Web Services API Guide, Cisco DCNM for LAN, Release 5.x - NacLpIpApp Service [Cisco Prime Data Center Network Manager]

Table Of Contents

NacLpIpApp Service

Information About NacLpIpApp Service

addExceptionListHostsToIdentityProfile

bindAccessListToIdentityPolicies

bindEapOverUdpValidationToNetworkInterfaces

bindIdentityPolicyToExceptionListHosts

bindIdentityPolicyToExceptionListHostsByName

bindIpAdmissionControlRulesToNetworkInterfaces

clearIpAdmissionControlRuleFromInterfaces

createIdentityPoliciesInNetworkElement

createIdentityProfile

createIpAdmissionControlRulesInNetworkElement

deleteAllAdmissionControlRulesInNetworkElement

deleteAllIdentityPoliciesInNetworkElement

deleteIdentityPolicies

deleteIdentityProfileFromNetworkElement

deleteIpAdmissionControlRules

disableClientlessAuthenticationInNetworkElements

disableIpDeviceTrackingInNetworkElements

disableNacService

enableClientlessAuthenticationInNetworkElements

enableIpDeviceTrackingInNetworkElements

enableNacService

getAdmissionControlRulesInNetworkElement

getAllNacHostSessionInNetworkElement

getClientlessAuthenticationInNetworkElements

getEapOudpValidationSettingInInterfaces

getExceptionListHostsInIdentityProfile

getIdentityPoliciesInNetworkElement

getIdentityPolicyForExceptionListHost

getIdentityProfilesInNetworkElement

getInterfacesUsingIpAdmissionControlRule

getIpAdmissionControlRuleAppliedOnInterfaces

getIpDeviceTrackingInNetworkElements

getLpIpGlobalSettingsInNetworkElements

getLpIpTrackedDevicesInNetworkElement

getLpIpTrackedDevicesInSwitchedNetworkInterface

getNacHostSessionInSwitchedNetworkInterface

modifyClientlessAuthentication

modifyExceptionListHostsInIdentityProfile

modifyIdentityPolicies

modifyIdentityProfiles

modifyIpAdmissionControlRules

modifyIpDeviceTracking

modifyLpIpGlobalSettingsInNetworkElements

removeExceptionListHostsFromIdentityProfile

unbindIdentityPolicyFromExceptionListHosts

NacLpIpApp Service

This chapter describes the DCNM web services' API methods for the NacLpIpApp service.

Information About NacLpIpApp Service

NacLpIpApp allows a host that is seeking network access to have an up-to-date virus signature set, the most current operating system patches, and to be free from infection. This enforcement, called posture validation, limits damage to the network from viruses, worms, and spyware.

Hosts that pass posture validation will be granted access to the network. Hosts that fail posture validation will be either denied access or provided restricted access that is sufficient for remediation. The remediation server has a repository of updates for antivirus software and security patches. Hosts that fail posture validation are forwarded to this remediation server to enable them to download or upgrade antivirus software and operating system security patches.

NAC APIs are defined with the following categories:

1. Query and Get APIs—Query data from the persisted database.

2. Create APIs—Create a new Policy, Profile, or ExemptedHost.

3. Modify APIs—Modify a Policy, Profile, or ExemptedHost.

4. Delete APIs—Delete a Policy or Profile.

5. Bind and Unbind APIs—Bind or unbind the association between two features.

6. Add and Remove APIs—Add or remove the association between two features.

addExceptionListHostsToIdentityProfile

Adds Exception List hosts to identity policy.

ValidationException is thrown if any of the following situation occurs:

•If exceptionListHostCol collection is null or it is empty.

•If exceptionListHostCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId.

•If identityProfileId is null or it is empty.

•If identityProfileId contains an element that is not of type IdentityProfile InstanceNameId.

•If identityProfileId contains a IdentityProfile that does not exist in the database.

Parameters

opContext—Operational context

identityProfileId—InstanceNameId of IdentityProfile object

exceptionListHostCol—a collection of ExceptionListHost objects

Return Value

void

bindAccessListToIdentityPolicies

Assigns an access list to a collection of identity policies. For an access list to be bound to an identity policy, name of the list is sufficient. The access list need not have been configured in the device. This API addresses this pre-provisioning configuration. Network element InstanceNameId can be obtained from identityPolicyIds.

ValidationException is thrown if any of the following situation occurs:

•If identityPolicyIdCol collection is null or it is empty.

•If identityPolicyIdCol collection contains an element that is not of type IdentityPolicy InstanceNameId.

•If identityPolicyIdCol collection contains a IdentityPolicy that does not exist in the database.

•If aclName is null or it is empty.

Parameters

opContext—Operational context

aclName—Name of the IP Access List

identityPolicyIdCol—a collection of InstanceNameId of identity policies

Return Value

void

bindEapOverUdpValidationToNetworkInterfaces

Applies the given EapOUdpValidation object to a given set of interfaces. *

ValidationException is thrown if any of the following situation occurs:

•If interfaceNameIdCol collection is null or it is empty.

•If interfaceNameIdCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId.

•If interfaceNameIdCol collection contains a SwitchedNetworkInterface that does not exist in the database.

•If eapOudpValidation is null or it is empty.

Parameters

opContext—Operational context

eapOudpValidation—EapOudpValidation object to be applied to a collection of interfaces.

interfaceNameIdCol—InstanceNameId of the interfaces to which the EapOudpValidation have to be applied.

Return Value

void

bindIdentityPolicyToExceptionListHosts

Assigns a given identity poilcy to a given collection of statically configured exception list hosts.

ValidationException is thrown if any of the following situation occurs:

•If exceptionLishHostIdCol collection is null or it is empty.

•If exceptionLishHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId.

•If exceptionLishHostIdCol collection contains a ExceptionListHost that does not exist in the database.

•If identityPolicyId is null or it is empty.

•If identityPolicyId contains an element that is not of type IdentityPolicy InstanceNameId.

•If identityPolicyId contains a IdentityPolicy that does not exist in the database.

Parameters

opContext—Operational context

identityPolicyId—InstanceNameId of IdentityPolicy

exceptionLishHostIdCol—a collection of InstanceNameId of ExceptionListHost

Return Value

void

bindIdentityPolicyToExceptionListHostsByName

Assigns pre-provisioned identity policy to a collection of exception list hosts. For Identity policy to be bound to a collection of exception list hosts, identity policy need not have been configured in the device. This API addresses this pre-provisioning configuration.

