cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1120
Views
0
Helpful
0
Replies

ACL replace operation fails over NetConf

alexkarpenko
Level 1
Level 1

Hello,

 

I'm attempting to replace ACL via NetConf using Cisco-NX-OS-Device data-model (http://cisco.com/ns/yang/cisco-nx-os-device). Example of NetConf request below. However with the following order of execution of the action I get unexpected result:
- if ACL does not exist, it is created;
- at the second execution, when ACL exists already, it will empty it (remove all ACEs, and keep the ACL empty);
- at the the third execution it will provision all the lines over again;
- at further executions this cycle will repeat;

 

Is there anything fundamental I'm missing about replace operation functionality?

 

OS version 9.2(3)

Chassis model: C93180YC-FX 


<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<acl-items>
<ipv4-items>
<name-items>
<ACL-list>
<name>netconf_operation_test</name>
<perACEStatistics>1</perACEStatistics>
<seq-items xc:operation="replace">
<ACE-list xc:operation="replace">
<seqNum>20</seqNum>
<action>permit</action>
<dstPrefix>192.168.101.0</dstPrefix>
<dstPrefixMask>0.0.0.255</dstPrefixMask>
<protocol>0</protocol>
<protocolMask>255</protocolMask>
<srcPrefix>192.168.100.0</srcPrefix>
<srcPrefixMask>0.0.0.255</srcPrefixMask>
</ACE-list>
<ACE-list xc:operation="replace">
<seqNum>10</seqNum>
<action>permit</action>
<dstPrefix>0.0.0.0</dstPrefix>
<dstPrefixMask>0.0.0.0</dstPrefixMask>
<protocol>0</protocol>
<protocolMask>255</protocolMask>
<srcPrefix>0.0.0.0</srcPrefix>
<srcPrefixMask>0.0.0.0</srcPrefixMask>
</ACE-list>
<ACE-list xc:operation="replace">
<seqNum>30</seqNum>
<action>permit</action>
<dstPrefix>192.168.102.0</dstPrefix>
<dstPrefixMask>0.0.0.255</dstPrefixMask>
<protocol>0</protocol>
<protocolMask>255</protocolMask>
<srcPrefix>192.168.103.0</srcPrefix>
<srcPrefixMask>0.0.0.255</srcPrefixMask>
</ACE-list>
</seq-items>
</ACL-list>
</name-items>
</ipv4-items>
</acl-items>
</System>
</config>
</edit-config>
</rpc>


Thanks,
Alex Karpenko

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


This community is intended for developer topics around Data Center technology and products. If you are looking for a non-developer topic about Data Center, you might find additional information in the Data Center and Cloud community