Meraki

Community

L3 Firewall Update API automatically converting IP to CIDR

Solved
Craiegg
Getting noticed
‎Jan 18 2021 5:05 PM
‎Jan 18 2021 5:05 PM

L3 Firewall Update API automatically converting IP to CIDR

Hello all,

I am trying to update the L3 Firewall rules of a particular network via API for testing purposes, however whenever I enter the IP address I want in the Source and Destination it gets automatically converted to IP/subnet.

I have tested it with both v0 and v1 using Postman. Attaching the screenshot reference and the JSON data being passed to the API below. Do I need to switch the key from srcCidr to srcAddr and destCidr to destAddr? Any suggestions would be appreciated

Craiegg_0-1611018181634.png

 
  "rules": [
    {
        "comment""Default rule",
        "policy""allow",
        "protocol""Any",
        "srcPort""Any",
        "srcCidr""Any",
        "destPort""Any",
        "destCidr""Any",
        "syslogEnabled"false
    },
    {
        "comment""Testing rule",
        "policy""allow",
        "protocol""Any",
        "srcPort""Any",
        "srcCidr""192.168.128.56",
        "destPort""Any",
        "destCidr""2.2.2.9",
        "syslogEnabled"false   
    }
  ]
}
Labels:
0 Kudos
1 Accepted Solution
bmehta
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Jan 18 2021 8:58 PM
‎Jan 18 2021 8:58 PM

Hello @Craiegg 
In the dashboard configuration it does take only IP without subnet details. If on API it doesn't take only IP as an option the I believe this issue can be reported. However, for more information how does it converting to IP/subnet affecting your creating an issue. Thanks in advance.

View solution in original post

0 Kudos
4 Replies 4
bmehta
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Jan 18 2021 8:58 PM
‎Jan 18 2021 8:58 PM

Hello @Craiegg 
In the dashboard configuration it does take only IP without subnet details. If on API it doesn't take only IP as an option the I believe this issue can be reported. However, for more information how does it converting to IP/subnet affecting your creating an issue. Thanks in advance.

0 Kudos
In response to bmehta
Craiegg
Getting noticed
‎Jan 19 2021 4:35 PM
‎Jan 19 2021 4:35 PM

Hello @bmehta , @PhilipDAth@Bruce 

Thank you for all your responses and suggestions.

Yes, there is no issue with the subnet being added. I was actually wondering if there was a change in the API, as when I used it last month, it took the IP address as is without conversion ( hence the query here ) . 

However, I agree with all your suggestions of it not affecting anything if the subnet being added.

@bmehta  I will report this issue as it does not take only IP and always converts to subnet.

Thanks everyone.
Cheers,
Craig.

0 Kudos
Bruce
Kind of a big deal
‎Jan 18 2021 10:06 PM
‎Jan 18 2021 10:06 PM

I may be completely off track here, but if you're trying to specify a host for those two fields have you tried using the 'subnet mask' of /32, (i.e. 255.255.255.255), which is generally used to specify a host. For example, "srcCidr": "192.168.128.56/32" and "destCidr": "2.2.2.9/32".

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 19 2021 1:47 PM
‎Jan 19 2021 1:47 PM

192.168.128.56 and 192.168.128.56/32 are exactly the same thing.  /32 means it is a host IP address.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.