Hello,
I'm attempting to replace ACL via NetConf using Cisco-NX-OS-Device data-model (http://cisco.com/ns/yang/cisco-nx-os-device). Example of NetConf request below. However with the following order of execution of the action I get unexpected result:
- if ACL does not exist, it is created;
- at the second execution, when ACL exists already, it will empty it (remove all ACEs, and keep the ACL empty);
- at the the third execution it will provision all the lines over again;
- at further executions this cycle will repeat;
Is there anything fundamental I'm missing about replace operation functionality?
OS version 9.2(3)
Chassis model: C93180YC-FX
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<acl-items>
<ipv4-items>
<name-items>
<ACL-list>
<name>netconf_operation_test</name>
<perACEStatistics>1</perACEStatistics>
<seq-items xc:operation="replace">
<ACE-list xc:operation="replace">
<seqNum>20</seqNum>
<action>permit</action>
<dstPrefix>192.168.101.0</dstPrefix>
<dstPrefixMask>0.0.0.255</dstPrefixMask>
<protocol>0</protocol>
<protocolMask>255</protocolMask>
<srcPrefix>192.168.100.0</srcPrefix>
<srcPrefixMask>0.0.0.255</srcPrefixMask>
</ACE-list>
<ACE-list xc:operation="replace">
<seqNum>10</seqNum>
<action>permit</action>
<dstPrefix>0.0.0.0</dstPrefix>
<dstPrefixMask>0.0.0.0</dstPrefixMask>
<protocol>0</protocol>
<protocolMask>255</protocolMask>
<srcPrefix>0.0.0.0</srcPrefix>
<srcPrefixMask>0.0.0.0</srcPrefixMask>
</ACE-list>
<ACE-list xc:operation="replace">
<seqNum>30</seqNum>
<action>permit</action>
<dstPrefix>192.168.102.0</dstPrefix>
<dstPrefixMask>0.0.0.255</dstPrefixMask>
<protocol>0</protocol>
<protocolMask>255</protocolMask>
<srcPrefix>192.168.103.0</srcPrefix>
<srcPrefixMask>0.0.0.255</srcPrefixMask>
</ACE-list>
</seq-items>
</ACL-list>
</name-items>
</ipv4-items>
</acl-items>
</System>
</config>
</edit-config>
</rpc>
Thanks,
Alex Karpenko