Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1942
Views
5
Helpful
1
Replies

Managing Cisco ACLs with Ansible

amaslobojev
Level 1
Level 1

‎10-19-2020 04:05 AM - edited ‎10-19-2020 04:08 AM

 Hello Cisco Community,

 

i am working on development of Ansible playbook to automate ACL management on Cisco devices within our network.

There are some examples available which would fit for my task, but almost all of them remove an ACL first before apply the new configuration, like

 

- name: "Configure ACL"
   cisco.nxos.nxos_config:
   lines: "{{ acl_lines }}"
   parents: "ip access-list standard test"
   before: "no ip access-list standard test"
   replace: block
 
The main concern with approach i have is that between the "no" command and time the new access list is applied there is no ACL and if something breaks in-between no access list will be configured.
 
My question is - is there any other approach how to safely apply the new ACL configuration with Ansible, etc. ?
 
Any hints and suggestions are highly appreciated.
 
Thanks in advance!
Best regards,
Alex.
 
Labels:
0 Helpful
1 Reply 1

packemon
Level 1
Level 1

‎06-07-2022 11:48 AM

I realize this is beyond old, but in case someone stumbles across this looking for an answer...

Use the acl resource module with the "merge" state and it will not mess with any other entry other than what you specify. You can find documentation for this here: https://docs.ansible.com/ansible/latest/collections/cisco/nxos/nxos_acl_interfaces_module.html#ansible-collections-cisco-nxos-nxos-acl-interfaces-module

Customers Also Viewed These Support Documents