06-07-2010 08:45 PM
06-11-2010 11:51 AM
Hi Smith,
Here are a few notes:
Below is the only requirement to access the XML API:
class-map type management match-any REMOTE_MANAGEMENT_CLASS
6 match protocol telnet any
7 match protocol ssh any
8 match protocol icmp any
9 match protocol http any
10 match protocol https any <--- this one permits access to the XML API
policy-map type management first-match REMOTE_MANAGEMENT_POLICY
class REMOTE_MANAGEMENT_CLASS
permit
interface vlan 640
ip address 10.10.40.97 255.255.255.0
access-group input ANYONE
service-policy input REMOTE_MANAGEMENT_POLICY
no shutdown
Notice that in your curl statement, you are using http instead of https. The XML API uses HTTPS.
The user you use should be configured on the ACE.
If possible, I would recommend upgrading to A2(2.4) or A2(3.1), as the code you are running is old. This is not related to your XML API issue, however.
Sean
06-08-2010 08:31 AM
Hello there,
Yes you can use the ACE's XML API to put a single VIP in and out of service. The example below shows how to first put a VIP identified as class-map HTTP-DOT-90 under the multi-match policy called VIP-PM out-of-service:
xml_cmd=
Now I'll put the VIP back in service:
xml_cmd=
Notice the only difference between the two is when we want to do a no inservice of the VIP, we set the sense attribute to no.
Hope this helps,
Sean
06-08-2010 07:18 PM
Sean Merrow,
Thank your great help.
I do not know abc of XML API.
What is XML API? it is a proxy web server for ACE or a ACE biniary module?
How to send the XML content to ACE? use HTTP1.1 POST? if that, whether the XML API need some authentication for security ?
I greatly appreciate your help.
-Smith
06-09-2010 07:07 AM
Hello Smith,
Yes, the two XML commands I gave you would need to be sent in an HTTP POST to the ACE. We have a very detailed document on how to configure a management policy to enable access to the ACE XML API and how to send commands. It is in the Configuring the XML Interface chapter of the ACE documenation. For the authentication of the request, you would simply send the username and password of a user configured in the ACE context.
Hope this helps,
Sean
06-10-2010 07:11 PM
Hello Sean,
You answer help me, thank you again.
My ACE is never do XML API config, so I following the GUIDE do that:
class-map type management match-any remote_access
match protocol xml-https any <-- ACE 4710 only
match protocol https any <-- ACE Module
match protocol http any
Then use
/usr/bin/curl "http://smith@10.224.15.5/bin/xml_agent" -k -d "xml_cmd=
But hung there. I telent 10.224.15.5 80/443, can not connect it.
It seem that I fail to config the XML API on the ACE.
I doubt my ACE version is old, that is do not the XML API module.
Software
loader: Version 12.2[120]
system: Version A2(2.0) [build 3.0(0)A2(2.0)]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_2_0.bin
installed license: xxxx
06-11-2010 11:51 AM
Hi Smith,
Here are a few notes:
Below is the only requirement to access the XML API:
class-map type management match-any REMOTE_MANAGEMENT_CLASS
6 match protocol telnet any
7 match protocol ssh any
8 match protocol icmp any
9 match protocol http any
10 match protocol https any <--- this one permits access to the XML API
policy-map type management first-match REMOTE_MANAGEMENT_POLICY
class REMOTE_MANAGEMENT_CLASS
permit
interface vlan 640
ip address 10.10.40.97 255.255.255.0
access-group input ANYONE
service-policy input REMOTE_MANAGEMENT_POLICY
no shutdown
Notice that in your curl statement, you are using http instead of https. The XML API uses HTTPS.
The user you use should be configured on the ACE.
If possible, I would recommend upgrading to A2(2.4) or A2(3.1), as the code you are running is old. This is not related to your XML API issue, however.
Sean
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: