https://community.cisco.com/t5/network-security/using-ers-api-to-create-dacl/m-p/3504774#M154 <HTML><HEAD></HEAD><BODY><P>The ACL format would need to match the ACL format of the network device.</P><P>So assuming an IOS switch:</P><P></P><P><SPAN style="font-family: courier new, courier;"><SPAN>curl --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user admin:C1sco12345 --request POST </SPAN><A class="jive-link-external-small" href="https://1.2.3.4:9060/ers/config/downloadableacl" rel="nofollow" target="_blank">https://1.2.3.4:9060/ers/config/downloadableacl</A><SPAN> --data '</SPAN></SPAN></P><P><SPAN style="font-family: courier new, courier;">{</SPAN></P><P><SPAN style="font-family: courier new, courier;">&nbsp; "DownloadableAcl" : {</SPAN></P><P><SPAN style="font-family: courier new, courier;">&nbsp;&nbsp;&nbsp; "name" : "ALLOW_ALL",</SPAN></P><P><SPAN style="font-family: courier new, courier;">&nbsp;&nbsp;&nbsp; "description" : "Allow all.",</SPAN></P><P><SPAN style="font-family: courier new, courier;">&nbsp;&nbsp;&nbsp; "dacl" : "</SPAN></P><P><SPAN style="font-family: courier new, courier;">remark Allow All</SPAN></P><P><SPAN style="font-family: courier new, courier;">permit ip any any</SPAN></P><P><SPAN style="font-family: courier new, courier;">"</SPAN></P><P><SPAN style="font-family: courier new, courier;">&nbsp; }</SPAN></P><P><SPAN style="font-family: courier new, courier;">}'</SPAN></P></BODY></HTML> Mon, 09 Jul 2018 19:45:44 GMT thomas 2018-07-09T19:45:44Z https://community.cisco.com/t5/network-security/using-ers-api-to-create-dacl/m-p/3504773#M153 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>In ISE 2.4 it seems that it's possible to create dACLs using ERS. I couldn't find documentation for actually setting the rules in the dACL, e.g. permitting traffic for specific IPs, permit/deny, etc.</P><P></P><P>Can it be done? If so, what's the json format for that? If not, what's the purpose of this API?</P><P></P><P>Thanks</P></BODY></HTML> Mon, 11 Jun 2018 07:17:59 GMT https://community.cisco.com/t5/network-security/using-ers-api-to-create-dacl/m-p/3504773#M153 orp 2018-06-11T07:17:59Z https://community.cisco.com/t5/network-security/using-ers-api-to-create-dacl/m-p/3504774#M154 <HTML><HEAD></HEAD><BODY><P>The ACL format would need to match the ACL format of the network device.</P><P>So assuming an IOS switch:</P><P></P><P><SPAN style="font-family: courier new, courier;"><SPAN>curl --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user admin:C1sco12345 --request POST </SPAN><A class="jive-link-external-small" href="https://1.2.3.4:9060/ers/config/downloadableacl" rel="nofollow" target="_blank">https://1.2.3.4:9060/ers/config/downloadableacl</A><SPAN> --data '</SPAN></SPAN></P><P><SPAN style="font-family: courier new, courier;">{</SPAN></P><P><SPAN style="font-family: courier new, courier;">&nbsp; "DownloadableAcl" : {</SPAN></P><P><SPAN style="font-family: courier new, courier;">&nbsp;&nbsp;&nbsp; "name" : "ALLOW_ALL",</SPAN></P><P><SPAN style="font-family: courier new, courier;">&nbsp;&nbsp;&nbsp; "description" : "Allow all.",</SPAN></P><P><SPAN style="font-family: courier new, courier;">&nbsp;&nbsp;&nbsp; "dacl" : "</SPAN></P><P><SPAN style="font-family: courier new, courier;">remark Allow All</SPAN></P><P><SPAN style="font-family: courier new, courier;">permit ip any any</SPAN></P><P><SPAN style="font-family: courier new, courier;">"</SPAN></P><P><SPAN style="font-family: courier new, courier;">&nbsp; }</SPAN></P><P><SPAN style="font-family: courier new, courier;">}'</SPAN></P></BODY></HTML> Mon, 09 Jul 2018 19:45:44 GMT https://community.cisco.com/t5/network-security/using-ers-api-to-create-dacl/m-p/3504774#M154 thomas 2018-07-09T19:45:44Z