-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
nsacl
-
-
-
-
-
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
nsacl
Configuration for ACL entry resource.
Properties
(click to see Operations)
Name | Data Type | Permissions | Description |
---|---|---|---|
aclname |
|
Read-write | Name for the extended ACL rule. Must begin with an ASCII alphabetic or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Minimum length = 1 |
aclaction |
|
Read-write | Action to perform on incoming IPv4 packets that match the extended ACL rule. Available settings function as follows: * ALLOW - The Citrix ADC processes the packet. * BRIDGE - The Citrix ADC bridges the packet to the destination without processing it. * DENY - The Citrix ADC drops the packet. Possible values = BRIDGE, DENY, ALLOW |
td |
|
Read-write | Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value = 0 Maximum value = 4094 |
srcip |
|
Read-write | IP address or range of IP addresses to match against the source IP address of an incoming IPv4 packet. In the command line interface, separate the range with a hyphen. For example: 10.102.29.30-10.102.29.189. |
srcipop |
|
Read-write | Either the equals (=) or does not equal (!=) logical operator. Possible values = =, !=, EQ, NEQ |
srcipval |
|
Read-write | IP address or range of IP addresses to match against the source IP address of an incoming IPv4 packet. In the command line interface, separate the range with a hyphen. For example:10.102.29.30-10.102.29.189. |
srcport |
|
Read-write | Port number or range of port numbers to match against the source port number of an incoming IPv4 packet. In the command line interface, separate the range with a hyphen. For example: 40-90. |
srcportop |
|
Read-write | Either the equals (=) or does not equal (!=) logical operator. Possible values = =, !=, EQ, NEQ |
srcportval |
|
Read-write | Port number or range of port numbers to match against the source port number of an incoming IPv4 packet. In the command line interface, separate the range with a hyphen. For example: 40-90. Maximum length = 65535 |
destip |
|
Read-write | IP address or range of IP addresses to match against the destination IP address of an incoming IPv4 packet. In the command line interface, separate the range with a hyphen. For example: 10.102.29.30-10.102.29.189. |
destipop |
|
Read-write | Either the equals (=) or does not equal (!=) logical operator. Possible values = =, !=, EQ, NEQ |
destipval |
|
Read-write | IP address or range of IP addresses to match against the destination IP address of an incoming IPv4 packet. In the command line interface, separate the range with a hyphen. For example: 10.102.29.30-10.102.29.189. |
destport |
|
Read-write | Port number or range of port numbers to match against the destination port number of an incoming IPv4 packet. In the command line interface, separate the range with a hyphen. For example: 40-90. Note: The destination port can be specified only for TCP and UDP protocols. |
destportop |
|
Read-write | Either the equals (=) or does not equal (!=) logical operator. Possible values = =, !=, EQ, NEQ |
destportval |
|
Read-write | Port number or range of port numbers to match against the destination port number of an incoming IPv4 packet. In the command line interface, separate the range with a hyphen. For example: 40-90. Note: The destination port can be specified only for TCP and UDP protocols. Maximum length = 65535 |
ttl |
|
Read-write | Number of seconds, in multiples of four, after which the extended ACL rule expires. If you do not want the extended ACL rule to expire, do not specify a TTL value. Minimum value = 1 Maximum value = 2147483647 |
srcmac |
|
Read-write | MAC address to match against the source MAC address of an incoming IPv4 packet. |
srcmacmask |
|
Read-write | Used to define range of Source MAC address. It takes string of 0 and 1, 0s are for exact match and 1s for wildcard. For matching first 3 bytes of MAC address, srcMacMask value “000000111111”. . Default value: “000000000000” |
protocol |
|
Read-write | Protocol to match against the protocol of an incoming IPv4 packet. Possible values = ICMP, IGMP, TCP, EGP, IGP, ARGUS, UDP, RDP, RSVP, EIGRP, L2TP, ISIS, GGP, IPoverIP, ST, CBT, BBN-RCC-M, NVP-II, PUP, EMCON, XNET, CHAOS, MUX, DCN-MEAS, HMP, PRM, XNS-IDP, TRUNK-1, TRUNK-2, LEAF-1, LEAF-2, IRTP, ISO-TP4, NETBLT, MFE-NSP, MERIT-INP, SEP, 3PC, IDPR, XTP, DDP, IDPR-CMTP, TP++, IL, IPv6, SDRP, IPv6-Route, IPv6-Frag, IDRP, GRE, MHRP, BNA, ESP, AH, I-NLSP, SWIPE, NARP, MOBILE, TLSP, SKIP, ICMPV6, IPv6-NoNx, IPv6-Opts, Any-Host-Internal-Protocol, CFTP, Any-Local-Network, SAT-EXPAK, KRYPTOLAN, RVD, IPPC, Any-Distributed-File-System, TFTP, VISA, IPCV, CPNX, CPHB, WSN, PVP, BR-SAT-MO, SUN-ND, WB-MON, WB-EXPAK, ISO-IP, VMTP, SECURE-VM, VINES, TTP, NSFNET-IG, DGP, TCF, OSPFIGP, Sprite-RP, LARP, MTP, AX.25, IPIP, MICP, SCC-SP, ETHERIP, Any-Private-Encryption-Scheme, GMTP, IFMP, PNNI, PIM, ARIS, SCPS, QNX, A/N, IPComp, SNP, Compaq-Pe, IPX-in-IP, VRRP, PGM, Any-0-Hop-Protocol, ENCAP, DDX, IATP, STP, SRP, UTI, SMP, SM, PTP, FIRE, CRTP, CRUDP, SSCOPMCE, IPLT, SPS, PIPE, SCTP, FC, RSVP-E2E-IGNORE, Mobility-Header, UDPLite |
protocolnumber |
|
Read-write | Protocol to match against the protocol of an incoming IPv4 packet. Minimum value = 1 Maximum value = 255 |
vlan |
|
Read-write | ID of the VLAN. The Citrix ADC applies the ACL rule only to the incoming packets of the specified VLAN. If you do not specify a VLAN ID, the appliance applies the ACL rule to the incoming packets on all VLANs. Minimum value = 1 Maximum value = 4094 |
vxlan |
|
Read-write | ID of the VXLAN. The Citrix ADC applies the ACL rule only to the incoming packets of the specified VXLAN. If you do not specify a VXLAN ID, the appliance applies the ACL rule to the incoming packets on all VXLANs. Minimum value = 1 Maximum value = 16777215 |
Interface |
|
Read-write | ID of an interface. The Citrix ADC applies the ACL rule only to the incoming packets from the specified interface. If you do not specify any value, the appliance applies the ACL rule to the incoming packets of all interfaces. |
established |
|
Read-write | Allow only incoming TCP packets that have the ACK or RST bit set, if the action set for the ACL rule is ALLOW and these packets match the other conditions in the ACL rule. |
icmptype |
|
Read-write | ICMP Message type to match against the message type of an incoming ICMP packet. For example, to block DESTINATION UNREACHABLE messages, you must specify 3 as the ICMP type. Note: This parameter can be specified only for the ICMP protocol. Minimum value = 0 Maximum value = 65536 |
icmpcode |
|
Read-write | Code of a particular ICMP message type to match against the ICMP code of an incoming ICMP packet. For example, to block DESTINATION HOST UNREACHABLE messages, specify 3 as the ICMP type and 1 as the ICMP code. If you set this parameter, you must set the ICMP Type parameter. Minimum value = 0 Maximum value = 65536 |
priority |
|
Read-write | Priority for the extended ACL rule that determines the order in which it is evaluated relative to the other extended ACL rules. If you do not specify priorities while creating extended ACL rules, the ACL rules are evaluated in the order in which they are created. Minimum value = 1 Maximum value = 100000 |
state |
|
Read-write | Enable or disable the extended ACL rule. After you apply the extended ACL rules, the Citrix ADC compares incoming packets against the enabled extended ACL rules. Default value: ENABLED Possible values = ENABLED, DISABLED |
logstate |
|
Read-write | Enable or disable logging of events related to the extended ACL rule. The log messages are stored in the configured syslog or auditlog server. Default value: DISABLED Possible values = ENABLED, DISABLED |
ratelimit |
|
Read-write | Maximum number of log messages to be generated per second. If you set this parameter, you must enable the Log State parameter. Default value: 100 Minimum value = 1 Maximum value = 10000 |
type |
|
Read-write | Type of the acl ,default will be CLASSIC. Available options as follows: * CLASSIC - specifies the regular extended acls. * DFD - cluster specific acls,specifies hashmethod for steering of the packet in cluster . Default value: CLASSIC Possible values = CLASSIC, DFD |
dfdhash |
|
Read-write | Specifies the type hashmethod to be applied, to steer the packet to the FP of the packet. Possible values = SIP-SPORT-DIP-DPORT, SIP, DIP, SIP-DIP, SIP-SPORT, DIP-DPORT |
stateful |
|
Read-write | If stateful option is enabled, transparent sessions are created for the traffic hitting this ACL and not hitting any other features like LB, INAT etc. . Default value: NO Possible values = YES, NO |
newname |
|
Read-write | New name for the extended ACL rule. Must begin with an ASCII alphabetic or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Minimum length = 1 |
hits |
|
Read-only | The hits of this ACL. |
kernelstate |
|
Read-only | The commit status of the ACL. Default value: NOTAPPLIED Possible values = APPLIED, NOTAPPLIED, RE-APPLY, SFAPPLIED, SFNOTAPPLIED, SFAPPLIED61, SFNOTAPPLIED61 |
aclassociate | <String[]> | Read-only | ACL linked. Possible values = NAT, FORWARDINGSESSION, NAT64, LSN |
__count |
|
Read-only | count parameter |
Operations