ValidationException is thrown if any of the following situation occurs:

•If exceptionListHostIdCol collection is null or it is empty.

•If exceptionListHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId.

•If exceptionListHostIdCol collection contains a ExceptionListHost that does not exist in the database.

•If policyName is null or it is empty.

Parameters

opContext—Operational context

policyName—Name of the IdentityPolicy. This policy need not have been configured in the device.

exceptionListHostIdCol—a collection of InstanceNameId of ExceptionListHost

Return Value

void

bindIpAdmissionControlRulesToNetworkInterfaces

Applies an IP admission control rule on a collection of Switched Network interfaces.

ValidationException is thrown if any of the following situation occurs:

•If interfaceNameIdCol collection is null or it is empty.

•If interfaceNameIdCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId.

•If interfaceNameIdCol collection contains a IpAdmissionControlRule that does not exist in the database.

•If ipAdmissionControlRuleId is null or it is empty.

•If ipAdmissionControlRuleId contains an element that is not of type IpAdmissionControlRule InstanceNameId.

•If ipAdmissionControlRuleId contains a IpAdmissionControlRule that does not exist in the database.

Parameters

opContext—Operational context

ipAdmissionControlRuleId—InstanceNameId of the IpAdmissionControlRule to be applied on a set of interfaces

interfaceNameIdCol—a collection of InstanceNameId of interfaces on which the given IP admission control rule has to be applied.

Return Value

void

clearIpAdmissionControlRuleFromInterfaces

Clears the given IP admission control rule applied on a collection of interfaces.

ValidationException is thrown if any of the following situation occurs:

•If interfaceNameIdCol is null or it is empty.

•If interfaceNameIdCol contains invalid Switched Network Interface InstanceNameId or null value.

•If there is no equivalent Switched Network Interfaces object with the given InstanceNameId in the interfaceNameIdCol.

Parameters

opContext—Operational context

interfaceNameIdCol—a collection of InstanceNameIds of interfaces from which the given IP admission control rule has to be cleared

Return Value

void

createIdentityPoliciesInNetworkElement

Creates a collection of identity policies in a network element.

ValidationException is thrown if any of the following situation occurs:

•If the networkElementId is null or it is not a valid network element InstanceNameId.

•If identityPoliciyCol collection is null or empty.

•If identityPoliciyCol collection has the existing identity policy name

Parameters

opContext—Operational context

networkElementId—InstanceNameId of network element in which the identity policies have to be created.

identityPoliciyCol—a collection of IdentityPolicy to be created.

Return Value

void

createIdentityProfile

Creates an identity profile in a network element.

ValidationException is thrown if any of the following situation occurs:

•If the argument passed is null or it is not a valid network element InstanceNameId.

•If identityProfile is null or empty.

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element

identityProfile—IdentityProfile object

Return Value

InstanceNameId of the created identity profile

createIpAdmissionControlRulesInNetworkElement

Creates the given IP Admssion Control Rules in a Network Element.

ValidationException is thrown if any of the following situation occurs:

•If the argument passed is null or it is not a valid network element InstanceNameId.

•If ipAdmissionControlRules collection is null or empty.

•If ipAdmissionControlRules collection has the existing ip admission control name

•If ip admission control name length is more than 128 characters.

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element in which rules will be created.

ipAdmissionControlRules—a collection of IpAdmssion Control Rules

Return Value

A collection of InstanceNameIds of the created rules.

deleteAllAdmissionControlRulesInNetworkElement

Deletes all the IP admission control rules configured in a given network element.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element

Return Value

void

deleteAllIdentityPoliciesInNetworkElement

Deletes all the Identity policies in a given network element.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element in which identity policies have to be deleted.

Return Value

void

deleteIdentityPolicies

Deletes a given collection of Identity policies.

ValidationException is thrown if any of the following situation occurs:

•If identityPolicyIdCol collection is null or it is empty.

•If identityPolicyIdCol collection contains an element that is not of type IdentityPolicy InstanceNameId.

•If identityPolicyIdCol collection contains a IdentityPolicy that does not exist in the database.

Parameters

opContext—Operational context

identityPolicyIdCol—InstanceNameIds of identity policies to be deleted.

Return Value

void

deleteIdentityProfileFromNetworkElement

Deletes an identity profile configured in a given network element.

ValidationException is thrown if any of the following situation occurs:

•If identityProfileId is null or it is empty.

•If identityProfileId contains an element that is not of type IpAdmissionControlRule InstanceNameId.

•If identityProfileId contains a IpAdmissionControlRule that does not exist in the database.

Parameters

opContext—Operational context

identityProfileId—InstanceNameId of the identity profile to be deleted

Return Value

void

deleteIpAdmissionControlRules

Deletes the given collection of IP Admission Control Rules.

ValidationException is thrown if any of the following situation occurs:

•If ipAdmissionControlRuleIdCol collection is null or it is empty.

•If ipAdmissionControlRuleIdCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId.

•If ipAdmissionControlRuleIdCol collection contains a IpAdmissionControlRule that does not exist in the database.

Parameters

opContext—Operational context

ipAdmissionControlRuleIdCol—a collection of InstanceNameId of IpAdmissionControlRule to be deleted.

Return Value

void

disableClientlessAuthenticationInNetworkElements

Disable clientless authentication feature in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

•If networkElementIdCol is null or it is empty.

•If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

•If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIds—a collection of InstanceNameId of network elements in which ClientlessAuthentication has to be disabled.

Return Value

void

disableIpDeviceTrackingInNetworkElements

Disables IP device tracking features in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

•If networkElementIdCol is null or it is empty.

•If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

•If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameIds of network elements in which device tracking feature has to be disabled.

Return Value

void

disableNacService

Disables Nac Service in a InstanceNameId network element. Service Enabling/Disabling is supported in NX-OS platform. If this API is called with the network elements of Cat6k platform then FeatureException will be thrown.

ValidationException is thrown if any of the following situation occurs:

1. If neInstanceNameIdCol is null.

2. If neInstanceNameIdCol does not contain a valid network element InstanceNameId.

3. If the network element does not exist in the database.

Parameters

opContext—TODO

neInstanceNameIdCol—- A collection of InstanceNameId of the network elements.

Return Value

void

enableClientlessAuthenticationInNetworkElements

Enables clientless authentication feature in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

•If networkElementIdCol is null or it is empty.

•If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

•If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameId of network elements in which ClientlessAuthentication has to be enabled.

Return Value

void

enableIpDeviceTrackingInNetworkElements

Enables IP device tracking feature in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

•If networkElementIdCol is null or it is empty.

•If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

•If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameId of network elements in which device tracking feature has to be enabled.

Return Value

void

enableNacService

Enables Nac Service in a InstanceNameId network element. Service Enabling/Disabling is supported in NX-OS platform. If this API is called with the network elements of Cat6k platform then FeatureException will be thrown.

ValidationException is thrown if any of the following situation occurs:

1. If neInstanceNameIdCol is null.

2. If neInstanceNameIdCol does not contain a valid network element InstanceNameId.

3. If the network element does not exist in the database.

Parameters

opContext—TODO

neInstanceNameIdCol—- A collection of InstanceNameId of the network elements.

Return Value

void

getAdmissionControlRulesInNetworkElement

Returns all the IP admission control rules configured in a given network element.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

networkElementId—instance id of the given network element.

Return Value

A collection of IP Admission Control Rules. This collection will hold objects on type IpAdmissionControlRule

getAllNacHostSessionInNetworkElement

Returns the list of NAC host sessions in the network element.

Parameters

opContext—Operational context

networkElementId—a network element.

Return Value

void

getClientlessAuthenticationInNetworkElements

Returns the clientless authentication configurations done in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

•If networkElementIdCol is null or it is empty.

•If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

•If there is no equivalent Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameId of network elements.

Return Value

A collection of ClientlessAuthentication objects representing the clientless authentication feature configured in network element.

getEapOudpValidationSettingInInterfaces

Returns the EAPoUDP protocol parameters configured in a given collection of interfaces.

ValidationException is thrown if any of the following situation occurs:

•If interfaceNameIds is null or it is empty.

•If interfaceNameIds contains invalid Switched Network Interface InstanceNameId or null value.

•If there is no equivalent Switched Network Interfaces object with the given InstanceNameId in the interfaceNameIds.

Parameters

opContext—Operational context

interfaceNameIds—a collection of InstanceNameIds of switched network interfaces whose EAPoUDP parameters will be returned.

Return Value

A collection of EapOUdpValidation objects representing the EAPoUDP parameters configured.

getExceptionListHostsInIdentityProfile

Gets a collection of exempted hosts associated with a given identity profile.

ValidationException is thrown if any of the following situation occurs:

•If identityProfileId is null or it is empty.

•If identityProfileId contains invalid identity profile InstanceNameId or null value.

•If there is no equivalent identity profile object with the given InstanceNameId in the identityProfileId.

Parameters

opContext—Operational context

identityProfile—InstanceNameId of identity profile

Return Value

A collection of exempted hosts associated with the identity profile. Returned collection will hold objects of type com.cisco.dcbu.dcm.model.nac.ExemptedHost

getIdentityPoliciesInNetworkElement

Returns a collection of identity policies configured in a given network element.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

networkElementId—instance id of network element

Return Value

A collection of identitiy policies configured in the network element. The returned collection will hold objects of type IdentityPolicy

getIdentityPolicyForExceptionListHost

Returns the identity policy assigned to a exempted list host.

ValidationException is thrown if any of the following situation occurs:

•If exemptHostInstanceNameIdCol is null or it is empty.

•If exemptHostInstanceNameIdCol contains invalid exempted list host InstanceNameId or null value.

•If there is no equivalent exempted list host object with the given InstanceNameId in the exemptHostInstanceNameIdCol.

Parameters

opContext—* @param exemptHostInstanceNameIdCol instance id of ExemptedHost.

Return Value

Identity policy configured for the given exempted host IdentityPolicy

getIdentityProfilesInNetworkElement

Returns all the identity profiles configured in a network element. Returned list size will be one for data center, since NX-OS supports only EapoUdp.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

networkElementId—InstanceNameId of network element

Return Value

A collection of identity profiles configured in the given network element. Collection returned will hold objects of type IdentityProfile

getInterfacesUsingIpAdmissionControlRule

Returns a collection of interfaces on which a given IP admission control rule is applied.

ValidationException is thrown if the argument passed is null or it is not a valid ip admission control rule InstanceNameId.

Parameters

opContext—Operational context

ipAdmissionControlRule—InstanceNameId of IP admission control rule

Return Value

A collection of interfaces on which the given IP admission control is applied. This collection will have objects of type SwitchedNetworkInterface

getIpAdmissionControlRuleAppliedOnInterfaces

Returns the collection of IP Admission Control Rule applied on interfaces. This API is applicable for Catalyst 6500 switch and is not applicable for DC3. For DC3, this API throws validation exception. If a particular interface does not have IP Admission control rule, the API populates NULL value in the returned collection for that interface.

ValidationException is thrown if the argument passed is null or it is not a valid switched network interface InstanceNameId.

Parameters

opContext—Operational context

interfaceInstanceIds—collection of InstanceNameId of interfaces

Return Value

A collection of IpAdmissionControlRule with one to one correspondence with the collection given as argument to this API.

getIpDeviceTrackingInNetworkElements

Returns the IP device tracking configurations done in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

•If networkElementIdCol is null or it is empty.

•If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

•If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameId of network elements

Return Value

A collection of IpDeviceTracking objects in network elements.

getLpIpGlobalSettingsInNetworkElements

Returns the LPIP Global Settings configured in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

•If networkElementIdCol is null or it is empty.

•If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

•If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameId of network elements

Return Value

A collection of LpIpGlobalSetting objects representing the global LPIP settings configured in a network element.

getLpIpTrackedDevicesInNetworkElement

Returns a list of LPIP tracked devices.

Parameters

opContext—Operational context

networkElementId—a network element ID

Return Value

A list of LpIpTrackedDeviceStatus.

getLpIpTrackedDevicesInSwitchedNetworkInterface

Returns a list of LPIP tracked devices in the switched network interface.

Parameters

opContext—Operational context

networkElementId—a network element ID of a switched network interface

Return Value

A list of LpIpTrackedDeviceStatus.

getNacHostSessionInSwitchedNetworkInterface

Returns a list of LPIP tracked devices.

Parameters

opContext—Operational context

networkElementId—a network element ID for a switched network interface.

Return Value

A list of NacHostSession for the switched network interface.

modifyClientlessAuthentication

Updates the server with modified clientless authentication configurations.

ValidationException is thrown if any of the following situation occurs:

•If the networkElementId is null or it is not a valid network element InstanceNameId.

•clientlessAuthentication object is null or empty

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element

clientlessAuthentication—Modified ClientlessAuthentication object ClientlessAuthentication

Return Value

void

modifyExceptionListHostsInIdentityProfile

Modifies a given collection collection of ExceptionListHosts configured in an identity profile.

ValidationException is thrown if any of the following situation occurs:

•If identityProfileId is null or it is empty.

•If identityProfileId contains an element that is not of type IdentityProfile InstanceNameId.

•If identityProfileId contains a IdentityProfile that does not exist in the database.

•If exceptionListHostCol

is null or empty.

Parameters

opContext—Operational context

identityProfileId—InstanceNameId of Identity Profile.

exceptionListHostCol—a collection of ExceptionListHost objects that are modified

Return Value

void

modifyIdentityPolicies

Modifies a given collection of identity policies.

ValidationException is thrown if any of the following situation occurs:

•If identityPolicyCol collection is null or it is empty.

•If identityPolicyCol collection contains a IdentityPolicy that does not exist in the database.

Parameters

opContext—Operational context

identityPolicyCol—a collection of IdentityPolicy that are modified by the client.

Return Value

void

modifyIdentityProfiles

Modifies a collection of identity profiles. This modification will address addition, removal and modification of ExceptionListHosts bound to an identity profile. This modification will also address Identity Policy association to each ExceptionListHost. There will be only one IdentityProfile of type EAPoUDP in a network element. Each identity profile in the argument will be corresponding to a different network element.

ValidationException is thrown if any of the following situation occurs:

•If identityProfileCol collection is null or it is empty.

•If identityProfileCol collection contains a IdentityProfile that does not exist in the database.

Parameters

opContext—Operational context

identityProfileCol—a collection of IdentityProfile in a network element. Each identity profile corresponds to a different network element.

Return Value

void

modifyIpAdmissionControlRules

Modifies the given collection of IP Admission Control Rules.

ValidationException is thrown if any of the following situation occurs:

•if the ipAdmissionControlRules Collection is null or empty

•If identityPolicyCol collection contains a IdentityPolicy that does not exist in the database.

Parameters

opContext—Operational context

ipAdmissionControlRuleCol—a collection of IpAdmissionControlRule to be modified.

Return Value

void

modifyIpDeviceTracking

Updates the server with modified device tracking configurations.

ValidationException is thrown if any of the following situation occurs:

•If the argument passed is null or it is not a valid network element InstanceNameId.

•ipDeviceTracking object is null or empty

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element.

ipDeviceTracking—Modified IpDeviceTracking object IpDeviceTracking

Return Value

void

modifyLpIpGlobalSettingsInNetworkElements

Modifies a given collection of LPIP global settings.

ValidationException is thrown if any of the following situation occurs:

•If lpIpGlobalSettingCol collection is null or it is empty.

•If lpIpGlobalSettingCol collection contains an object that is not of type LpIpGlobalSetting.

PropertiesException is thrown if any of the following situation occurs:

•In the lpIpGlobalSettingCol collection, if any attribute in the LpIpGlobalSetting is not valid.

Parameters

opContext—Operational context

lpIpGlobalSettingCol—a collection of LpIpGlobalSetting objects modified

Return Value

void

removeExceptionListHostsFromIdentityProfile

Removes a Exception List host from an identity profile.

ValidationException is thrown if any of the following situation occurs:

•If exemptListHostIdCol collection is null or it is empty.

•If exemptListHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId.

•If exemptListHostIdCol collection contains a ExceptionListHost that does not exist in the database.

•If identityProfileId is null or it is empty.

•If identityProfileId contains an element that is not of type IdentityProfile InstanceNameId.

•If identityProfileId contains a IdentityProfile that does not exist in the database.

Parameters

opContext—Operational context

identityProfileId—InstanceNameId of IdentityProfile object

exceptionListHosts—a collection of InstanceNameId of ExceptionListHost objects

Return Value

void

unbindIdentityPolicyFromExceptionListHosts

Clears an identity policy assigned to a Exception List host.

ValidationException is thrown if any of the following situation occurs:

•If exceptionLishHostIdCol collection is null or it is empty.

•If exceptionLishHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId.

•If exceptionLishHostIdCol collection contains a ExceptionListHost that does not exist in the database.

Parameters

opContext—Operational context

exceptionListHostIdCol—InstanceNameId of the ExceptionListHost object

Return Value

void

	Web Services API Guide, Cisco DCNM for LAN, Release 5.x
	NacLpIpApp Service
Web Services API Guide, Cisco DCNM for LAN, Release 5.x Preface Overview AaaApp Service AclApp Service ClusterApp Service CollectorApp Service CollectorExtendedApp Service ConfigArchiveApp Service ConfigDeliveryApp Service ConfigTemplateApp Service DaiApp Service DataPurgingApp Service DeviceGroupApp Service DevicelistApp Service DhcpSnoopApp Service Dot1xApp Service EtherChanApp Service EventApp Service FabricPathResourcesApp Service FabricPathTopologyApp Service FcApp Service FCoEApp Service FeatureSetApp Service FexApp Service FiPSnoopingApp Service FireWallApp GlbpApp Service HsrpApp Service IgmpSnoopingApp Service ImageInstallApp Service InterfacesApp Services InventoryApp Service IpSourceGuardApp Service KeyChainApp Service L2IsisApp Service LicensingApp Service LogApp Service LstApp Service NacLpIpApp Service Object Group PathLatencyApp ObjTrackingApp Service PollerApp Service PortProfileApp PortSecApp Service PreprovisionApp RbacApp Service RepositoryApp Service SecurityApp Service ServerApp Service ServerAdminApp Service SoftwareApp Service SpanApp Service StpApp Service SVSConnectionApp Service SVSDomainApp Service SwitchProfileApp ThresholdAction Service TrafficStormControlApp Service TunnelApp Service UserApp Service VdcApp Service VlanApp Service VpcApp Service VrfApp Service	Download this chapter NacLpIpApp Service Download the complete book Cisco DCNM Web Services API Guide, Release 5.x (PDF - 3 MB) Feedback Table Of Contents NacLpIpApp Service Information About NacLpIpApp Service addExceptionListHostsToIdentityProfile bindAccessListToIdentityPolicies bindEapOverUdpValidationToNetworkInterfaces bindIdentityPolicyToExceptionListHosts bindIdentityPolicyToExceptionListHostsByName bindIpAdmissionControlRulesToNetworkInterfaces clearIpAdmissionControlRuleFromInterfaces createIdentityPoliciesInNetworkElement createIdentityProfile createIpAdmissionControlRulesInNetworkElement deleteAllAdmissionControlRulesInNetworkElement deleteAllIdentityPoliciesInNetworkElement deleteIdentityPolicies deleteIdentityProfileFromNetworkElement deleteIpAdmissionControlRules disableClientlessAuthenticationInNetworkElements disableIpDeviceTrackingInNetworkElements disableNacService enableClientlessAuthenticationInNetworkElements enableIpDeviceTrackingInNetworkElements enableNacService getAdmissionControlRulesInNetworkElement getAllNacHostSessionInNetworkElement getClientlessAuthenticationInNetworkElements getEapOudpValidationSettingInInterfaces getExceptionListHostsInIdentityProfile getIdentityPoliciesInNetworkElement getIdentityPolicyForExceptionListHost getIdentityProfilesInNetworkElement getInterfacesUsingIpAdmissionControlRule getIpAdmissionControlRuleAppliedOnInterfaces getIpDeviceTrackingInNetworkElements getLpIpGlobalSettingsInNetworkElements getLpIpTrackedDevicesInNetworkElement getLpIpTrackedDevicesInSwitchedNetworkInterface getNacHostSessionInSwitchedNetworkInterface modifyClientlessAuthentication modifyExceptionListHostsInIdentityProfile modifyIdentityPolicies modifyIdentityProfiles modifyIpAdmissionControlRules modifyIpDeviceTracking modifyLpIpGlobalSettingsInNetworkElements removeExceptionListHostsFromIdentityProfile unbindIdentityPolicyFromExceptionListHosts NacLpIpApp Service This chapter describes the DCNM web services' API methods for the NacLpIpApp service. Information About NacLpIpApp Service NacLpIpApp allows a host that is seeking network access to have an up-to-date virus signature set, the most current operating system patches, and to be free from infection. This enforcement, called posture validation, limits damage to the network from viruses, worms, and spyware. Hosts that pass posture validation will be granted access to the network. Hosts that fail posture validation will be either denied access or provided restricted access that is sufficient for remediation. The remediation server has a repository of updates for antivirus software and security patches. Hosts that fail posture validation are forwarded to this remediation server to enable them to download or upgrade antivirus software and operating system security patches. NAC APIs are defined with the following categories: 1. Query and Get APIs—Query data from the persisted database. 2. Create APIs—Create a new Policy, Profile, or ExemptedHost. 3. Modify APIs—Modify a Policy, Profile, or ExemptedHost. 4. Delete APIs—Delete a Policy or Profile. 5. Bind and Unbind APIs—Bind or unbind the association between two features. 6. Add and Remove APIs—Add or remove the association between two features. addExceptionListHostsToIdentityProfile Adds Exception List hosts to identity policy. ValidationException is thrown if any of the following situation occurs: •If exceptionListHostCol collection is null or it is empty. •If exceptionListHostCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId. •If identityProfileId is null or it is empty. •If identityProfileId contains an element that is not of type IdentityProfile InstanceNameId. •If identityProfileId contains a IdentityProfile that does not exist in the database. Parameters opContext—Operational context identityProfileId—InstanceNameId of IdentityProfile object exceptionListHostCol—a collection of ExceptionListHost objects Return Value void bindAccessListToIdentityPolicies Assigns an access list to a collection of identity policies. For an access list to be bound to an identity policy, name of the list is sufficient. The access list need not have been configured in the device. This API addresses this pre-provisioning configuration. Network element InstanceNameId can be obtained from identityPolicyIds. ValidationException is thrown if any of the following situation occurs: •If identityPolicyIdCol collection is null or it is empty. •If identityPolicyIdCol collection contains an element that is not of type IdentityPolicy InstanceNameId. •If identityPolicyIdCol collection contains a IdentityPolicy that does not exist in the database. •If aclName is null or it is empty. Parameters opContext—Operational context aclName—Name of the IP Access List identityPolicyIdCol—a collection of InstanceNameId of identity policies Return Value void bindEapOverUdpValidationToNetworkInterfaces Applies the given EapOUdpValidation object to a given set of interfaces. * ValidationException is thrown if any of the following situation occurs: •If interfaceNameIdCol collection is null or it is empty. •If interfaceNameIdCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId. •If interfaceNameIdCol collection contains a SwitchedNetworkInterface that does not exist in the database. •If eapOudpValidation is null or it is empty. Parameters opContext—Operational context eapOudpValidation—EapOudpValidation object to be applied to a collection of interfaces. interfaceNameIdCol—InstanceNameId of the interfaces to which the EapOudpValidation have to be applied. Return Value void bindIdentityPolicyToExceptionListHosts Assigns a given identity poilcy to a given collection of statically configured exception list hosts. ValidationException is thrown if any of the following situation occurs: •If exceptionLishHostIdCol collection is null or it is empty. •If exceptionLishHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId. •If exceptionLishHostIdCol collection contains a ExceptionListHost that does not exist in the database. •If identityPolicyId is null or it is empty. •If identityPolicyId contains an element that is not of type IdentityPolicy InstanceNameId. •If identityPolicyId contains a IdentityPolicy that does not exist in the database. Parameters opContext—Operational context identityPolicyId—InstanceNameId of IdentityPolicy exceptionLishHostIdCol—a collection of InstanceNameId of ExceptionListHost Return Value void bindIdentityPolicyToExceptionListHostsByName Assigns pre-provisioned identity policy to a collection of exception list hosts. For Identity policy to be bound to a collection of exception list hosts, identity policy need not have been configured in the device. This API addresses this pre-provisioning configuration. ValidationException is thrown if any of the following situation occurs: •If exceptionListHostIdCol collection is null or it is empty. •If exceptionListHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId. •If exceptionListHostIdCol collection contains a ExceptionListHost that does not exist in the database. •If policyName is null or it is empty. Parameters opContext—Operational context policyName—Name of the IdentityPolicy. This policy need not have been configured in the device. exceptionListHostIdCol—a collection of InstanceNameId of ExceptionListHost Return Value void bindIpAdmissionControlRulesToNetworkInterfaces Applies an IP admission control rule on a collection of Switched Network interfaces. ValidationException is thrown if any of the following situation occurs: •If interfaceNameIdCol collection is null or it is empty. •If interfaceNameIdCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId. •If interfaceNameIdCol collection contains a IpAdmissionControlRule that does not exist in the database. •If ipAdmissionControlRuleId is null or it is empty. •If ipAdmissionControlRuleId contains an element that is not of type IpAdmissionControlRule InstanceNameId. •If ipAdmissionControlRuleId contains a IpAdmissionControlRule that does not exist in the database. Parameters opContext—Operational context ipAdmissionControlRuleId—InstanceNameId of the IpAdmissionControlRule to be applied on a set of interfaces interfaceNameIdCol—a collection of InstanceNameId of interfaces on which the given IP admission control rule has to be applied. Return Value void clearIpAdmissionControlRuleFromInterfaces Clears the given IP admission control rule applied on a collection of interfaces. ValidationException is thrown if any of the following situation occurs: •If interfaceNameIdCol is null or it is empty. •If interfaceNameIdCol contains invalid Switched Network Interface InstanceNameId or null value. •If there is no equivalent Switched Network Interfaces object with the given InstanceNameId in the interfaceNameIdCol. Parameters opContext—Operational context interfaceNameIdCol—a collection of InstanceNameIds of interfaces from which the given IP admission control rule has to be cleared Return Value void createIdentityPoliciesInNetworkElement Creates a collection of identity policies in a network element. ValidationException is thrown if any of the following situation occurs: •If the networkElementId is null or it is not a valid network element InstanceNameId. •If identityPoliciyCol collection is null or empty. •If identityPoliciyCol collection has the existing identity policy name Parameters opContext—Operational context networkElementId—InstanceNameId of network element in which the identity policies have to be created. identityPoliciyCol—a collection of IdentityPolicy to be created. Return Value void createIdentityProfile Creates an identity profile in a network element. ValidationException is thrown if any of the following situation occurs: •If the argument passed is null or it is not a valid network element InstanceNameId. •If identityProfile is null or empty. Parameters opContext—Operational context networkElementId—InstanceNameId of the network element identityProfile—IdentityProfile object Return Value InstanceNameId of the created identity profile createIpAdmissionControlRulesInNetworkElement Creates the given IP Admssion Control Rules in a Network Element. ValidationException is thrown if any of the following situation occurs: •If the argument passed is null or it is not a valid network element InstanceNameId. •If ipAdmissionControlRules collection is null or empty. •If ipAdmissionControlRules collection has the existing ip admission control name •If ip admission control name length is more than 128 characters. Parameters opContext—Operational context networkElementId—InstanceNameId of the network element in which rules will be created. ipAdmissionControlRules—a collection of IpAdmssion Control Rules Return Value A collection of InstanceNameIds of the created rules. deleteAllAdmissionControlRulesInNetworkElement Deletes all the IP admission control rules configured in a given network element. ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId. Parameters opContext—Operational context networkElementId—InstanceNameId of the network element Return Value void deleteAllIdentityPoliciesInNetworkElement Deletes all the Identity policies in a given network element. ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId. Parameters opContext—Operational context networkElementId—InstanceNameId of the network element in which identity policies have to be deleted. Return Value void deleteIdentityPolicies Deletes a given collection of Identity policies. ValidationException is thrown if any of the following situation occurs: •If identityPolicyIdCol collection is null or it is empty. •If identityPolicyIdCol collection contains an element that is not of type IdentityPolicy InstanceNameId. •If identityPolicyIdCol collection contains a IdentityPolicy that does not exist in the database. Parameters opContext—Operational context identityPolicyIdCol—InstanceNameIds of identity policies to be deleted. Return Value void deleteIdentityProfileFromNetworkElement Deletes an identity profile configured in a given network element. ValidationException is thrown if any of the following situation occurs: •If identityProfileId is null or it is empty. •If identityProfileId contains an element that is not of type IpAdmissionControlRule InstanceNameId. •If identityProfileId contains a IpAdmissionControlRule that does not exist in the database. Parameters opContext—Operational context identityProfileId—InstanceNameId of the identity profile to be deleted Return Value void deleteIpAdmissionControlRules Deletes the given collection of IP Admission Control Rules. ValidationException is thrown if any of the following situation occurs: •If ipAdmissionControlRuleIdCol collection is null or it is empty. •If ipAdmissionControlRuleIdCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId. •If ipAdmissionControlRuleIdCol collection contains a IpAdmissionControlRule that does not exist in the database. Parameters opContext—Operational context ipAdmissionControlRuleIdCol—a collection of InstanceNameId of IpAdmissionControlRule to be deleted. Return Value void disableClientlessAuthenticationInNetworkElements Disable clientless authentication feature in a collection of network elements. ValidationException is thrown if any of the following situation occurs: •If networkElementIdCol is null or it is empty. •If networkElementIdCol contains invalid Network Element InstanceNameId or null value. •If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol. Parameters opContext—Operational context networkElementIds—a collection of InstanceNameId of network elements in which ClientlessAuthentication has to be disabled. Return Value void disableIpDeviceTrackingInNetworkElements Disables IP device tracking features in a collection of network elements. ValidationException is thrown if any of the following situation occurs: •If networkElementIdCol is null or it is empty. •If networkElementIdCol contains invalid Network Element InstanceNameId or null value. •If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol. Parameters opContext—Operational context networkElementIdCol—a collection of InstanceNameIds of network elements in which device tracking feature has to be disabled. Return Value void disableNacService Disables Nac Service in a InstanceNameId network element. Service Enabling/Disabling is supported in NX-OS platform. If this API is called with the network elements of Cat6k platform then FeatureException will be thrown. ValidationException is thrown if any of the following situation occurs: 1. If neInstanceNameIdCol is null. 2. If neInstanceNameIdCol does not contain a valid network element InstanceNameId. 