Configure Standard Community List

You can configure standard community list.

Before you begin

  • Ensure that the community list name begins with an alphabet followed by one or more alphanumeric characters.
  • Ensure that the community list rule is inside single or double quotes.
  • If the community list is not associated with a device, the created community rules are stored in XCO DB only. If the community list is already associated with a device, the created rules are also pushed to the devices in addition to stored in DB.

About this task

Follow this procedure to configure standard community list.

Procedure

  1. Run the following command to create a standard community list: 
    efa policy community-list create [flags]
 
Flags:
      --name string        Name of the community list.
      --type string        Type of the community list. Valid options are standard, extended
      --rule stringArray   Rule in format seq[seq-num],action[permit/deny],std-value[<1-4294967295>|<AA:NN, AA & NN is 2 bytes>|internet|local-as|no-export|no-advertise] (or) ext-value[regular expression]. 
  
Example: "seq[5],action[permit],std-value[6550:125;local-as;internet]" (or)    "seq[4],action[deny],ext-value[^65000:.*_]"
    Example:
    efa policy community-list create –-name comm1 –-type standard –-rule "seq[5],action[permit],std-value[100;11:22;local-as;no-export]"

+-----------+-----+--------+--------------------+-------+
| Community | Seq | Action |     Std Value      | Ext   |
| List Name | num |        |                    | Value |
+-----------+-----+--------+--------------------+-------+
| comm-prye | 55  | permit | 100 11:22          |       |
|           |     |        | local-as no-export |       |
+-----------+-----+--------+--------------------+-------+
Community List details
+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results

efa policy community-list create –-name stdext1 –-type extended –-rule "seq[5],action[permit],ext-value[_2000_]"

+---------------------+---------+--------+-----------+-----------+
| Community List Name | Seq num | Action | Std Value | Ext Value |
+---------------------+---------+--------+-----------+-----------+
| stdext1             | 5       | permit |           | _2000_    |
+---------------------+---------+--------+-----------+-----------+
Community List details
+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results
  2. Run the following command to update a community list. 
    efa policy community-list update [flags]
 
Flags:
      --name string        Name of the community list.
      --type string        Type of the community list. Valid options are standard, extended
      --rule string        Rule in format seq[seq-num],action[permit/deny],std-value[<1-4294967295>|<AA:NN, AA & NN is 2 bytes>|internet|local-as|no-export|no-advertise] (or) ext-value[regular expression]. Example: seq[5],action[permit],std-value[6550:125;local-as;internet] (or) seq[4],action[deny],ext-value[^65000:.*_]
      --operation string   Valid options are update-rule, add-device, remove-device
      --ip string          Comma separated range of device IP addresses. Example: "1.1.1.1-3","1.1.1.2","2.2.2.2"
    Example:
    • Add Device
      efa policy community-list update --name stdext1 --type extended --operation add-device --ip 10.20.246.29-30
+---------------------+---------+--------+-----------+-----------+
| Community List Name | Seq num | Action | Std Value | Ext Value |
+---------------------+---------+--------+-----------+-----------+
| stdext1             | 4       | deny   |           | _1000_    |
+---------------------+---------+--------+-----------+-----------+
| stdext1             | 5       | permit |           | _2000_    |
+---------------------+---------+--------+-----------+-----------+
| stdext1             | 7       | deny   |           | _3000_    |
+---------------------+---------+--------+-----------+-----------+
Community List details
+--------------+---------+--------+-----------------+
|  IP Address  | Result  | Reason | Rollback reason |
+--------------+---------+--------+-----------------+
| 10.20.246.29 | Success |        |                 |
+--------------+---------+--------+-----------------+
| 10.20.246.30 | Success |        |                 |
+--------------+---------+--------+-----------------+
Device Results

show running-config ip community-list
ip community-list extended stdext1 seq 4 deny _1000_
ip community-list extended stdext1 seq 5 permit _2000_
ip community-list extended stdext1 seq 7 deny _3000_
      Verify the switch configuration on SLX devices.
      SLX# show running-config ip community-list
ip community-list standard comm1 seq 5 permit 0:100 11:22 local-as no-export
ip community-list extended commExt1 seq 3 permit _30000_
    • Delete Device
      efa policy community-list update --name comm1 --type standard --operation remove-device --ip 10.20.63.140-141
+---------------------+---------+--------+-----------+-----------+
| Community List Name | Seq num | Action | Std Value | Ext Value |
+---------------------+---------+--------+-----------+-----------+
| comm1               | 3       | permit | 65:12     |           |
+---------------------+---------+--------+-----------+-----------+
Community List details
+--------------+---------+--------+-----------------+
|  IP Address  | Result  | Reason | Rollback reason |
+--------------+---------+--------+-----------------+
| 10.20.63.140 | Success |        |                 |
+--------------+---------+--------+-----------------+
| 10.20.63.141 | Success |        |                 |
+--------------+---------+--------+-----------------+
Device Results
    • Update rule
      efa policy community-list update --name commExt1 --type extended --operation update-rule --rule "seq[1],action[permit],ext-value[_30000_]"
+---------------------+---------+--------+
| Community List Name | Seq num | Action |
+---------------------+---------+--------+
| commExt1            | 1       | permit |
+---------------------+---------+--------+
Community List details
+---------------+----------+---------------------------------------+----------+
|  IP Address   |  Result  |                 Reason                | Rollback |
|               |          |                                       | reason   |
+---------------+----------+---------------------------------------+----------+
| 10.139.44.159 | Success  |                                       |          |
+---------------+----------+---------------------------------------+----------+
| 10.139.44.163 | Success  |                                       |          |
+---------------+----------+---------------------------------------+----------+
Device Results

On 10.139.44.159:
show running-config ip community-list
ip community-list extended commExt1 seq 30 action permit _30000_

efa policy community-list update –-name comm1 –-type standard –-operation update-rule "–-rule seq[5]","action[permit]","std-value[100;no-advertise]"

+---------------+---------+--------------------------------------------+----------+
|  IP Address   |  Result |                   Reason                   | Rollback |
|               |         |                                            | reason   |
+---------------+---------+--------------------------------------------+----------|
| 10.139.44.159 | Failed  | Failed to create community list for        |          |
|               |         | comm1 on the device 10.139.44.159.         |          |
|               |         | Reason: For seq 5: netconf rpc [error]     |          |
|               |         | '%Error: Same filter is already configured |          |
|               |         | with sequencenumber 30.'                   |          |
+---------------+---------+--------------------------------------------+----------+
| 10.139.44.163 | Rollback|                                            |          |
+---------------+---------+--------------------------------------------+----------+
Device Results
On 10.139.44.159:
show running-config ip community-list
ip community-list standard comm1 seq 30 action permit 100 no-advertise
  3. Run the following command to delete a community list. 
     efa policy community-list delete [flags]
 
Flags:
      --name string   Name of the community list.
      --type string   Type of the community list. Valid options are standard, extended.
      --seq string    Sequence numbers. For example 5,10,20 or all
    • The CLI deletes the standard community list rules on all devices for the name, type, and sequence number provided and then deletes the community list rules from XCO.
    • Pre-validation is done for seq IDs provided or for all sequence ids in case of 'all'. If any out-of-band, seq ID is provided in the request (or 'all' is specified and any out-of-band seq ID exists), the operation is errored out without proceeding to remove config from device or XCO DB.
    • You must either provide only XCO managed seq IDs in the CLI or REST request or remove the out-of-band seq IDs from device and execute the CLI or REST request again.
    Example:
    efa policy community-list delete --name commExt1 --seq all --type standard
+---------------------+---------+--------+
| Community List Name | Seq num | Action |
+---------------------+---------+--------+
| commExt1            | 1       | permit |
+---------------------+---------+--------+
| commExt1            | 2       | permit |
+---------------------+---------+--------+
| commExt1            | 3       | permit |
+---------------------+---------+--------+
Community List details
+---------------+---------+--------------+----------+
| IP Address    | Result  |    Reason    | Rollback |
|               |         |              | reason   |
+---------------+---------+--------------+----------+
| 10.139.44.159 | Success |              |          |
+---------------+---------+--------------+----------+
| 10.139.44.163 | Success |              |          |
+---------------+---------+--------------+----------+
Device Results
  4. Run the following command to show a community list. 
    efa policy community-list list [flags]
 
Flags:
      --ip string     Comma separated range of device IP addresses. Example: 1.1.1.1-3,1.1.1.2,2.2.2.2
      --name string   Name of the community list.
      --type string   Type of the community list. Valid options are standard, extended
    Example,
    efa policy community-list list

Community list details:
 
Name: clist1
Seq: 5
Action: deny
StdValue: 50:125 internet local-as no-advertise
ExtValue:
 
Name: clist1
Seq: 15
Action: deny
StdValue: 50:125 local-as
ExtValue:

Name: clist2
Seq: 1
Action: permit
StdValue:
ExtValue: _2000_

efa policy community-list list –-type standard –-ip 10.20.246.29-30
 
Community list details:
 
Name: clist1
Seq: 5
Action: deny
StdValue: 50:125 internet local-as no-advertise
ExtValue:
 
Name: clist1
Seq: 15
Action: deny
StdValue: 50:125 local-as
ExtValue:
 
IP Addresses:
+--------+-----+--------------+-------------+
|  Name  | Seq |  IP Address  |  App State  |
+--------+-----+--------------+-------------+
| clist1 | 5   | 10.20.246.29 | cfg-in-sync |
+--------+-----+--------------+-------------+
| clist1 | 5   | 10.20.246.30 | cfg-in-sync |
+--------+-----+--------------+-------------+
| clist1 | 15  | 10.20.246.29 | cfg-in-sync |
+--------+-----+--------------+-------------+
| clist1 | 15  | 10.20.246.30 | cfg-in-sync |
+--------+-----+--------------+-------------+
9038968-00 Rev AB