(click to see Properties)
ADD | DELETE | UPDATE | UNSET | ENABLE | DISABLE | RENAME | GET (ALL) | GET | COUNT |
Some options that you can use for each operations:
-
Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the Citrix ADC appliance, the URL is as follows:
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/login?warning=yes
If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".
-
Authenticated access for individual NITRO operations:NITRO allows you to logon to the Citrix ADC appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,
To do this, you must specify the username and password in the request header of the NITRO request as follows:
X-NITRO-USER:<username>
X-NITRO-PASS:<password>
Note:In such cases, make sure that the request header DOES not include the following:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
*Note:
*
Mandatory parameters are marked in redand placeholder content is marked in <green>.
add
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"nsacl":{
<b>"aclname":<String_value>,
</b><b>"aclaction":<String_value>,
</b>"td":<Double_value>,
"srcip":<Boolean_value>,
"srcipop":<String_value>,
"srcipval":<String_value>,
"srcport":<Boolean_value>,
"srcportop":<String_value>,
"srcportval":<String_value>,
"destip":<Boolean_value>,
"destipop":<String_value>,
"destipval":<String_value>,
"destport":<Boolean_value>,
"destportop":<String_value>,
"destportval":<String_value>,
"ttl":<Double_value>,
"srcmac":<String_value>,
"srcmacmask":<String_value>,
"protocol":<String_value>,
"protocolnumber":<Double_value>,
"vlan":<Double_value>,
"vxlan":<Double_value>,
"Interface":<String_value>,
"established":<Boolean_value>,
"icmptype":<Double_value>,
"icmpcode":<Double_value>,
"priority":<Double_value>,
"state":<String_value>,
"logstate":<String_value>,
"ratelimit":<Double_value>,
"type":<String_value>,
"dfdhash":<String_value>,
"stateful":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 201 Created HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
delete
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl/aclname_value<String>
HTTP Method:DELETE
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
update
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl
HTTP Method:PUT
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"nsacl":{
<b>"aclname":<String_value>,
</b>"aclaction":<String_value>,
"srcip":<Boolean_value>,
"srcipop":<String_value>,
"srcipval":<String_value>,
"srcport":<Boolean_value>,
"srcportop":<String_value>,
"srcportval":<String_value>,
"destip":<Boolean_value>,
"destipop":<String_value>,
"destipval":<String_value>,
"destport":<Boolean_value>,
"destportop":<String_value>,
"destportval":<String_value>,
"srcmac":<String_value>,
"srcmacmask":<String_value>,
"protocol":<String_value>,
"protocolnumber":<Double_value>,
"icmptype":<Double_value>,
"icmpcode":<Double_value>,
"vlan":<Double_value>,
"vxlan":<Double_value>,
"Interface":<String_value>,
"priority":<Double_value>,
"logstate":<String_value>,
"ratelimit":<Double_value>,
"established":<Boolean_value>,
"dfdhash":<String_value>,
"stateful":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
unset
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl?action=unset
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"nsacl":{
<b>"aclname":<String_value>,
</b>"srcip":true,
"srcport":true,
"destip":true,
"destport":true,
"srcmac":true,
"srcmacmask":true,
"protocol":true,
"icmptype":true,
"icmpcode":true,
"vlan":true,
"vxlan":true,
"Interface":true,
"logstate":true,
"ratelimit":true,
"established":true,
"stateful":true,
"dfdhash":true
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
enable
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl?action=enable
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"nsacl":{
<b>"aclname":<String_value>
</b>}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
disable
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl?action=disable
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"nsacl":{
<b>"aclname":<String_value>
</b>}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
rename
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl?action=rename
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"nsacl":{
<b>"aclname":<String_value>,
</b><b>"newname":<String_value>
</b>}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
get (all)
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl
Query-parameters:
args
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl?args=aclname:<String_value>,type:<String_value>
Use this query-parameter to get nsacl resources based on additional properties.
