pyaoscx.acl module

class pyaoscx.acl.ACL(session, name, list_type, uri=None, **kwargs)

Bases: pyaoscx.pyaoscx_module.PyaoscxModule

Provide configuration management for ACL on AOS-CX devices.

add_acl_entry(sequence_num, action, count=None, protocol=None, src_ip=None, dst_ip=None, dst_l4_port_min=None, dst_l4_port_max=None, src_mac=None, dst_mac=None, ethertype=None)
Create an AclEntry object, ACL Entry already exists, value passed
won’t update the entry.
Parameters:
  • sequence_num – Integer number of the sequence
  • action – Action should be either “permit” or “deny”
  • count – Optional boolean flag that when true, will make entry increment hit count for matched packets
  • protocol – Optional integer IP protocol number
  • src_ip – Optional source IP address. Both IPv4 and IPv6 are supported. Example: 10.10.12.11/255.255.255.255 2001:db8::11/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  • dst_ip – Optional destination IP address. Both IPv4 and IPv6 are supported. Example: 10.10.12.11/255.255.255.255 2001:db8::11/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  • dst_l4_port_min – Optional minimum L4 port number in range; used in conjunction with dst_l4_port_max.
  • dst_l4_port_max – Optional maximum L4 port number in range; used in conjunction with dst_l4_port_min.
  • src_mac – Optional source MAC address Example: ‘01:02:03:04:05:06’
  • dst_mac – Optional destination MAC address Example: ‘01:02:03:04:05:06’
  • ethertype – Optional integer EtherType number
Return acl_entry:
 

A AclEntry object
apply()
Main method used to either create or update an existing ACL table
entry. Checks whether the ACL exists in the switch. Calls self.update() if ACL being updated. Calls self.create() if a new ACL is being created.
Return modified:
 Boolean, True if object was created or modified.
base_uri = 'system/acls'
cfg_aces
Attribute descriptor class to keep track of a list that contains
pyaoscx_module objects simulating a Reference to a resource. If the list changes, then every pyaoscx_module object has to be changed.
create()
Perform a POST call to create a new ACL table entry. Only returns if no
exception is raised.
Return modified:
 Boolean, True if entry was created.
delete()

Perform DELETE call to delete ACL table entry.

delete_all_acl_entries()

Delete all ACL Entries within an ACL.

Returns:True if object was changed
classmethod from_response(session, response_data)

Create a Acl object given a response_data.

Parameters:
  • cls – Object’s class.
  • session – pyaoscx.Session object used to represent a logical connection to the device
  • response_data – The response must be a dictionary of the form: { “{name},{list_type}”: URL }, with URL being of the form: “/rest/v10.04/system/acls/{name},{list_type}”
Returns:

Acl object.
classmethod from_uri(session, uri)

Create a Acl object given a URI.

Parameters:
  • cls – Object’s class.
  • session – pyaoscx.Session object used to represent a logical connection to the device.
  • uri – a String with a URI
Return indices, acl:
 

tuple containing both the indices and Acl object.
get(depth=None, selector=None)
Perform a GET call to retrieve data for an ACL table entry and fill
the object with the incoming attributes.
Parameters:
  • depth – Integer deciding how many levels into the API JSON that references will be returned.
  • selector – Alphanumeric option to select specific information to return.
Returns:

Returns True if there is not an exception raised.
classmethod get_all(session)
Perform a GET call to retrieve all system ACLs, and create a dictionary
containing them.
Parameters:
  • cls – Object’s class.
  • session – pyaoscx.Session object used to represent a logical connection to the device.
Returns:

Dictionary containing ACLs IDs as keys and a Acl objects as values.
get_info_format()
Method used to obtain correct object format for referencing inside
other objects.

return: Object format depending on the API Version.

get_uri()

Method used to obtain the specific ACL URI.

return: Object’s URI.

indices = ['name', 'list_type']
modified

Return boolean with whether this object has been modified.

modify_acl_entry(sequence_num, action, count=None, src_ip=None, dst_ip=None, dst_l4_port_min=None, dst_l4_port_max=None, src_mac=None, dst_mac=None, ethertype=None)

Modify an existing ACL Entry.

Parameters:
  • sequence_num – Integer number of the sequence.
  • action – Action should be either “permit” or “deny”.
  • count – Optional boolean flag that when true, will make entry increment hit count for matched packets.
  • src_ip – Optional source IP address. Both IPv4 and IPv6 are supported. Example: 10.10.12.11/255.255.255.255 2001:db8::11/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  • dst_ip – Optional destination IP address. Both IPv4 and IPv6 are supported. Example: 10.10.12.11/255.255.255.255 2001:db8::11/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  • dst_l4_port_min – Optional minimum L4 port number in range; used in conjunction with dst_l4_port_max.
  • dst_l4_port_max – Optional maximum L4 port number in range; used in conjunction with dst_l4_port_min.
  • src_mac – Optional source MAC address Example: ‘01:02:03:04:05:06’
  • dst_mac – Optional destination MAC address Example: ‘01:02:03:04:05:06’
  • ethertype – Optional integer EtherType number.
Return acl_entry:
 

A AclEntry object.
resource_uri_name = 'acls'
update()

Perform a PUT call to apply changes to an existing ACL table entry.

Return modified:
 True if Object was modified and a PUT request was made.
was_modified()

Getter method for the __modified attribute.

Returns:Boolean True if the object was recently modified.