Cisco ACE - Activate XML API management

Per Eilef Koslung · ‎09-19-2012

Hi,

We are using several contexts for each customer in our ACE module.

One of the customer contexts needs to activate XML API to control their services.

I've tried to activate it, but cannot get any http response, what can be missing?

ACE10 version A2(3.6a)

class-map type management match-any HTTP-ALLOW_CLASS

2 match protocol http source-address 10.110.0.0 255.255.254.0

3 match protocol http source-address 10.60.208.80 255.255.255.248

class-map type management match-any HTTPS-ALLOW_CLASS

2 match protocol https source-address 10.110.0.0 255.255.254.0

3 match protocol https source-address 10.60.208.80 255.255.255.248

policy-map type management first-match ALLOW-MGMT-POLICY

class ICMP-ALLOW-CLASS

permit

class HTTPS-ALLOW_CLASS

permit

class HTTP-ALLOW_CLASS

permit

service-policy input ALLOW-MGMT-POLICY

interface vlan 2693

ip address 10.60.208.85 255.255.255.248

alias 10.60.208.84 255.255.255.248

peer ip address 10.60.208.86 255.255.255.248

access-group input OUTSIDE_IN

service-policy input WEB-VIP

no shutdown

access-list OUTSIDE_IN line 8 extended permit icmp any any

access-list OUTSIDE_IN line 16 extended permit tcp any any eq www

access-list OUTSIDE_IN line 17 extended permit tcp any any eq https

Cesar Roque · ‎09-19-2012

Hi,

Not sure if you already have this but you need a match for the xml-https traffic like this:

class-map type management match-any XML-HTTPS-ALLOW_CLASS

2 match protocol xml-https source-address 10.110.0.0 255.255.254.0

3 match protocol xml-https source-address 10.60.208.80 255.255.255.248

policy-map type management first-match ALLOW-MGMT-POLICY

class ICMP-ALLOW-CLASS

permit

class HTTPS-ALLOW_CLASS

permit

class HTTP-ALLOW_CLASS

permit

class XML-HTTPS-ALLOW_CLASS

permit

-----------------------------------------

Cesar R

--------------------- Cesar R ANS Team

Per Eilef Koslung · ‎09-19-2012

Hi,

Thank you for the reply.

I've tried this command, but it will not accept the xml-https parameter.

-----------------------------------------------------

ACE1/104170-z63(config)# class-map type management match-any XML-HTTPS-ALLOW_CLASS

ACE1/104170-z63(config-cmap-mgmt)# 2 match protocol xml-https source-address 10.110.0.0 255.255.254.0

^

% invalid command detected at '^' marker.

ACE1/104170-z63(config-cmap-mgmt)#

ACE1/104170-z63(config)# class-map type management match-any XML-HTTPS-ALLOW_CLASS

ACE1/104170-z63(config-cmap-mgmt)# 2 match protocol ?

http Configure management access using HTTP

https Configure management access using secure HTTP

icmp Configure management access for ICMP protocol

kalap-udp Configure management access using KAL-AP over UDP

snmp Configure management access using SNMP

ssh Configure management access using Secure SHell

-----------------------------------------------------

Hardware is ACE10 with Version A2(3.6a) [build 3.0(0)A2(3.6a)]

Maybe xml api is not supported on this version...?

Cesar Roque · ‎09-19-2012

Hi,

Take a look in this guidelines and restrictions;

http://www.cisco.com/en/US/customer/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/administration/guide/xml.html#wp1100015

There is also some sampels of XML over HTTP/HTTPS

------------------------------

Cesar R

--------------------- Cesar R ANS Team