Solved: Re: Remove IP From Object Group using Restconf

JamesMathis · ‎01-16-2025

I was hoping we could get some assistance with a Restconf API call. We are trying to remove an IP address from our blocklist sources object group on an ASR-1001x. We have no problem adding IP's and subnets to the object group. I was thinking that we could change the PATCH method to a DELETE method to accomplish the task.

However, when we did this we receive the following error message:
{ "errors": { "error": [ { "error-message": "Operation not allowed.", "error-tag": "malformed-message", "error-type: "application" } ] } }

The following curl is what we sent to the router:

curl --request DELETE --insecure -H 'Content-Type: application/yang-data+json' -u 'user:password' \
https://X.X.X.X/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/host \
--data '{"Cisco-IOS-XE-object-group:host":[{"ipv4-host":"1.2.3.4"}]}'

Does anyone know how to properly format this so that we can remove the IP? We will also need to remove subnet's at some point as well, but I feel like once we get IP's working we can modify it for subnets.

Any assistance is appreciated.

Dan Frey · ‎01-16-2025

Here is an example for hosts and networks.

HOSTS:
dafrey@raggedtooth:~$ curl --request GET --insecure -H 'Content-Type: application/yang-data+json' -u 'user:xxxxxxxxxx' https://192.168.0.20/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/host
{
  "Cisco-IOS-XE-object-group:host": [
    {
      "ipv4-host": "1.2.3.4"
    },
    {
      "ipv4-host": "4.3.2.1"
    },
    {
      "ipv4-host": "5.6.7.8"
    }
  ]
}
dafrey@raggedtooth:~$ curl --request DELETE --insecure -H 'Content-Type: application/yang-data+json' -u 'user:xxxxxxxxxx' https://192.168.0.20/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/host=5.6.7.8
dafrey@raggedtooth:~$ curl --request GET --insecure -H 'Content-Type: application/yang-data+json' -u 'user:xxxxxxxxxx' https://192.168.0.20/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/host
{
  "Cisco-IOS-XE-object-group:host": [
    {
      "ipv4-host": "1.2.3.4"
    },
    {
      "ipv4-host": "4.3.2.1"
    }
  ]
}

SUBNETS:
dafrey@raggedtooth:~$ curl --request DELETE --insecure -H 'Content-Type: application/yang-data+json' -u 'user:xxxxxxxxxx' https://192.168.0.20/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/network_address=10.2.1.0,255.255.255.0
dafrey@raggedtooth:~$ curl --request GET --insecure -H 'Content-Type: application/yang-data+json' -u 'user:xxxxxxxxxx' https://192.168.0.20/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/network_address
{
  "Cisco-IOS-XE-object-group:network_address": [
    {
      "ipv4_addr": "10.1.1.0",
      "ipv4_mask": "255.255.255.0"
    }
  ]
}

View solution in original post

Dan Frey · ‎01-16-2025

Here is an example for hosts and networks.

HOSTS:
dafrey@raggedtooth:~$ curl --request GET --insecure -H 'Content-Type: application/yang-data+json' -u 'user:xxxxxxxxxx' https://192.168.0.20/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/host
{
  "Cisco-IOS-XE-object-group:host": [
    {
      "ipv4-host": "1.2.3.4"
    },
    {
      "ipv4-host": "4.3.2.1"
    },
    {
      "ipv4-host": "5.6.7.8"
    }
  ]
}
dafrey@raggedtooth:~$ curl --request DELETE --insecure -H 'Content-Type: application/yang-data+json' -u 'user:xxxxxxxxxx' https://192.168.0.20/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/host=5.6.7.8
dafrey@raggedtooth:~$ curl --request GET --insecure -H 'Content-Type: application/yang-data+json' -u 'user:xxxxxxxxxx' https://192.168.0.20/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/host
{
  "Cisco-IOS-XE-object-group:host": [
    {
      "ipv4-host": "1.2.3.4"
    },
    {
      "ipv4-host": "4.3.2.1"
    }
  ]
}

SUBNETS:
dafrey@raggedtooth:~$ curl --request DELETE --insecure -H 'Content-Type: application/yang-data+json' -u 'user:xxxxxxxxxx' https://192.168.0.20/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/network_address=10.2.1.0,255.255.255.0
dafrey@raggedtooth:~$ curl --request GET --insecure -H 'Content-Type: application/yang-data+json' -u 'user:xxxxxxxxxx' https://192.168.0.20/restconf/data/Cisco-IOS-XE-native:native/object-group/Cisco-IOS-XE-object-group:network=blacklist_sources/obj-Mode-config-network-group/network_address
{
  "Cisco-IOS-XE-object-group:network_address": [
    {
      "ipv4_addr": "10.1.1.0",
      "ipv4_mask": "255.255.255.0"
    }
  ]
}

JamesMathis · ‎01-31-2025

Thanks Dan. This was very helpful and we were able to complete our use case.