attrs
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl?attrs=property-name1,property-name2
Use this query parameter to specify the resource details that you want to retrieve.
filter
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl?filter=property-name1:property-val1,property-name2:property-val2
Use this query-parameter to get the filtered set of nsacl resources configured on Citrix ADC. Filtering can be done on any of the properties of the resource.
view
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl?view=summary
Note:By default, the retrieved results are displayed in detail view (?view=detail).
pagination
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl?pagesize=#no;pageno=#no
Use this query-parameter to get the nsacl resources in chunks.
HTTP Method:GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:
Content-Type:application/json
Response Payload:
{ "nsacl": [ {
aclname:<String_value>,type:<String_value>"td":<Double_value>,
"aclaction":<String_value>,
"srcmac":<String_value>,
"srcmacmask":<String_value>,
"protocol":<String_value>,
"protocolnumber":<Double_value>,
"srcportval":<String_value>,
"srcportop":<String_value>,
"destportval":<String_value>,
"destportop":<String_value>,
"srcipval":<String_value>,
"srcipop":<String_value>,
"destipval":<String_value>,
"destipop":<String_value>,
"vlan":<Double_value>,
"vxlan":<Double_value>,
"state":<String_value>,
"ttl":<Double_value>,
"icmptype":<Double_value>,
"icmpcode":<Double_value>,
"Interface":<String_value>,
"hits":<Double_value>,
"established":<Boolean_value>,
"priority":<Double_value>,
"kernelstate":<String_value>,
"logstate":<String_value>,
"ratelimit":<Double_value>,
"aclassociate":<String[]_value>,
"dfdhash":<String_value>,
"stateful":<String_value>
}]}
<!--NeedCopy-->
get
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl/aclname_value<String>
Query-parameters:
attrs
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl/aclname_value<String>?attrs=property-name1,property-name2
Use this query parameter to specify the resource details that you want to retrieve.
view
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl/aclname_value<String>?view=summary
Note:By default, the retrieved results are displayed in detail view (?view=detail).
HTTP Method:GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:
Content-Type:application/json
Response Payload:
{ "nsacl": [ {
aclname:<String_value>,type:<String_value>"td":<Double_value>,
"aclaction":<String_value>,
"srcmac":<String_value>,
"srcmacmask":<String_value>,
"protocol":<String_value>,
"protocolnumber":<Double_value>,
"srcportval":<String_value>,
"srcportop":<String_value>,
"destportval":<String_value>,
"destportop":<String_value>,
"srcipval":<String_value>,
"srcipop":<String_value>,
"destipval":<String_value>,
"destipop":<String_value>,
"vlan":<Double_value>,
"vxlan":<Double_value>,
"state":<String_value>,
"ttl":<Double_value>,
"icmptype":<Double_value>,
"icmpcode":<Double_value>,
"Interface":<String_value>,
"hits":<Double_value>,
"established":<Boolean_value>,
"priority":<Double_value>,
"kernelstate":<String_value>,
"logstate":<String_value>,
"ratelimit":<Double_value>,
"aclassociate":<String[]_value>,
"dfdhash":<String_value>,
"stateful":<String_value>
}]}
<!--NeedCopy-->
count
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl?count=yes
HTTP Method:GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:
Content-Type:application/json
Response Payload:
{ "nsacl": [ { "__count": "#no"} ] }
<!--NeedCopy-->
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.