Performing Tasks Using REST API

Mixed-Mode Encapsulation

Check or Change the VMM Domain Encapsulation Mode Using the REST API

You can use the REST API to discover and change the encapsulation mode of a VMM domain.


Note
If EPGs are associated to the VMM domain, you cannot change its switching mode. If you want the domain to use a different switching mode, delete and re-create it. However, you can change the switching mode of the VMM domain if no EPGs are associated to it.

Procedure

Discover and change the encapsulation mode of a VMM domain.

Example:

<vmmProvP vendor="VMware">
    <vmmDomP name="mininet” enableAVE=“true" enfPref="sw" mcastAddr="225.1.1.1” encapMode=“vxlan” prefEncapMode="vxlan”>
</vmmProvP>

Override the VMM Domain Encapsulation Mode for an EPG Using the REST API

Procedure

Override the VMM domain encapsulation mode for an EPG.

Example:

<polUni>
<fvTenant name="coke">
<fvAp name="sap">
<fvAEPg name="web1">
<fvRsDomAtt resImedcy="immediate"
tDn="uni/vmmp-VMware/dom-mininet"
switchingMode="AVE" encapMode="vxlan"/>
</fvAEPg>
</fvAp>
</fvTenant>
</polUni>

For encapMode=, you can enter one of the following:

  • auto—This causes the EPG to use the same encapsulation mode as the VMM domain. This is the default configuration.

  • vlan—This overrides the domain's VXLAN configuration, and the EPG will use VLAN encapsulation. However, a fault will be triggered for the EPG if a VLAN pool is not configured on the domain.

  • vxlan—This overrides the domain's VLAN configuration, and the EPG will use VXLAN encapsulation. However, a fault will be triggered for the EPG if a multicast pool is not configured on the domain.

Port Channel and Virtual Port Channel Configuration

Configure an LACP Port Channel Policy Using the REST API

Procedure

Step 1

Create a node profile that specifies the leaf IDs that the access port profiles are associated with.

Example:

<infraInfra dn="uni/infra">
    <infraNodeP name="bLeaf">
        <infraLeafS name="leafs" type="range">
            <infraNodeBlk name="nblk" from_="17" to_="17">
            </infraNodeBlk>
        </infraLeafS>
        <infraRsAccPortP tDn="uni/infra/accportprof-shipping1"/>  
        <infraRsAccPortP tDn="uni/infra/accportprof-shipping2"/>  
    </infraNodeP>

Step 2

Create an access port profile that specifies the port included in the access bundle group.

Example:

<infraAccPortP name="shipping1">
    <infraHPortS name="pselc" type="range">
        <infraPortBlk name="blk" fromCard="1" toCard="1" fromPort="19" toPort="20"/>      
        <infraRsAccBaseGrp tDn="uni/infra/funcprof/accbundle-accountingLag1" />
    </infraHPortS>
  </infraAccPortP>

Step 3

Create an access port profile that specifies a second port included in the access bundle group.

Example:

<infraAccPortP name="shipping2">
    <infraHPortS name="pselc" type="range">
        <infraPortBlk name="blk" fromCard="1" toCard="1" fromPort="21" toPort="22"/>      
        <infraRsAccBaseGrp tDn="uni/infra/funcprof/accbundle-accountingLag2" />
    </infraHPortS>
  </infraAccPortP>

Step 4

Create an access bundle group that points to the port channel interface policy.

Example:

<infraFuncP>
   <infraAccBndlGrp name="accountingLag1" lagT='link'>
        <infraRsLacpPol tnLacpLagPolName='accountingLacp1'/>
        <infraRsAttEntP tDn="uni/infra/attentp-default"/>
   </infraAccBndlGrp>
   <infraAccBndlGrp name="accountingLag2" lagT='link'>
         <infraRsLacpPol tnLacpLagPolName='accountingLacp2'/>
         <infraRsAttEntP tDn="uni/infra/attentp-default"/>
   </infraAccBndlGrp>
</infraFuncP>

Step 5

Create a port channel interface policy.

