cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

486
Views
0
Helpful
6
Replies
Highlighted
Beginner

ACL renumbering on write mem cli command

I just came accross the following problem: ACL entries are renumbered when issuing the write memory CLI command. And this is a problem for me because I use the EEM to insert and possibly delete entries in ACL dynamically. And I therefore need the ACL numbering to be preserved.

Is there an option somewhere to prevent the write memory command to renumber ACL entries?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Mentor

Re: ACL renumbering on write mem cli command

Mabye try resequence them after the change so they always go in same format

ip access-list resequence (ACL NAME ) 10 10

View solution in original post

6 REPLIES 6
VIP Advisor

Re: ACL renumbering on write mem cli command

Hi there,

I am not sure how your EEM script is written, but you could introduce remarks into you ACL which precede each ACE. Therefore even if the line numbering changes, you could embed some sort of index or descriptor into the remark to describe the following ACE, eg:

!
ip access-list ext FOO
  remark FOO-01
  deny ip 192.168.0.0 0.0.0.255 any
  remark FOO-02
  permit ip any any
!

cheers,

Seb.

Beginner

Re: ACL renumbering on write mem cli command

Hello Seb,

Thanks for your quick reply.

However, I do not think your suggestion helps here. My EEMs are as follows:

 


!
ip access-list extended AFTN_ROUTE
20 permit ip any any
!
event manager applet AFTN_VIA_BB trap
event syslog pattern "%TRACK-6-STATE: 503 list boolean and Up -> Down"
action 1.0 cli command "en"
action 2.0 cli command "conf t"
action 3.0 cli command "ip access-list extended AFTN_ROUTE"
action 3.5 cli command "5 deny icmp host 142.3.39.201 host 10.5.39.201 echo"
action 4.0 cli command "end"
action 5.0 syslog msg "switching AFTN route to El Alto via BB"
!
!
event manager applet AFTN_VIA_ENTEL trap
event syslog pattern "%TRACK-6-STATE: 503 list boolean and Down -> Up"
action 1.0 cli command "en"
action 2.0 cli command "conf t"
action 3.0 cli command "ip access-list extended AFTN_ROUTE"
action 3.5 cli command "no 5"
action 4.0 cli command "end"
action 5.0 syslog msg "switching AFTN route to El Alto via ENTEL"
!

 


 

 

And I do not see how I can ensure that the correct ACE is deleted, and then added before the end of the ACL.

 

Dominique.

VIP Mentor

Re: ACL renumbering on write mem cli command

Mabye try resequence them after the change so they always go in same format

ip access-list resequence (ACL NAME ) 10 10

View solution in original post

Beginner

Re: ACL renumbering on write mem cli command

That will do.

Many thanks for your help.

VIP Advisor

Re: ACL renumbering on write mem cli command

@Mark Malone 

Apologies you posted before i did



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
VIP Advisor

Re: ACL renumbering on write mem cli command

Hello

Add the re-sequence feature to your eem script:

action x.x cli command "ip access-list resequence <acl> <start seq> <increment seq>"



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad