03-27-2017 08:16 AM
I'm trying to write a compliance rule to search for an ACL and then remove that single ACL. So far this is what I have:
The first condition I create a block and store all of the information from the show command.
The second I use the Previous Parse Block and search for a specific IP address.
Then the fix is if the ip address is found it will do (know I have to get the fix corrected):
ip access-lists standard 1
no 10 permit 10.1.1.1
The issue I am running into is if it does find that IP address it does show a violation for that line, however it is also showing violations on the rest of the access-list on individual lines. Is there something I have wrong in my block or regex?
Solved! Go to Solution.
04-05-2017 05:56 AM
I found the issue. Where the block is defined instead of having "Standard IP access list 1.*" I changed it to ".*permit.*" This searches inside the show command for permit. This will then allow you to pull the number and ACL to delete a single ACL. In the fix CLI it needs to be this:
ip access-list standard 1
no <1.1> permit <1.2>
I did some testing and the CLI will take the entire line in the ACL so the this no command example will work:
no 30 permit 10.1.1.1 wildcard bits 0.0.0.255 (matches 300)
04-05-2017 05:56 AM
I found the issue. Where the block is defined instead of having "Standard IP access list 1.*" I changed it to ".*permit.*" This searches inside the show command for permit. This will then allow you to pull the number and ACL to delete a single ACL. In the fix CLI it needs to be this:
ip access-list standard 1
no <1.1> permit <1.2>
I did some testing and the CLI will take the entire line in the ACL so the this no command example will work:
no 30 permit 10.1.1.1 wildcard bits 0.0.0.255 (matches 300)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide