Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1991
Views
0
Helpful
6
Replies

ACL renumbering on write mem cli command

Go to solution
dominiqueadam
Level 1
Level 1

‎04-12-2019 01:16 AM

I just came accross the following problem: ACL entries are renumbered when issuing the write memory CLI command. And this is a problem for me because I use the EEM to insert and possibly delete entries in ACL dynamically. And I therefore need the ACL numbering to be preserved.

Is there an option somewhere to prevent the write memory command to renumber ACL entries?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to dominiqueadam

‎04-12-2019 02:27 AM

Mabye try resequence them after the change so they always go in same format

ip access-list resequence (ACL NAME ) 10 10

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎04-12-2019 01:38 AM

Hi there,

I am not sure how your EEM script is written, but you could introduce remarks into you ACL which precede each ACE. Therefore even if the line numbering changes, you could embed some sort of index or descriptor into the remark to describe the following ACE, eg:

!
ip access-list ext FOO
  remark FOO-01
  deny ip 192.168.0.0 0.0.0.255 any
  remark FOO-02
  permit ip any any
!

cheers,

Seb.

0 Helpful

Go to solution
dominiqueadam
Level 1
Level 1
In response to Seb Rupik

‎04-12-2019 02:09 AM

Hello Seb,

Thanks for your quick reply.

However, I do not think your suggestion helps here. My EEMs are as follows:

 

!
ip access-list extended AFTN_ROUTE
20 permit ip any any
!
event manager applet AFTN_VIA_BB trap
event syslog pattern "%TRACK-6-STATE: 503 list boolean and Up -> Down"
action 1.0 cli command "en"
action 2.0 cli command "conf t"
action 3.0 cli command "ip access-list extended AFTN_ROUTE"
action 3.5 cli command "5 deny icmp host 142.3.39.201 host 10.5.39.201 echo"
action 4.0 cli command "end"
action 5.0 syslog msg "switching AFTN route to El Alto via BB"
!
!
event manager applet AFTN_VIA_ENTEL trap
event syslog pattern "%TRACK-6-STATE: 503 list boolean and Down -> Up"
action 1.0 cli command "en"
action 2.0 cli command "conf t"
action 3.0 cli command "ip access-list extended AFTN_ROUTE"
action 3.5 cli command "no 5"
action 4.0 cli command "end"
action 5.0 syslog msg "switching AFTN route to El Alto via ENTEL"
!

 

 

 

And I do not see how I can ensure that the correct ACE is deleted, and then added before the end of the ACL.

 

Dominique.

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to dominiqueadam

‎04-12-2019 02:27 AM

Mabye try resequence them after the change so they always go in same format

ip access-list resequence (ACL NAME ) 10 10
0 Helpful

Go to solution
dominiqueadam
Level 1
Level 1
In response to Mark Malone

‎04-12-2019 02:35 AM

That will do.

Many thanks for your help.

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Mark Malone

‎04-12-2019 04:01 AM

@Mark Malone 

Apologies you posted before i did


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
paul driver
VIP
VIP

‎04-12-2019 03:58 AM

Hello

Add the re-sequence feature to your eem script:

action x.x cli command "ip access-list resequence <acl> <start seq> <increment seq>"


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card