IOS ACLs/Prefix List merge state issues a NO for pre-existing config which can break network and is not expected #345

justjais · 2021-06-03T13:33:28Z

SUMMARY

OS ACLs/Prefix List merge state issues a NO for pre-existing config which can break the network and is not expected

ISSUE TYPE

Bug Report

COMPONENT NAME

ios_acls and prefix_lists

ANSIBLE VERSION

2.10+

CONFIGURATION

OS / ENVIRONMENT

mac os

STEPS TO REPRODUCE

# Before state:
# -------------
#
# vios#sh access-lists
# Extended IP access list 110
#    10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10

- name: Merge provided configuration with device configuration
  cisco.ios.ios_acls:
    config:
    - afi: ipv4
      acls:
      - name: 110
        aces:
        - sequence: 10
          protocol_options:
            icmp:
              traceroute: true
        - grant: deny
          protocol_options:
            tcp:
              ack: true
          source:
            host: 198.51.100.0
          destination:
            host: 198.51.110.0
            port_protocol:
              eq: telnet
    state: merged


# Prefix List
# Before state:
# -------------
#
# router-ios#sh running-config | section ^ip prefix-list|^ipv6 prefix-list
# ipv6 prefix-list test_ipv6 description this is ipv6
# ipv6 prefix-list test_ipv6 seq 10 deny 2001:DB8:0:4::/64 ge 80
- name: Merge provided Prefix lists configuration
  cisco.ios.ios_prefix_lists:
    config:
      - afi: ipv6
        prefix_lists:
          - name: test_ipv6
            entries:
              - description: this is ipv6 merge test
              - action: deny
                prefix: 2001:DB8:0:4::/64
                ge: 80
                le: 100
                sequence: 10
    state: merged

EXPECTED RESULTS

The task fails with error that pre-existing ACLs/Prefix Lists cannot be merged

ACTUAL RESULTS

ACL:

# Commands fired:
# ---------------
#
# - ip access-list extended 110
# - no 10
# - 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10

Prefix_List:

#  Commands Fired:
#  ---------------
#
#   "commands": [
#         "no ipv6 prefix-list test_ipv6 seq 10 deny 2001:DB8:0:4::/64 ge 80",
#         "ipv6 prefix-list test_ipv6 seq 10 deny 2001:DB8:0:4::/64 ge 80 le 100",
#         "ipv6 prefix-list test_ipv6 description this is ipv6 merge test"
#     ]

The text was updated successfully, but these errors were encountered:

justjais self-assigned this Jun 3, 2021

justjais changed the title ~~IOS ACLs merge state issues a NO ace for pre-existing ACEs which can break network and is not expected~~ IOS ACLs/Prefix List merge state issues a NO for pre-existing config which can break network and is not expected Jun 3, 2021

justjais mentioned this issue Jun 5, 2021

To fix IOS ACLs and Prefix Lists RM to not negate config when using merge state #346

Merged

ansible-zuul bot closed this as completed in #346 Jun 22, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

IOS ACLs/Prefix List merge state issues a NO for pre-existing config which can break network and is not expected #345

IOS ACLs/Prefix List merge state issues a NO for pre-existing config which can break network and is not expected #345

justjais commented Jun 3, 2021 •

edited

IOS ACLs/Prefix List merge state issues a NO for pre-existing config which can break network and is not expected #345

IOS ACLs/Prefix List merge state issues a NO for pre-existing config which can break network and is not expected #345

Comments

justjais commented Jun 3, 2021 • edited

SUMMARY

ISSUE TYPE

COMPONENT NAME

ANSIBLE VERSION

CONFIGURATION

OS / ENVIRONMENT

STEPS TO REPRODUCE

EXPECTED RESULTS

ACTUAL RESULTS

justjais commented Jun 3, 2021 •

edited