10-19-2021 07:54 AM - edited 10-19-2021 08:37 AM
Hi team, i m trying to write a device template so i can edit ACLs on all my ASR1K devices safely knowing that even if the ACL numbering is not exactly the same across all devices, i can insert the rules before the deny any statement at the end of a standard named ACL. Currently i am getting an error in NSO when doing this.
NED version 6.71
NSO version 5.4.2
XML retrieved from doing a device sync-from is below...
result-xml <ip xmlns="urn:ios"> <access-list> <standard> <std-named-acl> <name>SNMP-ACL</name> <std-access-list-rule xmlns:yang="urn:ietf:params:xml:ns:yang:1" xmlns:ios="urn:ios" yang:insert="after" yang:key="[ios:rule='permit 3.3.3.3']"> <rule>permit 1.1.1.1</rule> </std-access-list-rule> <std-access-list-rule xmlns:yang="urn:ietf:params:xml:ns:yang:1" xmlns:ios="urn:ios" yang:insert="after" yang:key="[ios:rule='permit 1.1.1.1']"> <rule>permit 2.2.2.2</rule> </std-access-list-rule> </std-named-acl> </standard> </access-list> </ip>
Firstly, if i add that to a template and try to load merge, it fails with this error message...
load merge test.xml Error: on line 17: missing element: std-access-list-rule in /ncs:devices/ncs:template[ncs:name='test']/ncs:ned-id[ncs:id='cisco-ios-cli-6.71:cisco-ios-cli-6.71']/ncs:config/ios:ip/ios:access-list/ios:standard/ios:std-named-acl[ios:name='SNMP-ACL']/ios:std-access-list-rule[ios:rule='permit 1.1.1.1'] [error][2021-10-19 06:57:11]
So the template push fails without me modifying anything that has come directly from staging the config on the actual device and doing a sync-from...
If i try and manipulate it so that yang:insert = before and yang:key = 'deny any'... i get the same error when doing a load merge...
XML template in full is below...
<config xmlns="http://tail-f.com/ns/config/1.0"> <devices xmlns="http://tail-f.com/ns/ncs"> <template> <name>test</name> <ned-id> <id xmlns:cisco-ios-cli-6.71="http://tail-f.com/ns/ned-id/cisco-ios-cli-6.71">cisco-ios-cli-6.71:cisco-ios-cli-6.71</id> <config> <ip xmlns="urn:ios"> <access-list> <standard> <std-access-list-rule xmlns:yang="urn:ietf:params:xml:ns:yang:1" xmlns:ios="urn:ios" yang:insert="after" yang:key="[ios:rule='permit 3.3.3.3']">
<rule>permit 1.1.1.1</rule>
</std-access-list-rule>
<std-access-list-rule xmlns:yang="urn:ietf:params:xml:ns:yang:1" xmlns:ios="urn:ios" yang:insert="after" yang:key="[ios:rule='permit 1.1.1.1']">
<rule>permit 2.2.2.2</rule>
</std-access-list-rule> </standard> </access-list> </ip> </config> </ned-id> </template> </devices> </config>
can anyone spot what i am doing wrong here?
thanks
Mario
11-02-2021 08:51 AM
Hello @marioderosa2008,
The XML is valid in form, according to the online checkers I used. Although, one such checker mentioned this line is missing:
<?xml version="1.0" encoding="UTF-8"?>
Beyond that, I would check the Cisco Bug Search Tool
Best regards,
Alex
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide