cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
791
Views
0
Helpful
1
Replies

Prime Infrastructure 3.10 Interface configuration Groups

Thomas Schmitt
Level 1
Level 1

Hello,

I need some help with Prime Infrastructure 3.10 Templates and probably configuration groups - I don't get how it works; unfortunately there is just PI User Guide with very brief feature description and hardly other resources about this theme.

in before - sure, I can accomplish all my tasks with simple CLI template deployment on all devices in appropriate user defined  network group or with a compliance check combined with a fix job, but I'm interested in automated configuration.

My Goal is to automatically deploy pretty big ACL on every SVI within VLAN 200-210 range, but only if SVI Description matches spacial string (i.E. for VLAN 200 SD-200-LAN or for VLAN 205 STAGING-205) AND also device name matches some pattern (i.E. AREA<xx>9K-SD<yy>. There are about 100 Interfaces, where that ACL should be deployed and almost every 2 weeks trhere are some changes to that ACL.

1 CLI template contains whole ACL (Feature template ACL doesn't support some ACE, for example it allows only ICMP without packet types, like echo or echo replay) and PI should apply this ACL on every matching Interface.

I found Configuration > Templates > Configuration Groups to accomplish this task. This is the best feature for this task, isn't it?

  1.  I created User  defined network group matching Device Name (AREA<xx>9K-SD<yy>) and add to configuration grops - works fine
  2. now I can match SVI + description with
    1. shared policy object --> Interface Role
    2. user defined port group
  3. I created CLI Template for ports and in case I would deploy this port regular, then I can select user defined port group and deploy the template - but how do I associate port template with this group or Interface Role template within configuration group?

ThomasSchmitt_0-1670541961917.png

port template with variable (default = Vlan 200)

ThomasSchmitt_1-1670542702885.png

 

and one more thing - a lot of SVI descriptions are slightly different, I consider to create interface roles like "name = Vlan200 AND description is not equal <some string>", the same for VLAN201 and so on, but again - how do I applay interface role template (here multiple) to an configuration group?

Thanks

 

1 Reply 1

Thomas Schmitt
Level 1
Level 1

Does nobody understand how to configure Interfaces, selected by Interface Role shared object?

In that case, how would you implement my requerment?


@Thomas Schmitt wrote:

My Goal is to automatically deploy pretty big ACL on every SVI within VLAN 200-210 range, but only if SVI Description matches spacial string (i.E. for VLAN 200 SD-200-LAN or for VLAN 205 STAGING-205) AND also device name matches some pattern (i.E. AREA<xx>9K-SD<yy>. There are about 100 Interfaces, where that ACL should be deployed and almost every 2 weeks trhere are some changes to that ACL.


 

Review Cisco Networking for a $25 gift card