Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1604
Views
0
Helpful
5
Replies

ACE: Can we use ACE API to start/stop one VIP from outside application call

Go to solution
shumshi
Level 1
Level 1

‎06-07-2010 08:45 PM

as subject

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sean Merrow
Level 4
Level 4
In response to shumshi

‎06-11-2010 11:51 AM

Hi Smith,

Here are a few notes:

Below is the only requirement to access the XML API:

class-map type management match-any REMOTE_MANAGEMENT_CLASS
  6 match protocol telnet any
  7 match protocol ssh any
  8 match protocol icmp any
  9 match protocol http any
  10 match protocol https any  <--- this one permits access to the XML API

policy-map type management first-match REMOTE_MANAGEMENT_POLICY
  class REMOTE_MANAGEMENT_CLASS
    permit

interface vlan 640
  ip address 10.10.40.97 255.255.255.0
  access-group input ANYONE
  service-policy input REMOTE_MANAGEMENT_POLICY
  no shutdown

Notice that in your curl statement, you are using http instead of https.  The XML API uses HTTPS.

The user you use should be configured on the ACE.

If possible, I would recommend upgrading to A2(2.4) or A2(3.1), as the code you are running is old.  This is not related to your XML API issue, however.

Sean

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Sean Merrow
Level 4
Level 4

‎06-08-2010 08:31 AM

Hello there,

Yes you can use the ACE's XML API to put a single VIP in and out of service.  The example below shows how to first put a VIP identified as class-map HTTP-DOT-90 under the multi-match policy called VIP-PM out-of-service:

xml_cmd=

 
   sense="no"/>
 

Now I'll put the VIP back in service:

xml_cmd=

 
  
 

Notice the only difference between the two is when we want to do a no inservice of the VIP, we set the sense attribute to no.

Hope this helps,

Sean

0 Helpful

Go to solution
shumshi
Level 1
Level 1
In response to Sean Merrow

‎06-08-2010 07:18 PM

Sean Merrow,

Thank your great help.

I do not know abc of XML API.

What is XML API? it is a proxy web server for ACE or a ACE biniary module?

How to send the XML content to ACE? use HTTP1.1 POST? if that,  whether the XML API need some authentication for security ?

I greatly appreciate your help.

-Smith

0 Helpful

Go to solution
Sean Merrow
Level 4
Level 4
In response to shumshi

‎06-09-2010 07:07 AM

Hello Smith,

Yes, the two XML commands I gave you would need to be sent in an HTTP POST to the ACE.  We have a very detailed document on how to configure a management policy to enable access to the ACE XML API and how to send commands.  It is in the Configuring the XML Interface chapter of the ACE documenation.  For the authentication of the request, you would simply send the username and password of a user configured in the ACE context.

Hope this helps,

Sean

0 Helpful

Go to solution
shumshi
Level 1
Level 1
In response to Sean Merrow

‎06-10-2010 07:11 PM

Hello Sean,

You answer help me, thank you again.

My ACE is never do XML API config, so I following the GUIDE do that:

class-map type management match-any remote_access

  match protocol xml-https any <-- ACE 4710 only

  match protocol https any   <-- ACE Module

  match protocol http any

Then use

/usr/bin/curl "http://smith@10.224.15.5/bin/xml_agent" -k  -d "xml_cmd="

But hung there. I telent 10.224.15.5 80/443, can not connect it.

It seem that I fail to config the XML API on the ACE.

I doubt my ACE version is old, that is do not the XML API module.

Software

  loader:    Version 12.2[120]

  system:    Version A2(2.0) [build 3.0(0)A2(2.0)]

  system image file: [LCP] disk0:c6ace-t1k9-mz.A2_2_0.bin

  installed license:  xxxx

Hardware
  Product Number: ACE20-MOD-K9
  Serial Number:  SAD114507HC
  Card Index:     207
  Hardware Rev:   2.3
  Feature Bits:   0000 0002
  Slot No. :      4
  Type:           ACE
Could you help confirm whether my ACE does support the XML API?
Thanks
-Smith

0 Helpful

Go to solution
Sean Merrow
Level 4
Level 4
In response to shumshi

‎06-11-2010 11:51 AM

Hi Smith,

Here are a few notes:

Below is the only requirement to access the XML API:

class-map type management match-any REMOTE_MANAGEMENT_CLASS
  6 match protocol telnet any
  7 match protocol ssh any
  8 match protocol icmp any
  9 match protocol http any
  10 match protocol https any  <--- this one permits access to the XML API

policy-map type management first-match REMOTE_MANAGEMENT_POLICY
  class REMOTE_MANAGEMENT_CLASS
    permit

interface vlan 640
  ip address 10.10.40.97 255.255.255.0
  access-group input ANYONE
  service-policy input REMOTE_MANAGEMENT_POLICY
  no shutdown

Notice that in your curl statement, you are using http instead of https.  The XML API uses HTTPS.

The user you use should be configured on the ACE.

If possible, I would recommend upgrading to A2(2.4) or A2(3.1), as the code you are running is old.  This is not related to your XML API issue, however.

Sean

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents