Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1061
Views
5
Helpful
5
Replies

Updating FW config after deploying

Go to solution
dodgerfan78
Level 1
Level 1

‎04-27-2016 01:47 PM - edited ‎03-01-2019 04:57 AM

I have a service graph deployed, everything looks good except I had the ACL applied on the wrong interface. Can I update the config from ACI or do I have to re-apply the Service Graph template?

Thanks,

Bryan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
stcorry
Cisco Employee
Cisco Employee
In response to dodgerfan78

‎04-28-2016 07:47 AM

When you apply a service graph, the parameters of the service graph as applied, show up under the Provider EPG. They should be under the Provider EPG in a folder called L4-7 parameters. Under this folder you should be able to edit the parameters of the service graph and specifically move the ACL from the internal interface to the external interface. 

I've attached a screenshot of where the folder is, you should be able to click the pencil icon and change the parameters, and which interface that ACL gets applied to.

View solution in original post

Preview file
111 KB
5 Replies 5

Go to solution
stcorry
Cisco Employee
Cisco Employee

‎04-27-2016 02:04 PM

Hello Bryan! 

You should be able to go to the L4-7 Parameter folder under the provider for the contract where the service graph is attached and adjust which interface the ACL is configured. After adjusting the parameters, ACI will validate and update the L4-7 device. 

Hopefully that helps. let me know if you need more information.

0 Helpful

Go to solution
dodgerfan78
Level 1
Level 1
In response to stcorry

‎04-27-2016 02:11 PM

Not sure what folder you mean. The problem is my ASAv template had the acl on the internal interface. My provider is on the internal side, so I need to move the ACL to the external interface. I could always redeploy and switch consumer/provider but to me the ACL should be on the external side.

0 Helpful

Go to solution
stcorry
Cisco Employee
Cisco Employee
In response to dodgerfan78

‎04-28-2016 07:47 AM

When you apply a service graph, the parameters of the service graph as applied, show up under the Provider EPG. They should be under the Provider EPG in a folder called L4-7 parameters. Under this folder you should be able to edit the parameters of the service graph and specifically move the ACL from the internal interface to the external interface. 

I've attached a screenshot of where the folder is, you should be able to click the pencil icon and change the parameters, and which interface that ACL gets applied to.

Preview file
111 KB

Go to solution
dodgerfan78
Level 1
Level 1
In response to stcorry

‎04-28-2016 07:54 AM

Awesome, that works! I have also noticed that since I did this exercise 5 times some of the old parameters are still here even though I have deleted the previous graph templates. Any idea how to clean this up easily? Do I need to manually delete them all?

0 Helpful

Go to solution
stcorry
Cisco Employee
Cisco Employee
In response to stcorry

‎04-28-2016 08:06 AM

When you apply the Service Graph from a template (right clicking the template and applying the graph) there also should be a 'Remove Related Objects of Graph Template' button. Unfortunately if the template is already deleted, that option is not accessible, and then there's no easy way in the GUI to delete the related objects. The other way would be to go in using the API and delete them that way, which can be easier if you are familiar with how to do that. 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License