04-12-2019 01:16 AM
I just came accross the following problem: ACL entries are renumbered when issuing the write memory CLI command. And this is a problem for me because I use the EEM to insert and possibly delete entries in ACL dynamically. And I therefore need the ACL numbering to be preserved.
Is there an option somewhere to prevent the write memory command to renumber ACL entries?
Solved! Go to Solution.
04-12-2019 02:27 AM
04-12-2019 01:38 AM
Hi there,
I am not sure how your EEM script is written, but you could introduce remarks into you ACL which precede each ACE. Therefore even if the line numbering changes, you could embed some sort of index or descriptor into the remark to describe the following ACE, eg:
! ip access-list ext FOO remark FOO-01 deny ip 192.168.0.0 0.0.0.255 any remark FOO-02 permit ip any any !
cheers,
Seb.
04-12-2019 02:09 AM
Hello Seb,
Thanks for your quick reply.
However, I do not think your suggestion helps here. My EEMs are as follows:
!
ip access-list extended AFTN_ROUTE
20 permit ip any any
!
event manager applet AFTN_VIA_BB trap
event syslog pattern "%TRACK-6-STATE: 503 list boolean and Up -> Down"
action 1.0 cli command "en"
action 2.0 cli command "conf t"
action 3.0 cli command "ip access-list extended AFTN_ROUTE"
action 3.5 cli command "5 deny icmp host 142.3.39.201 host 10.5.39.201 echo"
action 4.0 cli command "end"
action 5.0 syslog msg "switching AFTN route to El Alto via BB"
!
!
event manager applet AFTN_VIA_ENTEL trap
event syslog pattern "%TRACK-6-STATE: 503 list boolean and Down -> Up"
action 1.0 cli command "en"
action 2.0 cli command "conf t"
action 3.0 cli command "ip access-list extended AFTN_ROUTE"
action 3.5 cli command "no 5"
action 4.0 cli command "end"
action 5.0 syslog msg "switching AFTN route to El Alto via ENTEL"
!
And I do not see how I can ensure that the correct ACE is deleted, and then added before the end of the ACL.
Dominique.
04-12-2019 02:27 AM
04-12-2019 02:35 AM
That will do.
Many thanks for your help.
04-12-2019 04:01 AM
Apologies you posted before i did
04-12-2019 03:58 AM
Hello
Add the re-sequence feature to your eem script:
action x.x cli command "ip access-list resequence <acl> <start seq> <increment seq>"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide