01-25-2021 12:52 AM
Dear all,
May someone help please ? How can i add an entry into an ip access-list before an already existing enrty or to the first place, via CLI ? This is for cisco-IOS-NED. not ASA-NED..
for example i want to
- add "permit 9.9.9.9" as first entry and
- add "permit 8.8.8.8" after "permit 4.4.4.4"
admin@ncs(config)# show full-configuration devices device Cisco_Access_1 config ip access-list standard snmp_acl
devices device Cisco_Access_1
config
ip access-list standard snmp_acl
permit 1.1.1.1
permit 2.2.2.2
permit 3.3.3.3
permit 4.4.4.4
permit 5.5.5.5
permit 6.6.6.6
permit 7.7.7.7
!
!
!
ncs version : 5.3.0.1
NED version : cisco-ios-cli-6.43
I tried following :
admin@ncs(config)#switch cli
( i couldn't figure out how to do this in C style cli.. i have seen an example for J style cli in the following thread. Apparently IOS_NED_CLI doesn't really work in the same way like ASA-NED.
https://community.cisco.com/t5/nso-developer-hub-discussions/access-list-insert-after-error/td-p/3477790
in the cisco-ios-ned, ordered-by user is used in "list std-access-list-rule" , so first i tried at std-named-acl level, and then std-access-list-rule level as follows :
ios-NED yang model :
container ip {
container access-list {
container standard {
list std-named-acl {
list std-access-list-rule {
ordered-by user;
> i first tried from "devices device Cisco_Access_1 config ip access-list standard std-named-acl snmp_acl" level
[edit devices device Cisco_Access_1 config ip access-list standard std-named-acl snmp_acl]
admin@ncs% insert std-access-list-rule "permit 9.9.9.9" ?
Possible completions:
<WORD> permit <line> | deny <line> | remark <line> | <seqno> <rule> <-- according to the example, after|before woyld be an option here
admin@ncs% insert std-access-list-rule "permit 9.9.9.9"
---------------------------------------^
syntax error: unknown element
[error][2021-01-25 11:40:29]
[edit devices device Cisco_Access_1 config ip access-list standard std-named-acl snmp_acl]
admin@ncs% insert std-access-list-rule "permit 3.3.3.3" <-- appending "permit 3.3.3.3" to the end of list ??
[ok][2021-01-24 12:47:58]
[edit devices device Cisco_Access_1 config ip access-list standard std-named-acl snmp_acl]
admin@ncs% commit dry-run
cli {
local-node {
data devices {
device Cisco_Access_1 {
config {
ip {
access-list {
standard {
std-named-acl snmp_acl {
- std-access-list-rule "permit 3.3.3.3";
+ # after std-access-list-rule "permit 7.7.7.7"
+ std-access-list-rule "permit 3.3.3.3";
}
}
}
}
}
}
}
}
}
[ok][2021-01-24 12:48:02]
> trying from "devices device Cisco_Access_1 config ip access-list standard std-named-acl snmp_acl std-access-list-rule" level doesn't work either..
admin@ncs% edit devices device Cisco_Access_1 config ip access-list standard std-named-acl snmp_acl std-access-list-rule
[ok][2021-01-24 12:46:01]
[edit devices device Cisco_Access_1 config ip access-list standard std-named-acl snmp_acl std-access-list-rule]
admin@ncs% insert ?
Possible completions:
<WORD> permit <line> | deny <line> | remark <line> | <seqno> <rule>
permit
admin@ncs% insert permit 9.9.9.9 ?
% No entries found <-- doesn't allow to add a new entry from here..
Possible completions:
<WORD> permit <line> | deny <line> | remark <line> | <seqno> <rule>
admin@ncs% insert permit 3.3.3.3 ?
% No entries found <-- doesn't allow to mark an existing entry from here..
Possible completions:
<WORD> permit <line> | deny <line> | remark <line> | <seqno> <rule>
admin@ncs% insert permit ?
Possible completions:
<WORD> permit <line> | deny <line> | remark <line> | <seqno> <rule>
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
5.5.5.5
6.6.6.6
7.7.7.7
admin@ncs% insert permit 3.3.3.3 <-- allow to insert "permit 3.3.3.3", actually this is appended to the end of list
[ok][2021-01-24 13:04:05]
[edit devices device Cisco_Access_1 config ip access-list standard std-named-acl snmp_acl std-access-list-rule]
admin@ncs% commit dry-run
cli {
local-node {
data devices {
device Cisco_Access_1 {
config {
ip {
access-list {
standard {
std-named-acl snmp_acl {
- std-access-list-rule "permit 3.3.3.3";
+ # after std-access-list-rule "permit 7.7.7.7"
+ std-access-list-rule "permit 3.3.3.3";
}
}
}
}
}
}
}
}
}
[ok][2021-01-24 13:04:10]
many thanks and regards..
Solved! Go to Solution.
02-01-2021 12:47 AM
Hello,
insert was also not working for me on this list. however I was able to order using set and move in J CLI
admin@ncs% set devices device ios0 config ip access-list standard std-named-acl test std-access-list-rule "permit 1.1.1.1" [ok][2021-02-01 09:12:51] [edit] admin@ncs% set devices device ios0 config ip access-list standard std-named-acl test std-access-list-rule permit\ 1.1.1.2 [ok][2021-02-01 09:12:57] [edit] admin@ncs% commit dry cli { local-node { data devices { device ios0 { config { ip { access-list { standard { + std-named-acl test { + std-access-list-rule "permit 1.1.1.1"; + std-access-list-rule "permit 1.1.1.2"; + } } } } } } } } } [ok][2021-02-01 09:13:03] [edit] admin@ncs% move devices device ios0 config ip access-list standard std-named-acl test std-access-list-rule permit\ 1.1.1.2 first [ok][2021-02-01 09:13:23] [edit] admin@ncs% commit dry cli { local-node { data devices { device ios0 { config { ip { access-list { standard { + std-named-acl test { + std-access-list-rule "permit 1.1.1.2"; + std-access-list-rule "permit 1.1.1.1"; + } } } } } } } } } [ok][2021-02-01 09:13:27];
'move' is also available in the C CLI, where the path looks a little different
admin@ncs(config)# move devices device ios0 config ip access-list standard test permit 1.1.1.2 last admin@ncs(config)# commit dry cli { local-node { data devices { device ios0 { config { ip { access-list { standard { + std-named-acl test { + std-access-list-rule "permit 1.1.1.1"; + std-access-list-rule "permit 1.1.1.2"; + } } } } } } } } }
01-31-2021 11:03 PM
any guidance is appreciated.
thanks and regards.
02-01-2021 12:47 AM
Hello,
insert was also not working for me on this list. however I was able to order using set and move in J CLI
admin@ncs% set devices device ios0 config ip access-list standard std-named-acl test std-access-list-rule "permit 1.1.1.1" [ok][2021-02-01 09:12:51] [edit] admin@ncs% set devices device ios0 config ip access-list standard std-named-acl test std-access-list-rule permit\ 1.1.1.2 [ok][2021-02-01 09:12:57] [edit] admin@ncs% commit dry cli { local-node { data devices { device ios0 { config { ip { access-list { standard { + std-named-acl test { + std-access-list-rule "permit 1.1.1.1"; + std-access-list-rule "permit 1.1.1.2"; + } } } } } } } } } [ok][2021-02-01 09:13:03] [edit] admin@ncs% move devices device ios0 config ip access-list standard std-named-acl test std-access-list-rule permit\ 1.1.1.2 first [ok][2021-02-01 09:13:23] [edit] admin@ncs% commit dry cli { local-node { data devices { device ios0 { config { ip { access-list { standard { + std-named-acl test { + std-access-list-rule "permit 1.1.1.2"; + std-access-list-rule "permit 1.1.1.1"; + } } } } } } } } } [ok][2021-02-01 09:13:27];
'move' is also available in the C CLI, where the path looks a little different
admin@ncs(config)# move devices device ios0 config ip access-list standard test permit 1.1.1.2 last admin@ncs(config)# commit dry cli { local-node { data devices { device ios0 { config { ip { access-list { standard { + std-named-acl test { + std-access-list-rule "permit 1.1.1.1"; + std-access-list-rule "permit 1.1.1.2"; + } } } } } } } } }
02-01-2021 03:56 PM
Many thanks Stefano.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide