Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACE: Can we use ACE API to start/stop one VIP from outside application call

as subject

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: ACE: Can we use ACE API to start/stop one VIP from outside a

Hi Smith,

Here are a few notes:

Below is the only requirement to access the XML API:

class-map type management match-any REMOTE_MANAGEMENT_CLASS
  6 match protocol telnet any
  7 match protocol ssh any
  8 match protocol icmp any
  9 match protocol http any
  10 match protocol https any  <--- this one permits access to the XML API

policy-map type management first-match REMOTE_MANAGEMENT_POLICY
  class REMOTE_MANAGEMENT_CLASS
    permit

interface vlan 640
  ip address 10.10.40.97 255.255.255.0
  access-group input ANYONE
  service-policy input REMOTE_MANAGEMENT_POLICY
  no shutdown

Notice that in your curl statement, you are using http instead of https.  The XML API uses HTTPS.

The user you use should be configured on the ACE.

If possible, I would recommend upgrading to A2(2.4) or A2(3.1), as the code you are running is old.  This is not related to your XML API issue, however.

Sean

5 REPLIES
Silver

Re: ACE: Can we use ACE API to start/stop one VIP from outside a

Hello there,

Yes you can use the ACE's XML API to put a single VIP in and out of service.  The example below shows how to first put a VIP identified as class-map HTTP-DOT-90 under the multi-match policy called VIP-PM out-of-service:

xml_cmd=

 
   sense="no"/>
 


Now I'll put the VIP back in service:

xml_cmd=

 
  
 


Notice the only difference between the two is when we want to do a no inservice of the VIP, we set the sense attribute to no.

Hope this helps,

Sean

New Member

Re: ACE: Can we use ACE API to start/stop one VIP from outside a

Sean Merrow,

Thank your great help.

I do not know abc of XML API.

What is XML API? it is a proxy web server for ACE or a ACE biniary module?

How to send the XML content to ACE? use HTTP1.1 POST? if that,  whether the XML API need some authentication for security ?

I greatly appreciate your help.

-Smith

Silver

Re: ACE: Can we use ACE API to start/stop one VIP from outside a

Hello Smith,

Yes, the two XML commands I gave you would need to be sent in an HTTP POST to the ACE.  We have a very detailed document on how to configure a management policy to enable access to the ACE XML API and how to send commands.  It is in the Configuring the XML Interface chapter of the ACE documenation.  For the authentication of the request, you would simply send the username and password of a user configured in the ACE context.

Hope this helps,

Sean

New Member

Re: ACE: Can we use ACE API to start/stop one VIP from outside a

Hello Sean,

You answer help me, thank you again.

My ACE is never do XML API config, so I following the GUIDE do that:

class-map type management match-any remote_access

  match protocol xml-https any <-- ACE 4710 only

  match protocol https any   <-- ACE Module

  match protocol http any

Then use

/usr/bin/curl "http://smith@10.224.15.5/bin/xml_agent" -k  -d "xml_cmd="

But hung there. I telent 10.224.15.5 80/443, can not connect it.

It seem that I fail to config the XML API on the ACE.

I doubt my ACE version is old, that is do not the XML API module.

Software

  loader:    Version 12.2[120]

  system:    Version A2(2.0) [build 3.0(0)A2(2.0)]

  system image file: [LCP] disk0:c6ace-t1k9-mz.A2_2_0.bin

  installed license:  xxxx

Hardware
  Product Number: ACE20-MOD-K9
  Serial Number:  SAD114507HC
  Card Index:     207
  Hardware Rev:   2.3
  Feature Bits:   0000 0002
  Slot No. :      4
  Type:           ACE
Could you help confirm whether my ACE does support the XML API?
Thanks
-Smith

Silver

Re: ACE: Can we use ACE API to start/stop one VIP from outside a

Hi Smith,

Here are a few notes:

Below is the only requirement to access the XML API:

class-map type management match-any REMOTE_MANAGEMENT_CLASS
  6 match protocol telnet any
  7 match protocol ssh any
  8 match protocol icmp any
  9 match protocol http any
  10 match protocol https any  <--- this one permits access to the XML API

policy-map type management first-match REMOTE_MANAGEMENT_POLICY
  class REMOTE_MANAGEMENT_CLASS
    permit

interface vlan 640
  ip address 10.10.40.97 255.255.255.0
  access-group input ANYONE
  service-policy input REMOTE_MANAGEMENT_POLICY
  no shutdown

Notice that in your curl statement, you are using http instead of https.  The XML API uses HTTPS.

The user you use should be configured on the ACE.

If possible, I would recommend upgrading to A2(2.4) or A2(3.1), as the code you are running is old.  This is not related to your XML API issue, however.

Sean

1290
Views
0
Helpful
5
Replies
CreatePlease to create content