Citrix ADC 12.1 NITRO API Reference

nsacl6

Configuration for ACL6 entry resource.

Properties

(click to see Operations)

Name Data Type Permissions Description
acl6name Read-write Name for the ACL6 rule. Must begin with an ASCII alphabetic or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters.
Minimum length = 1
acl6action Read-write Action to perform on the incoming IPv6 packets that match the ACL6 rule.
Available settings function as follows:
* ALLOW - The Citrix ADC processes the packet.
* BRIDGE - The Citrix ADC bridges the packet to the destination without processing it.
* DENY - The Citrix ADC drops the packet.
Possible values = BRIDGE, DENY, ALLOW
td Read-write Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0.
Minimum value = 0
Maximum value = 4094
srcipv6 Read-write IP address or range of IP addresses to match against the source IP address of an incoming IPv6 packet. In the command line interface, separate the range with a hyphen.
srcipop Read-write Either the equals (=) or does not equal (!=) logical operator.
Possible values = =, !=, EQ, NEQ
srcipv6val Read-write Source IPv6 address (range).
srcport Read-write Port number or range of port numbers to match against the source port number of an incoming IPv6 packet. In the command line interface, separate the range with a hyphen. For example: 40-90.

Note: The destination port can be specified only for TCP and UDP protocols.
srcportop Read-write Either the equals (=) or does not equal (!=) logical operator.
Possible values = =, !=, EQ, NEQ
srcportval Read-write Source port (range).
Maximum length = 65535
destipv6 Read-write IP address or range of IP addresses to match against the destination IP address of an incoming IPv6 packet. In the command line interface, separate the range with a hyphen.
destipop Read-write Either the equals (=) or does not equal (!=) logical operator.
Possible values = =, !=, EQ, NEQ
destipv6val Read-write Destination IPv6 address (range).
destport Read-write Port number or range of port numbers to match against the destination port number of an incoming IPv6 packet. In the command line interface, separate the range with a hyphen. For example: 40-90.

