Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Disable FTD Subinterface via API

Hi all,

I'm now to the FMC API, and FTD in general. I have been tasked with creating an automated process to disable a subinterface on an FTD.  I am able to pull the subinterfaces, but do not appear to be able to change the state via the API.  I have also tried fplogicalinterfaces, but can't seem to pull any data from that.  Is this something that simply isn't supported yet?  Any recommendations on alternative ways to disable a subinterface?

Cisco Employee



For getting the details about the subinterfaces you are using the GET method. To enable or disable the subinterface you should be changing the method for the same URI to PUT. The PUT json data should be something like below:

post_data = {"type": "SubInterface",
"vlanId": "50",
"subIntfId": "50",
"enabled": False,
"MTU": 1500,
"managementOnly": False,
"enableDNSLookup": True,
"enableAntiSpoofing": True,
"ifname": "subint_vlan_50",
"name": interface_name,
"ipv4": {
"static": {
"address": ip_address,
"netmask": netmask,

"id":[interface id from the get]


New Member

Thanks for the quick response

Thanks for the quick response!

That is exactly what I tried, but I was getting a URL error.  I realized during some testing I had changed it to a POST instead of PUT.  I fixed that and it resolved the URL error.  What I'm seeing now is:  

{"error":{"category":"FRAMEWORK","messages":[{"description":"Request UUID and data does not match."}],"severity":"ERROR"}}

I'm sending the following PUT to shut down the interface:



{"enabled": false, "id": "843DC698-7A16-0ed3-0000-188978563388"}

I'm pulling the id directly from the subinterface ['id'].  Are there other required values i must send even though they aren't changing?  I can't find any documentation on a subinterface PUT, only GET.

Cisco Employee



The URL you are using looks good. You may be on a version of FMC that does not support subinterface configuration. What is the exact version of FMC you are running. I have attached what API explorer should look like with newer versions of FMC.


New Member

I am on 6.1.  Sounds like its

I am on 6.1.  Sounds like its time for an upgrade!

Cisco Employee



Yes, upgrade to 6.2 would be needed for the subinterface CRUD on the APIs.



New Member

Thanks!  Also, not sure if it

Thanks!  Also, not sure if it matters, but i'm looking at object model in the 6.2.1 docs and it still only shows GET for subinterfaces...  That may need to be updated to match the explorer.

One other question that will be relevant after I upgrade.  Since this is an HA pair and the container on the PUT is a device, not a devicegroup, do i need to PUT it to both members of the group?

New Member

I have the same issue using PUT

Running 6.2.1
As a test, I try changing the name of an Access Control Policy and always get the same error:

{"error": {"messages": [{"description": "Request UUID and data does not match."}], "category": "FRAMEWORK", "severity": "ERROR"}}


url =


payload = {'name': 'test2'}

header = {'x-auth-access-token': token, 'Content-Type': 'application/json'}


Same error with:

results = requests.put(url, json=payload, headers=header, verify=False)
results = requests.put(url, data=json.dumps(payload), headers=header, verify=False)


Could it be the same problem as the sub-interface disable issue?