Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

235
Views
0
Helpful
1
Replies
marioderosa2008
Beginner
Beginner
‎10-19-2021 07:54 AM
‎10-19-2021 07:54 AM

NSO IOS Template Insert ACL rule BEFORE deny any

Hi team, i m trying to write a device template so i can edit ACLs on all my ASR1K devices safely knowing that even if the ACL numbering is not exactly the same across all devices, i can insert the rules before the deny any statement at the end of a standard named ACL. Currently i am getting an error in NSO when doing this.

NED version 6.71

NSO version 5.4.2

 

XML retrieved from doing a device sync-from is below...

result-xml <ip xmlns="urn:ios">
              <access-list>
                <standard>
                  <std-named-acl>
                    <name>SNMP-ACL</name>
                    <std-access-list-rule xmlns:yang="urn:ietf:params:xml:ns:yang:1"
                                          xmlns:ios="urn:ios"
                                          yang:insert="after"
                                          yang:key="[ios:rule='permit 3.3.3.3']">
                      <rule>permit 1.1.1.1</rule>
                    </std-access-list-rule>
                    <std-access-list-rule xmlns:yang="urn:ietf:params:xml:ns:yang:1"
                                          xmlns:ios="urn:ios"
                                          yang:insert="after"
                                          yang:key="[ios:rule='permit 1.1.1.1']">
                      <rule>permit 2.2.2.2</rule>
                    </std-access-list-rule>
                  </std-named-acl>
                </standard>
              </access-list>
            </ip>

Firstly, if i add that to a template and try to load merge, it fails with this error message...

load merge test.xml 
Error: on line 17: missing element: std-access-list-rule in /ncs:devices/ncs:template[ncs:name='test']/ncs:ned-id[ncs:id='cisco-ios-cli-6.71:cisco-ios-cli-6.71']/ncs:config/ios:ip/ios:access-list/ios:standard/ios:std-named-acl[ios:name='SNMP-ACL']/ios:std-access-list-rule[ios:rule='permit 1.1.1.1']
[error][2021-10-19 06:57:11]

So the template push fails without me modifying anything that has come directly from staging the config on the actual device and doing a sync-from...

If i try and manipulate it so that yang:insert = before and yang:key = 'deny any'... i get the same error when doing a load merge...

XML template in full is below...

<config xmlns="http://tail-f.com/ns/config/1.0">
  <devices xmlns="http://tail-f.com/ns/ncs">
    <template>
      <name>test</name>
      <ned-id>
        <id xmlns:cisco-ios-cli-6.71="http://tail-f.com/ns/ned-id/cisco-ios-cli-6.71">cisco-ios-cli-6.71:cisco-ios-cli-6.71</id>
        <config>
          <ip xmlns="urn:ios">
            <access-list>
              <standard>
                <std-access-list-rule xmlns:yang="urn:ietf:params:xml:ns:yang:1" xmlns:ios="urn:ios" yang:insert="after" yang:key="[ios:rule='permit 3.3.3.3']">
                  <rule>permit 1.1.1.1</rule>
                </std-access-list-rule>
                <std-access-list-rule xmlns:yang="urn:ietf:params:xml:ns:yang:1" xmlns:ios="urn:ios" yang:insert="after" yang:key="[ios:rule='permit 1.1.1.1']">
                  <rule>permit 2.2.2.2</rule>
                </std-access-list-rule>
              </standard>
            </access-list>
          </ip>
        </config>
      </ned-id>
    </template>
  </devices>
</config>

can anyone spot what i am doing wrong here?

 

thanks

 

Mario

Labels:
0 Helpful
1 REPLY 1
alexstev
Cisco Employee
Cisco Employee
‎11-02-2021 08:51 AM
‎11-02-2021 08:51 AM

Hello @marioderosa2008,

 

The XML is valid in form, according to the online checkers I used. Although, one such checker mentioned this line is missing:

 

<?xml version="1.0" encoding="UTF-8"?>

 

Beyond that, I would check the Cisco Bug Search Tool 

 

Best regards,

                    Alex

0 Helpful
Latest Contents
NSO Config Monitor initial release is publicly available on ...
Created by ygorelik on 06-23-2022 12:32 PM
0
10
0
10
The NSO Config Monitor is targeted to discover and report unmanaged device configurationsas well as configuration changes that were introduced outside of NSO. It is designed to work as plug-in package named config-monitor, which can be installed and used&... view more
Learn about Accedian Skylight for Network and Service Assura...
Created by Nicklas Wagerth on 06-01-2022 07:48 AM
0
5
0
5
Today we have added a Key Link to our Network and Service Assurance solution from Accedian (Solution Plus Partner). Henrik Nydell, Senior Product Manager at Accedian presented at Automation Developer Days in May. If you missed it, you will find the l... view more
Cisco NSO local install via Dockerfile
Created by Muhammad Rafi on 05-25-2022 07:46 AM
0
5
0
5
Hi DevNet Folks, If you are studying for any DevNet certs (specifically SPAUTO or DevNet Expert) which expects you to work with Cisco NSO and you want to find an easy way to get started with NSO, I have created a following repo, where you find two im... view more
AutomationDevDays22: NSO BGP optimization with Crosswork Clo...
Created by Nicklas Wagerth on 05-21-2022 06:45 AM
0
0
0
0
NSO BGP optimization with Crosswork Cloud Traffic Analysis Wei Yan • weyan@cisco.com • CXPM Architect Dan Backman • dbackman@cisco.com • Crosswork Cloud   This session was only presented at the virtual event. Link To Recording Abstract We w... view more
AutomationDevDays22: Use a Robot for Network Automation
Created by Nicklas Wagerth on 05-21-2022 06:31 AM
0
0
0
0
Use a Robot for network automation (Getting more value from your NSO Test Automation) Scott Barvick, CTO North America, Data Ductus   This session was only presented at the Virtual event. Link To Recording   Abstract As you build ... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination