Configure Standard Community List

Before you begin

  • Ensure that the community list name begins with an alphabet followed by one or more alphanumeric characters.
  • Ensure that the community list rule is inside single or double quotes.
  • If the community list is not associated with a device, the created community rules are stored in EFA DB only. If the community list is already associated with a device, the created rules are also pushed to the devices in addition to stored in DB.

Procedure

  1. Run the following command to create a standard community list. 
    efa policy community-list create [flags]
 
Flags:
      --name string        Name of the community list.
      --type string        Type of the community list. Valid options are standard, extended
      --rule stringArray   Rule in format seq[seq-num],action[permit/deny],std-value[<1-4294967295>|<AA:NN, AA & NN is 2 bytes>|internet|local-as|no-export|no-advertise] (or) ext-value[regular expression]. 
  
Example: "seq[5],action[permit],std-value[6550:125;local-as;internet]" (or)    "seq[4],action[deny],ext-value[^65000:.*_]"
    Example:
    efa policy community-list create –-name comm1 –-type standard –-rule "seq[5],action[permit],std-value[100;11:22;local-as;no-export]"

+-----------+-----+--------+--------------------+-------+
| Community | Seq | Action |     Std Value      | Ext   |
| List Name | num |        |                    | Value |
+-----------+-----+--------+--------------------+-------+
| comm-prye | 55  | permit | 100 11:22          |       |
|           |     |        | local-as no-export |       |
+-----------+-----+--------+--------------------+-------+
Community List details
+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results

efa policy community-list create –-name stdext1 –-type extended –-rule "seq[5],action[permit],ext-value[_2000_]"

+---------------------+---------+--------+-----------+-----------+
| Community List Name | Seq num | Action | Std Value | Ext Value |
+---------------------+---------+--------+-----------+-----------+
| stdext1             | 5       | permit |           | _2000_    |
+---------------------+---------+--------+-----------+-----------+
Community List details
+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results
  2. Run the following command to update a community list. 
    efa policy community-list update [flags]
 
Flags:
      --name string        Name of the community list.
      --type string        Type of the community list. Valid options are standard, extended
      --rule string        Rule in format seq[seq-num],action[permit/deny],std-value[<1-4294967295>|<AA:NN, AA & NN is 2 bytes>|internet|local-as|no-export|no-advertise] (or) ext-value[regular expression]. Example: seq[5],action[permit],std-value[6550:125;local-as;internet] (or) seq[4],action[deny],ext-value[^65000:.*_]
      --operation string   Valid options are update-rule, add-device, remove-device
      --ip string          Comma separated range of device IP addresses. Example: "1.1.1.1-3","1.1.1.2","2.2.2.2"
    Example:
    • Add Device
      efa policy community-list update --name stdext1 --type extended --operation add-device --ip 10.20.246.29-30
+---------------------+---------+--------+-----------+-----------+
| Community List Name | Seq num | Action | Std Value | Ext Value |
+---------------------+---------+--------+-----------+-----------+
| stdext1             | 4       | deny   |           | _1000_    |
+---------------------+---------+--------+-----------+-----------+
| stdext1             | 5       | permit |           | _2000_    |
+---------------------+---------+--------+-----------+-----------+
| stdext1             | 7       | deny   |           | _3000_    |
+---------------------+---------+--------+-----------+-----------+
Community List details
+--------------+---------+--------+-----------------+
|  IP Address  | Result  | Reason | Rollback reason |
+--------------+---------+--------+-----------------+
| 10.20.246.29 | Success |        |                 |
+--------------+---------+--------+-----------------+
| 10.20.246.30 | Success |        |                 |
+--------------+---------+--------+-----------------+
Device Results

show running-config ip community-list
ip community-list extended stdext1 seq 4 deny _1000_
ip community-list extended stdext1 seq 5 permit _2000_
ip community-list extended stdext1 seq 7 deny _3000_
      Verify the switch configuration on SLX devices.
      SLX# show running-config ip community-list
ip community-list standard comm1 seq 5 permit 0:100 11:22 local-as no-export
ip community-list extended commExt1 seq 3 permit _30000_
    • Delete Device
      efa policy community-list update --name comm1 --type standard --operation remove-device --ip 10.20.63.140-141
+---------------------+---------+--------+-----------+-----------+
| Community List Name | Seq num | Action | Std Value | Ext Value |
+---------------------+---------+--------+-----------+-----------+
| comm1               | 3       | permit | 65:12     |           |
+---------------------+---------+--------+-----------+-----------+
Community List details
+--------------+---------+--------+-----------------+
|  IP Address  | Result  | Reason | Rollback reason |
+--------------+---------+--------+-----------------+
| 10.20.63.140 | Success |        |                 |
+--------------+---------+--------+-----------------+
| 10.20.63.141 | Success |        |                 |
+--------------+---------+--------+-----------------+
Device Results
    • Update rule
      efa policy community-list update --name commExt1 --type extended --operation update-rule --rule "seq[1],action[permit],ext-value[_30000_]"
+---------------------+---------+--------+
| Community List Name | Seq num | Action |
+---------------------+---------+--------+
| commExt1            | 1       | permit |
+---------------------+---------+--------+
Community List details
+---------------+----------+---------------------------------------+----------+
|  IP Address   |  Result  |                 Reason                | Rollback |
|               |          |                                       | reason   |
+---------------+----------+---------------------------------------+----------+
| 10.139.44.159 | Success  |                                       |          |
+---------------+----------+---------------------------------------+----------+
| 10.139.44.163 | Success  |                                       |          |
+---------------+----------+---------------------------------------+----------+
Device Results

On 10.139.44.159:
show running-config ip community-list
ip community-list extended commExt1 seq 30 action permit _30000_

efa policy community-list update –-name comm1 –-type standard –-operation update-rule "–-rule seq[5]","action[permit]","std-value[100;no-advertise]"

+---------------+---------+--------------------------------------------+----------+
|  IP Address   |  Result |                   Reason                   | Rollback |
|               |         |                                            | reason   |
+---------------+---------+--------------------------------------------+----------|
| 10.139.44.159 | Failed  | Failed to create community list for        |          |
|               |         | comm1 on the device 10.139.44.159.         |          |
|               |         | Reason: For seq 5: netconf rpc [error]     |          |
|               |         | '%Error: Same filter is already configured |          |
|               |         | with sequencenumber 30.'                   |          |
+---------------+---------+--------------------------------------------+----------+
| 10.139.44.163 | Rollback|                                            |          |
+---------------+---------+--------------------------------------------+----------+
Device Results
On 10.139.44.159:
show running-config ip community-list
ip community-list standard comm1 seq 30 action permit 100 no-advertise
  3. Run the following command to delete a community list. 
     efa policy community-list delete [flags]
 
Flags:
      --name string   Name of the community list.
      --type string   Type of the community list. Valid options are standard, extended.
      --seq string    Sequence numbers. For example 5,10,20 or all
    • The CLI deletes the standard community list rules on all devices for the name, type, and sequence number provided and then deletes the community list rules from EFA.
    • Pre-validation is done for seq IDs provided or for all sequence ids in case of 'all'. If any out-of-band, seq ID is provided in the request (or 'all' is specified and any out-of-band seq ID exists), the operation is errored out without proceeding to remove config from device or EFA DB.
    • You must either provide only EFA managed seq IDs in the CLI or REST request or remove the out-of-band seq IDs from device and execute the CLI or REST request again.
    Example:
    efa policy community-list delete --name commExt1 --seq all --type standard
+---------------------+---------+--------+
| Community List Name | Seq num | Action |
+---------------------+---------+--------+
| commExt1            | 1       | permit |
+---------------------+---------+--------+
| commExt1            | 2       | permit |
+---------------------+---------+--------+
| commExt1            | 3       | permit |
+---------------------+---------+--------+
Community List details
+---------------+---------+--------------+----------+
| IP Address    | Result  |    Reason    | Rollback |
|               |         |              | reason   |
+---------------+---------+--------------+----------+
| 10.139.44.159 | Success |              |          |
+---------------+---------+--------------+----------+
| 10.139.44.163 | Success |              |          |
+---------------+---------+--------------+----------+
Device Results
  4. Run the following command to show a community list. 
    efa policy community-list list [flags]
 
Flags:
      --ip string     Comma separated range of device IP addresses. Example: 1.1.1.1-3,1.1.1.2,2.2.2.2
      --name string   Name of the community list.
      --type string   Type of the community list. Valid options are standard, extended
    Example,
    efa policy community-list list

Community list details:
 
Name: clist1
Seq: 5
Action: deny
StdValue: 50:125 internet local-as no-advertise
ExtValue:
 
Name: clist1
Seq: 15
Action: deny
StdValue: 50:125 local-as
ExtValue:

Name: clist2
Seq: 1
Action: permit
StdValue:
ExtValue: _2000_

efa policy community-list list –-type standard –-ip 10.20.246.29-30
 
Community list details:
 
Name: clist1
Seq: 5
Action: deny
StdValue: 50:125 internet local-as no-advertise
ExtValue:
 
Name: clist1
Seq: 15
Action: deny
StdValue: 50:125 local-as
ExtValue:
 
IP Addresses:
+--------+-----+--------------+-------------+
|  Name  | Seq |  IP Address  |  App State  |
+--------+-----+--------------+-------------+
| clist1 | 5   | 10.20.246.29 | cfg-in-sync |
+--------+-----+--------------+-------------+
| clist1 | 5   | 10.20.246.30 | cfg-in-sync |
+--------+-----+--------------+-------------+
| clist1 | 15  | 10.20.246.29 | cfg-in-sync |
+--------+-----+--------------+-------------+
| clist1 | 15  | 10.20.246.30 | cfg-in-sync |
+--------+-----+--------------+-------------+
9037624-00 RevAA