cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3201
Views
0
Helpful
7
Replies

Disable FTD Subinterface via API

tmagill_sig
Level 1
Level 1

Hi all,

I'm now to the FMC API, and FTD in general. I have been tasked with creating an automated process to disable a subinterface on an FTD.  I am able to pull the subinterfaces, but do not appear to be able to change the state via the API.  I have also tried fplogicalinterfaces, but can't seem to pull any data from that.  Is this something that simply isn't supported yet?  Any recommendations on alternative ways to disable a subinterface?

7 Replies 7

neipatel
Cisco Employee
Cisco Employee

tmagill_sig,

For getting the details about the subinterfaces you are using the GET method. To enable or disable the subinterface you should be changing the method for the same URI to PUT. The PUT json data should be something like below:

post_data = {"type": "SubInterface",
"vlanId": "50",
"subIntfId": "50",
"enabled": False,
"MTU": 1500,
"managementOnly": False,
"enableDNSLookup": True,
"enableAntiSpoofing": True,
"ifname": "subint_vlan_50",
"name": interface_name,
"ipv4": {
"static": {
"address": ip_address,
"netmask": netmask,

"id":[interface id from the get]
}
}

-Neil

Thanks for the quick response!

That is exactly what I tried, but I was getting a URL error.  I realized during some testing I had changed it to a POST instead of PUT.  I fixed that and it resolved the URL error.  What I'm seeing now is:  

{"error":{"category":"FRAMEWORK","messages":[{"description":"Request UUID and data does not match."}],"severity":"ERROR"}}

I'm sending the following PUT to shut down the interface:

URL:

https://10.32.2.72/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/7a628088-9f7e-11e6-b3e5-81bddcad0051/subinterfaces/843DC698-7A16-0ed3-0000-188978563388

Payload:

{"enabled": false, "id": "843DC698-7A16-0ed3-0000-188978563388"}

I'm pulling the id directly from the subinterface ['id'].  Are there other required values i must send even though they aren't changing?  I can't find any documentation on a subinterface PUT, only GET.

tmagill_sig,

The URL you are using looks good. You may be on a version of FMC that does not support subinterface configuration. What is the exact version of FMC you are running. I have attached what API explorer should look like with newer versions of FMC.

-Neil

I am on 6.1.  Sounds like its time for an upgrade!

tmagill_sig,

Yes, upgrade to 6.2 would be needed for the subinterface CRUD on the APIs.

Regards,

Neil

Thanks!  Also, not sure if it matters, but i'm looking at object model in the 6.2.1 docs and it still only shows GET for subinterfaces...  That may need to be updated to match the explorer.

One other question that will be relevant after I upgrade.  Since this is an HA pair and the container on the PUT is a device, not a devicegroup, do i need to PUT it to both members of the group?

Running 6.2.1
As a test, I try changing the name of an Access Control Policy and always get the same error:

{"error": {"messages": [{"description": "Request UUID and data does not match."}], "category": "FRAMEWORK", "severity": "ERROR"}}

 

url = https://192.168.56.20/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/0800275D-1AA7-0ed3-0000-030064771126

 

payload = {'name': 'test2'}

header = {'x-auth-access-token': token, 'Content-Type': 'application/json'}

 

Same error with:

results = requests.put(url, json=payload, headers=header, verify=False)
and
results = requests.put(url, data=json.dumps(payload), headers=header, verify=False)

 

Could it be the same problem as the sub-interface disable issue?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: