cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1154
Views
0
Helpful
3
Replies

Cisco ACE - Activate XML API management

Hi,

We are using several contexts for each customer in our ACE module.

One of the customer contexts needs to activate XML API to control their services.

I've tried to activate it, but cannot get any http response, what can be missing?

ACE10 version A2(3.6a)

class-map type management match-any HTTP-ALLOW_CLASS

  2 match protocol http source-address 10.110.0.0 255.255.254.0

  3 match protocol http source-address 10.60.208.80 255.255.255.248

class-map type management match-any HTTPS-ALLOW_CLASS

  2 match protocol https source-address 10.110.0.0 255.255.254.0

  3 match protocol https source-address 10.60.208.80 255.255.255.248

policy-map type management first-match ALLOW-MGMT-POLICY

  class ICMP-ALLOW-CLASS

    permit

  class HTTPS-ALLOW_CLASS

    permit

  class HTTP-ALLOW_CLASS

    permit

service-policy input ALLOW-MGMT-POLICY

interface vlan 2693

  ip address 10.60.208.85 255.255.255.248

  alias 10.60.208.84 255.255.255.248

  peer ip address 10.60.208.86 255.255.255.248

  access-group input OUTSIDE_IN

  service-policy input WEB-VIP

  no shutdown

access-list OUTSIDE_IN line 8 extended permit icmp any any

access-list OUTSIDE_IN line 16 extended permit tcp any any eq www

access-list OUTSIDE_IN line 17 extended permit tcp any any eq https

3 Replies 3

Cesar Roque
Level 4
Level 4

Hi,

Not sure if you already have this but you need a match for the xml-https traffic like this:

class-map type management match-any XML-HTTPS-ALLOW_CLASS

  2 match protocol xml-https source-address 10.110.0.0 255.255.254.0

  3 match protocol xml-https source-address 10.60.208.80 255.255.255.248

policy-map type management first-match ALLOW-MGMT-POLICY

  class ICMP-ALLOW-CLASS

    permit

  class HTTPS-ALLOW_CLASS

    permit

  class HTTP-ALLOW_CLASS

    permit

  class XML-HTTPS-ALLOW_CLASS

    permit

-----------------------------------------

Cesar R

--------------------- Cesar R ANS Team

Hi,

Thank you for the reply.

I've tried this command, but it will not accept the xml-https parameter.

-----------------------------------------------------

ACE1/104170-z63(config)# class-map type management match-any XML-HTTPS-ALLOW_CLASS

ACE1/104170-z63(config-cmap-mgmt)# 2 match protocol xml-https source-address 10.110.0.0 255.255.254.0

                                                                                   ^

% invalid command detected at '^' marker.

ACE1/104170-z63(config-cmap-mgmt)#

ACE1/104170-z63(config)# class-map type management match-any XML-HTTPS-ALLOW_CLASS

ACE1/104170-z63(config-cmap-mgmt)# 2 match protocol ?

  http       Configure management access using HTTP

  https      Configure management access using secure HTTP

  icmp       Configure management access for ICMP protocol

  kalap-udp  Configure management access using KAL-AP over UDP

  snmp       Configure management access using SNMP

  ssh        Configure management access using Secure SHell

-----------------------------------------------------

Hardware is ACE10 with Version A2(3.6a) [build 3.0(0)A2(3.6a)]

Maybe xml api is not supported on this version...?

Hi,

Take a look in this guidelines and restrictions;

http://www.cisco.com/en/US/customer/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/administration/guide/xml.html#wp1100015

There is also some sampels of XML over HTTP/HTTPS

------------------------------

Cesar R

--------------------- Cesar R ANS Team

Review Cisco Networking for a $25 gift card