Example:

</infraFuncP>
<lacpLagPol name='accountingLacp1' ctrl='15' descr='accounting' maxLinks='14' minLinks='1'
mode='active' />
<lacpLagPol name='accountingLacp2' ctrl='15' descr='accounting' maxLinks='14' minLinks='1'
mode='active' />

You can set the mode to 'passive' instead of 'active'.

Step 6

Associate the VMM domain to the attachable entity profile.

Example:

<infraAttEntityP name="default"> <infraRsDomP tDn="uni/vmmp-VMware/dom-mininet"/>
</infraAttEntityP>
 
</infraInfra>

Configure a MAC Pinning Port Channel Policy Using the REST API

Procedure

Step 1

Create a node profile that specifies the leaf IDs that the access port profiles are associated with.

Example:

<infraInfra dn="uni/infra">
    <infraNodeP name="bLeaf">
        <infraLeafS name="leafs" type="range">
            <infraNodeBlk name="nblk" from_="17" to_="17">
            </infraNodeBlk>
        </infraLeafS>
        <infraRsAccPortP tDn="uni/infra/accportprof-shipping1"/>  
        <infraRsAccPortP tDn="uni/infra/accportprof-shipping2"/>  
    </infraNodeP>

Step 2

Create an access port profile that specifies the port included in the access bundle group.

Example:

<infraAccPortP name="shipping1">
    <infraHPortS name="pselc" type="range">
        <infraPortBlk name="blk" fromCard="1" toCard="1" fromPort="19" toPort="20"/>      
        <infraRsAccBaseGrp tDn="uni/infra/funcprof/accbundle-accountingLag1" />
    </infraHPortS>
  </infraAccPortP>

Step 3

Create an access port profile that specifies a second port included in the access bundle group.

Example:

<infraAccPortP name="shipping2">
    <infraHPortS name="pselc" type="range">
        <infraPortBlk name="blk" fromCard="1" toCard="1" fromPort="21" toPort="22"/>      
        <infraRsAccBaseGrp tDn="uni/infra/funcprof/accbundle-accountingLag2" />
    </infraHPortS>
  </infraAccPortP>

Step 4

Create an access bundle group that points to the port channel interface policy.

Example:

<infraFuncP>
   <infraAccBndlGrp name="accountingLag1" lagT='link'>
        <infraRsLacpPol tnLacpLagPolName='accountingLacp1'/>
        <infraRsAttEntP tDn="uni/infra/attentp-default"/>
   </infraAccBndlGrp>
   <infraAccBndlGrp name="accountingLag2" lagT='link'>
         <infraRsLacpPol tnLacpLagPolName='accountingLacp2'/>
         <infraRsAttEntP tDn="uni/infra/attentp-default"/>
   </infraAccBndlGrp>
</infraFuncP>

Step 5

Create a port channel interface policy.

Example:

<lacpLagPol name='accountingLacp1' ctrl='15' descr='accounting' maxLinks='14' minLinks='1' mode='mac-pin' />
<lacpLagPol name='accountingLacp2' ctrl='15' descr='accounting' maxLinks='14' minLinks='1' mode='mac-pin' />

Step 6

Associate the VMM domain to the attachable entity profile.

Example:

<infraAttEntityP name="default"> <infraRsDomP tDn="uni/vmmp-VMware/dom-mininet"/> 
</infraAttEntityP>

</infraInfra>

Configure a Static Port Channel Policy Using the REST API

Procedure

Step 1

Create a node profile that specifies the leaf IDs that the access port profiles are associated with.

Example:

<infraInfra dn="uni/infra">
    <infraNodeP name="bLeaf">
        <infraLeafS name="leafs" type="range">
            <infraNodeBlk name="nblk" from_="17" to_="17">
            </infraNodeBlk>
        </infraLeafS>
        <infraRsAccPortP tDn="uni/infra/accportprof-shipping1"/>  
        <infraRsAccPortP tDn="uni/infra/accportprof-shipping2"/>  
    </infraNodeP>

Step 2

Create an access port profile that specifies the port included in the access bundle group.

Example:

<infraAccPortP name="shipping1">
    <infraHPortS name="pselc" type="range">
        <infraPortBlk name="blk" fromCard="1" toCard="1" fromPort="19" toPort="20"/>      
        <infraRsAccBaseGrp tDn="uni/infra/funcprof/accbundle-accountingLag1" />
    </infraHPortS>
  </infraAccPortP>

Step 3

Create an access port profile that specifies a second port included in the access bundle group.

Example:

<infraAccPortP name="shipping2">
    <infraHPortS name="pselc" type="range">
        <infraPortBlk name="blk" fromCard="1" toCard="1" fromPort="21" toPort="22"/>      
        <infraRsAccBaseGrp tDn="uni/infra/funcprof/accbundle-accountingLag2" />
    </infraHPortS>
  </infraAccPortP>

Step 4

Create an access bundle group that points to the port channel interface policy.

Example:

<infraFuncP>
   <infraAccBndlGrp name="accountingLag1" lagT='link'>
        <infraRsLacpPol tnLacpLagPolName='accountingLacp1'/>
        <infraRsAttEntP tDn="uni/infra/attentp-default"/>
   </infraAccBndlGrp>
   <infraAccBndlGrp name="accountingLag2" lagT='link'>
         <infraRsLacpPol tnLacpLagPolName='accountingLacp2'/>
         <infraRsAttEntP tDn="uni/infra/attentp-default"/>
   </infraAccBndlGrp>
</infraFuncP>

Step 5

Create a port channel interface policy.

Example:

<lacpLagPol name='accountingLacp1' ctrl='15' descr='accounting' maxLinks='14' minLinks='1' mode='off' />
<lacpLagPol name='accountingLacp2' ctrl='15' descr='accounting' maxLinks='14' minLinks='1' mode='off' />

Step 6

Associate the VMM domain to the attachable entity profile.

Example:

<infraAttEntityP name="default"> <infraRsDomP tDn="uni/vmmp-VMware/dom-mininet"/> 
</infraAttEntityP>
 
</infraInfra>

Enhanced LACP Policy Support

Create LAGs for DVS Uplink Port Groups Using REST API

Improve distributed virtual switch (DVS) uplink port group load balancing by putting the port groups into link aggregation groups (LAGs) and associating them with specific load-balancing algorithms. You can perform this task using REST API.

Before you begin

You must have created a VMware vCenter virtual machine manager (VMM) domain for VMware VDS or Cisco Application Centric Infrastructure (ACI) Virtual Edge.

Procedure

Step 1

Create the the LAG and associate it with a load-balancing algorithm.

Example:

<polUni>
<vmmProvP vendor="VMware">
    <vmmDomP name="mininetlacpavs">
        <vmmVSwitchPolicyCont>
            <lacpEnhancedLagPol name="lag2" mode="passive" lbmode="vlan" numLinks="4">
            </lacpEnhancedLagPol>
        </vmmVSwitchPolicyCont>
   </vmmDomP>
</vmmProvP>
</polUni>

Step 2

Repeat the step to create other LAGs for the DVS.

What to do next

If you are using VMware VDS, associate endpoint groups (EPGs) to the domain with the enhanced LACP policy. If you are using Cisco Application Centric Infrastructure (ACI) Virtual Edge, associate internally created inside and outside port groups with the enhanced LACP policy, then associate EPGs to the domain with the policy.

Associate Internal Port Groups to VMware vCenter Domains with Enhanced LACP Policies Using REST API

Associate Cisco Application Centric Infrastructure (ACI) Virtual Edge internally created inside and outside port groups with a VMware vCenter domain with an enhanced LACP policy. You can perform this task using REST API.

Before you begin

You must have created link aggregation groups (LAGs) for distributed virtual switch (DVS) uplink portgroups and associated a load-balancing algorithm to the LAGs.

Procedure

Example:

<vmmProvP vendor="VMware">
    <vmmDomP name="mininetlacpavs" enfPref="sw" mcastAddr="225.1.1.1" prefEncapMode="vlan" enableAVE="true">
       <vmmRsPrefEnhancedLagPol tDn="uni/vmmp-VMware/dom-mininetlacpavs/vswitchpolcont/enlacplagp-lag2"/>
   </vmmDomP>
</vmmProvP>

What to do next

Associate endpoint groups (EPGs) with the VMware vCenter domain containing the enhanced LACP policy.

Associate Application EPGs to VMware vCenter Domains with Enhanced LACP Policies Using REST API

Associate application endpoint groups (EPGs) with the VMware vCenter domain with LAGs and a load-balancing algorithm. You can perform this task using REST API. You can also deassociate application EPGs from the domain.

Before you begin

You must have created link aggregation groups (LAGs) for distributed virtual switch (DVS) uplink port groups and associated a load-balancing algorithm to the LAGs.

Procedure

Step 1

Associate an EPG to a VMware vCenter domain with LAGs associated to a load-balancing algorithm.

Example:

<polUni>
  <fvTenant
    dn="uni/tn-coke"
    name="coke">
    <fvCtx name="cokectx"/>
    <fvAp
      dn="uni/tn-coke/ap-sap"
      name="sap">
      <fvAEPg
        dn="uni/tn-coke/ap-sap/epg-web3"    
        name="web3" >
          <fvRsBd tnFvBDName="cokeBD2" />
          <fvRsDomAtt resImedcy="immediate" switchingMode="native"
            tDn="uni/vmmp-VMware/dom-mininetlacpavs">
            <fvAEPgLagPolAtt >
              <fvRsVmmVSwitchEnhancedLagPol tDn="uni/vmmp-VMware/dom-mininetlacpavs/vswitchpolcont/enlacplagp-lag2"/>
            </fvAEPgLagPolAtt>
          </fvRsDomAtt>
      </fvAEPg>  
    </fvAp>            
  </fvTenant>
</polUni>

Step 2

Repeat Step 1 for other application EPGs in the tenant, as desired.

SPAN Features

Configure Local SPAN with a CEP Source Using the REST API

Procedure

Configure local SPAN with a CEP source.

Example:

<polUni>
  <infraInfra> 
    <spanVSrcGrp name="srcgrp2">
        <spanVSrc name="src1" dir="both" >
                           <spanRsSrcToVPort  tDn="uni/tn-t0/ap-a0/epg-g3/cep-00:50:56:B3:24:E1"/>                        
        </spanVSrc>
        <spanSpanLbl name="destgrp1">           
        </spanSpanLbl>
    </spanVSrcGrp>    
      <infraFuncP>
            <infraAccBndlGrp name="test-lvspan"> 
            <infraRsSpanVSrcGrp tnSpanVSrcGrpName="srcgrp1"/>
            <infraRsSpanVDestGrp tnSpanVDestGrpName="destgrp1"/>
            <infraRsAttEntP tDn="uni/infra/attentp-test-lvspan"/>
            </infraAccBndlGrp>
    </infraFuncP>           
     <spanVDestGrp
                        name="destgrp2">
        <spanVDest name="dest1">	
                           <spanRsDestToVPort tDn="uni/tn-t0/ap-a0/Promiscuous-EPG/cep-00:50:56:B3:5F:AA"/>
        </spanVDest>
    </spanVDestGrp>
    <infraAttEntityP name="test-lvspan">
    <infraRsDomP tDn="uni/vmmp-VMware/dom-mininet"/> 
 </infraAttEntityP>
 </infraInfra>
 </polUni>

Configure Local SPAN with an EPG Source Using the REST API

Procedure

Configure local SPAN with an EPG source.

Example:

<polUni>
  <infraInfra>
  <spanVSrcGrp
                        name="srcgrp2" adminSt="start">
        <spanVSrc name="src2" dir="both">
                           <spanRsSrcToEpg  tDn="uni/tn-t0/ap-a0/epg-g11"/>
        </spanVSrc>
        <spanSpanLbl name="destgrp1">
          </spanSpanLbl>
    </spanVSrcGrp>
    <infraFuncP>
            <infraAccBndlGrp name="test-lvspan"> 
            <infraRsSpanVSrcGrp tnSpanVSrcGrpName="srcgrp2"/>
            <infraRsSpanVDestGrp tnSpanVDestGrpName="destgrp1"/>
            </infraAccBndlGrp>
    </infraFuncP> 
  <spanVDestGrp
                        name="destgrp2">
        <spanVDest name="dest1">	
                         <spanRsDestToVPort tDn="uni/tn-t0/ap-a0/Promiscuous-EPG/cep-00:50:56:B3:5F:AA"/>
        </spanVDest>
    </spanVDestGrp>
    <infraAttEntityP name="test-lvspan">
    <infraRsDomP tDn="uni/vmmp-VMware/dom-mininet"/> 
 </infraAttEntityP>
 </infraInfra>
 </polUni>

Configure ERSPAN with a CEP Source Using the REST API

Procedure

Configure ERSPAN with a CEP source.

Example:

<polUni>
  <infraInfra> 
    <spanVSrcGrp name="srcgrp2">
        <spanVSrc name="src1" dir="both" >
                           <spanRsSrcToVPort  tDn="uni/tn-t0/ap-a0/epg-g3/cep-00:50:56:B3:24:E1"/>                        
        </spanVSrc>
        <spanSpanLbl name="destgrp1">           
        </spanSpanLbl>
    </spanVSrcGrp>    
      <infraFuncP>
            <infraAccBndlGrp name="test-lvspan"> 
            <infraRsSpanVSrcGrp tnSpanVSrcGrpName="srcgrp1"/>
            <infraRsSpanVDestGrp tnSpanVDestGrpName="destgrp1"/>
            <infraRsAttEntP tDn="uni/infra/attentp-test-lvspan"/>
            </infraAccBndlGrp>
    </infraFuncP>           
           <spanVDestGrp
                        name="destgrp1">
        <spanVDest name="dest1">
           <spanVEpgSummary name="summ1" dstIp="10.30.13.195" ttl="50" mtu="1500" dscp="2"/> 
             </spanVDest>
    </spanVDestGrp> 
   <infraAttEntityP name="test-lvspan">
    <infraRsDomP tDn="uni/vmmp-VMware/dom-mininet"/> 
 </infraAttEntityP>
 </infraInfra>
 </polUni>

Configure ERSPAN with a Static Endpoint Using the REST API

Procedure

Configure ERSPAN with a static CEP source.

Example:

<polUni>  
 <fvTenant name="infra">    
   <fvAp name="access">      
     <fvAEPg name="default">             
       <fvStCEp name="erspan-dest "                  
             type="tep"                 
             mac="00:50:56:B3:42:9C"              
             ip="10.0.0.50"        
             encap="vlan-4093">          
         <fvRsStCEpToPathEp tDn="topology/pod-1/paths-110/pathep-[macpin-1]"/>        
       </fvStCEp>      
     </fvAEPg>
   </fvAp>
 </fvTenant>
</polUni>

Configure ERSPAN with an EPG Source Using the REST API

Procedure

Configure ERSPAN with an EPG source.

