Solved: I found the issue. Where the

Brett · ‎03-27-2017

I'm trying to write a compliance rule to search for an ACL and then remove that single ACL. So far this is what I have:

The first condition I create a block and store all of the information from the show command.

The second I use the Previous Parse Block and search for a specific IP address.

Then the fix is if the ip address is found it will do (know I have to get the fix corrected):

ip access-lists standard 1

no 10 permit 10.1.1.1

The issue I am running into is if it does find that IP address it does show a violation for that line, however it is also showing violations on the rest of the access-list on individual lines. Is there something I have wrong in my block or regex?

Brett · ‎04-05-2017

I found the issue. Where the block is defined instead of having "Standard IP access list 1.*" I changed it to ".*permit.*" This searches inside the show command for permit. This will then allow you to pull the number and ACL to delete a single ACL. In the fix CLI it needs to be this:

ip access-list standard 1

no <1.1> permit <1.2>

I did some testing and the CLI will take the entire line in the ACL so the this no command example will work:

no 30 permit 10.1.1.1 wildcard bits 0.0.0.255 (matches 300)

View solution in original post

Brett · ‎04-05-2017

I found the issue. Where the block is defined instead of having "Standard IP access list 1.*" I changed it to ".*permit.*" This searches inside the show command for permit. This will then allow you to pull the number and ACL to delete a single ACL. In the fix CLI it needs to be this:

ip access-list standard 1

no <1.1> permit <1.2>

I did some testing and the CLI will take the entire line in the ACL so the this no command example will work:

no 30 permit 10.1.1.1 wildcard bits 0.0.0.255 (matches 300)

Problem with Compliance Regex and ACLs in Prime Infrastrucutre 3.1.5