "complete",
                "partial"
            ],
            "name": "firmware:Completeness"
        },
        {
            "default": "init",
            "values": [
                "init",
                "downloading",
                "downloaded",
                "failed"
            ],
            "name": "firmware:TransferState"
        },
        {
            "default": "restart",
            "values": [
                "restart",
                "idle"
            ],
            "name": "firmware:DownloadActivity"
        },
        {
            "default": "scp",
            "values": [
                "ftp",
                "tftp",
                "scp",
                "sftp",
                "local",
                "usbA",
                "usbB"
            ],
            "name": "firmware:Transport"
        },
        {
            "default": "",
            "values": [
                "bad-image"
            ],
            "name": "firmware:ImageState"
        },
        {
            "default": "none",
            "values": [
                "none",
                "checksum-failure",
                "filesystem-error",
                "mgmt-connect-error",
                "boot-conf-missing",
                "crc-failure",
                "unknown-error"
            ],
            "name": "firmware:ImageError"
        },
        {
            "default": "",
            "values": [],
            "name": "firmware:InventoryType"
        },
        {
            "default": "",
            "values": [],
            "name": "firmware:PackagingId"
        },
        {
            "default": "",
            "values": [],
            "name": "firmware:Name"
        },
        {
            "default": "",
            "values": [],
            "name": "firmware:ServerName"
        },
        {
            "default": "triggered",
            "values": [
                "trigger",
                "triggered"
            ],
            "name": "firmware:TriggerState"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "in-progress",
                "failed",
                "success",
                "warnings",
                "skipped"
            ],
            "name": "firmware:UpgradeStatus"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "same-release",
                "compatible",
                "incompatible",
                "multiple-releases"
            ],
            "name": "firmware:FwState"
        },
        {
            "default": "other",
            "values": [
                "other",
                "data-load",
                "catalog",
                "config",
                "server-reboot",
                "faults"
            ],
            "name": "firmware:UpgradeCategory"
        },
        {
            "default": "0",
            "values": [
                "no-config-issue",
                "bios-image-not-selected"
            ],
            "name": "firmware:HostPackConfigQualifier"
        },
        {
            "default": "no-firmware-mismatch",
            "values": [
                "no-firmware-mismatch",
                "cimc-firmware-mismatch",
                "pld-firmware-mismatch"
            ],
            "name": "firmware:FirmwareState"
        },
        {
            "default": "ready",
            "values": [
                "ready",
                "scheduled",
                "in-progress",
                "failed",
                "pending-user-ack",
                "start-pending-ext-permission"
            ],
            "name": "firmware:InstallState"
        },
        {
            "default": "ok",
            "values": [
                "ok",
                "not-applied",
                "failed"
            ],
            "name": "firmware:CatalogPackConfigState"
        },
        {
            "default": "immediate ",
            "values": [
                "immediate"
            ],
            "name": "firmware:DateTime"
        },
        {
            "default": "never",
            "values": [
                "never"
            ],
            "name": "firmware:DateTimeNever"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "fatal",
                "error",
                "warn",
                "info"
            ],
            "name": "firmware:UpgradeSeverity"
        },
        {
            "default": "Auto Acknowledge",
            "values": [
                "Auto Acknowledge",
                "User Acknowledge",
                "No Actions"
            ],
            "name": "firmware:AutoSyncState"
        },
        {
            "default": "No Issues",
            "values": [
                "No Issues",
                "Default Package Missing",
                "Versions Empty in Default Package"
            ],
            "name": "firmware:AutoSyncConfigIssue"
        }
    ],
    "package": "firmware" {
            "type": "Downloader",
            "properties": {
                "protocol": {
                    "access": "read-write",
                    "type": "Transport",
                    "description": "TBD"
                },
                "imageSize": {
                    "access": "read-only",
                    "type": "ImageSize",
                    "description": "TBD"
                },
                "adminState": {
                    "access": "read-write",
                    "type": "DownloadActivity",
                    "description": "TBD"
                },
                "fileName": {
                    "access": "read-write",
                    "type": "Name",
                    "description": "TBD"
                },
                "transferState": {
                    "access": "read-only",
                    "type": "TransferState",
                    "description": "TBD"
                },
                "pwd": {
                    "access": "read-write",
                    "type": "string:Password",
                    "description": "TBD"
                },
                "remotePath": {
                    "access": "read-write",
                    "type": "ImageLocation",
                    "description": "TBD"
                },
                "server": {
                    "access": "read-write",
                    "type": "ServerName",
                    "description": "TBD"
                },
                "user": {
                    "access": "read-write",
                    "type": "str",
                    "description": "TBD"
                }
            },
            "title": "Downloader Object Schema"
        }
}