Example:

<polUni>
  <infraInfra>
  <spanVSrcGrp
                        name="srcgrp2" adminSt="start">
        <spanVSrc name="src2" dir="both">
                           <spanRsSrcToEpg  tDn="uni/tn-t0/ap-a0/epg-g11"/>
        </spanVSrc>
        <spanSpanLbl name="destgrp1">
          </spanSpanLbl>
    </spanVSrcGrp>
    <infraFuncP>
            <infraAccBndlGrp name="test-lvspan"> 
            <infraRsSpanVSrcGrp tnSpanVSrcGrpName="srcgrp2"/>
            <infraRsSpanVDestGrp tnSpanVDestGrpName="destgrp1"/>
            </infraAccBndlGrp>
    </infraFuncP> 
           <spanVDestGrp
                        name="destgrp1">
        <spanVDest name="dest1">
           <spanVEpgSummary name="summ1" dstIp="10.30.13.195" ttl="50" mtu="1500" dscp="2"/> 
             </spanVDest>
    </spanVDestGrp> 
    <infraAttEntityP name="test-lvspan">
    <infraRsDomP tDn="uni/vmmp-VMware/dom-mininet"/> 
 </infraAttEntityP>
 </infraInfra>
 </polUni>

BPDU Features

Configure BPDU Features Using the REST API

Procedure

Step 1

Configure BPDU Guard.

Example:

<polUni>
  <infraInfra>
      <stpIfPol name="testStp5" ctrl="bpdu-guard"/>
      <infraFuncP>
        <infraAccBndlGrp name="test51">
        <infraRsStpIfPol tnStpIfPolName="testStp5"/>
        <infraRsAttEntP tDn="uni/infra/attentp-test-bpdu"/>
        </infraAccBndlGrp>
      </infraFuncP>
  </infraInfra>
</polUni>


<vmmProvP vendor="VMware">
     <vmmDomP name="mininet">
        <vmmVSwitchPolicyCont>
           <vmmRsVswitchOverrideStpPol tDn="uni/infra/ifPol-testStp5"/>
        </vmmVSwitchPolicyCont>
     </vmmDomP>
</vmmProvP

Step 2

Configure BPDU filtering.

Example:

<polUni>
  <infraInfra>
      <stpIfPol name="testStp5" ctrl="bpdu-filter"/>
      <infraFuncP>
        <infraAccBndlGrp name="test51">
        <infraRsStpIfPol tnStpIfPolName="testStp5"/>
        <infraRsAttEntP tDn="uni/infra/attentp-test-bpdu"/>
        </infraAccBndlGrp>
      </infraFuncP>
 </infraInfra>
</polUni>

<vmmProvP vendor="VMware">
     <vmmDomP name="mininet">
        <vmmVSwitchPolicyCont>
           <vmmRsVswitchOverrideStpPol tDn="uni/infra/ifPol-testStp5"/>
        </vmmVSwitchPolicyCont>
     </vmmDomP>
</vmmProvP>

IGMP Querier and Snooping

Enable IGMP Querier on the Bridge Domain Subnet Using the REST API

Procedure

Enable IGMP querier on the bridge domain subnet.

Example:

<fvTenant name="ms10">

<fvCtx name="msv10"/>

<fvBD name="msb10">
  <fvSubnet ctrl="querier" descr="" ip="1.1.9.1/24" name="" nameAlias=""
preferred="no" scope="private" virtual="no"/>
  <fvRsCtx tnFvCtxName="msv10"/>

</fvBD></fvTenant>

Configure an IGMP Snooping Policy Using the REST API

Procedure

Create an IGMP snooping policy and apply it to the bridge domain.

Example:

<igmpSnoopPol name="igmp_snp_bd_21"
              adminSt="enabled"
              ctrl="fast-leave,querier"
              lastMbrIntvl="1"
              queryIntvl="125"
              rspIntvl="10"
              startQueryCnt="2"
              startQueryIntvl="31"
              />
<fvCtx name="msv10"/>

<fvBD name="msb10">
  <fvRsCtx tnFvCtxName="msv10"/>

  <!-- Bind IGMP snooping to a BD -->
  <fvRsIgmpsn tnIgmpSnoopPolName="igmp_snp_bd_21"/>
</fvBD></fvTenant>

Intra-EPG Isolation Enforcement

Configure Intra-EPG Isolation for Cisco ACI Virtual Edge Using the REST API

Before you begin

Make sure that VXLAN-related configuration is present on the Cisco ACI Virtual Edge VMM domain, particularly a Cisco ACI Virtual Edge fabric-wide multicast address and pool of multicast addresses (one per EPG).

