Solved: IOS XE NETCONF ACLs is there a way to NOT specify sequence numbers?

Seth Beauchamp · ‎03-22-2022

I am trying to use netconf to configure ACLs on IOS XE devices. Is there a way to not specify the sequence number and just have it use the next one up like it does in regular CLI? Line 2 below, I'd rather just not specify a sequence number and have it choose one. Any way to do this?

               <access-list-seq-rule>
                  <sequence>2</sequence>
                  <ace-rule>
                     <action>deny</action>
                     <protocol>ip</protocol>
                     <ipv4-address>172.16.1.0</ipv4-address>
                     <mask>0.0.0.15</mask>
                     <dest-ipv4-address>172.16.2.0</dest-ipv4-address>
                     <dest-mask>0.0.0.31</dest-mask>
                  </ace-rule>
               </access-list-seq-rule>

ygorelik · ‎03-22-2022

Hi Seth

Based on the YANG model the “sequence” is a key of the list “access-list-seq-rule”:

    list access-list-seq-rule {
      key "sequence";
      leaf sequence {
        description
          "Sequence number for this entry";
        type uint64 {
          range "1..4294967294";
        }
      }

So, you cannot skip it while configuring the ACL.

Yan

View solution in original post

ygorelik · ‎03-22-2022

Hi Seth

Based on the YANG model the “sequence” is a key of the list “access-list-seq-rule”:

    list access-list-seq-rule {
      key "sequence";
      leaf sequence {
        description
          "Sequence number for this entry";
        type uint64 {
          range "1..4294967294";
        }
      }

So, you cannot skip it while configuring the ACL.

Yan