Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1606
Views
10
Helpful
2
Replies

How to remove an entry in an ACL with Restconf

Difan Zhao
Level 5
Level 5

‎01-14-2021 10:25 AM

Hey gurus,

I am trying to remove an entry in an ACL.

Extended IP access list Test-Extended
    10 permit ip any any
    20 deny ip 2.2.2.0 0.0.0.255 3.3.3.0 0.0.0.255 <- This is the one to remove    30 permit tcp 3.3.3.0 0.0.0.255 4.4.4.0 0.0.0.255

I have tried various combinations of URL ("/restconf/data/Cisco-IOS-XE-native:native/ip/access-list" or with "/extended=Test-Extended" added at the end) and JSON in the Body however I am only able to remove the entire ACL, not just the one entry. I used "DELETE" method.

 

My JSON body looks like

{
    "Cisco-IOS-XE-native:access-list": {
        "Cisco-IOS-XE-acl:extended": [
            {
                "name": "Test-Extended",
                "access-list-seq-rule": [
                    {
                        "sequence": "20",
                        "ace-rule": {
                            "action": "deny",
                            "protocol": "ip",
                            "ipv4-address": "2.2.2.0",
                            "mask": "0.0.0.255",
                            "dest-ipv4-address": "3.3.3.0",
                            "dest-mask": "0.0.0.255"
                        }
                    }
                ]
            }
        ]
    }
}

Maybe I shouldn't be using the "DELETE" method? I did try with "PUT" and then I need to put in all that I want to keep, rather than the one I want to remove. "POST" will just tell me the ACL already existed. "PATCH" is good with adding or replacing new entries, but I haven't figure out how to use it to remove one yet. 

Thank you.

Difan

 

2 Replies 2

Alex Stevenson
Cisco Employee
Cisco Employee

‎02-11-2021 12:57 PM

 

Hi @Difan Zhao ,

Have you tried encoding your data with XML instead of JSON?

0 Helpful

Difan Zhao
Level 5
Level 5
In response to Alex Stevenson

‎02-11-2021 02:07 PM

Hey thanks Alex. I actually got it figured out that I could use this to delete an entry

DELETE: https://<ip>/restconf/data/Cisco-IOS-XE-native:native/ip/access-list/extended=TEST/access-list-seq-rule=10/

 

However, I still haven't figured out how to remove multiple entries at once. I have tried "access-list-seq-rule=20&access-list-seq-rule=30"

at the end of the URL but I got the 500 Internal server error 

 

Thanks,

Difan

Customers Also Viewed These Support Documents