12-08-2022 03:39 PM
Hello,
I need some help with Prime Infrastructure 3.10 Templates and probably configuration groups - I don't get how it works; unfortunately there is just PI User Guide with very brief feature description and hardly other resources about this theme.
in before - sure, I can accomplish all my tasks with simple CLI template deployment on all devices in appropriate user defined network group or with a compliance check combined with a fix job, but I'm interested in automated configuration.
My Goal is to automatically deploy pretty big ACL on every SVI within VLAN 200-210 range, but only if SVI Description matches spacial string (i.E. for VLAN 200 SD-200-LAN or for VLAN 205 STAGING-205) AND also device name matches some pattern (i.E. AREA<xx>9K-SD<yy>. There are about 100 Interfaces, where that ACL should be deployed and almost every 2 weeks trhere are some changes to that ACL.
1 CLI template contains whole ACL (Feature template ACL doesn't support some ACE, for example it allows only ICMP without packet types, like echo or echo replay) and PI should apply this ACL on every matching Interface.
I found Configuration > Templates > Configuration Groups to accomplish this task. This is the best feature for this task, isn't it?
port template with variable (default = Vlan 200)
and one more thing - a lot of SVI descriptions are slightly different, I consider to create interface roles like "name = Vlan200 AND description is not equal <some string>", the same for VLAN201 and so on, but again - how do I applay interface role template (here multiple) to an configuration group?
Thanks
12-10-2022 04:12 AM
Does nobody understand how to configure Interfaces, selected by Interface Role shared object?
In that case, how would you implement my requerment?
@Thomas Schmitt wrote:My Goal is to automatically deploy pretty big ACL on every SVI within VLAN 200-210 range, but only if SVI Description matches spacial string (i.E. for VLAN 200 SD-200-LAN or for VLAN 205 STAGING-205) AND also device name matches some pattern (i.E. AREA<xx>9K-SD<yy>. There are about 100 Interfaces, where that ACL should be deployed and almost every 2 weeks trhere are some changes to that ACL.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide