Disable FTD Subinterface via API

Unanswered Question
Jun 16th, 2017
User Badges:

Hi all,


I'm now to the FMC API, and FTD in general. I have been tasked with creating an automated process to disable a subinterface on an FTD.  I am able to pull the subinterfaces, but do not appear to be able to change the state via the API.  I have also tried fplogicalinterfaces, but can't seem to pull any data from that.  Is this something that simply isn't supported yet?  Any recommendations on alternative ways to disable a subinterface?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
neipatel Fri, 06/16/2017 - 09:40
User Badges:
  • Cisco Employee,

tmagill_sig,


For getting the details about the subinterfaces you are using the GET method. To enable or disable the subinterface you should be changing the method for the same URI to PUT. The PUT json data should be something like below:


post_data = {"type": "SubInterface",
"vlanId": "50",
"subIntfId": "50",
"enabled": False,
"MTU": 1500,
"managementOnly": False,
"enableDNSLookup": True,
"enableAntiSpoofing": True,
"ifname": "subint_vlan_50",
"name": interface_name,
"ipv4": {
"static": {
"address": ip_address,
"netmask": netmask,

"id":[interface id from the get]
}
}


-Neil

tmagill_sig Fri, 06/16/2017 - 10:06
User Badges:

Thanks for the quick response!


That is exactly what I tried, but I was getting a URL error.  I realized during some testing I had changed it to a POST instead of PUT.  I fixed that and it resolved the URL error.  What I'm seeing now is:  


{"error":{"category":"FRAMEWORK","messages":[{"description":"Request UUID and data does not match."}],"severity":"ERROR"}}


I'm sending the following PUT to shut down the interface:

URL:

https://10.32.2.72/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9e...

Payload:

{"enabled": false, "id": "843DC698-7A16-0ed3-0000-188978563388"}


I'm pulling the id directly from the subinterface ['id'].  Are there other required values i must send even though they aren't changing?  I can't find any documentation on a subinterface PUT, only GET.

neipatel Fri, 06/16/2017 - 09:59
User Badges:
  • Cisco Employee,

tmagill_sig,

The URL you are using looks good. You may be on a version of FMC that does not support subinterface configuration. What is the exact version of FMC you are running. I have attached what API explorer should look like with newer versions of FMC.

-Neil

neipatel Fri, 06/16/2017 - 10:16
User Badges:
  • Cisco Employee,

tmagill_sig,


Yes, upgrade to 6.2 would be needed for the subinterface CRUD on the APIs.


Regards,

Neil

tmagill_sig Fri, 06/16/2017 - 10:20
User Badges:

Thanks!  Also, not sure if it matters, but i'm looking at object model in the 6.2.1 docs and it still only shows GET for subinterfaces...  That may need to be updated to match the explorer.


One other question that will be relevant after I upgrade.  Since this is an HA pair and the container on the PUT is a device, not a devicegroup, do i need to PUT it to both members of the group?

Actions

This Discussion