Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
737
Views
0
Helpful
5
Replies

Policy Tag API

noamcoh
Level 1
Level 1

‎04-04-2022 11:26 PM

Hello,
Is it possible to make a query that returns all the IP addresses that connect to a certain policy tag?
for example I have this environment:
 - ESG with a name of "NoamESG" with a tag selector to the following policy tag: "NoamTag" : "NoamValue"
 - Subnet 1.1.1.1/24 with the following policy tag: "NoamTag" : "NoamValue"
 - Subnet 2.2.2.1/24 with the following policy tag: "NoamTag" : "NoamValue"

As I understand, the ESG "NoamESG" should hold now 1.1.1.1/24 and also 2.2.2.1/24
can I make a query that returns those two subnets?

Thank you!

Labels:
0 Helpful
5 Replies 5

Robert Burns
Cisco Employee
Cisco Employee

‎04-05-2022 09:34 AM

Are you trying to return the Subnets or Individual Endpoint IPs matching the policy tag?

Robert

0 Helpful

noamcoh
Level 1
Level 1
In response to Robert Burns

‎04-06-2022 03:10 AM

All the IP addresses connected to the Policy tag.
For example I have a Policy Tag's Key-Value pair or DN, something like that - can I extract all the relevant IP addresses from it?

0 Helpful

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎04-05-2022 11:18 PM - edited ‎04-05-2022 11:18 PM

Hi @noamcoh 

 

Get all EPs (both IP and MAC) associated to tag {TAG_NAME:VALUE_NAME}, you can get it through API call or moquery like this:

moquery:
moquery -c fvAssocESgTagSel -f 'fv.AssocESgTagSel.tagSelectorDn=="uni/tn-TENANT_NAME/ap-AP_NAME/esg-ESG_NAME/tagselectorkey-[TAG_NAME]-value-[VALUE_NAME]"'

API Call:
https://APIC_IP/api/node/class/fvAssocESgTagSel.json?query-target-filter=eq(fvAssocESgTagSel.tagSelectorDn,"uni/tn-TENANT_NAME/ap-AP_NAME/esg-ESG_NAME/tagselectorkey-[TAG_NAME]-value-[VALUE_NAME]")

Make sure you replace the tenant, ap, esg and tag/value names.

 

Stay safe,

Sergiu

0 Helpful

noamcoh
Level 1
Level 1
In response to Sergiu.Daniluk

‎04-06-2022 03:09 AM

Thank you, this is very helpful for the specific example.
I wanted to know if is there a more general API query that returns the IP addresses that are connected to a certain Policy Tag. the difference is that the query you wrote asks for a Policy Tag that associated to an ESG, but Policy Tag can be associated to different kind of objects.
For example I have a Policy Tag's Key-Value pair or DN, something like that - can I extract all the relevant IP addresses from it?

0 Helpful

Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to noamcoh

‎04-06-2022 03:40 AM

As far as I know, policy tags can only be associated to EPs (IP and/or MAC) and BD subnets and afterwards used for ESG selection.

The above command will show both if the tag is already associated to an ESG.

 

If you have tags which are not yet associated to ESGs, then I guess you could use the following moquery: 

 

moquery -c tagTag -f 'tag.Tag.key=="KEY_NAME" and tag.Tag.value=="VALUE_NAME"'

But it will not tell you in which ESG is being part of. I guess this is the ultimate goal, right?

 

Stay safe,

Sergiu

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License