Cisco Cisco Prime Network Services Controller 3.0 Guide Du Développeur
Page 43
OL-28369-01
</inConfigs>
</configConfMos>
Response
<configConfMos
cookie="<real_cookie>"
commCookie="7/15/0/1a3"
srcExtSys="10.193.33.221"
destExtSys="10.193.33.221"
srcSvc="sam_extXMLApi"
destSvc="policy-mgr_dme"
response="yes">
<outConfigs>
commCookie="7/15/0/1a3"
srcExtSys="10.193.33.221"
destExtSys="10.193.33.221"
srcSvc="sam_extXMLApi"
destSvc="policy-mgr_dme"
response="yes">
<outConfigs>
<pair key="org-root/attr-dict-custom-userAttrs">
<policyVnspCustomDictionary
descr=""
dn="org-root/attr-dict-custom-userAttrs"
intId="24245"
name="userAttrs"
status="created"/>
dn="org-root/attr-dict-custom-userAttrs"
intId="24245"
name="userAttrs"
status="created"/>
</pair>
</outConfigs>
</configConfMos>
Policy
Beginning with version 2.0, Prime Network Services Controller no longer uses the adminState property for ACL
policies because VSG compute firewalls do not support a value of disabled for this property; the default value is
enabled. However, Prime Network Services Controller continues to use the adminState property in other types of
policies, such as those used by ASA 1000V.
policies because VSG compute firewalls do not support a value of disabled for this property; the default value is
enabled. However, Prime Network Services Controller continues to use the adminState property in other types of
policies, such as those used by ASA 1000V.
If you set the adminState property via the API for an ACL policy, the response will contain the following error
message:
message:
<configConfMos
cookie="<real_cookie>"
commCookie="7/12/0/55"
srcExtSys="10.193.76.15"
destExtSys="10.193.76.15"
srcSvc="sam_extXMLApi"
destSvc="policy-mgr_dme"
response="yes"
errorCode="170"
invocationResult="unidentified-fail"
errorDescr="Admin implicit props cannot be modified, prop=adminState>
commCookie="7/12/0/55"
srcExtSys="10.193.76.15"
destExtSys="10.193.76.15"
srcSvc="sam_extXMLApi"
destSvc="policy-mgr_dme"
response="yes"
errorCode="170"
invocationResult="unidentified-fail"
errorDescr="Admin implicit props cannot be modified, prop=adminState>
The following example creates a policy named trustedHosts and sets the rules it can use.
Request
POST URL: https://10.193.33.221/xmlIM/policy-mgr
XML API payload:
<configConfMos
XML API payload:
<configConfMos
cookie="<real_cookie>">
<inConfigs>
<inConfigs>
<pair key="org-root/org-tenant1/pol-trustedHosts">
<policyRuleBasedPolicy dn="org-root/org-tenant1/pol-trustedHosts">
<policyRule name="allowSsh" order="1">
<!-- This rule allows all VMs in zone "trustedClients" to initiate an SSH connection
to VMs in zone "trustedServers" -->
to VMs in zone "trustedServers" -->
<policyRuleCondition id="100" order="1">
<policyNetworkExpression opr="eq">
<policyNwAttrQualifier attrEp="source"/>
<policyNwAttrQualifier attrEp="source"/>