3. If the network element does not exist in the database. Parameters opContext—TODO neInstanceNameIdCol—- A collection of InstanceNameId of the network elements. Return Value void enableClientlessAuthenticationInNetworkElements Enables clientless authentication feature in a collection of network elements. ValidationException is thrown if any of the following situation occurs: •If networkElementIdCol is null or it is empty. •If networkElementIdCol contains invalid Network Element InstanceNameId or null value. •If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol. Parameters opContext—Operational context networkElementIdCol—a collection of InstanceNameId of network elements in which ClientlessAuthentication has to be enabled. Return Value void enableIpDeviceTrackingInNetworkElements Enables IP device tracking feature in a collection of network elements. ValidationException is thrown if any of the following situation occurs: •If networkElementIdCol is null or it is empty. •If networkElementIdCol contains invalid Network Element InstanceNameId or null value. •If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol. Parameters opContext—Operational context networkElementIdCol—a collection of InstanceNameId of network elements in which device tracking feature has to be enabled. Return Value void enableNacService Enables Nac Service in a InstanceNameId network element. Service Enabling/Disabling is supported in NX-OS platform. If this API is called with the network elements of Cat6k platform then FeatureException will be thrown. ValidationException is thrown if any of the following situation occurs: 1. If neInstanceNameIdCol is null. 2. If neInstanceNameIdCol does not contain a valid network element InstanceNameId. 3. If the network element does not exist in the database. Parameters opContext—TODO neInstanceNameIdCol—- A collection of InstanceNameId of the network elements. Return Value void getAdmissionControlRulesInNetworkElement Returns all the IP admission control rules configured in a given network element. ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId. Parameters opContext—Operational context networkElementId—instance id of the given network element. Return Value A collection of IP Admission Control Rules. This collection will hold objects on type IpAdmissionControlRule getAllNacHostSessionInNetworkElement Returns the list of NAC host sessions in the network element. Parameters opContext—Operational context networkElementId—a network element. Return Value void getClientlessAuthenticationInNetworkElements Returns the clientless authentication configurations done in a collection of network elements. ValidationException is thrown if any of the following situation occurs: •If networkElementIdCol is null or it is empty. •If networkElementIdCol contains invalid Network Element InstanceNameId or null value. •If there is no equivalent Network Element object with the given InstanceNameId in the networkElementIdCol. Parameters opContext—Operational context networkElementIdCol—a collection of InstanceNameId of network elements. Return Value A collection of ClientlessAuthentication objects representing the clientless authentication feature configured in network element. getEapOudpValidationSettingInInterfaces Returns the EAPoUDP protocol parameters configured in a given collection of interfaces. ValidationException is thrown if any of the following situation occurs: •If interfaceNameIds is null or it is empty. •If interfaceNameIds contains invalid Switched Network Interface InstanceNameId or null value. •If there is no equivalent Switched Network Interfaces object with the given InstanceNameId in the interfaceNameIds. Parameters opContext—Operational context interfaceNameIds—a collection of InstanceNameIds of switched network interfaces whose EAPoUDP parameters will be returned. Return Value A collection of EapOUdpValidation objects representing the EAPoUDP parameters configured. getExceptionListHostsInIdentityProfile Gets a collection of exempted hosts associated with a given identity profile. ValidationException is thrown if any of the following situation occurs: •If identityProfileId is null or it is empty. •If identityProfileId contains invalid identity profile InstanceNameId or null value. •If there is no equivalent identity profile object with the given InstanceNameId in the identityProfileId. Parameters opContext—Operational context identityProfile—InstanceNameId of identity profile Return Value A collection of exempted hosts associated with the identity profile. Returned collection will hold objects of type com.cisco.dcbu.dcm.model.nac.ExemptedHost getIdentityPoliciesInNetworkElement Returns a collection of identity policies configured in a given network element. ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId. Parameters opContext—Operational context networkElementId—instance id of network element Return Value A collection of identitiy policies configured in the network element. The returned collection will hold objects of type IdentityPolicy getIdentityPolicyForExceptionListHost Returns the identity policy assigned to a exempted list host. ValidationException is thrown if any of the following situation occurs: •If exemptHostInstanceNameIdCol is null or it is empty. •If exemptHostInstanceNameIdCol contains invalid exempted list host InstanceNameId or null value. •If there is no equivalent exempted list host object with the given InstanceNameId in the exemptHostInstanceNameIdCol. Parameters opContext—* @param exemptHostInstanceNameIdCol instance id of ExemptedHost. Return Value Identity policy configured for the given exempted host IdentityPolicy getIdentityProfilesInNetworkElement Returns all the identity profiles configured in a network element. Returned list size will be one for data center, since NX-OS supports only EapoUdp. ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId. Parameters opContext—Operational context networkElementId—InstanceNameId of network element Return Value A collection of identity profiles configured in the given network element. Collection returned will hold objects of type IdentityProfile getInterfacesUsingIpAdmissionControlRule Returns a collection of interfaces on which a given IP admission control rule is applied. ValidationException is thrown if the argument passed is null or it is not a valid ip admission control rule InstanceNameId. Parameters opContext—Operational context ipAdmissionControlRule—InstanceNameId of IP admission control rule Return Value A collection of interfaces on which the given IP admission control is applied. This collection will have objects of type SwitchedNetworkInterface getIpAdmissionControlRuleAppliedOnInterfaces Returns the collection of IP Admission Control Rule applied on interfaces. This API is applicable for Catalyst 6500 switch and is not applicable for DC3. For DC3, this API throws validation exception. If a particular interface does not have IP Admission control rule, the API populates NULL value in the returned collection for that interface. ValidationException is thrown if the argument