Note: The destination port can be specified only for TCP and UDP protocols.
destportop Read-write Either the equals (=) or does not equal (!=) logical operator.
Possible values = =, !=, EQ, NEQ
destportval Read-write Destination port (range).
Maximum length = 65535
ttl Read-write Time to expire this ACL6 (in seconds).
Minimum value = 1
Maximum value = 2147483647
srcmac Read-write MAC address to match against the source MAC address of an incoming IPv6 packet.
srcmacmask Read-write Used to define range of Source MAC address. It takes string of 0 and 1, 0s are for exact match and 1s for wildcard. For matching first 3 bytes of MAC address, srcMacMask value “000000111111”. .
Default value: “000000000000”
protocol Read-write Protocol, identified by protocol name, to match against the protocol of an incoming IPv6 packet.
Possible values = ICMPV6, TCP, UDP, ICMP, IGMP, EGP, IGP, ARGUS, RDP, RSVP, EIGRP, L2TP, ISIS, GGP, IPoverIP, ST, CBT, BBN-RCC-M, NVP-II, PUP, EMCON, XNET, CHAOS, MUX, DCN-MEAS, HMP, PRM, XNS-IDP, TRUNK-1, TRUNK-2, LEAF-1, LEAF-2, IRTP, ISO-TP4, NETBLT, MFE-NSP, MERIT-INP, SEP, 3PC, IDPR, XTP, DDP, IDPR-CMTP, TP++, IL, IPv6, SDRP, IPv6-Route, IPv6-Frag, IDRP, GRE, MHRP, BNA, ESP, AH, I-NLSP, SWIPE, NARP, MOBILE, TLSP, SKIP, IPv6-NoNx, IPv6-Opts, Any-Host-Internal-Protocol, CFTP, Any-Local-Network, SAT-EXPAK, KRYPTOLAN, RVD, IPPC, Any-Distributed-File-System, TFTP, VISA, IPCV, CPNX, CPHB, WSN, PVP, BR-SAT-MO, SUN-ND, WB-MON, WB-EXPAK, ISO-IP, VMTP, SECURE-VM, VINES, TTP, NSFNET-IG, DGP, TCF, OSPFIGP, Sprite-RP, LARP, MTP, AX.25, IPIP, MICP, SCC-SP, ETHERIP, Any-Private-Encryption-Scheme, GMTP, IFMP, PNNI, PIM, ARIS, SCPS, QNX, A/N, IPComp, SNP, Compaq-Pe, IPX-in-IP, VRRP, PGM, Any-0-Hop-Protocol, ENCAP, DDX, IATP, STP, SRP, UTI, SMP, SM, PTP, FIRE, CRTP, CRUDP, SSCOPMCE, IPLT, SPS, PIPE, SCTP, FC, RSVP-E2E-IGNORE, Mobility-Header, UDPLite
protocolnumber Read-write Protocol, identified by protocol number, to match against the protocol of an incoming IPv6 packet.
Minimum value = 1
Maximum value = 255
vlan Read-write ID of the VLAN. The Citrix ADC applies the ACL6 rule only to the incoming packets on the specified VLAN. If you do not specify a VLAN ID, the appliance applies the ACL6 rule to the incoming packets on all VLANs.
Minimum value = 1
Maximum value = 4094
vxlan Read-write ID of the VXLAN. The Citrix ADC applies the ACL6 rule only to the incoming packets on the specified VXLAN. If you do not specify a VXLAN ID, the appliance applies the ACL6 rule to the incoming packets on all VXLANs.
Minimum value = 1
Maximum value = 16777215
Interface Read-write ID of an interface. The Citrix ADC applies the ACL6 rule only to the incoming packets from the specified interface. If you do not specify any value, the appliance applies the ACL6 rule to the incoming packets from all interfaces.
established Read-write Allow only incoming TCP packets that have the ACK or RST bit set if the action set for the ACL6 rule is ALLOW and these packets match the other conditions in the ACL6 rule.
icmptype Read-write ICMP Message type to match against the message type of an incoming IPv6 ICMP packet. For example, to block DESTINATION UNREACHABLE messages, you must specify 3 as the ICMP type.

Note: This parameter can be specified only for the ICMP protocol.
Minimum value = 0
Maximum value = 65536
icmpcode Read-write Code of a particular ICMP message type to match against the ICMP code of an incoming IPv6 ICMP packet. For example, to block DESTINATION HOST UNREACHABLE messages, specify 3 as the ICMP type and 1 as the ICMP code.

If you set this parameter, you must set the ICMP Type parameter.
Minimum value = 0
Maximum value = 65536
priority Read-write Priority for the ACL6 rule, which determines the order in which it is evaluated relative to the other ACL6 rules. If you do not specify priorities while creating ACL6 rules, the ACL6 rules are evaluated in the order in which they are created.
Minimum value = 1
Maximum value = 81920
state Read-write State of the ACL6.
Default value: ENABLED
Possible values = ENABLED, DISABLED
type Read-write Type of the acl6 ,default will be CLASSIC.
Available options as follows:
* CLASSIC - specifies the regular extended acls.
* DFD - cluster specific acls,specifies hashmethod for steering of the packet in cluster .
Default value: CLASSIC
Possible values = CLASSIC, DFD
dfdhash Read-write Specifies the type of hashmethod to be applied, to steer the packet to the FP of the packet.
Possible values = SIP-SPORT-DIP-DPORT, SIP, DIP, SIP-DIP, SIP-SPORT, DIP-DPORT
dfdprefix Read-write hashprefix to be applied to SIP/DIP to generate rsshash FP.eg 128 => hash calculated on the complete IP.
Default value: 128
Minimum value = 1
Maximum value = 128
stateful Read-write If stateful option is enabled, transparent sessions are created for the traffic hitting this ACL6 and not hitting any other features like LB, INAT etc. .
Default value: NO
Possible values = YES, NO
logstate Read-write Enable or disable logging of events related to the ACL6 rule. The log messages are stored in the configured syslog or auditlog server.
Default value: DISABLED
Possible values = ENABLED, DISABLED
ratelimit Read-write Maximum number of log messages to be generated per second. If you set this parameter, you must enable the Log State parameter.
Default value: 100
Minimum value = 1
Maximum value = 10000
aclaction Read-write Action associated with the ACL6.
Possible values = BRIDGE, DENY, ALLOW
newname Read-write New name for the ACL6 rule. Must begin with an ASCII alphabetic or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters.
Minimum length = 1
kernelstate Read-only Commit status of the ACL6.
Default value: NOTAPPLIED
Possible values = APPLIED, NOTAPPLIED, RE-APPLY, SFAPPLIED, SFNOTAPPLIED
hits Read-only Number of hits of this ACL6.
aclassociate <String[]> Read-only ACL6 linked.
Possible values = NAT, FORWARDINGSESSION, NAT64, LSN
__count Read-only count parameter

Operations

(click to see Properties)

ADD DELETE UPDATE UNSET ENABLE DISABLE RENAME GET (ALL) GET COUNT

Some options that you can use for each operations:

  • Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the Citrix ADC appliance, the URL is as follows:

    http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".

  • Authenticated access for individual NITRO operations:NITRO allows you to logon to the Citrix ADC appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER:<username>

    X-NITRO-PASS:<password>

    Note:In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

*Note:*

Mandatory parameters are marked in redand placeholder content is marked in <green>.

add

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"nsacl6":{
<b>"acl6name":<String_value>,
</b><b>"acl6action":<String_value>,
</b>"td":<Double_value>,
"srcipv6":<Boolean_value>,
"srcipop":<String_value>,
"srcipv6val":<String_value>,
"srcport":<Boolean_value>,
"srcportop":<String_value>,
"srcportval":<String_value>,
"destipv6":<Boolean_value>,
"destipop":<String_value>,
"destipv6val":<String_value>,
"destport":<Boolean_value>,
"destportop":<String_value>,
"destportval":<String_value>,
"ttl":<Double_value>,
"srcmac":<String_value>,
"srcmacmask":<String_value>,
"protocol":<String_value>,
"protocolnumber":<Double_value>,
"vlan":<Double_value>,
"vxlan":<Double_value>,
"Interface":<String_value>,
"established":<Boolean_value>,
"icmptype":<Double_value>,
"icmpcode":<Double_value>,
"priority":<Double_value>,
"state":<String_value>,
"type":<String_value>,
"dfdhash":<String_value>,
"dfdprefix":<Double_value>,
"stateful":<String_value>,
"logstate":<String_value>,
"ratelimit":<Double_value>
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 201 Created HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

delete

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6/acl6name_value<String>

HTTP Method:DELETE

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

update

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6

HTTP Method:PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"nsacl6":{
<b>"acl6name":<String_value>,
</b>"aclaction":<String_value>,
"srcipv6":<Boolean_value>,
"srcipop":<String_value>,
"srcipv6val":<String_value>,
"srcport":<Boolean_value>,
"srcportop":<String_value>,
"srcportval":<String_value>,
"destipv6":<Boolean_value>,
"destipop":<String_value>,
"destipv6val":<String_value>,
"destport":<Boolean_value>,
"destportop":<String_value>,
"destportval":<String_value>,
"srcmac":<String_value>,
"srcmacmask":<String_value>,
"protocol":<String_value>,
"protocolnumber":<Double_value>,
"icmptype":<Double_value>,
"icmpcode":<Double_value>,
"vlan":<Double_value>,
"vxlan":<Double_value>,
"Interface":<String_value>,
"priority":<Double_value>,
"logstate":<String_value>,
"ratelimit":<Double_value>,
"established":<Boolean_value>,
"dfdhash":<String_value>,
"dfdprefix":<Double_value>,
"stateful":<String_value>
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

