Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15047
Views
5
Helpful
1
Replies

Using ERS API to create dACL

Go to solution
orp
Level 1
Level 1

‎06-11-2018 12:17 AM

Hi,

In ISE 2.4 it seems that it's possible to create dACLs using ERS. I couldn't find documentation for actually setting the rules in the dACL, e.g. permitting traffic for specific IPs, permit/deny, etc.

Can it be done? If so, what's the json format for that? If not, what's the purpose of this API?

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎07-09-2018 12:45 PM

The ACL format would need to match the ACL format of the network device.

So assuming an IOS switch:

curl --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user admin:C1sco12345 --request POST https://1.2.3.4:9060/ers/config/downloadableacl --data '

{

  "DownloadableAcl" : {

    "name" : "ALLOW_ALL",

    "description" : "Allow all.",

    "dacl" : "

remark Allow All

permit ip any any

"

  }

}'

View solution in original post

1 Reply 1

Go to solution
thomas
Cisco Employee
Cisco Employee

‎07-09-2018 12:45 PM

The ACL format would need to match the ACL format of the network device.

So assuming an IOS switch:

curl --include --header 'Content-Type:application/json' --header 'Accept: application/json' --user admin:C1sco12345 --request POST https://1.2.3.4:9060/ers/config/downloadableacl --data '

{

  "DownloadableAcl" : {

    "name" : "ALLOW_ALL",

    "description" : "Allow all.",

    "dacl" : "

remark Allow All

permit ip any any

"

  }

}'

Customers Also Viewed These Support Documents