Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
931
Views
20
Helpful
5
Replies

How can I delete residual Implicit Rules broken links?

RedNectar
VIP
VIP

‎12-19-2019 04:50 AM

Hi experts,

I have a large number of residual broken links that I can locate via Admin > AAA > Security > RBAC Rules > Implicit Rules. They link non-existant L2Ext and L3Ext Domains with non-existant Security Domains, as shown below.

Now my problem is that I can not delete these left-over implicit rules - as you can see below, there is NO actions menu, and the right-click menu does not give a delete option.

Broken Links.jpg

 

So experts, how do I delete these broken-link entries

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
Labels:
0 Helpful
5 Replies 5

6askorobogatov
Level 1
Level 1

‎12-19-2019 04:40 PM - edited ‎12-19-2019 04:42 PM

Just guessing here.. i never did  that for broken links. 

You can try to  save object as JSON , add  "status" : " deleted"  and post it. 

 

Claudia de Luna
Spotlight
Spotlight
In response to 6askorobogatov

‎12-19-2019 05:15 PM

I’m afraid I tried that and it didn’t work.

Marcel Zehnder
Spotlight
Spotlight

‎12-20-2019 04:14 AM - edited ‎12-20-2019 04:15 AM

Hi Chris

Have you tried via a DELETE API call using Postman or icurl?

 

First find the DNs using moquery:

moquery -c aaaIRbacRule | grep dn | sort 

Then try to delete the DN:

icurl -g -X DELETE 'http://localhost:7777/api/mo/<DN>.json'

 

Marcel

 

RedNectar
VIP
VIP
In response to Marcel Zehnder

‎12-20-2019 04:33 PM

Hi @Marcel Zehnder ,

I had tried something similar in python/Cobra, but had never thought of using icurl.

But alas, like my python script, it appears to work but the dn does not disappear, as you can see via my comments in my session below

apic1# moquery -c aaaIRbacRule | grep dn | grep T9:MappedVLANs
dn           : uni/rbacdb/irule-[uni/l2dom-T9:MappedVLANs_ExtL2Dom]-dom-T9_SecDom
#GREAT - it found the dn I want - now I'll try an delete it

apic1# icurl -g -X DELETE 'http://localhost:7777/api/mo/uni/rbacdb/irule-[uni/l2dom-T9:MappedVLANs_ExtL2Dom]-dom-T9_SecDom.json'
{"totalCount":"1","imdata":[]}
#FANTASIC - it seems to have worked!  Better check that it has gone

apic1# moquery -c aaaIRbacRule | grep dn | grep T9:MappedVLANs
dn           : uni/rbacdb/irule-[uni/l2dom-T9:MappedVLANs_ExtL2Dom]-dom-T9_SecDom
#DARN - It is still there :(

So there must be some other secret way to achive this that I can't find.

 

Thanks also to @6askorobogatov and @Claudia de Luna for working on this with me.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

Marcel Zehnder
Spotlight
Spotlight
In response to RedNectar

‎12-20-2019 11:41 PM

Hi Chris 

 

Might be some special object which could only be deleted via the testapi. I would suggest to open a TAC case.

 

Marcel

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License