passed is null or it is not a valid switched network interface InstanceNameId. Parameters opContext—Operational context interfaceInstanceIds—collection of InstanceNameId of interfaces Return Value A collection of IpAdmissionControlRule with one to one correspondence with the collection given as argument to this API. getIpDeviceTrackingInNetworkElements Returns the IP device tracking configurations done in a collection of network elements. ValidationException is thrown if any of the following situation occurs: •If networkElementIdCol is null or it is empty. •If networkElementIdCol contains invalid Network Element InstanceNameId or null value. •If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol. Parameters opContext—Operational context networkElementIdCol—a collection of InstanceNameId of network elements Return Value A collection of IpDeviceTracking objects in network elements. getLpIpGlobalSettingsInNetworkElements Returns the LPIP Global Settings configured in a collection of network elements. ValidationException is thrown if any of the following situation occurs: •If networkElementIdCol is null or it is empty. •If networkElementIdCol contains invalid Network Element InstanceNameId or null value. •If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol. Parameters opContext—Operational context networkElementIdCol—a collection of InstanceNameId of network elements Return Value A collection of LpIpGlobalSetting objects representing the global LPIP settings configured in a network element. getLpIpTrackedDevicesInNetworkElement Returns a list of LPIP tracked devices. Parameters opContext—Operational context networkElementId—a network element ID Return Value A list of LpIpTrackedDeviceStatus. getLpIpTrackedDevicesInSwitchedNetworkInterface Returns a list of LPIP tracked devices in the switched network interface. Parameters opContext—Operational context networkElementId—a network element ID of a switched network interface Return Value A list of LpIpTrackedDeviceStatus. getNacHostSessionInSwitchedNetworkInterface Returns a list of LPIP tracked devices. Parameters opContext—Operational context networkElementId—a network element ID for a switched network interface. Return Value A list of NacHostSession for the switched network interface. modifyClientlessAuthentication Updates the server with modified clientless authentication configurations. ValidationException is thrown if any of the following situation occurs: •If the networkElementId is null or it is not a valid network element InstanceNameId. •clientlessAuthentication object is null or empty Parameters opContext—Operational context networkElementId—InstanceNameId of the network element clientlessAuthentication—Modified ClientlessAuthentication object ClientlessAuthentication Return Value void modifyExceptionListHostsInIdentityProfile Modifies a given collection collection of ExceptionListHosts configured in an identity profile. ValidationException is thrown if any of the following situation occurs: •If identityProfileId is null or it is empty. •If identityProfileId contains an element that is not of type IdentityProfile InstanceNameId. •If identityProfileId contains a IdentityProfile that does not exist in the database. •If exceptionListHostCol is null or empty. Parameters opContext—Operational context identityProfileId—InstanceNameId of Identity Profile. exceptionListHostCol—a collection of ExceptionListHost objects that are modified Return Value void modifyIdentityPolicies Modifies a given collection of identity policies. ValidationException is thrown if any of the following situation occurs: •If identityPolicyCol collection is null or it is empty. •If identityPolicyCol collection contains a IdentityPolicy that does not exist in the database. Parameters opContext—Operational context identityPolicyCol—a collection of IdentityPolicy that are modified by the client. Return Value void modifyIdentityProfiles Modifies a collection of identity profiles. This modification will address addition, removal and modification of ExceptionListHosts bound to an identity profile. This modification will also address Identity Policy association to each ExceptionListHost. There will be only one IdentityProfile of type EAPoUDP in a network element. Each identity profile in the argument will be corresponding to a different network element. ValidationException is thrown if any of the following situation occurs: •If identityProfileCol collection is null or it is empty. •If identityProfileCol collection contains a IdentityProfile that does not exist in the database. Parameters opContext—Operational context identityProfileCol—a collection of IdentityProfile in a network element. Each identity profile corresponds to a different network element. Return Value void modifyIpAdmissionControlRules Modifies the given collection of IP Admission Control Rules. ValidationException is thrown if any of the following situation occurs: •if the ipAdmissionControlRules Collection is null or empty •If identityPolicyCol collection contains a IdentityPolicy that does not exist in the database. Parameters opContext—Operational context ipAdmissionControlRuleCol—a collection of IpAdmissionControlRule to be modified. Return Value void modifyIpDeviceTracking Updates the server with modified device tracking configurations. ValidationException is thrown if any of the following situation occurs: •If the argument passed is null or it is not a valid network element InstanceNameId. •ipDeviceTracking object is null or empty Parameters opContext—Operational context networkElementId—InstanceNameId of the network element. ipDeviceTracking—Modified IpDeviceTracking object IpDeviceTracking Return Value void modifyLpIpGlobalSettingsInNetworkElements Modifies a given collection of LPIP global settings. ValidationException is thrown if any of the following situation occurs: •If lpIpGlobalSettingCol collection is null or it is empty. •If lpIpGlobalSettingCol collection contains an object that is not of type LpIpGlobalSetting. PropertiesException is thrown if any of the following situation occurs: •In the lpIpGlobalSettingCol collection, if any attribute in the LpIpGlobalSetting is not valid. Parameters opContext—Operational context lpIpGlobalSettingCol—a collection of LpIpGlobalSetting objects modified Return Value void removeExceptionListHostsFromIdentityProfile Removes a Exception List host from an identity profile. ValidationException is thrown if any of the following situation occurs: •If exemptListHostIdCol collection is null or it is empty. •If exemptListHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId. •If exemptListHostIdCol collection contains a ExceptionListHost that does not exist in the database. •If identityProfileId is null or it is empty. •If identityProfileId contains an element that is not of type IdentityProfile InstanceNameId. •If identityProfileId contains a IdentityProfile that does not exist in the database. Parameters opContext—Operational context identityProfileId—InstanceNameId of IdentityProfile object exceptionListHosts—a collection of InstanceNameId of ExceptionListHost objects Return Value void unbindIdentityPolicyFromExceptionListHosts Clears an identity policy assigned to a Exception List host. ValidationException is thrown if any of the following situation occurs: •If exceptionLishHostIdCol collection is null or it is empty. •If exceptionLishHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId. •If exceptionLishHostIdCol collection contains a ExceptionListHost that does not exist in the database. Parameters opContext—Operational context exceptionListHostIdCol—InstanceNameId of the ExceptionListHost object Return Value void
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks