Cisco Cisco ASA 5555-X Adaptive Security Appliance 技术手册
4
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(7)
Interfaces
nameif externalIf
bridge-group 1
security-level 50
interface GigabitEthernet0/1
no nameif
no security-level
interface GigabitEthernet0/1.986
vlan 986
nameif internalIf
bridge-group 1
security-level 100
interface BVI1
ip address 10.10.10.2 255.255.255.0
XML Example
Define a graph and interfaces, then attach them to the tenant.
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsTermNodeCon name = "Input1">
<vnsAbsTermConn name = "C1"/>
</vnsAbsTermNodeCon>
<!-- FW1 Provides FW functionality -->
<vnsAbsNode name = "FW1" funcType="GoThrough">
<vnsRsDefaultScopeToTerm
tDn="uni/tn-tenant1/AbsGraph-WebGraph/AbsTermNodeProv-Output1/outtmnl"/>
<vnsAbsFuncConn name = "external" attNotify="yes">
<vnsRsMConnAtt tDn="uni/infra/mDev-CISCO-ASA-{dp_version}/mFunc-Firewall/mConn-external"
/>
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "internal" attNotify="yes">
<vnsRsMConnAtt tDn="uni/infra/mDev-CISCO-ASA-{dp_version}/mFunc-Firewall/mConn-internal"
/>
</vnsAbsFuncConn>
<vnsAbsDevCfg>
<vnsAbsFolder key="BridgeGroupIntf" name="1">
<vnsAbsFolder key="IPv4Address" name="internalIfIP">
<vnsAbsParam key="ipv4_address" name="ipv4" value="10.10.10.2/255.255.255.0"/>
<vnsAbsParam key="ipv4_standby_address" name="ipv4s" value="10.10.10.3"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="Interface" name="internalIf">
<vnsAbsFolder key="InterfaceConfig" name="internalIfCfg">
<vnsAbsCfgRel key="bridge_group" name="intbridge" targetName="1"/>
<vnsAbsParam key="security_level" name="internal_security_level" value="100"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="Interface" name="externalIf">
<vnsAbsFolder key="InterfaceConfig" name="externalIfCfg">
<vnsAbsCfgRel key="bridge_group" name="extbridge" targetName="1"/>
<vnsAbsParam key="security_level" name="external_security_level" value="50"/>
</vnsAbsFolder>
</vnsAbsFolder>