|
| 1 | +--- |
| 2 | +title: Delete ACLs associated with Network-to-Network Interconnects (NNI) |
| 3 | +description: Process of deleting ACLs associated with Network-to-Network Interconnects (NNI) |
| 4 | +author: sushantjrao |
| 5 | +ms.author: sushrao |
| 6 | +ms.service: azure-operator-nexus |
| 7 | +ms.topic: how-to |
| 8 | +ms.date: 04/18/2024 |
| 9 | +ms.custom: template-how-to |
| 10 | +--- |
| 11 | + |
| 12 | +# Deleting ACLs associated with Network-to-Network Interconnects (NNI) |
| 13 | + |
| 14 | +This document outlines the process of deleting Access Control Lists (ACLs) associated with Network-to-Network Interconnects (NNIs) within a Nexus Network Fabric. |
| 15 | + |
| 16 | +[!INCLUDE [azure-cli-prepare-your-environment.md](~/reusable-content/azure-cli/azure-cli-prepare-your-environment.md)] |
| 17 | + |
| 18 | +1. **Set subscription (if necessary):** |
| 19 | + |
| 20 | +If you have multiple subscriptions and need to set one as the default, you can do so with: |
| 21 | + |
| 22 | +```Azure CLI |
| 23 | +az account set --subscription <subscription-id> |
| 24 | +``` |
| 25 | + |
| 26 | +2. **Delete ACLs associated with NNI:** |
| 27 | + |
| 28 | +To delete ACLs applied on NNI or External Network resources, pass a null value to `--ingress-acl-id` and `--egress-acl-id`. |
| 29 | + |
| 30 | +```Azure CLI |
| 31 | +az networkfabric nni update --resource-group "<resource-group-name>" --resource-name "<nni-name>" --fabric "<fabric-name>" --ingress-acl-id null --egress-acl-id null |
| 32 | +``` |
| 33 | + |
| 34 | +| Parameter | Description | |
| 35 | +|----------------------|--------------------------------------------------------------------------------------------------| |
| 36 | +| `--resource-group` | Name of the resource group containing the network fabric instance. | |
| 37 | +| `--resource-name` | Name of the network fabric NNI (Network-to-Network Interface) to be updated. | |
| 38 | +| `--fabric` | Name of the fabric where the NNI is provisioned. | |
| 39 | +| `--ingress-acl-id` | Resource ID of the ingress access control list (ACL) for inbound traffic (null for no specific ACL). | |
| 40 | +| `--egress-acl-id` | Resource ID of the egress access control list (ACL) for outbound traffic (null for no specific ACL). | |
| 41 | + |
| 42 | +> [!NOTE] |
| 43 | +> Based on requirements, either the Ingress, Egress, or both can be updated. |
| 44 | +
|
| 45 | +3. **Fabric commit configuration changes:** |
| 46 | + |
| 47 | +Execute `fabric commit-configuration` to commit the configuration changes. |
| 48 | + |
| 49 | +```Azure CLI |
| 50 | +az networkfabric fabric commit-configuration --resource-group "<resource-group>" --resource-name "<fabric-name>" |
| 51 | +``` |
| 52 | + |
| 53 | +| Parameter | Description | |
| 54 | +|------------------|--------------------------------------------------------------| |
| 55 | +| `--resource-group` | The name of the resource group containing the Nexus Network Fabric. | |
| 56 | +| `--resource-name` | The name of the Nexus Network Fabric to which the configuration changes will be committed. | |
| 57 | + |
| 58 | +4. **Verify changes:** |
| 59 | + |
| 60 | +Verify the changes using the `resource list` command. |
| 61 | + |
| 62 | +### Deleting ACL associations from NNI |
| 63 | + |
| 64 | +To disassociate only the egress ACL from an NNI, use the following command: |
| 65 | + |
| 66 | +```Azure CLI |
| 67 | +az networkfabric nni update --resource-group "<resource-group-name>" --resource-name "<nni-name>" --fabric "<fabric-name>" --egress-acl-id null |
| 68 | +``` |
| 69 | + |
| 70 | +To disassociate both egress and ingress ACLs from an NNI, use the following command: |
| 71 | + |
| 72 | +```Azure CLI |
| 73 | +az networkfabric nni update --resource-group "<resource-group-name>" --resource-name "<nni-name>" --fabric "<fabric-name>" --egress-acl-id null --ingress-acl-id null |
| 74 | +``` |
| 75 | + |
| 76 | +Ensure to replace placeholders with actual resource group and NNI names for accurate execution. |
| 77 | + |
| 78 | +Example of disassociating the egress ACL from an NNI |
| 79 | + |
| 80 | +```Azure CLI |
| 81 | +az networkfabric nni update --resource-group "example-rg" --resource-name "example-nni" --fabric "example-fabric" --egress-acl-id null |
| 82 | +``` |
| 83 | + |
| 84 | +Example Output: |
| 85 | + |
| 86 | +```Output |
| 87 | +{ |
| 88 | + "administrativeState": "Enabled", |
| 89 | + "configurationState": "Accepted", |
| 90 | + "id": "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/microsoft.managednetworkfabric/networkfabrics/examplefabric/networkToNetworkInterconnects/example-nni", |
| 91 | + "ingressAclId": "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/microsoft.managednetworkfabric/accessControlLists/ingress-acl-1", |
| 92 | + "isManagementType": "True", |
| 93 | + "layer2Configuration": { |
| 94 | + "interfaces": [ |
| 95 | + "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/Microsoft.ManagedNetworkFabric/networkDevices/examplefabric-AggrRack-CE1/networkInterfaces/Ethernet1-1", |
| 96 | + "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/Microsoft.ManagedNetworkFabric/networkDevices/examplefabric-AggrRack-CE1/networkInterfaces/Ethernet2-1", |
| 97 | + "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/Microsoft.ManagedNetworkFabric/networkDevices/examplefabric-AggrRack-CE2/networkInterfaces/Ethernet1-1", |
| 98 | + "/subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/examplerg/providers/Microsoft.ManagedNetworkFabric/networkDevices/examplefabric-AggrRack-CE2/networkInterfaces/Ethernet2-1" |
| 99 | + ], |
| 100 | + "mtu": 1500 |
| 101 | + }, |
| 102 | + "name": "example-nni", |
| 103 | + "nniType": "CE", |
| 104 | + "optionBLayer3Configuration": { |
| 105 | + "fabricASN": 65025, |
| 106 | + "peerASN": 65025, |
| 107 | + "primaryIpv4Prefix": "10.29.0.8/30", |
| 108 | + "primaryIpv6Prefix": "fda0:d59c:df01::4/127", |
| 109 | + "secondaryIpv4Prefix": "10.29.0.12/30", |
| 110 | + "secondaryIpv6Prefix": "fda0:d59c:df01::6/127", |
| 111 | + "vlanId": 501 |
| 112 | + }, |
| 113 | + "provisioningState": "Succeeded", |
| 114 | + "resourceGroup": "examplerg", |
| 115 | + "systemData": { |
| 116 | + "createdAt": "2023-08-07T20:40:53.9288589Z", |
| 117 | + "createdBy": "97fdd529-68de-4ba5-aa3c-adf86bd564bf", |
| 118 | + "createdByType": "Application", |
| 119 | + "lastModifiedAt": "2024-03-21T11:26:38.5785124Z", |
| 120 | + "lastModifiedBy": "[email protected]", |
| 121 | + "lastModifiedByType": "User" |
| 122 | + }, |
| 123 | + "type": "microsoft.managednetworkfabric/networkfabrics/networktonetworkinterconnects", |
| 124 | + "useOptionB": "True" |
| 125 | +} |
| 126 | +``` |
0 commit comments