Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ios_acls: operations fail on cat9000 configured with arp ACL #1111

Open
ericpedersen-ca opened this issue Aug 24, 2024 · 0 comments · May be fixed by #1131
Open

ios_acls: operations fail on cat9000 configured with arp ACL #1111

ericpedersen-ca opened this issue Aug 24, 2024 · 0 comments · May be fixed by #1131
Assignees
@Girish5tri
Labels
has_pr This issue has an associated PR.

Comments

@ericpedersen-ca
Copy link

SUMMARY

Catalyst 9000 switches support ARP ACLs for dynamic ARP inspection. The ios_acls module doesn't recognize these and tries to include the ACEs in the previous ACL, which causes operations to fail.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

ios_acls

ANSIBLE VERSION
ansible [core 2.17.2]
  config file = /home/eric/src/cisco-integrations/cisco-ansible/ansible.cfg
  configured module search path = ['/home/eric/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/eric/src/cisco-integrations/cisco-ansible/.venv/lib64/python3.10/site-packages/ansible
  ansible collection location = /home/eric/src/ansible
  executable location = /home/eric/src/cisco-integrations/cisco-ansible/.venv/bin/ansible
  python version = 3.10.14 (main, Apr 17 2024, 00:00:00) [GCC 14.0.1 20240411 (Red Hat 14.0.1-0)] (/home/eric/src/cisco-integrations/cisco-ansible/.venv/bin/python3)
  jinja version = 3.1.4
  libyaml = True
COLLECTION VERSION
>  ansible-galaxy collection list cisco.ios

# /home/eric/src/ansible/ansible_collections
Collection Version
---------- -------
cisco.ios  9.0.1

# /home/eric/src/cisco-integrations/cisco-ansible/.venv/lib/python3.10/site-packages/ansible_collections
Collection Version
---------- -------
cisco.ios  8.0.0

# /home/eric/src/cisco-integrations/cisco-ansible/.venv/lib64/python3.10/site-packages/ansible_collections
Collection Version
---------- -------
cisco.ios  8.0.0
CONFIGURATION
COLLECTIONS_PATHS(/home/eric/src/cisco-integrations/cisco-ansible/ansible.cfg) = ['/home/eric/src/ansible']
CONFIG_FILE() = /home/eric/src/cisco-integrations/cisco-ansible/ansible.cfg
DEPRECATION_WARNINGS(/home/eric/src/cisco-integrations/cisco-ansible/ansible.cfg) = False
EDITOR(env: EDITOR) = /usr/bin/nano
HOST_KEY_CHECKING(/home/eric/src/cisco-integrations/cisco-ansible/ansible.cfg) = False
PAGER(env: PAGER) = less
OS / ENVIRONMENT

Target device is catalyst 9000v.

Initial ACL configuration:

ip access-list standard 10
 10 permit 192.168.1.0 0.0.0.255
arp access-list arp-test
 permit ip any mac any
STEPS TO REPRODUCE
  tasks:
    - name: ACL merge operation
      cisco.ios.ios_acls:
        config:
          - afi: ipv4
            acls:
              - name: ext_acl
                acl_type: extended
                aces:
                  - grant: permit
                    protocol_options:
                      ip: yes
                    source:
                      address: 192.0.2.0
                      wildcard_bits: 0.0.0.255
                    destination:
                      address: 192.0.3.0
                      wildcard_bits: 0.0.0.255
EXPECTED RESULTS

ACL ext_acl is created

ACTUAL RESULTS

Operation fails with error "Unsupported attribute for standard ACL - protocol."

TASK [ACL merge operation] ***************************************************************************************************************************
fatal: [10.100.201.128]: FAILED! => {"changed": false, "msg": "Unsupported attribute for standard ACL - protocol."}
@Girish5tri Girish5tri linked a pull request Nov 10, 2024 that will close this issue
Draft
@KB-perByte KB-perByte assigned Girish5tri and unassigned roverflow Nov 12, 2024
@KB-perByte KB-perByte added the has_pr This issue has an associated PR. label Nov 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Girish5tri Girish5tri

Labels
has_pr This issue has an associated PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ios_acls: Fix module failure when ARP ACLs are present on device Girish5tri/cisco.ios
4 participants
@KB-perByte @ericpedersen-ca @roverflow @Girish5tri