12-19-2019 04:50 AM
Hi experts,
I have a large number of residual broken links that I can locate via Admin > AAA > Security > RBAC Rules > Implicit Rules. They link non-existant L2Ext and L3Ext Domains with non-existant Security Domains, as shown below.
Now my problem is that I can not delete these left-over implicit rules - as you can see below, there is NO actions menu, and the right-click menu does not give a delete option.
So experts, how do I delete these broken-link entries?
12-19-2019 04:40 PM - edited 12-19-2019 04:42 PM
Just guessing here.. i never did that for broken links.
You can try to save object as JSON , add "status" : " deleted" and post it.
12-19-2019 05:15 PM
I’m afraid I tried that and it didn’t work.
12-20-2019 04:14 AM - edited 12-20-2019 04:15 AM
Hi Chris
Have you tried via a DELETE API call using Postman or icurl?
First find the DNs using moquery:
moquery -c aaaIRbacRule | grep dn | sort
Then try to delete the DN:
icurl -g -X DELETE 'http://localhost:7777/api/mo/<DN>.json'
Marcel
12-20-2019 04:33 PM
Hi @Marcel Zehnder ,
I had tried something similar in python/Cobra, but had never thought of using icurl.
But alas, like my python script, it appears to work but the dn does not disappear, as you can see via my comments in my session below
apic1# moquery -c aaaIRbacRule | grep dn | grep T9:MappedVLANs dn : uni/rbacdb/irule-[uni/l2dom-T9:MappedVLANs_ExtL2Dom]-dom-T9_SecDom
#GREAT - it found the dn I want - now I'll try an delete it
apic1# icurl -g -X DELETE 'http://localhost:7777/api/mo/uni/rbacdb/irule-[uni/l2dom-T9:MappedVLANs_ExtL2Dom]-dom-T9_SecDom.json' {"totalCount":"1","imdata":[]}
#FANTASIC - it seems to have worked! Better check that it has gone
apic1# moquery -c aaaIRbacRule | grep dn | grep T9:MappedVLANs dn : uni/rbacdb/irule-[uni/l2dom-T9:MappedVLANs_ExtL2Dom]-dom-T9_SecDom
#DARN - It is still there :(
So there must be some other secret way to achive this that I can't find.
Thanks also to @6askorobogatov and @Claudia de Luna for working on this with me.
12-20-2019 11:41 PM
Hi Chris
Might be some special object which could only be deleted via the testapi. I would suggest to open a TAC case.
Marcel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide