Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ios/iosxe "sh access-lists" fails to parse ACL-Type

See original GitHub issue

Genie Parser only detects if ACL is IPv4 or IPv6 Type ACL. Unfortunately, there is no parsing for if it´s a Standard or Extended ACL.

Parsing result of a bunch of ACLs:

Standard ACL:

{'10': {'name': '10',
  'type': 'ipv4-acl-type',
  'aces': {'10': {'name': '10',
    'actions': {'forwarding': 'permit'},
    'matches': {'l3': {'ipv4': {'protocol': 'ipv4',
       'source_network': {'xxx.xxx.xxx.xxx 0.0.0.0': {'source_network': 'xxx.xxx.xxx.xxx 0.0.0.0'}}}}},
    'statistics': {'matched_packets': 27958066}},
   '20': {'name': '20',
    'actions': {'forwarding': 'permit'},
    'matches': {'l3': {'ipv4': {'protocol': 'ipv4',
       'source_network': {'xxx.xxx.xxx.xxx 0.0.0.0': {'source_network': 'xxx.xxx.xxx.xxx 0.0.0.0'}}}}},
    'statistics': {'matched_packets': 5751062}},
   '30': {'name': '30',
    'actions': {'forwarding': 'permit'},
    'matches': {'l3': {'ipv4': {'protocol': 'ipv4',
       'source_network': {'xxx.xxx.xxx.xxx 0.0.0.0': {'source_network': 'xxx.xxx.xxx.xxx 0.0.0.0'}}}}},

Extended ACL:

'name-of-acl': {'name': 'name-of-acl',
  'type': 'ipv4-acl-type',
  'aces': {'10': {'name': '10',
    'actions': {'forwarding': 'permit', 'logging': 'log-none'},
    'matches': {'l3': {'ipv4': {'protocol': 'ipv4',
       'source_network': {'xxx.xxx.xxx.xxx': {'source_network': 'xxx.xxx.xxx.xxx 0.0.3.255'}},
       'destination_network': {'any': {'destination_network': 'any'}}}},
     'l4': {'ipv4': {'established': False}}}},
   '20': {'name': '20',
    'actions': {'forwarding': 'permit', 'logging': 'log-none'},
    'matches': {'l3': {'ipv4': {'protocol': 'ipv4',
       'source_network': {'any xxx.xxx.xxx.xxx': {'source_network': 'any xxx.xxx.xxx.xxx'}},
       'destination_network': {'0.0.3.255': {'destination_network': '0.0.3.255'}}}},
     'l4': {'ipv4': {'established': False}}}},
   '30': {'name': '30',
    'actions': {'forwarding': 'permit', 'logging': 'log-none'},
    'matches': {'l3': {'ipv4': {'protocol': 'udp',
       'source_network': {'any': {'source_network': 'any'}},
       'destination_network': {'any': {'destination_network': 'any'}}}},
     'l4': {'udp': {'established': False,
       'destination_port': {'operator': {'operator': 'eq', 'port': 9000}}}}}}

Issue Analytics

State:
Created 3 years ago
Comments:8 (5 by maintainers)

Top GitHub Comments

1reaction

tahigashcommented, Feb 16, 2021

@nouse4it we will add above acl_type in 21.2 (end of Feb) release. Closing this issue. Please feel free to update on this or reopen the issue if you have any questions.

1reaction

tahigashcommented, Feb 14, 2021

@nouse4it thank you for the output. yes, that’s what we wanted to see.

Based on my understanding, parsing itself is no issue, but you want to have something like below <<< HERE if the ACL is standard or extended?

{
  "10": {
    "aces": {
      "10": {
        "actions": {
          "forwarding": "permit"
        },
        "matches": {
          "l3": {
            "ipv4": {
              "protocol": "ipv4",
              "source_network": {
                "10.1.1.1 0.0.0.0": {
                  "source_network": "10.1.1.1 0.0.0.0"
                }
              }
            }
          }
        },
        "name": "10",
        "statistics": {
          "matched_packets": "708186"
        }
      },
      (snip)
    "name": "10",
    "type": "ipv4-acl-type",
    "acl_type": "standard", # <<< HERE
  },