Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2687
Views
11
Helpful
6
Replies

Is it possible to create ACLs?

Go to solution
paradoxxl
Level 1
Level 1

‎11-14-2016 07:45 AM - edited ‎03-01-2019 04:33 AM

Hi

I’ve played around APIC-EM for a few days now, especially discovering the API. I used postman and the go-apic-em library (https://github.com/jbogarin/go-apic-em). At the beginning, I was confused by the naming similarities with cisco APIC which is a total different technology. Therefore, I had some wrong expectations as I thought it was SDN like in APIC/ACI.

In my semester project, I need to evaluate APIC-EM and Onos (OpenFlow Controller) to build a classical campus network. Therefore, creating ACL or more general ‘policies’ is crucial. I understand it it possible to create QoS Policies, but is it also possible to create ACL with APIC-EM and are there any examples if yes? Or do I have to switch to another product from the ‘ONE’-portfolio?

The first thought I had was using a DENY-Action when creating a policy (v1) via API. Unfortunately, I could not find the permitted values for the actions in the policy API and ‘DENY’ does not seem to work. I also checked the documents I found on the cisco website, but I was unable to find a clear description for the capabilities of APIC-EM, especially the word ‘policy’ they often use in the descriptions and videos.

Kind regards,

Dominik

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to yawming

‎11-16-2016 10:01 AM

ACL are not supported in policy in 1.3.  We did have them in EFT code.

The policy model will be extended next year

View solution in original post

6 Replies 6

Go to solution
yawming
Cisco Employee
Cisco Employee

‎11-14-2016 09:25 AM

Please take a look this learning lab see if you can find what you want.

Cisco DevNet Learning Labs

Go to solution
paradoxxl
Level 1
Level 1
In response to yawming

‎11-16-2016 06:10 AM

Thank you for the hint. Unfortunately, I cannot find an answer to my problem in this lab as it only covers QoS.

Kind regards,

Dominik

Go to solution
yawming
Cisco Employee
Cisco Employee
In response to paradoxxl

‎11-16-2016 07:53 AM

Have you tried create policy example ? You can create policy single policy with your application and push ACL down to network device

You may need to change attributes in JSON.

"actions":[

        "PERMIT"

    ]

"actions":[

        "DENY"

    ]

I tried to change the actions from  "SET_PROPERTY" to "DENY" but it fail ( "SET_PROPERTY" is OK)

Go to solution
aradford
Cisco Employee
Cisco Employee
In response to yawming

‎11-16-2016 10:01 AM

ACL are not supported in policy in 1.3.  We did have them in EFT code.

The policy model will be extended next year

Go to solution
paradoxxl
Level 1
Level 1
In response to aradford

‎11-17-2016 12:17 AM

Thank you for the clarification.

Is there another product of the cisco ONE-portfolio which is yet able do distribute ACL? APIC/ACI can clearly do it, but we would need nexus switches for this.

Kind regards,

Dominik

0 Helpful

Go to solution
rcsapo
Cisco Employee
Cisco Employee
In response to paradoxxl

‎11-21-2016 04:53 AM

There's the possibility to use Cisco ISE with Downloadable ACLs. (ACL based on Radius)

Cisco Identity Services Engine Administrator Guide, Release 2.1  - Manage Authorization Policies and Profiles [Cisco Ide…

Then there's APIs on Cisco Prime Infra for using templates (ACL based on CLI commands)

Template based provisioning with Cisco Prime Infrastructure – Part 1

Both products are included when buying Cisco One for Access.

0 Helpful
Customers Also Viewed These Support Documents