|
| 1 | +--- |
| 2 | +title: Delete ACLs associated to network-to-network interconnects (NNI) |
| 3 | +description: Process of deleting ACLs to network-to-network interconnects (NNI) |
| 4 | +author: sushantjrao |
| 5 | +ms.author: sushrao |
| 6 | +ms.service: azure-operator-nexus |
| 7 | +ms.topic: how-to |
| 8 | +ms.date: 04/18/2024 |
| 9 | +ms.custom: template-how-to |
| 10 | +--- |
| 11 | + |
| 12 | + |
| 13 | +To delete ACLs applied on NNI or External Network resources, pass a null value to `--ingress-acl-id` and `--egress-acl-id`. |
| 14 | + |
| 15 | +1. Update the NNI or External Network by passing a null ID to `--ingress-acl-id` and `--egress-acl-id`. |
| 16 | + |
| 17 | +```Azure CLI |
| 18 | +az networkfabric nni update --resource-group "<resource-group-name>" --resource-name "<nni-name>" --fabric "<fabric-name>" --ingress-acl-id null --egress-acl-id null |
| 19 | +``` |
| 20 | + |
| 21 | +| Parameter | Description | |
| 22 | +|----------------------|--------------------------------------------------------------------------------------------------| |
| 23 | +| `--resource-group` | Name of the resource group containing the network fabric instance. | |
| 24 | +| `--resource-name` | Name of the network fabric NNI (Network-to-Network Interface) to be updated. | |
| 25 | +| `--fabric` | Name of the fabric where the NNI is provisioned. | |
| 26 | +| `--ingress-acl-id` | Resource ID of the ingress access control list (ACL) for inbound traffic (null for no specific ACL). | |
| 27 | +| `--egress-acl-id` | Resource ID of the egress access control list (ACL) for outbound traffic (null for no specific ACL). | |
| 28 | + |
| 29 | +> [!NOTE] |
| 30 | +> Based on requirements, either the Ingress, Egress, or both can be updated. |
| 31 | +
|
| 32 | +2. Execute `fabric commit-configuration`. |
| 33 | + |
| 34 | +```Azure CLI |
| 35 | +az networkfabric fabric commit-configuration --resource-group "<resource-group>" --resource-name "<fabric-name>" |
| 36 | +``` |
| 37 | + |
| 38 | +| Parameter | Description | |
| 39 | +|------------------|--------------------------------------------------------------| |
| 40 | +| `--resource-group` | The name of the resource group containing the Nexus Network Fabric. | |
| 41 | +| `--resource-name` | The name of the Nexus Network Fabric to which the configuration changes will be committed. | |
| 42 | + |
| 43 | +4. Verify the changes using the `resource list` command. |
| 44 | + |
| 45 | + |
| 46 | +### Deleting ACL Associations from NNI |
| 47 | + |
| 48 | +To disassociate only the egress ACL from an NNI, use the following command: |
| 49 | + |
| 50 | +```Azure CLI |
| 51 | +az networkfabric nni update --resource-group "example-rg" --resource-name "example-nni" --fabric "example-fabric" --egress-acl-id null |
| 52 | +``` |
| 53 | + |
| 54 | +Example Output: |
| 55 | + |
| 56 | +```Output |
| 57 | +{ |
| 58 | + "administrativeState": "Enabled", |
| 59 | + "configurationState": "Accepted", |
| 60 | + "id": "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/microsoft.managednetworkfabric/networkfabrics/examplefabric/networkToNetworkInterconnects/example-nni", |
| 61 | + "ingressAclId": "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/microsoft.managednetworkfabric/accessControlLists/ingress-acl-1", |
| 62 | + "isManagementType": "True", |
| 63 | + "layer2Configuration": { |
| 64 | + "interfaces": [ |
| 65 | + "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/Microsoft.ManagedNetworkFabric/networkDevices/examplefabric-AggrRack-CE1/networkInterfaces/Ethernet1-1", |
| 66 | + "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/Microsoft.ManagedNetworkFabric/networkDevices/examplefabric-AggrRack-CE1/networkInterfaces/Ethernet2-1", |
| 67 | + "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/Microsoft.ManagedNetworkFabric/networkDevices/examplefabric-AggrRack-CE2/networkInterfaces/Ethernet1-1", |
| 68 | + "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/Microsoft.ManagedNetworkFabric/networkDevices/examplefabric-AggrRack-CE2/networkInterfaces/Ethernet2-1" |
| 69 | + ], |
| 70 | + "mtu": 1500 |
| 71 | + }, |
| 72 | + "name": "example-nni", |
| 73 | + "nniType": "CE", |
| 74 | + "optionBLayer3Configuration": { |
| 75 | + "fabricASN": 65025, |
| 76 | + "peerASN": 65025, |
| 77 | + "primaryIpv4Prefix": "10.29.0.8/30", |
| 78 | + "primaryIpv6Prefix": "fda0:d59c:df01::4/127", |
| 79 | + "secondaryIpv4Prefix": "10.29.0.12/30", |
| 80 | + "secondaryIpv6Prefix": "fda0:d59c:df01::6/127", |
| 81 | + "vlanId": 501 |
| 82 | + }, |
| 83 | + "provisioningState": "Succeeded", |
| 84 | + "resourceGroup": "examplerg", |
| 85 | + "systemData": { |
| 86 | + "createdAt": "2023-08-07T20:40:53.9288589Z", |
| 87 | + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", |
| 88 | + "createdByType": "Application", |
| 89 | + "lastModifiedAt": "2024-03-21T11:26:38.5785124Z", |
| 90 | + "lastModifiedBy": "[email protected]", |
| 91 | + "lastModifiedByType": "User" |
| 92 | + }, |
| 93 | + "type": "microsoft.managednetworkfabric/networkfabrics/networktonetworkinterconnects", |
| 94 | + "useOptionB": "True" |
| 95 | +} |
| 96 | +``` |
| 97 | + |
| 98 | +To disassociate both egress and ingress ACLs from an NNI, use the following command: |
| 99 | + |
| 100 | +```Azure CLI |
| 101 | +az networkfabric nni update --resource-group "example-rg" --resource-name "example-nni" --fabric "example-fabric" --egress-acl-id null --ingress-acl-id null |
| 102 | +``` |
| 103 | + |
| 104 | +These commands allow for the disassociation of ACLs from NNIs within the specified Nexus Network Fabric. Ensure to replace placeholders with actual resource group and NNI names for accurate execution. |
| 105 | + |
0 commit comments