How to get applied ACLs on specified interface in C API?

Document created by cdnadmin on Jan 25, 2014
Version 1Show Document
  • View in full screen mode
This document was generated from CDN thread

Created by: Takashi Miyake on 19-01-2014 06:38:56 PM
Hi, I just started using C API and remote configurering ACLs.
But I can't find getting method which is applied ACLs on specified interface.
Browsing tutorials and acl.h, but I can't find it yet.
Ofcource I'm already applied ACLs to some interafe successfully.

Please help me.

Subject: RE: How to get applied ACLs on specified interface in C API?
Replied by: Takashi Miyake on 20-01-2014 07:10:43 AM
Thank you for your reply Geevarghese Cheria.

I'm seen ACLTutorial already. But it' s only set something.But it's has no code for getting ACL information like "#sh ip int gigabitEthernet 0/1 | i access list"
So, I want to know  "#sh ip int gigabitEthernet 0/1 | i access list" through the OnePK C API.

Regardes, and sorry for my poor English..

//miyake


Subject: RE: How to get applied ACLs on specified interface in C API?
Replied by: Geevarghese Cheria on 20-01-2014 04:39:03 AM
Hi Takashi,

  
The  Acl tutorial file will be available inside the  onePK-sdk-<version>/c/tutorials/ACLTutorial folder. You can run the tutorial as
$ ./bin/ACLTutorial -a <element address> -u <username> -p <password> -t tcp
This will set the Inbound access  list to the first interface which is GigabitEthernet0/1 . You can verify this on the router by running the command
#sh ip int gigabitEthernet 0/1 | i access list

Thanks and Regards,
Geevarghese





Subject: RE: How to get applied ACLs on specified interface in C API?
Replied by: Joseph Clarke on 20-01-2014 08:30:26 AM
You already have the ACL structure you created in memory in your program.  You can also use the function onep_acl_get_acls() to enumerate all ACLs installed by your app.

If you want to specifically run "show ip int" you can use the VTY Service Set to do this.

1...
2res = onep_vty_write(vty, "show ip interface gi0/1 | inc access list", &result);
3printf("Output is '%s'\n", result);
4...


Subject: RE: How to get applied ACLs on specified interface in C API?
Replied by: Takashi Miyake on 20-01-2014 09:05:11 AM
Thank you Joseph.

Joseph Clarke:
You already have the ACL structure you created in memory in your program.  You can also use the function onep_acl_get_acls() to enumerate all ACLs installed by your app.


Yes, I have it. And I already using onep_acl_get_acls() for listing ACLs and ACEs. But my code handling multiple ACLs and using multiple IFs(like a outside ACL manager). So I want to know which ACLs(acl-name(ex. onep-acl-XXX)) applied on Gig0/0.

If you want to specifically run "show ip int" you can use the VTY Service Set to do this.

1...
2res = onep_vty_write(vty, "show ip interface gi0/1 | inc access list", &result);
3printf("Output is '%s'\n", result);
4...


I don't want to use vty codes. Because I need to parse characters. So I think this is last resort plan.
(Do not forget that, I'm using C. not python or java ;-) )

Subject: RE: How to get applied ACLs on specified interface in C API?
Replied by: Takashi Miyake on 20-01-2014 10:12:28 AM
Oh!. 
Thanks your great answer!!
I'm using sqlite with my programs. I can easy to store it. 

I can write python too. So it's time to move python API. 

Subject: RE: How to get applied ACLs on specified interface in C API?
Replied by: Joseph Clarke on 20-01-2014 09:24:31 AM
There is no C API to get the applied interface from an ACL structure (Python does provide this, though).  This looks like an oversight to me.  I filed CSCum66241 to track the request.  As a workaround, you could store a hash in memory mapping ACL names to interfaces.

Attachments

    Outcomes