The Download Infrastructure Bundle JSON Schema is shown on the right.

Query/Delete Infrastructure Bundle JSON Schema

Query/Delete Infrastructure Bundle JSON Schema:

{
            "children": [
                "DistImage"
            ],
            "type": "Distributable",
            "properties": {
                "completeness": {
                    "access": "read-only",
                    "type": "Completeness",
                    "description": "TBD"
                },
                "invTag": {
                    "access": "read-only",
                    "type": "InventoryType",
                    "description": "TBD"
                },
                "transferState": {
                    "access": "read-only",
                    "type": "TransferState",
                    "description": "TBD"
                },
                "adminState": {
                    "access": "read-write",
                    "type": "AdminState",
                    "description": "TBD"
                },
                "version": {
                    "access": "read-only",
                    "type": "firmware:Version",
                    "description": "TBD"
                },
                "imagePresence": {
                    "access": "read-only",
                    "type": "ImagePresence",
                    "description": "TBD"
                },
                "type": {
                    "access": "read-only",
                    "type": "DistributableType",
                    "description": "TBD"
                },
                "intId": {
                    "access": "read-only",
                    "type": "InternalId",
                    "description": "TBD"
                }
            },
            "title": "Distributable Object Schema"
}

The Query/Delete Infrastructure Bundle JSON Schema is shown on the right.

Auto Install Infrastructure Bundle (Supervisor software) JSON Schema

Schedule Information JSON Schema

Schedule Information JSON Schema:

{
            "type": "AbsWindow",
            "properties": {},
            "title": "AbsWindow Object Schema"
}

The Auto Install Infrastructure Bundle Schedule Information JSON Schema is shown on the right.

Set Version JSON Schema

Set Version JSON Schema:

{
            "type": "InfraPack",
            "properties": {
                "infraBundleName": {
                    "access": "read-only",
                    "type": "str",
                    "description": "TBD"
                },
                "forceDeploy": {
                    "access": "read-write",
                    "type": "bool",
                    "description": "TBD"
                },
                "infraBundleVersion": {
                    "access": "read-write",
                    "type": "firmware:Version",
                    "description": "TBD"
                }
            },
            "title": "InfraPack Object Schema"
}

The Auto Install Infrastructure Bundle Set Version JSON Schema is shown on the right.

Cancel Scheduled Install JSON Schema

Cancel Scheduled Install JSON Schema:

{
            "type": "Infra",
            "properties": {
                "operVersion": {
                    "access": "read-only",
                    "type": "firmware:Version",
                    "description": "TBD"
                }
            },
            "title": "Infra Object Schema"
}

The Auto Install Infrastructure Bundle Cancel Scheduled Install JSON Schema is shown on the right.

Port Channel Configuration JSON Schema

Port Channel Configuration JSON Schema:

{
"types": [
        {
            "default": "disabled",
            "values": [
                "enabled",
                "disabled"
            ],
            "name": "fabric:AdminState"
        },
        {
            "default": "",
            "values": [
                "ok",
                "missing-primary"
            ],
            "name": "fabric:VlanStatus"
        },
        {
            "default": "none",
            "values": [
                "none",
                "fc-zoning-enabled",
                "configuration-error"
            ],
            "name": "fabric:Warnings"
        },
        {
            "default": "15",
            "values": [],
            "name": "fabric:msgInterval"
        },
        {
            "default": "none",
            "values": [
                "none",
                "reset"
            ],
            "name": "fabric:recoveryAction"
        },
        {
            "default": "",
            "values": [
                "unknown",
                "udld",
                "cdp"
            ],
            "name": "fabric:LinkProtocol"
        },
        {
            "default": "",
            "values": [
                "normal",
                "aggressive"
            ],
            "name": "fabric:udldMode"
        },
        {
            "default": "unknown",
            "values": [
                "unknown",
                "unidirectional",
                "bidirectional",
                "tx-rx-loop",
                "mismatch",
                "echo-empty",
                "admin-disabled"
            ],
            "name": "fabric:UdldOperState"
        },
        {
            "default": "disabled",
            "values": [
                "enabled",
                "disabled"
            ],
            "name": "fabric:SpannedCluster"
        }
    ],
    "package": "fabric"
}

The Port Channel Configuration JSON Schema is shown on the right.

Port Channel JSON Schema

Clapton update: added lacpMode, adminDuplex, autoNeg, speedCap

Port Channel JSON Schema:

{
            "type": "EthLanPc",
            "properties": {
                "ssaPortType": {
                    "access": "read-write",
                    "type": "fabric:SSAPortType",
                    "description": "TBD"
                },
                "vlanStatus": {
                    "access": "read-write",
                    "type": "VlanStatus",
                    "description": "TBD"
                },
                "mtu": {
                    "access": "read-write",
                    "type": "int32",
                    "description": "TBD"
                },
                "bandwidth": {
                    "access": "read-only",
                    "type": "int32",
                    "description": "TBD"
                },
                "overlappingVlans": {
                    "access": "read-only",
                    "type": "port:StateQual",
                    "description": "TBD"
                },
                "lacpPolicyName": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": "TBD"
                },
                "lacpMode" : {
                     "access": "read-write",
                     "type":  "fabric:LacpMode",
                     "description": ""
                },
                "spannedCluster": {
                    "access": "read-write",
                    "type": "fabric:SpannedCluster",
                    "description": "TBD"
                },
                "operSpeed": {
                    "access": "read-write",
                    "type": "port:EthSpeed",
                    "description": "TBD"
                },
                "adminSpeed": {
                    "access": "read-write",
                    "type": "port:EthAdminSpeed",
                    "description": "TBD"
                },
                "adminDuplex": {
                   "access": "read-write",
                   "type": "port:Duplex"
                },
                "autoNeg": {
                   "access": "read-write",
                   "type": "Boolean"
               },
               "speedCap": {
                  "access": "read-only",
                  "type": "equipment:EthPortSpeedCap"
               },
                "flowCtrlPolicy": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": "TBD"
                },
                "operState": {
                    "access": "read-only",
                    "type": "network:PortOperState",
                    "description": "TBD"
                },
                "stateQual": {
                    "access": "read-only",
                    "type": "port:StateQual",
                    "description": "TBD"
                },
                "warnings": {
                    "access": "read-only",
                    "type": "Warnings",
                    "description": "TBD"
                },
                "adminState": {
                    "access": "read-write",
                    "type": "fabric:AdminState",
                    "description": "TBD"
                },
                "descr": {
                    "access": "read-write",
                    "type": "naming:Descr",
                    "description": "TBD"
                },
                "switchId": {
                    "access": "read-only",
                    "type": "network:SwitchId",
                    "description": "TBD"
                },
                "portId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "peerDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": "TBD"
                },
                "ifType": {
                    "access": "read-only",
                    "type": "network:PortType",
                    "description": "TBD"
                },
                "ifRole": {
                    "access": "read-only",
                    "type": "PortRole",
                    "description": "TBD"
                },
                 "epDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": "TBD"
                },

                "locale": {
                    "access": "read-only",
                    "type": "network:Locale",
                    "description": "TBD"
                },
                "type": {
                    "access": "read-only",
                    "type": "network:ConnectionType",
                    "description": "TBD"
                },
                "transport": {
                    "access": "read-only",
                    "type": "network:Transport",
                    "description": "TBD"
                }

            },
            "title": "EthLanPc Object Schema"
}

The Port Channel JSON Schema is shown on the right.

