Contents

CSV File

Appendix > CSV File

---

---

On listing pages, you can download a CSV (Comma-separated values) file which contains the list of elements by clicking the "Export to CSV" button on each page.
You can edit the exported CSV file with a tool like text editor and import it again as authentication data on the System Settings > System Information page.

Note

CSV files exported on the Device > Active Device List page or the Switches > Active AMF Member List page have different format than the usual authentication data. It cannot be imported from the System Settings > System Information page.

Character Encoding

Downloaded CSV files are encoded in UTF-8.

Note

When you upload a CSV file to AMF Security mini, please make sure that the file is encoded in UTF-8 if it contains non US-ASCII characters (If the file only contains US-ASCII characters, it is already in UTF-8 because US-ASCII is a subset of UTF-8 by its definition). If you upload the file in the encoding other than UTF-8, the upload fails with an error message.

Exportable Information

The following sections describe which elements are exported to a CSV file on each listing page.

Conventions

In a CSV file, data fields are enclosed by a pair of double-quote (") characters and separated by a comma (,).

Note

In the example below, a half-width space is displayed after the comma (,) for screen display, but the CSV file actually exported does not include the half-width space after the comma.
Also, an arrow (↓) is displayed at the end of the line to distinguish the wrapping of the screen display and the line break of the actual data, but the CSV file actually exported does not have the arrow at the end of the line.
Importing a CSV file which contains data characters outside of double-quotes causes an error.

• A string in gray box represents a keyword (a reserved word). It should be written as it is (left untouched).
  
  sesc.device ↓
  
• A string in violet box represents a variable data field (e.g. a string or a number).
  
  (Device ID) ↓
  
• A string enclosed in square brackets ([ ]) is optional and can be omitted.
  

Device

A CSV file which can be exported on the Device > Device List page and can be imported as device definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "device.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Device ID, Device Tag, Note and Interface are exported with the "device" in the "table" field, which means that the line is a record from the "device" table. Items consisting a security policy are exported with the "rule" in the "table" field, which means that the line is a record from the "rule" table.

"#","table","Device ID","Note","Tag" ↓
"+","device","device_1","device_note","User_A","%ports","%port","00:00:5e:00:53:20","MAC_name","MAC_note" ↓
"+","rule","device_1","sesc.device","","pass","10","True","%options","m_location_name=1F","m_schedule_name=March Events","s_network_name=Sales" ↓

◼ Format
A basic format of a device record ("table" = "device") is as follows.

"+", "device", " (Device ID)", " (Tag)", " (Note)", "%ports", "%port", " (MAC Address)", " (Interface Name)", " (Note)" ↓

If the device has more than one interfaces, repeat fields after "%port" (i.e. "%port", "MAC Address", "Interface Name" and "Note").

"+", "device", " (Device ID)", " (Tag)", " (Note)", "%ports", "%port", " (MAC Address)", " (Interface Name)", " (Note)", "%port", " (MAC Address)", " (Interface Name)", " (Interface Note)", ... ↓

To attach a security policy to the device, place a rule record ("table" = "rule") right after the device record ("table" = "device") in the following format.

"+", "rule", " (Device ID)", " (Requester) (when added on the web interface sesc.device）", " ( (Reason) (empty when added on the web interface)", "pass", " (Priority)", "True", "%options"[, "m_location_name= (Location ID)"][, "m_ofs_port= (Port Name)"][, "m_schedule_name= (Schedule ID)"][, "m_network_name= (Network ID)"] ↓

Each field of security policy can be omitted if it's not required.

• Location - m_location_name= (Location ID)
  
• Switch Port - m_ofs_port= (Port Name)
  
• Schedule - m_schedule_name= (Schedule ID)
  
• Network - m_network_name= (Network ID)
  

To apply multiple security policies to a single device, put multiple rule records ("table" = "rule") right after the device record ("table" = "device"). If there are more than one rule records with the same priority value, only the last record is used (the later record overwrites the previous one).

Active Device List

The CSV file that can be exported from the Device > Active Device List page displays the MAC addresses status displayed on the screen. The format is different from normal device authentication data.
It can not be imported from the System Settings > System Information page. Refer to Appendix's Creating Authentication Data from CSV for instructions on how to edit them with a tool such as text editor.

UnAuth Group

UnAuth Group list which can be exported on the Group > UnAuth Group List page and can be imported as the UnAuth Group definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "group.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Group ID, Note and Enabled on the Group > Add UnAuth Group page are exported with the table name "group". Security policies are exported with the table name "rule".

"#","table","Group ID","Note","Action","Enabled" ↓
"+","group","Event Guest","","fail","true" ↓
"+","rule","Event Guest","sesc.unauthGroup","","pass","30","True","%options","m_location_name=1F Conference Room","m_schedule_name=October Event","s_network_name=Guest" ↓

◼ Format
A basic format of a group record ("table" = "group") is as follows.

"+", "group", " (Group ID)", " (Note)", " (detect: if Detect-Only, pass: if no security policy attached, fail: if security policy attached)", " (true: if enabled, false: if disabled)" ↓

To attach a security policy to the group, place a rule record ("table" = "rule") right after the device record ("table" = "group") in the following format.

"+", "rule", " (Group ID)", " (Requester) (when added on the web interface sesc.unauthGroup)", " (Group Note)", " (pass: if pass, detect: if detect-only)", " (Priority)", "True", "%options"[, "m_location_name= (Location ID)"][, "m_schedule_name= (Schedule ID)"][, "m_network_name= (Network ID)"] ↓

Each field of security policy can be omitted if it's not required.

• Location - m_location_name= (Location ID)
  
• Schedule - m_schedule_name= (Schedule ID)
  
• Network - m_network_name= (Network ID)
  

AMF Member

Indicates the format of the CSV file that can be exported from the Switches > AMF Member List page or imported as AMF Member definitions.

◼ Example of an exported file
The default filename of an exported device list is "switch.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
The Switches > AMF Member Add page are exported with the table name "switch".

"#","table","Switch ID","Note","Datapath ID","Upstream Port" ↓
"+","switch","AMF-Member1","#1FSwitch","-","" ↓
"+","switch","AMF-Member2","#1FSwitch","-","" ↓

◼ Format
AMF Member registration line is described in the following format.

"+", "switch", "(Name)", "(Note)", "-", "" ↓

Exporting Active AMF Member List to a CSV File

Export Active AMF Member List to a CSV File.

1. Open the Switches > Active AMF Member List page.
   
   
2. Click the "Export to CSV" button at the top right corner of the page to download a CSV file.
   The default filename of an exported CSV file is "amf_member_active.csv".
   

Network

Network list which can be exported on the Policy Settings > Network List page and can be imported as the network definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "network.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
The Policy Settings > Add Network page are exported with the table name "network".

"#","table","Network ID","Note","VLAN ID" ↓
"+","network","Sales","Sales Network","123" ↓
"+","network","Guest","Guest Network","30" ↓

◼ Format
A basic format of a network record ("table" = "network") is as follows.

"+", "network", " (Network ID)", " (Note)", " (VLAN ID)" ↓

Location

Location list which can be exported on the Policy Settings > Location List page and can be imported as the location definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "location.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
The Policy Settings > Add Location page are exported with the table name "location".

"#","table","Location ID","Note" ↓
"+","location","1F","1F Area","%switch-names","AMF-Member" ↓
"+","location","1F Conference Room","1F Conference Room","%switch-names","AMF-Member_2" ↓

◼ Format
A basic format of a location record ("table" = "location") is as follows.

"+", "location", " (Location ID)", " (Note)", "%switch-names", " (Switch ID)" ↓

If the location has more than one switches, repeat "Switch ID" fields.

"+", "location", " (Location ID)", " (Note)", "%switch-names", " (Switch ID)", " (Switch ID)",... ↓

Schedule

Schedule list which can be exported on the Policy Settings > Schedule List page and can be imported as the schedule definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "schedule.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
The Policy Settings > Add Schedule page are exported with the table name "schedule".

"#","table","Schedule ID","Note","Start Date / Time","End Date / Time" ↓
"+","schedule","March Events","Sales meeting","2020-03-01 00:00:00","" ↓
"+","schedule","October Events","","2020-10-10 00:00:00","2020-10-31 00:00:00" ↓

◼ Format
A basic format of a schedule record ("table" = "schedule") is as follows.

"+", "schedule", " (Schedule ID)", " (Note)", " (Start Date / Time)", " (End Date / Time)" ↓

If you do not specify "Start Date / Time" or "End Date / Time", leave those fields blank.

Action

Action list which can be exported on the Policy Settings > Action List page and can be imported as the action definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "action.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
The Policy Settings > Add Action page and various conditions for the action are exported with the table name "action".

"#","table","Action ID","Action Originator","Reason","Action","Priority","Enabled" ↓
"+","action","Block Suspicious Device","sesc.action","Port Scan","drop","10","True","%options","m_device_mac=00:00:5E:00:53:01" ↓

◼ Format
A basic format of an action record ("table" = "action") is as follows.

"+", "action", " (Action ID)", " (Action Originator)", " (Reason)", " (pass (Pass(Permit)), isolate (Quarantine) or drop (Drop(Block)))", " (Priority)", "True", "%options"[, "action_amf= (AMF Action: isolate (Quarantine), drop (Drop Packets), link-down (Link-Down) or ipfilter (IP-Filter))"][, "m_device_mac= (Device MAC Address)"][, "m_device_ip= (Device IPv4 Address)"][, "m_device_name= (Device ID)"][, "m_device_tag= (Device Tag)"][, "m_location_name= (Location ID)"][, "m_network_name= (Network ID)"][, "s_vlan_id= (Pass/Quarantine VLAN ID)"] ↓

Fields after "%options" can be omitted if they are not required.

• AMF Action - action_amf=(Action)
  
• Device MAC Address - m_device_mac= (Device MAC Address)
  
• Device IPv4 Address - m_device_ip= (Device IPv4 Address)
  
• Device - m_device_name= (Device ID)
  
• Device Tag - m_device_tag= (Device Tag)
  
• Location - m_location_name= (Location ID)
  
• Network - m_network_name= (Network ID)
  
• Pass/Quarantine VLAN ID - s_vlan_id= (Pass/Quarantine VLAN ID)
  

Downloading Authentication Data

Authentication data which can be downloaded from the System Settings > System Information page organizes all the data described above in the order required to restore whole data from the file.
Data records are written out in the following order when all types of the data are registered.

1. AMF Member
   
2. Location
   
3. Schedule
   
4. Network
   
5. Device
   
6. UnAuth Group
   
7. Action
   

◼ Example of an exported file

"+","switch","AMF-Member1","#1FSwitch","-","" ↓
"+","switch","AMF-Member2","#1FSwitch","-","" ↓
"+","location","1F","1F Area","%switch-names","AMF-Member" ↓
"+","location","1F Conference Room","1F Conference Room","%switch-names","AMF-Member_2" ↓
"+","schedule","March Events","Sales meeting","2020-03-01 00:00:00","" ↓
"+","schedule","October Events","","2020-10-10 00:00:00","2020-10-31 00:00:00" ↓
"+","network","Sales","Sales Network","123" ↓
"+","network","Guest","Guest Network","30" ↓
"+","device","device_1","device_note","User_A","%ports","%port","00:00:5e:00:53:20","MAC_name","MAC_note" ↓
"+","rule","device_1","sesc.device","","pass","10","True","%options","m_location_name=1F","m_schedule_name=入社","s_network_name=Sales" ↓
"+","group","Event Guest","","fail","true" ↓
"+","rule","Event Guest","sesc.unauthGroup","","pass","30","True","%options","m_location_name=1F Conference Room","m_schedule_name=October Event","s_network_name=Guest" ↓
"+","action","Block Suspicious Device","sesc.action","Port Scan","drop","10","True","%options","m_device_mac=00:00:5e:00:53:01" ↓

Importing the CSV File

You can export authentication data to and import from a CSV file on the System Settings > System Information page.
A CSV to upload can be either the one downloaded from the System Settings > System Information page, or the one exported from the individual element's listing pages.

When you import multiple CSV files exported from the different listing pages, make sure to import them in the following order.

1. Security Policy Definitions
   You can import Location, Network and Schedule in any order.
   However, you must import the AMF Member definitions before importing the location definitions.
   
   • Network
     
   • AMF Member ⇒ Location
     
   • Schedule
     
   
   
2. Device and UnAuth Group Definitions
   You can import Device and UnAuth Group data in any order.
   
   • Device
     
   • UnAuth Group
     
   
   
3. Action Definitions
   After importing the AMF Member, Security policies (Network, Location, Schedule), Device, and authentication data of UnAuth Group, import action definitions at the end.
   

If you import CSV files in wrong order and data reference by the imported data does not exist, an error occurs.
For example, when you are uploading a CSV file containing device records, if any of Location ID, Schedule ID, Network ID, Switch ID and Switch Port referenced by the devices' security policies are missing in AMF Security mini's database, the import fails and authentication data is not updated.

---

(C) 2020 Allied Telesis, Inc. All rights reserved.

C613-04087-00 Rev A

18 Jan 2021 10:56