Cisco ACI で Common に定義しておきたい「よく使う Filter」

Cisco ACI ではどの Tenant でも利用するであろう、汎用性の高い Filter は Common Tenant で定義しておくと便利です。そこで汎用性の高そうな Filter を定義する .xml ファイルを用意してみました。 uni/tn-common へ Post すれば利用可能なはずです。 また、Filter 名は全てアルファベット大文字にしています。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
<?xml version="1.0" encoding="UTF-8"?>
<imdata totalCount="1">
  <fvTenant annotation="" descr="" dn="uni/tn-common" name="common" nameAlias="" ownerKey="" ownerTag="">
    <vzFilter annotation="" descr="" name="ANY" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="unspecified" dToPort="unspecified" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="unspecified" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="ARP" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="unspecified" dToPort="unspecified" descr="" etherT="arp" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="unspecified" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="DNS" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="dns" dToPort="dns" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="udp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="ESTABLISHED" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="unspecified" dToPort="unspecified" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules="est"/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="HTTP" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="http" dToPort="http" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="HTTPS" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="https" dToPort="https" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="ICMP" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="unspecified" dToPort="unspecified" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="icmp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="IMAP" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="143" dToPort="143" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="LDAP" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="389" dToPort="389" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="LDAPS" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="636" dToPort="636" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="NTP" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="123" dToPort="123" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="udp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="POP3" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="pop3" dToPort="pop3" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="SMTP" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="smtp" dToPort="smtp" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="SSH" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="22" dToPort="22" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="SUBMISSION" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="587" dToPort="587" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
    <vzFilter annotation="" descr="" name="TELNET" nameAlias="" ownerKey="" ownerTag="">
      <vzEntry annotation="" applyToFrag="no" arpOpc="unspecified" dFromPort="23" dToPort="23" descr="" etherT="ip" icmpv4T="unspecified" icmpv6T="unspecified" matchDscp="unspecified" name="Entry-01" nameAlias="" prot="tcp" sFromPort="unspecified" sToPort="unspecified" stateful="no" tcpRules=""/>
    </vzFilter>
  </fvTenant>
</imdata>