CSV File

On listing pages, you can download a CSV (Comma-separated values) file which contains the list of elements by clicking the "Export to CSV" button on each page.
You can edit the exported CSV file with a tool like text editor and import it again as authentication data on the System Settings > System Information page.

Note
CSV files exported on the Device > Active Device List page or the Switches > Active OpenFlow Switch List page have different format than the usual authentication data. So you cannot be imported on the System Settings > System Information page.

Character Encoding

Downloaded CSV files are encoded in UTF-8.

Note
When you upload a CSV file to AMF Security, make sure that the file is encoded in UTF-8 if it contains non US-ASCII characters (If the file only contains US-ASCII characters, it is already in UTF-8 because US-ASCII is a subset of UTF-8 by its definition). If you upload the file in the encoding other than UTF-8, the upload fails with an error message.

Exportable Information

The following sections describe which elements are exported to a CSV file on each listing page.

Conventions

In a CSV file, data fields are enclosed by a pair of double-quote (") characters and separated by a comma (,).

Note
In the example below, a half-width space is displayed after the comma (,) for screen display, but the CSV file actually exported does not include the half-width space after the comma.
Also, an arrow (↓) is displayed at the end of the line to distinguish the wrapping of the screen display and the line break of the actual data, but the CSV file actually exported does not have the arrow at the end of the line.
Importing a CSV file which contains data characters outside of double-quotes causes an error.

A string in gray box represents a keyword (a reserved word). It should be written as it is (left untouched).
A string in violet box represents a variable data field (e.g. a string or a number).
A string enclosed in square brackets ([ ]) is optional and can be omitted.

Device

A CSV file which can be exported on the Device > Device List page and can be imported as device definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "device.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Device ID, Tag, Note, and Interface of Add Device page are exported with the table name "device", and the security policy is exported with the table name "rule".

"#","table","Device ID","Note","Tag" ↓
"+","device","device_1","device_note","User_A","%ports","%port","00:00:5e:00:53:20","MAC_name","MAC_note" ↓
"+","rule","device_1","sesc.device","","pass","10","True","%options","m_location_name=1F","m_schedule_name=March Event","s_network_name=Sales" ↓

◼ Format
A basic format of a device record ("table" = "device") is as follows.

"+", "device", "(Device ID)", "(Tag)", "(Note)", "%ports", "%port", "(MAC Address)", "(Interface Name)", "(Note)" ↓

If the device has more than one interfaces, repeat fields after "%port" (i.e. "%port", "MAC Address", "Interface Name" and "Note").

"+", "device", "(Device ID)", "(Tag)", "(Note)", "%ports", "%port", "(MAC Address)", "(Interface Name)", "(Note)", "%port", "(MAC Address)", "(Interface Name)", "(Interface Note)", ... ↓

To attach a security policy to the device, place a rule record ("table" = "rule") right after the device record ("table" = "device") in the following format.

"+", "rule", "(Device ID)", "(Requester)(When added on the AMF Security Web setting screensesc.device)", "((Reason)(Blank if added on AMF Security Web setting screen)", "pass", "(Priority)", "True", "%options"[, "m_location_name=(Device ID)"][, "m_ofs_name=(Switch ID)"][, "m_ofs_port=(port)"][, "m_schedule_name=(Schedule ID)"][, "m_network_name=(Network ID)"] ↓

Each field of security policy can be omitted if it's not required.

Location - m_location_name=(Location ID)
OpenFlow Switch - m_ofs_name=(Switch ID)
Switch Port - m_ofs_port= (Port Name)
Schedule - m_schedule_name=(Schedule ID)
Network - m_network_name=(Network ID)

To apply multiple security policies to a single device, put multiple rule records ("table" = "rule") right after the device record ("table" = "device"). If there are more than one rule records with the same priority value, only the last record is used (the later record overwrites the previous one).

Active Device List

The CSV file that can be exported from the Device > Active Device List page displays the MAC Addresses status displayed on the screen. The format is different from normal device authentication data.
So you cannot be imported on the System Settings > System Information page. Refer to Appendix/Creating Authentication Data from CSV for instructions on how to edit them with a tool such as text editor.

UnAuth Group

UnAuth Group list which can be exported on the Group > UnAuth Group List page and can be imported as the UnAuth Group definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "group.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Group ID, Note and Enabled on the Group > Add UnAuth Group page are exported with the table name "group". Security policies are exported with the table name "rule".

"#","table","Group ID","Note","Action","Enabled" ↓
"+","group","Event Guest","","fail","true" ↓
"+","rule","Event Guest","sesc.unauthGroup","","pass","30","True","%options","m_location_name=1F Conference Room","m_schedule_name=October Event","s_network_name=Guest" ↓

◼ Format
A basic format of a group record ("table" = "group") is as follows.

"+", "group", "(Group ID)", "(Note)", "(detect:Detected only UnAuth Group,pass:Normal UnAuth Group without security policy settings,fail:Normal UnAuth Group with security policy settings)", "(true:Valid orfalse:Invalid)" ↓

To attach a security policy to the group, place a rule record ("table" = "rule") right after the device record ("table" = "group") in the following format.

"+", "rule", "(Group ID)", "(Requester)(When added on the AMF Security Web setting screensesc.unauthGroup)", "(Group Note)", "(pass:pass ordetect:Detection only)", "(Priority)", "True", "%options"[, "m_location_name=(Location ID)"][, "m_schedule_name=(Schedule ID)"][, "m_network_name=(Network ID)"] ↓

Each field of security policy can be omitted if it's not required.

Location - m_location_name=(Location ID)
Schedule - m_schedule_name=(Schedule ID)
Network - m_network_name=(Network ID)

Tag

A CSV file which can be exported on the Group > Tag List page and can be imported as device definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "tag.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Tag and Note on the Group > Add Tag page are exported with the table name "tag", and security policies are exported with the table name "rule".

"#","table","Tag","Note" ↓
"+","tag","Tag_group_A","Note_group_A" ↓
"+","rule","Tag_group_A","sesc.deviceTag","Note_group_A","permit","10","true","%options","m_location_name=1F Conference Room","m_schedule_name=October Event","s_network_name=VLAN100" ↓

◼ Format
A basic format of a tag record ("table" = "tag") is as follows.

"+", "tag", "(Tag)", "(Note)" ↓

To attach a security policy to the device, place a rule record right after the tag record in the following format.

"+", "rule", "(Tag)", "(Requester)(When added on the AMF Security Web setting pagesesc.deviceTag)", "(Tag Note)", "permit", "(Priority)", "true", "%options"[, "m_location_name=(Location ID)"][, "m_schedule_name=(Schedule ID)"][, "m_network_name=(Network ID)"] ↓

Each field of security policy can be omitted if it's not required.

Location - m_location_name=(Location ID)
Schedule - m_schedule_name=(Schedule ID)
Network - m_network_name=(Network ID)

OpenFlow Switch

OpenFlow Switch list which can be exported on the Switches > OpenFlow Switch List page and can be imported as the OpenFlow Switch definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "switch.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Switch ID, Note, Datapath ID, Upstream Port, and Account Group ID of the Switches > Add OpenFlow Switch page are exported with the table name "switch".

"#","table","Switch ID","Note","Datapath ID","Upstream Port","Account Group ID" ↓
"+","switch","x510-28GTX","#1FSwitch","0000xxxxxxxxxxxx","port1.0.2","" ↓
"+","switch","AT-TQ4600","#1FWireless AP","0000xxxxxxxxxxxx","eth0","group1" ↓

◼ Format
A basic format of a switch record ("table" = "switch") is as follows.

"+", "switch", "(Switch ID)", "(Note)", "(Datapath ID)", "(Upstream Port)", "(Account Group ID)" ↓

Active OpenFlow Switch List

The CSV file that can be exported from the Switches > Active OpenFlow Switch List page displays the OpenFlow Switches status displayed on the screen. The format is different from normal device authentication data.
So you cannot be imported on the System Settings > System Information page. Refer to Appendix/Creating Authentication Data from CSV for instructions on how to edit them with a tool such as text editor.

AMF Member

Indicates the format of the CSV file that can be exported from the Switches > AMF Member List page or imported as AMF Member definitions.

◼ Example of an exported file
The default filename of an exported device list is "switch.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Name, Note, and Account Group ID of the Switches > AMF Member Add page are exported with the table name "switch".

"#","table","Switch ID","Note","Datapath ID","Upstream Port","Account Group ID" ↓
"+","switch","AMF-Member1","#1FSwitch","-","","" ↓
"+","switch","AMF-Member2","#1FSwitch","-","","group1" ↓

◼ Format
AMF Member registration line is described in the following format.

"+", "switch", "(Name)", "(Note)", "-", "", "(Account Group ID)" ↓

Exporting Active AMF Member List to a CSV File

To export a list of active AMF Members to a CSV file, perform the following procedure:

Open the Switches > Active AMF Member List page.
Click the "Export to CSV" button at the top right corner of the page to download a CSV file.
The default filename of an exported CSV file is "amf_member_active.csv".

Account Group

Indicates the format of the CSV file that can be exported from the System Settings > Account Group List page or imported as an account group definition.

◼ Example of an exported file
By default, the exported file name is "account_group.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Account Group ID and Note of the System Settings > Add Account Group page are exported with table name "account_group".

'"#","table","Account Group ID","Note" ↓
'"+","account_group","group1","Sales management" ↓
'"+","account_group","group2","Visitor management" ↓

◼ Format
Account Group registration line is described in the following format.

"+", "account_group", "(Account Group ID)", "(Note)" ↓

Network

Network list which can be exported on the Policy Settings > Network List page and can be imported as the network definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "network.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Network ID, Note, and VLAN ID on the Policy settings > Add network page are exported with the table name "network".

"#","table","Network ID","Note","VLAN ID" ↓
"+","network","Sales","Sales Network","123" ↓
"+","network","Guest","Guest Network","456" ↓

◼ Format
A basic format of a network record ("table" = "network") is as follows.

"+", "network", "(Network ID)", "(Note)", "(VLAN ID)" ↓

Location

Location list which can be exported on the Policy Settings > Location List page and can be imported as the location definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "location.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Location ID, Note, and Switch ID on the Policy Settings > Add Location page are exported with the table name "location".

"#","table","Location ID","Note" ↓
"+","location","1F","1F Area","%switch-names","x510-28GTX" ↓
"+","location","1F Conference Room","1F Conference Room","%switch-names","AT-TQ4400" ↓

◼ Format
A basic format of a location record ("table" = "location") is as follows.

"+", "location", "(Location ID)", "(Note)", "%switch-names", "(Switch ID)" ↓

To associate multiple OpenFlow Switches, repeat the associated Switch ID.

"+", "location", "(Location ID)", "(Note)", "%switch-names", "(Switch ID)", "(Switch ID)",... ↓

Schedule

Schedule list which can be exported on the Policy Settings > Schedule List page and can be imported as the schedule definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "schedule.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Schedule ID, Note, Start Date / Time, and End Date / Time of the Policy Settings > Add Schedule page are exported with the table name "schedule".

"#","table","Schedule ID","Note","Start Date / Time","End Date / Time" ↓
"+","schedule","March Events","Sales meeting","20XX-03-01 00:00:00","" ↓
"+","schedule","October Event","","20XX-10-25 00:00:00","20XX-11-04 00:00:00" ↓

◼ Format
A basic format of a schedule record ("table" = "schedule") is as follows.

"+", "schedule", "(Schedule ID)", "(Note)", "(Start Date / Time)", "(End Date / Time)" ↓

If you do not specify "Start Date / Time" or "End Date / Time", leave those fields blank.

Action

Action list which can be exported on the Policy Settings > Action List page and can be imported as the action definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "action.csv".
The first line is a comment line. The comment line is not required when importing a CSV file.
Action ID, Action Originator, Reason, OpenFlow Action, Priority, AMF Action on the Policy Settings > Add Action page and various conditions for the action are exported with the table name "action".

"#","table","Action ID","Action Originator","Reason","Action","Priority","Enabled" ↓
"+","action","Block Suspicious Device","sesc.action","Port Scan","drop","10","True","%options","m_device_mac=00:00:5E:00:53:01" ↓

◼ Format
A basic format of an action record ("table" = "action") is as follows.

"+", "action", "(Action ID)", "(Action Originator)", "(Reason)", "(pass(Pass(Permit))、isolate(Quarantine), ordrop(Drop(Block))", "(Priority)", "True", "%options"[, "action_amf=(AMF Actions:isolate(Quarantine), drop(Drop Packets),link-down(Link-Down), oripfilter(IP-Filter)"][, "m_device_mac=(Device MAC Address)"][, "m_device_ip=(Device IPv4 Address)"][, "m_device_name=(Device ID)"][, "m_device_tag=Device Tag)"][, "m_location_name=(Location ID)"][, "m_ofs_name=(Switch ID)"][, "m_network_name=(Network ID)"][, "s_vlan_id=(Pass/Quarantine VLAN ID)"] ↓

Fields after "%options" can be omitted if they are not required.

AMF Action - action_amf=(Action)
Device MAC Address - m_device_mac= (Device MAC Address)
Device IPv4 Address - m_device_ip= (Device IPv4 Address)
Device - m_device_name=(Device ID)
Device Tag - m_device_tag= (Device Tag)
Location - m_location_name=(Location ID)
OpenFlow Switch - m_ofs_name=(Switch ID)
Network - m_network_name=(Network ID)
Pass/Quarantine VLAN ID - s_vlan_id= (Pass/Quarantine VLAN ID)

Downloading Authentication Data

Authentication Data which can be downloaded from the System Settings > System Information page organizes all the data described above in the order required to restore whole data from the file.
Data records are written out in the following order when all types of the data are registered.

Account Group
OpenFlow Switch
AMF Member
Location
Schedule
Network
Device
UnAuth Group
Action

◼ Example of an exported file

"+","account_group","group1","Sales management" ↓
"+","account_group","group2","Visitor management" ↓
"+","switch","x510-28GTX","#1FSwitch","0000000000000001","port1.0.2","" ↓
"+","switch","AT-TQ4400","#1FWireless AP","0000000000000002","eth0","group1" ↓
"+","switch","AMF-Member1","#1FSwitch","-","","" ↓
"+","switch","AMF-Member2","#1FSwitch","-","","group1" ↓
"+","location","1F","1F Area","%switch-names","x510-28GTX" ↓
"+","location","1F Conference Room","1F Conference Room","%switch-names","AT-TQ4400" ↓
"+","schedule","March Events","Sales meeting","2017-03-01 00:00:00","" ↓
"+","schedule","October Events","","2017-10-25 00:00:00","2017-11-04 00:00:00" ↓
"+","network","Sales","Sales Network","123" ↓
"+","network","Guest","Guest Network","456" ↓
"+","device","device_1","device_note","User_A","%ports","%port","00:00:5e:00:53:20","MAC_name","MAC_note" ↓
"+","rule","device_1","sesc.device","","pass","10","True","%options","m_location_name=1F","m_schedule_name=March Events","s_network_name=Sales" ↓
"+","group","Event Guest","","fail","true" ↓
"+","rule","Event Guest","sesc.unauthGroup","","pass","30","True","%options","m_location_name=1F Conference Room","m_schedule_name=October Events","s_network_name=Guest" ↓
"+","action","Block Suspicious Device","sesc.action","Port Scan","drop","10","True","%options","m_device_mac=00:00:5e:00:53:01" ↓

Importing the CSV File

You can export authentication data to and import from a CSV file on the System Settings > System Information page.
A CSV to upload can be either the one downloaded from the System Settings > System Information page, or the one exported from the individual element's listing pages.

When you import multiple CSV files exported from the different listing pages, make sure to import them in the following order.

Security Policy Definitions
You can import Location, Network and Schedule in any order.
However, you must import the OpenFlow Switch or AMF Member definitions before importing the location definitions.
- Network
- OpenFlow Switches or AMF Members - Location
- Schedule
Device/UnAuth Group/Tag Definition
Device Authentication Data, UnAuth Group, and Tag Definitions can be imported in any order.
- Device
- UnAuth Group
- Tag
Action Definitions
After importing OpenFlow Switch or AMF Member, Security policies (Network, Location, Schedule), Device, and authentication data of the UnAuth Group, import action definitions at the end.

If you import CSV files in wrong order and data reference by the imported data does not exist, an error occurs.
For example, when uploading device authentication data, describe any ID that is not registered in AMF Security, even one of Location ID, Schedule ID, Network ID, Switch ID, and Switch Port specified in the security policy If you do, the import fails and the device authentication data is not updated.

C613-04150-00 Rev A

19 Apr 2023 14:12