User Guide: AMF Security Controller version 1.8.0

CSV File



On listing pages, you can download a CSV (Comma-separated values) file which contains the list of elements by clicking the "Export to CSV" button on each page.
You can edit the exported CSV file with a tool like text editor and import it again as authentication data on the System Settings > Maintenance page.

Note
CSV files exported on the Device > Active Device List page or the Switches > Active OpenFlow Switch List page have different format than the usual authentication data. So you cannot be imported on the System Settings > Maintenance page.

Character Encoding

Downloaded CSV files are encoded in UTF-8.
Note
When you upload a CSV file to AT-SESC, please make sure that the file is encoded in UTF-8 if it contains non US-ASCII characters (If the file only contains US-ASCII characters, it is already in UTF-8 because US-ASCII is a subset of UTF-8 by its definition). If you upload the file in the encoding other than UTF-8, the upload fails with an error message.

Exportable Information

The following sections describe which elements are exported to a CSV file on each listing page.

Conventions

In a CSV file, data fields are enclosed by a pair of double-quote (") characters and separated by a comma (,).
Note
In the example below, a half-width space is displayed after the comma (,) for screen display, but the CSV file actually exported does not include the half-width space after the comma.
Also, an arrow (↓) is displayed at the end of the line to distinguish the wrapping of the screen display and the line break of the actual data, but the CSV file actually exported does not have the arrow at the end of the line.
Importing a CSV file which contains data characters outside of double-quotes causes an error.

Device

A CSV file which can be exported on the Device > Device List page and can be imported as device definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "device.csv".
Those elements are collectively referred to as security policies. Here is a list of elements of security policies: The first line is a comment line. The comment line is not required when importing a CSV file.
Device ID, Tag, Note, and Interface of Add Device page are exported with the table name "device", and the security policy is exported with the table name "rule".
◼ Format
A basic format of a device record ("table" = "device") is as follows.
If the device has more than one interfaces, repeat fields after "%port" (i.e. "%port", "MAC Address", "Interface Name" and "Note").
To attach a security policy to the device, place a rule record ("table" = "rule") right after the device record ("table" = "device") in the following format.
Each field of security policy can be omitted if it's not required.
To apply multiple security policies to a single device, put multiple rule records ("table" = "rule") right after the device record ("table" = "device"). If there are more than one rule records with the same priority value, only the last record is used (the later record overwrites the previous one).

Active Device List

The CSV file that can be exported from the Device > Active Device List page displays the MAC addresses status displayed on the screen. The format is different from normal device authentication data.
So you cannot be imported directly on the System Settings > Maintenance page. Refer to Appendix's Creating Authentication Data from CSV for instructions on how to edit them with a tool such as text editor.

UnAuth Group

UnAuth Group list which can be exported on the Group > UnAuth Group List page and can be imported as the UnAuth Group definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "group.csv".
Those elements are collectively referred to as security policies. Here is a list of elements of security policies: The first line is a comment line. The comment line is not required when importing a CSV file.
Group ID, Note and Enabled on the Group > Add UnAuth Group page are exported with the table name "group". Security policies are exported with the table name "rule".
◼ Format
A basic format of a group record ("table" = "group") is as follows.
To attach a security policy to the group, place a rule record ("table" = "rule") right after the device record ("table" = "group") in the following format.
Each field of security policy can be omitted if it's not required.

OpenFlow Switch

OpenFlow Switch list which can be exported on the Switches > OpenFlow Switch List page and can be imported as the OpenFlow Switch definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "switch.csv".
Those elements are collectively referred to as security policies. Here is a list of elements of security policies: The first line is a comment line. The comment line is not required when importing a CSV file.
Switch ID, Note, Datapath ID, Upstream Port, and Account Group ID of the Switches > Add OpenFlow Switch page are exported with the table name "switch".
◼ Format
A basic format of a switch record ("table" = "switch") is as follows.

Active OpenFlow Switch List

The CSV file that can be exported from the Switches > Active OpenFlow Switch List page displays the OpenFlow Switches status displayed on the screen. The format is different from normal device authentication data.
So you cannot be imported directly on the System Settings > Maintenance page. Refer to Appendix's Creating Authentication Data from CSV for instructions on how to edit them with a tool such as text editor.

AMF Member

Indicates the format of the CSV file that can be exported from the Switches > AMF Member List page or imported as AMF Member definitions.

◼ Example of an exported file
The default filename of an exported device list is "switch.csv".
Those elements are collectively referred to as security policies. Here is a list of elements of security policies: The first line is a comment line. The comment line is not required when importing a CSV file.
Name, Note, and Account Group ID of the Switches > AMF Member Add page are exported with the table name "switch".
◼ Format
AMF Member registration line is described in the following format.

Exporting Active AMF Member List to a CSV File

To export a list of active AMF Members to a CSV file, perform the following procedure:
  1. Open the Switches > Active AMF Member List page.

  2. Click the "Export to CSV" button at the top right corner of the page to download a CSV file.
    The default filename of an exported CSV file is "amf_member_active.csv".

Account Group

Indicates the format of the CSV file that can be exported from the System Settings > Account Group List page or imported as an account group definition.

◼ Example of an exported file
By default, the exported file name is "account_group.csv".
Those elements are collectively referred to as security policies. Here is a list of elements of security policies: The first line is a comment line. The comment line is not required when importing a CSV file.
Account Group ID and Note of the System Settings > Add Account Group page are exported with table name "account_group".
◼ Format
Account Group registration line is described in the following format.


Network

Network list which can be exported on the Policy Settings > Network List page and can be imported as the network definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "network.csv".
Those elements are collectively referred to as security policies. Here is a list of elements of security policies: The first line is a comment line. The comment line is not required when importing a CSV file.
Network ID, Note, and VLAN ID on the Policy settings > Add network page are exported with the table name "network".
◼ Format
A basic format of a network record ("table" = "network") is as follows.

Location

Location list which can be exported on the Policy Settings > Location List page and can be imported as the location definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "location.csv".
Those elements are collectively referred to as security policies. Here is a list of elements of security policies: The first line is a comment line. The comment line is not required when importing a CSV file.
Location ID, Note, and Switch ID on the Policy Settings > Add Location page are exported with the table name "location".
◼ Format
A basic format of a location record ("table" = "location") is as follows.
To associate multiple OpenFlow Switches, repeat the associated Switch ID.

Schedule

Schedule list which can be exported on the Policy Settings > Schedule List page and can be imported as the schedule definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "schedule.csv".
Those elements are collectively referred to as security policies. Here is a list of elements of security policies: The first line is a comment line. The comment line is not required when importing a CSV file.
Schedule ID, Note, Start Date / Time, and End Date / Time of the Policy Settings > Add Schedule page are exported with the table name "schedule".
◼ Format
A basic format of a schedule record ("table" = "schedule") is as follows.
If you do not specify "Start Date / Time" or "End Date / Time", leave those fields blank.

Action

Action list which can be exported on the Policy Settings > Action List page and can be imported as the action definitions has the following format.

◼ Example of an exported file
The default filename of an exported device list is "action.csv".
Those elements are collectively referred to as security policies. Here is a list of elements of security policies: The first line is a comment line. The comment line is not required when importing a CSV file.
Action ID, Action Originator, Reason, OpenFlow Action, Priority, AMF Action on the Policy Settings > Add Action page and various conditions for the action are exported with the table name "action".
◼ Format
A basic format of an action record ("table" = "action") is as follows.
Fields after "%options" can be omitted if they are not required.

Downloading Authentication Data

Authentication data which can be downloaded from the System Settings > Maintenance page organizes all the data described above in the order required to restore whole data from the file.
Data records are written out in the following order when all types of the data are registered.
  1. Account Group
  2. OpenFlow Switch
  3. AMF Member
  4. Location
  5. Schedule
  6. Network
  7. Device
  8. UnAuth Group
  9. Action

◼ Example of an exported file

Importing the CSV File

You can export authentication data to and import from a CSV file on the System Settings > Maintenance page.
A CSV to upload can be either the one downloaded from the System Settings > Maintenance page, or the one exported from the individual element's listing pages.

When you import multiple CSV files exported from the different listing pages, make sure to import them in the following order.
  1. Security Policy Definitions
    You can import Location, Network and Schedule in any order.
    However, you must import the OpenFlow Switch or AMF Member definitions before importing the location definitions.
    • Network
    • OpenFlow Switches or AMF Members - Location
    • Schedule

  2. Device and the UnAuth Group Definitions
    You can import Device and the UnAuth Group data in any order.
    • Device
    • UnAuth Group

  3. Action Definitions
    After importing OpenFlow Switch or AMF Member, Security policies (Network, Location, Schedule), Device, and authentication data of the UnAuth Group, import action definitions at the end.

If you import CSV files in wrong order and data reference by the imported data does not exist, an error occurs.
For example, when uploading device authentication data, describe any ID that is not registered in AT-SESC, even one of Location ID, Schedule ID, Network ID, Switch ID, and Switch Port specified in the security policy If you do, the import fails and the device authentication data is not updated.


14 Jun 2021 09:30