unset

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6?action=unset

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"nsacl6":{
<b>"acl6name":<String_value>,
</b>"srcipv6":true,
"srcport":true,
"destipv6":true,
"destport":true,
"srcmac":true,
"srcmacmask":true,
"protocol":true,
"icmptype":true,
"icmpcode":true,
"vlan":true,
"vxlan":true,
"Interface":true,
"logstate":true,
"ratelimit":true,
"established":true,
"stateful":true,
"dfdhash":true,
"dfdprefix":true
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

enable

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6?action=enable

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"nsacl6":{
<b>"acl6name":<String_value>
</b>}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

disable

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6?action=disable

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"nsacl6":{
<b>"acl6name":<String_value>
</b>}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

rename

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6?action=rename

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"nsacl6":{
<b>"acl6name":<String_value>,
</b><b>"newname":<String_value>
</b>}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

get (all)

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6

Query-parameters:

args

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6?args=acl6name:<String_value>,type:<String_value>

Use this query-parameter to get nsacl6 resources based on additional properties.

attrs

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

filter

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6?filter=property-name1:property-val1,property-name2:property-val2

Use this query-parameter to get the filtered set of nsacl6 resources configured on Citrix ADC. Filtering can be done on any of the properties of the resource.

view

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6?view=summary

Note:By default, the retrieved results are displayed in detail view (?view=detail).

pagination

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6?pagesize=#no;pageno=#no

Use this query-parameter to get the nsacl6 resources in chunks.

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:


{ "nsacl6": [ {
acl6name:<String_value>,type:<String_value>"acl6action":<String_value>,
"srcmac":<String_value>,
"srcmacmask":<String_value>,
"protocol":<String_value>,
"protocolnumber":<Double_value>,
"srcportval":<String_value>,
"srcportop":<String_value>,
"destportval":<String_value>,
"destportop":<String_value>,
"srcipv6val":<String_value>,
"srcipop":<String_value>,
"destipv6val":<String_value>,
"destipop":<String_value>,
"vlan":<Double_value>,
"vxlan":<Double_value>,
"state":<String_value>,
"kernelstate":<String_value>,
"ttl":<Double_value>,
"icmptype":<Double_value>,
"icmpcode":<Double_value>,
"Interface":<String_value>,
"hits":<Double_value>,
"established":<Boolean_value>,
"priority":<Double_value>,
"logstate":<String_value>,
"ratelimit":<Double_value>,
"td":<Double_value>,
"aclassociate":<String[]_value>,
"dfdhash":<String_value>,
"dfdprefix":<Double_value>,
"stateful":<String_value>
}]}

<!--NeedCopy-->

get

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6/acl6name_value<String>

Query-parameters:

attrs

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6/acl6name_value<String>?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

view

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6/acl6name_value<String>?view=summary

Note:By default, the retrieved results are displayed in detail view (?view=detail).

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:


{ "nsacl6": [ {
acl6name:<String_value>,type:<String_value>"acl6action":<String_value>,
"srcmac":<String_value>,
"srcmacmask":<String_value>,
"protocol":<String_value>,
"protocolnumber":<Double_value>,
"srcportval":<String_value>,
"srcportop":<String_value>,
"destportval":<String_value>,
"destportop":<String_value>,
"srcipv6val":<String_value>,
"srcipop":<String_value>,
"destipv6val":<String_value>,
"destipop":<String_value>,
"vlan":<Double_value>,
"vxlan":<Double_value>,
"state":<String_value>,
"kernelstate":<String_value>,
"ttl":<Double_value>,
"icmptype":<Double_value>,
"icmpcode":<Double_value>,
"Interface":<String_value>,
"hits":<Double_value>,
"established":<Boolean_value>,
"priority":<Double_value>,
"logstate":<String_value>,
"ratelimit":<Double_value>,
"td":<Double_value>,
"aclassociate":<String[]_value>,
"dfdhash":<String_value>,
"dfdprefix":<Double_value>,
"stateful":<String_value>
}]}

<!--NeedCopy-->

count

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/nsacl6?count=yes

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:


{ "nsacl6": [ { "__count": "#no"} ] }

<!--NeedCopy-->
nsacl6