Regular Member Port JSON Schema

Regular Member Port JSON Schema:

{
            "type": "EthLanPcEp",
            "properties": {
                "membership": {
                    "access": "read-only",
                    "type": "fabric:MembershipStatus",
                    "description": "TBD"
                },
                "ethLinkProfileName": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": "TBD"
                },
                "udldOperState": {
                    "access": "read-only",
                    "type": "fabric:UdldOperState",
                    "description": "TBD"
                },
               "adminState": {
                    "access": "read-write",
                    "type": "AdminState",
                    "description": "TBD"
                },
                "warnings": {
                    "access": "read-only",
                    "type": "Warnings",
                    "description": "TBD"
                },
                "operStateReason": {
                    "access": "read-only",
                    "type": "port:StateQual",
                    "description": "TBD"
                },
                "operState": {
                    "access": "read-only",
                    "type": "fabric:OperState",
                    "description": "TBD"
                },
                "peerAggrPortId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "aggrPortId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "portId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "slotId": {
                    "access": "read-only",
                    "type": "equipment:SlotId",
                    "description": "TBD"
                },
                "peerSlotId": {
                    "access": "read-only",
                    "type": "equipment:Id",
                    "description": "TBD"
                },
                "chassisId": {
                    "access": "read-only",
                    "type": "equipment:ChassisId",
                    "description": "TBD"
                },
                "switchId": {
                    "access": "read-only",
                    "type": "network:SwitchId",
                    "description": "TBD"
                },
                "peerPortId": {
                    "access": "read-only",
                    "type": "equipment:Id",
                    "description": "TBD"
                },
                 "peerDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": "TBD"
                },
                "ifType": {
                    "access": "read-only",
                    "type": "network:PortType",
                    "description": "TBD"
                },
                "ifRole": {
                    "access": "read-only",
                    "type": "PortRole",
                    "description": "TBD"
                },
                "epDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": "TBD"
                },
                 "locale": {
                    "access": "read-only",
                    "type": "network:Locale",
                    "description": "TBD"
                },
                "type": {
                    "access": "read-only",
                    "type": "network:ConnectionType",
                    "description": "TBD"
                },
                "transport": {
                    "access": "read-only",
                    "type": "network:Transport",
                    "description": "TBD"
                }
            },
            "title": "EthLanPcEp Object Schema"
}

The Regular Member Port JSON Schema is shown on the right.

Breakout Member Port JSON Schema

Breakout Member Port JSON Schema:

{
            "type": "EthLanPcEp",
            "properties": {
                "membership": {
                    "access": "read-only",
                    "type": "fabric:MembershipStatus",
                    "description": "TBD"
                },
                "ethLinkProfileName": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": "TBD"
                },
                "udldOperState": {
                    "access": "read-only",
                    "type": "fabric:UdldOperState",
                    "description": "TBD"
                },
                "adminState": {
                    "access": "read-write",
                    "type": "AdminState",
                    "description": "TBD"
                },
                "warnings": {
                    "access": "read-only",
                    "type": "Warnings",
                    "description": "TBD"
                },
                "operStateReason": {
                    "access": "read-only",
                    "type": "port:StateQual",
                    "description": "TBD"
                },
                "operState": {
                    "access": "read-only",
                    "type": "fabric:OperState",
                    "description": "TBD"
                },
                "peerAggrPortId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "aggrPortId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "portId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "slotId": {
                    "access": "read-only",
                    "type": "equipment:SlotId",
                    "description": "TBD"
                },
                "peerSlotId": {
                    "access": "read-only",
                    "type": "equipment:Id",
                    "description": "TBD"
                },
                "chassisId": {
                    "access": "read-only",
                    "type": "equipment:ChassisId",
                    "description": "TBD"
                },
                "switchId": {
                    "access": "read-only",
                    "type": "network:SwitchId",
                    "description": "TBD"
                },
                "peerPortId": {
                    "access": "read-only",
                    "type": "equipment:Id",
                    "description": "TBD"
                },
                 "peerDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": "TBD"
                },
                "ifType": {
                    "access": "read-only",
                    "type": "network:PortType",
                    "description": "TBD"
                },
                "ifRole": {
                    "access": "read-only",
                    "type": "PortRole",
                    "description": "TBD"
                },
                "epDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": "TBD"
                },
                 "locale": {
                    "access": "read-only",
                    "type": "network:Locale",
                    "description": "TBD"
                },
                "type": {
                    "access": "read-only",
                    "type": "network:ConnectionType",
                    "description": "TBD"
                },
                "transport": {
                    "access": "read-only",
                    "type": "network:Transport",
                    "description": "TBD"
                }
            },
            "title": "EthLanPcEp Object Schema"
}

The Breakout Member Port JSON Schema is shown on the right.

Physical Port Configuration JSON Schema

Physical Port Configuration JSON Schema:

{
"types": [
        {
            "default": "normal",
            "values": [
                "normal",
                "new",
                "deleted"
            ],
            "name": "sw:MonLifeCycle"
        },
        {
            "default": "none",
            "values": [
                "none",
                "in-progress",
                "verifying",
                "failed"
            ],
            "name": "sw:ConfMode"
        },
        {
            "default": "",
            "values": [],
            "name": "sw:GroupId"
        },
        {
            "default": "enabled",
            "values": [
                "enabled",
                "disabled"
            ],
            "name": "sw:AdminState"
        },
        {
            "default": "compressed",
            "values": [
                "compressed",
                "uncompressed"
            ],
            "name": "sw:VlanGroupType"
        },
        {
            "default": "included",
            "values": [
                "included",
                "excluded"
            ],
            "name": "sw:VlanCompType"
        },
        {
            "default": "unApplied",
            "values": [
                "applied",
                "unApplied"
            ],
            "name": "sw:VlanConfigStatusType"
        },
        {
            "default": "nonexisting",
            "values": [
                "existing",
                "nonexisting"
            ],
            "name": "sw:PeerStatus"
        },
        {
            "default": "none",
            "values": [
                "none",
                "no-vlan-comp"
            ],
            "name": "sw:ConfigStatus"
        },
        {
            "default": "0",
            "values": [],
            "name": "sw:CimcId"
        },
        {
            "default": "ok",
            "values": [
                "ok",
                "incomplete"
            ],
            "name": "sw:NFConfigStatus"
        },
        {
            "default": "disabled",
            "values": [
                "enabled",
                "disabled"
            ],
            "name": "sw:SpannedCluster"
        }
    ],
    "package": "sw"
}

The Physical Port Configuration JSON Schema is shown on the right.

Regular Port JSON Schema

Regular Port JSON Schema:

{
            "type": "EthLanEp",
            "properties": {
                "ssaPortType": {
                    "access": "read-write",
                    "type": "fabric:SSAPortType",
                    "description": "TBD"
                },
                "udldOperState": {
                    "access": "read-only",
                    "type": "fabric:UdldOperState",
                    "description": "TBD"
                },
                "vlanStatus": {
                    "access": "read-write",
                    "type": "VlanStatus",
                    "description": "TBD"
                },
                "flowCtrlPolicy": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": "TBD"
                },
                "mtu": {
                    "access": "read-write",
                    "type": "int32",
                    "description": "TBD"
                },
                "usrLbl": {
                    "access": "read-write",
                    "type": "naming:UserLabel",
                    "description": "TBD"
                },
                "ethLinkProfileName": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": "TBD"
                },
                "overlappingVlans": {
                    "access": "read-only",
                    "type": "port:StateQual",
                    "description": "TBD"
                },
                "adminSpeed": {
                    "access": "read-write",
                    "type": "port:EthSpeed",
                    "description": "TBD"
                },
                "adminState": {
                    "access": "read-write",
                    "type": "fabric:AdminState",
                    "description": "TBD"
                },
                "lc": {
                    "access": "read-only",
                    "type": "fsm:Lifecycle",
                    "description": "TBD"
                },"peerAggrPortId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "aggrPortId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "portId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "slotId": {
                    "access": "read-only",
                    "type": "equipment:SlotId",
                    "description": "TBD"
                },
                "peerSlotId": {
                    "access": "read-only",
                    "type": "equipment:Id",
                    "description": "TBD"
                },
                "chassisId": {
                    "access": "read-only",
                    "type": "equipment:ChassisId",
                    "description": "TBD"
                },
                "switchId": {
                    "access": "read-only",
                    "type": "network:SwitchId",
                    "description": "TBD"
                },
                "peerPortId": {
                    "access": "read-only",
                    "type": "equipment:Id",
                    "description": "TBD"
                },
                "peerDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": "TBD"
                },
                "ifType": {
                    "access": "read-only",
                    "type": "network:PortType",
                    "description": "TBD"
                },
                "ifRole": {
                    "access": "read-only",
                    "type": "PortRole",
                    "description": "TBD"
                },
                "epDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": "TBD"
                },"locale": {
                    "access": "read-only",
                    "type": "network:Locale",
                    "description": "TBD"
                },
                "type": {
                    "access": "read-only",
                    "type": "network:ConnectionType",
                    "description": "TBD"
                },
                "transport": {
                    "access": "read-only",
                    "type": "network:Transport",
                    "description": "TBD"
                }
            },
            "title": "EthLanEp Object Schema"
}

The Regular Port JSON Schema is shown on the right.

Breakout Port JSON Schema

Breakout Port JSON Schema:

{
            "type": "EthLanEp",
            "properties": {
                "ssaPortType": {
                    "access": "read-write",
                    "type": "fabric:SSAPortType",
                    "description": "TBD"
                },
                "udldOperState": {
                    "access": "read-only",
                    "type": "fabric:UdldOperState",
                    "description": "TBD"
                },
                "vlanStatus": {
                    "access": "read-write",
                    "type": "VlanStatus",
                    "description": "TBD"
                },
                "flowCtrlPolicy": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": "TBD"
                },
                "mtu": {
                    "access": "read-write",
                    "type": "int32",
                    "description": "TBD"
                },
                "usrLbl": {
                    "access": "read-write",
                    "type": "naming:UserLabel",
                    "description": "TBD"
                },
                "ethLinkProfileName": {
                    "access": "read-write",
                    "type": "naming:Name",
                    "description": "TBD"
                },
                "overlappingVlans": {
                    "access": "read-only",
                    "type": "port:StateQual",
                    "description": "TBD"
                },
                "adminSpeed": {
                    "access": "read-write",
                    "type": "port:EthSpeed",
                    "description": "TBD"
                },
                "adminState": {
                    "access": "read-write",
                    "type": "fabric:AdminState",
                    "description": "TBD"
                },
                "lc": {
                    "access": "read-only",
                    "type": "fsm:Lifecycle",
                    "description": "TBD"
                },"peerAggrPortId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "aggrPortId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "portId": {
                    "access": "read-only",
                    "type": "equipment:PortId",
                    "description": "TBD"
                },
                "slotId": {
                    "access": "read-only",
                    "type": "equipment:SlotId",
                    "description": "TBD"
                },
                "peerSlotId": {
                    "access": "read-only",
                    "type": "equipment:Id",
                    "description": "TBD"
                },
                "chassisId": {
                    "access": "read-only",
                    "type": "equipment:ChassisId",
                    "description": "TBD"
                },
                "switchId": {
                    "access": "read-only",
                    "type": "network:SwitchId",
                    "description": "TBD"
                },
                "peerPortId": {
                    "access": "read-only",
                    "type": "equipment:Id",
                    "description": "TBD"
                },
                "peerDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": "TBD"
                },
                "ifType": {
                    "access": "read-only",
                    "type": "network:PortType",
                    "description": "TBD"
                },
                "ifRole": {
                    "access": "read-only",
                    "type": "PortRole",
                    "description": "TBD"
                },
                "epDn": {
                    "access": "read-only",
                    "type": "object",
                    "description": "TBD"
                },"locale": {
                    "access": "read-only",
                    "type": "network:Locale",
                    "description": "TBD"
                },
                "type": {
                    "access": "read-only",
                    "type": "network:ConnectionType",
                    "description": "TBD"
                },
                "transport": {
                    "access": "read-only",
                    "type": "network:Transport",
                    "description": "TBD"
                }
            },
            "title": "EthLanEp Object Schema"
}
</