{ "info": { "_postman_id": "0c1948da-d645-4b5c-90f4-9b3074a5040f", "name": "Hc2vpp RESTCONF calls for acl plugin", "description": "Provides examples of RESTCONF calls for vpp's acl plugin, exposed\nin hc2vpp.", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "item": [ { "name": "Write mac_ip list", "request": { "method": "PUT", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"acl\":\n {\n \"name\":\"macip-acl\",\n \"type\":\"vpp-acl:vpp-macip-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"macip-rule\",\n \"matches\":{\n \n \"eth\":{\n \"source-mac-address\":\"aa:aa:aa:aa:aa:aa\",\n \"source-mac-address-mask\":\"ff:00:00:00:00:00\"\n\n },\n\n \"ipv4\":{\n\n \"source-ipv4-network\":\"192.168.2.2/32\"\n\n\n }\n },\n \n \"actions\":{\n \"forwarding\": \"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/macip-acl", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "acl", "macip-acl" ] } }, "response": [] }, { "name": "Write tcp acl list", "request": { "method": "PUT", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"acl\":\n {\n \"name\":\"tcp-acl\",\n \"type\":\"vpp-acl:vpp-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"tcp-rule\",\n \"matches\":{\n \"ipv4\":{\n \"destination-ipv4-network\":\"192.168.2.1/24\",\n \"source-ipv4-network\":\"192.168.2.2/32\"\n },\n \"tcp\":{\n \"source-port\":{\n \"lower-port\":\"1\",\n \"upper-port\":\"5487\"\n },\n \"destination-port\":{\n \"lower-port\":\"87\",\n \"upper-port\":\"6745\"\n },\n \"flags\":\"cwr ece urg\",\n \"vpp-acl:vpp-tcp-ace\":{\n \"vpp-acl:flags-mask\":\"cwr\"\n }\n }\n },\n \"actions\":{\n \"forwarding\":\"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/tcp-acl", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "acl", "tcp-acl" ] } }, "response": [] }, { "name": "Write udp acl list", "request": { "method": "PUT", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\r\n \"acl\":\r\n {\r\n \"name\":\"udp-acl\",\r\n \"type\":\"vpp-acl:vpp-acl\",\r\n \"aces\":{\r\n \"ace\":[\r\n {\r\n \"name\":\"udp-rule\",\r\n \"matches\":{\r\n \"ipv4\":{\r\n \"destination-ipv4-network\":\"192.168.2.1/24\",\r\n \"source-ipv4-network\":\"192.168.2.2/32\"\r\n },\r\n \"udp\":{\r\n \"source-port\":{\r\n \"lower-port\":\"1\",\r\n \"upper-port\":\"5487\"\r\n },\r\n \"destination-port\":{\r\n \"lower-port\":\"87\",\r\n \"upper-port\":\"6745\"\r\n }\r\n }\r\n },\r\n \"actions\":{\r\n \"forwarding\":\"ietf-access-control-list:accept\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n}" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/udp-acl", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "acl", "udp-acl" ] } }, "response": [] }, { "name": "Write icmp acl list", "request": { "method": "PUT", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"acl\":\n {\n \"name\":\"icmp-acl\",\n \"type\":\"vpp-acl:vpp-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"imcp-rule\",\n \"matches\":{\n \"ipv4\":{\n \"source-ipv4-network\":\"192.168.2.2/32\",\n \"destination-ipv4-network\":\"192.168.2.1/24\"\n },\n \"icmp\":{\n \"vpp-acl:vpp-icmp-ace\":{\n \"vpp-acl:icmp-type-range\":{\n \"first\":\"5\",\n \"last\":\"8\"\n },\n \"vpp-acl:icmp-code-range\":{\n \"first\":\"1\",\n \"last\":\"3\"\n }\n }\n }\n },\n \"actions\":{\n \"forwarding\":\"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/icmp-acl", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "acl", "icmp-acl" ] } }, "response": [] }, { "name": "Write icmp-v6 acl list", "request": { "method": "PUT", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"acl\":\n {\n \"name\":\"icmp-v6-acl\",\n \"type\":\"vpp-acl:vpp-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"imcp-v6-rule\",\n \"matches\":{\n \"ipv6\":{\n \"source-ipv6-network\":\"2001:0db8:0a0b:12f0:0000:0000:0000:0002/48\",\n \"destination-ipv6-network\":\"2001:0db8:0a0b:12f0:0000:0000:0000:0001/64\"\n },\n \"icmp\":{\n \"vpp-acl:vpp-icmp-ace\":{\n \"vpp-acl:icmp-type-range\":{\n \"first\":\"5\",\n \"last\":\"8\"\n },\n \"vpp-acl:icmp-code-range\":{\n \"first\":\"1\",\n \"last\":\"3\"\n }\n }\n }\n },\n \"actions\":{\n \"forwarding\":\"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/icmp-v6-acl", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "acl", "icmp-v6-acl" ] } }, "response": [] }, { "name": "Read interface ACLs (operational)", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "http://localhost:8183/restconf/operational/ietf-access-control-list:acls/attachment-points/", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "operational", "ietf-access-control-list:acls", "attachment-points", "" ] } }, "response": [] }, { "name": "Read interface ACLs (config)", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "attachment-points", "interface", "local0" ] } }, "response": [] }, { "name": "Read ACLs (cfg)", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "" ] } }, "response": [] }, { "name": "Read ACLs (oper)", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "http://localhost:8183/restconf/operational/ietf-access-control-list:acls/", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "operational", "ietf-access-control-list:acls", "" ] } }, "response": [] }, { "name": "Assign ACLs as ingress to local0", "request": { "method": "PUT", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n\t\"acl-sets\" : {\n\t\t\"acl-set\" : [\n\t\t\t{\n\t\t\t\t\"name\" : \"tcp-acl\"\t\n\t\t\t},\n\t\t\t{\n\t\t\t\t\"name\" : \"udp-acl\"\t\n\t\t\t}\n\t\t\t]\n\t}\n}\n" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress/acl-sets/", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "attachment-points", "interface", "local0", "ingress", "acl-sets", "" ] } }, "response": [] }, { "name": "Delete ACLs as ingress from local0", "request": { "method": "DELETE", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "attachment-points", "interface", "local0", "ingress" ] } }, "response": [] }, { "name": "Assign macip ACL to local0", "request": { "method": "PUT", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n\t\"acl-set\": {\n\t\t\"name\" : \"macip-acl\"\n\t}\n}" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress/acl-sets/acl-set/macip-acl", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "attachment-points", "interface", "local0", "ingress", "acl-sets", "acl-set", "macip-acl" ] } }, "response": [] }, { "name": "delete macip ACL from local0", "request": { "method": "DELETE", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress/acl-sets/acl-set/macip-acl", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "attachment-points", "interface", "local0", "ingress", "acl-sets", "acl-set", "macip-acl" ] } }, "response": [] }, { "name": "Read ACLs assigned to local0 (cfg)", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "attachment-points", "interface", "local0" ] } }, "response": [] }, { "name": "Assign ACLs as egress to local0", "request": { "method": "PUT", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n\t\"egress\" : {\n\t\t\"acl-sets\" : {\n\t\t\t\"acl-set\" : [\n\t\t\t\t{\n\t\t\t\t\t\"name\" : \"tcp-acl\"\t\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"name\" : \"udp-acl\"\t\n\t\t\t\t}\n\t\t\t\t]\n\t\t}\n\t}\n}\n" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/egress", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "attachment-points", "interface", "local0", "egress" ] } }, "response": [] }, { "name": "Delete ACLs as egress from local0", "request": { "method": "DELETE", "header": [ { "key": "Authorization", "value": "Basic YWRtaW46YWRtaW4=" }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/egress", "protocol": "http", "host": [ "localhost" ], "port": "8183", "path": [ "restconf", "config", "ietf-access-control-list:acls", "attachment-points", "interface", "local0", "egress" ] } }, "response": [] } ] }