Procedure

Step 1

Send this HTTP POST message to deploy the application using the XML API.

Example:

   POST 
https://10.197.139.36/api/mo/uni/tn-Tenant2.xml

Step 2

For a VMM deployment, include the XML structure in the following example in the body of the POST message.

Example:

<fvTenant name="Tenant2" >
  <fvAp name="AP-1">
    <fvAEPg name="EPG-61" pcEnfPref="enforced">
      <!-- pcEnfPref="enforced" ENABLES ISOLATION-->
      <!-- pcEnfPref="unenforced" DISABLES ISOLATION-->
        <fvRsBd tnFvBDName="BD-61" />
        <fvRsDomAtt switchingMode="AVE" encapMode="vxlan" resImedcy="immediate" tDn="uni/vmmp-VMware/dom-D-AVE-SITE-1-XXIII" >
        </fvRsDomAtt>
    </fvAEPg>
  </fvAp>
</fvTenant>

What to do next

You can select statistics and view them to help diagnose problems involving the endpoint. See the sections Choose Statistics for Isolated Endpoints on Cisco ACI Virtual Edge Under the Tenants Tab and View Statistics for Isolated Endpoints on Cisco ACI Virtual Edge Under the Tenants Tab in this guide.

Distrubuted Firewall

Configure a Stateful Policy for Distributed Firewall Using the REST API

Configure a stateful policy in the Cisco APIC.

Procedure

Step 1

Log in to the Cisco APIC.

Step 2

Post the policy to https://APIC-ip-address/api/node/mo/.xml.

Example:

<polUni>
  <infraInfra>

    <nwsFwPol name="fwpol1" mode="enabled"/>    (enabled, disabled, learning)

    <infraFuncP>
        <infraAccBndlGrp name="fw-bundle">
            <infraRsFwPol tnNwsFwPolName="fwpol1"/>
            <infraRsAttEntP tDn="uni/infra/attentp-testfw2"/>
        </infraAccBndlGrp>
    </infraFuncP> 
 
     <infraAttEntityP name="testfw2">
                <infraRsDomP tDn="uni/vmmp-VMware/dom-mininet"/> 
     </infraAttEntityP>
           
  </infraInfra>

</polUni>

What to do next

Create a Distributed Firewall policy.

Configure Parameters for Distributed Firewall Flow Information Using the REST API

Procedure

Step 1

Send an HTTP POST message to deploy the application using the XML API.

Example:

POST https://10.197.139.36/api/node/mo/uni/fabric/slgroup-Syslog-Servers.xml

Step 2

Configure the parameters for the syslog server or servers.

Example:

<syslogGroup descr="" dn="uni/fabric/slgroup-Syslog-Servers" format="aci" name="Syslog-Servers" nameAlias="">
	<syslogRemoteDest adminState="enabled" descr="" format="aci" forwardingFacility="local7" host="10.197.139.216" name="10.197.139.216" nameAlias="" port="1514" severity="debugging">
		<fileRsARemoteHostToEpg tDn="uni/tn-mgmt/mgmtp-default/oob-default"/>
	</syslogRemoteDest>
	<syslogProf adminState="enabled" descr="" name="syslog" nameAlias=""/>
	<syslogFile adminState="disabled" descr="" format="aci" name="" nameAlias="" severity="information"/>
	<syslogConsole adminState="disabled" descr="" format="aci" name="" nameAlias="" severity="alerts"/>
</syslogGroup>