PowerShell for Cisco ACI (ACI-PoSH)
This is a set of PowerShell modules for Cisco ACI. These drive the native ACI RESTful API exposed by systems APIC's and expose these functions in PowerShell Commandlets.
NOTE: You obviously need a PowerShell envionment that works. This has been tested with Windows 10/Server 2012 R2 on Windows and PowerShell Core on Linux along with Cisco ACI Versions 3.x
- Access to your Cisco ACI environment via HTTPS and credentials that have relevant access
- You should be aware of commands you are running as well as the implications of doing so.
- At present, input is not filtered. If you make a typo, the API will execute it.
- This set of modules is still under development. So please check back for more updates. There is a lot to do.
Copy the modules to either your PowerShell module directories (either for the system or per user) or Import the modules:
> import-module .\aci-functions.psml > import-module .\aci-services.psml
Your other alternative is to add these into a PowerShell script you run to start:
#Import Functions Write-Host "Importing ACI Functions" -ForegroundColor Green Import-Module .\aci-functions.psml -WarningAction SilentlyContinue Write-Host "Importing ACI Services" -ForegroundColor Green Import-Module .\aci-services.psml -WarningAction SilentlyContinue #Login (Optional) New-Aci-Login -Apic MyAPIC -Username MyUsername -Password MyPassword
Authenticate to ACI
First step is to authenticate to the APIC.
> New-Aci-Login -Apic MyAPIC -Username MyUsername -Password MyPassword
You should see the message Authenticated!
If it fails, run the same command again. Occasionally the APIC API sometimes fails for no apparent reason. Need to get to the bottom of this.
- If you fail to supply a username then the currently logged in userlD (%username%) from Windows is used.
- If you fail to supply a password, then you are prompted for it.
- If you fail to supply a APIC name, then APIC is used as the hostname You can also use the -StoreLocation argument to specify a credential file rather than being prompted for passwords.
Tip: ACI has very short session timers (300 seconds) and thus you will find you need to authenticate frequently.
Currently defined commands are:
Get-ACI-Tenant Get-ACI-AppProfile Get-ACI-AppProfile-All Get-ACI-BD Get-ACI-BD-All Get-ACI-VRF Get-ACI-EPG Get-ACI-EPG-All Get-ACI-Fabric-AEEP Get-ACI-Fabric-LeafAccessPolicy Get-ACI-Fabric-LeafAccessPolicy-All Get-ACI-Fabric-Port-CDP Get-ACI-Fabric-Port-LACP Get-ACI-Fabric-Port-LinkLevel Get-ACI-Fabric-Port-LLDP Get-ACI-Fabric-Switch-Leaf Get-ACI-Fabric-VLANPool Get-Ad -Fabric-VLANPoo1-All Get-ACI-L3out Get-ACI-L3out-All New-ACI-AppProfile New-ACI-BD New-ACI-EPG New-ACI-Interface New-ACI-Interface-VPC New-ACI-Tenant New-ACI-VRF Update-ACI-EPG Update-ACI-EPG-PortBinding
All modules now have updated help text. Hopefully that will be useful!
Get-ACI-Tenant name descr dn ---- ----- -- infra uni/tn-infra common uni/tn-common mgmt uni/tn-mgmt companyA uni/tn-companyA companyB Co B uni/tn-companyB companyC uni/tn-companyC cloudMgmt uni/tn-cloudMgmt secretAudit uni/tn-secretAudit
As you see, we get useful paremeters shown along with the actual object (dn). The dn is not used by PoshACI but shown for completeness. You can then run additional commands such as
get-ACI-AppProfile-All -tenant ACI-TenX
Tip: - Remember ACI is case sensitive, including all configuration. The above command will show all of the Application Profiles for Tenant TenX.
The -All identifier is used for some commandlets, rather than being the default for the commands. One to fix for later releases.