Configure Extended Community List

Before you begin

  • Ensure that the extended community list (extcommunity-list) name begins with an alphabet followed by one or more alphanumeric characters.
  • Ensure that the extended community list rule is inside single or double quotes.
  • If the extended community list is not associated with a device, the created community rules are stored in EFA DB only. If the excommunity list is already associated with a device, the created community rules are also pushed to the devices and stored in EFA DB.

Procedure

  1. Run the following command to create an extended community list. 
    efa policy extcommunity-list create [flags]
 
Flags:
      --name string        Name of the extended community list.
      --type string        Type of the extended community list. Valid options are standard, extended
      --rule stringArray   Rule in format seq[seq-num],action[permit/deny],rt[ASN:NN|IpAddress:NN, ASN & NN is 2 or 4 bytes],soo[ASN:NN|IpAddress:NN, ASN & NN is 2 or 4 bytes] (or) seq[num],action[permit/deny],ext-value[regular expression]. Example: "seq[5],action[permit],rt[2:300;12.12.13.33:24],soo[12.12.12.0:24;32:124]" or "seq[4],action[deny],ext-value[^65000:.*_]"
    Example:
    efa policy extcommunity-list create --name excommlist-1 --type standard --rule "seq[4],action[permit],soo[10.11.2.3:22]"
efa policy extcommunity-list create --name excommlist-1 --type standard --rule "seq[5],action[deny],rt[1:345]"
efa policy extcommunity-list create --name excommlist-1 --type standard --rule "seq[6],action[permit],rt[1:45],soo[10.11.2.3:22]"
efa policy extcommunity-list create --name excommlist-1 --type standard --rule "seq[7],action[deny],rt[1:345],soo[6:12]"

efa policy extcommunity-list create --name excommlist-2 --type extended --rule "seq[2],action[permit],ext-value[_15000_]"
efa policy extcommunity-list create --name excommlist-2 --type extended --rule "seq[5],action[deny],ext-value[_20000_]"

+--------------------+-----+--------+----+--------------+-------+
| Extended community | Seq | Action | Rt |     Soo      | Ext   |
| list name          | num |        |    |              | Value |
+--------------------+-----+--------+----+--------------+-------+
| excommlist-1       | 4   | permit |    | 10.11.2.3:22 |       |
+--------------------+-----+--------+----+--------------+-------+
Extended community list details
+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results

+--------------------+-----+--------+-------+--------------+-------+
| Extended community | Seq | Action |  Rt   |     Soo      | Ext   |
| list name          | num |        |       |              | Value |
+--------------------+-----+--------+-------+--------------+-------+
| excommlist-1       | 5   | deny   | 1:345 |              |       |
+--------------------+-----+--------+-------+--------------+-------+
Extended community list details
+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results

+--------------------+-----+--------+------+--------------+-------+
| Extended community | Seq | Action |  Rt  |     Soo      | Ext   |
| list name          | num |        |      |              | Value |
+--------------------+-----+--------+------+--------------+-------+
| excommlist-1       | 6   | permit | 1:45 | 10.11.2.3:22 |       |
+--------------------+-----+--------+------+--------------+-------+
Extended community list details
+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results

+--------------------+-----+--------+----+-------+---------+
| Extended community | Seq | Action | Rt |  Soo  | Ext     |
| list name          | num |        |    |       | Value   |
+--------------------+-----+--------+----+-------+---------+
| excommlist-2       | 2   | permit |    |       | _15000_ |
+--------------------+-----+--------+----+-------+---------+
Extended community list details
+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results

+--------------------+-----+--------+----+-----+---------+
| Extended community | Seq | Action | Rt | Soo | Ext     |
| list name          | num |        |    |     | Value   |
+--------------------+-----+--------+----+-----+---------+
| excommlist-2       | 5   | deny   |    |     | _20000_ |
+--------------------+-----+--------+----+-----+---------+
Extended community list details

+--------------------+-----+--------+---+-------------+------+
| Extended community | Seq | Action | Rt|     Soo     | Ext  |
| list name          | num |        |   |             | Value|
+--------------------+-----+--------+---+-------------+------+
| excommlist-1       | 4   | permit |   |10.11.2.3:22 |      |
+--------------------+-----+--------+---+-------------+------+
Extended community list details

+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results
  2. Run the following command to update an extended community list. 
    efa policy extcommunity-list update [flags]
 
Flags:
      --name string        Name of the extended community list.
      --type string        Type of the extended community list. Valid options are standard, extended
      --rule string        Rule in format seq[seq-num],action[permit/deny],rt[ASN:NN|IpAddress:NN, ASN & NN is 2 or 4 bytes],soo[ASN:NN|IpAddress:NN, ASN & NN is 2 or 4 bytes] (or) seq[num],action[permit/deny],ext-value[regular expression]. Example: "seq[5],action[permit],rt[2:300;12.12.13.33:24],soo[12.12.12.0:24;32:124]" or "seq[4],action[deny],ext-value[^65000:.*_]"
      --operation string   Valid options are update-rule, add-device, remove-device
      --ip string          Comma separated range of device IP addresses. Example: 1.1.1.1-3,1.1.1.2,2.2.2.2
    Example:
    • Add Device
      efa policy extcommunity-list update --name excommlist-1 --type standard --operation add-device --ip 10.20.246.29,10.20.246.30

+--------------------+-----+--------+-------+--------------+-------+
| Extended community | Seq | Action |  Rt   |     Soo      | Ext   |
| list name          | num |        |       |              | Value |
+--------------------+-----+--------+-------+--------------+-------+
| excommlist-1       | 4   | permit |       | 10.11.2.3:22 |       |
+--------------------+-----+--------+-------+--------------+-------+
| excommlist-1       | 5   | deny   | 1:345 |              |       |
+--------------------+-----+--------+-------+--------------+-------+
| excommlist-1       | 6   | permit | 1:45  | 10.11.2.3:22 |       |
+--------------------+-----+--------+-------+--------------+-------+
Extended community list details
+--------------+---------+--------+-----------------+
|  IP Address  | Result  | Reason | Rollback reason |
+--------------+---------+--------+-----------------+
| 10.20.246.29 | Success |        |                 |
+--------------+---------+--------+-----------------+
| 10.20.246.30 | Success |        |                 |
+--------------+---------+--------+-----------------+
Device Results


efa policy extcommunity-list update --name excommlist-2 --type extended --operation add-device --ip 10.20.246.29,10.20.246.30
+------------------------------+---------+--------+----+-----+-----------+
| Extended community list name | Seq num | Action | Rt | Soo | Ext Value |
+------------------------------+---------+--------+----+-----+-----------+
| excommlist-2                 | 2       | permit |    |     | _15000_   |
+------------------------------+---------+--------+----+-----+-----------+
| excommlist-2                 | 5       | deny   |    |     | _20000_   |
+------------------------------+---------+--------+----+-----+-----------+
Extended community list details
+--------------+---------+--------+-----------------+
|  IP Address  | Result  | Reason | Rollback reason |
+--------------+---------+--------+-----------------+
| 10.20.246.29 | Success |        |                 |
+--------------+---------+--------+-----------------+
| 10.20.246.30 | Success |        |                 |
+--------------+---------+--------+-----------------+
Device Results
    • Delete Device
      efa policy extcommunity-list update --name excommlist-2 --type extended --operation remove-device --ip 10.20.246.29,10.20.246.30
+------------------------------+---------+-----+---------+
| Extended community | Seq | Action | Rt | Soo | Ext     |
| list name          | num |        |    |     | Value   |
+--------------------+-----+--------+----+-----+---------+
| excommlist-2       | 2   | permit |    |     | _15000_ |
+--------------------+-----+--------+----+-----+---------+
| excommlist-2       | 5   | deny   |    |     | _25000_ |
+--------------------+-----+--------+----+-----+---------+
Extended community list details
+--------------+---------+--------+-----------------+
|  IP Address  | Result  | Reason | Rollback reason |
+--------------+---------+--------+-----------------+
| 10.20.246.29 | Success |        |                 |
+--------------+---------+--------+-----------------+
| 10.20.246.30 | Success |        |                 |
+--------------+---------+--------+-----------------+
Device Results

efa policy extcommunity-list update --name excommlist-1 --type standard --operation remove-device --ip 10.20.246.29,10.20.246.30

+--------------------+-----+--------+-------+--------------+-------+
| Extended community | Seq | Action |  Rt   |     Soo      | Ext   |
| list name          | num |        |       |              | Value |
+--------------------+-----+--------+-------+--------------+-------+
| excommlist-1       | 4   | permit |       | 10.11.2.3:22 |       |
+--------------------+-----+--------+-------+--------------+-------+
| excommlist-1       | 5   | deny   | 1:345 |              |       |
+--------------------+-----+--------+-------+--------------+-------+
| excommlist-1       | 6   | permit | 1:45  | 10.11.2.3:22 |       |
+--------------------+-----+--------+-------+--------------+-------+
Extended community list details
+--------------+--------+------------------------------------+----------+
|  IP Address  | Result |                Reason              | Rollback |
|              |        |                                    | reason   |
+--------------+--------+------------------------------------+----------+
| 10.20.246.29 | Failed | Device 10.20.246.29 not reachable. |          |
|              |        | Please retry after verifying the   |          |
|              |        | inputs and connectivity issues     |          |
+--------------+--------+------------------------------------+----------+
| 10.20.246.30 | Failed | Device 10.20.246.30 not reachable. |          |
|              |        | Please retry after verifying the   |          |
|              |        | inputs and connectivity issues     |          |
+--------------+--------+------------------------------------+----------+
Device Results
    • Update rule
      efa policy extcommunity-list update –-name excommlist-2 –-type extended –-operation update-rule –-rule "seq[5],action[deny],ext-value[_25000_]"

+------------------------------+---------+--------+----+-----+-----------+
| Extended community list name | Seq num | Action | Rt | Soo | Ext Value |
+------------------------------+---------+--------+----+-----+-----------+
| excommlist-2                 | 5       | deny   |    |     | _25000_   |
+------------------------------+---------+--------+----+-----+-----------+
Extended community list details
+--------------+---------+--------+-----------------+
|  IP Address  | Result  | Reason | Rollback reason |
+--------------+---------+--------+-----------------+
| 10.20.246.29 | Success |        |                 |
+--------------+---------+--------+-----------------+
| 10.20.246.30 | Success |        |                 |
+--------------+---------+--------+-----------------+
Device Results

efa policy extcommunity-list update –-name excommlist-1 –-type standard –-operation update-rule –-rule "seq[5],action[permit],rt[0:123],soo[0:12]"

+------------------------------+---------+--------+-------+------+-----------+
| Extended community list name | Seq num | Action |  Rt   | Soo  | Ext Value |
+------------------------------+---------+--------+-------+------+-----------+
| excommlist-1                 | 5       | permit | 0:123 | 0:12 |           |
+------------------------------+---------+--------+-------+------+-----------+
Extended community list details
+--------------+--------+------------------------------------------+---------+
|  IP Address  | Result |                  Reason                  | Rollback|
|              |        |                                          | reason  |
+--------------+--------+------------------------------------------+---------+
| 10.20.246.29 | Failed |Reason: For seq 5: netconf rpc [error]    |         |
|              |        |'"rt 0:123 soo 0:12" is an invalid value.'|         |
+--------------+--------+------------------------------------------+---------+
| 10.20.246.30 | Failed |Reason: For seq 5: netconf rpc [error]    |         |
|              |        |'"rt 0:123 soo 0:12" is an invalid value.'|         |
+--------------+--------+------------------------------------------+---------+
Device Results
  3. Run the following command to delete an extended community list. 
     efa policy extcommunity-list delete [flags]
 
Flags:
      --name string   Name of the extended community list.
      --type string   Type of the extended community list. Valid options are standard, extended.
      --seq string    Sequence numbers. For example 5,10,20 or all
    • The CLI deletes the extended community list rules on all devices for the name, type, and sequence provided and then deletes the extended community list rules from EFA.
    • Pre-validation is done for seq IDs provided or for all sequence IDs in case of 'all'. If any out-of-band and seq ID is provided in the request (or 'all' is specified and any out-of-band seq ID exists), the operation is errored out without proceeding to remove config from device or EFA DB.
    • You must either provide only EFA managed seq IDs in the CLI or REST request or remove the out-of-band seq IDs from device, and then run the CLI or REST request again.
    Example:
    efa policy extcommunity-list delete --name excommlist-2 --type extended --seq all

+------------------------------+--------+--------+----+----+----------+
| Extended community list name | Seq num| Action | Rt |Soo | Ext Value|
+------------------------------+--------+--------+----+----+----------+
| excommlist-2                 | 2      | permit |    |    | _15000_  |
+------------------------------+--------+--------+----+----+----------+
| excommlist-2                 | 5      | deny   |    |    | _25000_  |
+------------------------------+--------+--------+----+----+----------+
Extended community list details
+--------------+---------+--------+-----------------+
|  IP Address  | Result  | Reason | Rollback reason |
+--------------+---------+--------+-----------------+
| 10.20.246.29 | Success |        |                 |
+--------------+---------+--------+-----------------+
| 10.20.246.30 | Success |        |                 |
+--------------+---------+--------+-----------------+
Device Results
  4. Run the following command to list the extended community-list on a list of devices or name or type. 
    efa policy extcommunity-list list [flags]
 
Flags:
      --ip string     Comma separated range of device IP addresses. Example: 1.1.1.1-3,1.1.1.2,2.2.2.2
      --name string   Name of the community list
      --type string   Type of the community list. Valid options are standard, extended
    Example:
    efa policy extcommunity-list list

Extended community list details:


Name: excommlist-1
Seq: 5
Action: permit
Route Target: 1:100 2:200 3:145 4:123
Site of Origin: 1.2.3.4:12 5:400 10.11.12.13:22
ExtValue:
 
Name: excommlist-1
Seq: 6
Action: permit
Route Target: 1:45
Site of Origin: 10.11.2.3:22
ExtValue:
 
Name: excommlist-1
Seq: 9
Action: deny
Route Target: 1:345
Site of Origin: 6:12
ExtValue:
 
Name: excommlist-2
Seq: 2
Action: permit
Route Target:
Site of Origin:
ExtValue: _15000_


efa policy extcommunity-list list --ip 10.20.246.29 --name excommlist-1
 
Extended community list details:
 
Name: excommlist-1
Seq: 6
Action: permit
Route Target: 1:45
Site of Origin: 10.11.2.3:22
ExtValue:
 
Name: excommlist-1
Seq: 9
Action: deny
Route Target: 1:345
Site of Origin: 6:12
ExtValue:

IP Addresses:
+--------------+-----+--------------+-------------+
|     Name     | Seq |  IP Address  |  App State  |
+--------------+-----+--------------+-------------+
| excommlist-1 | 6   | 10.20.246.29 | cfg-in-sync |
+--------------+-----+--------------+-------------+
| excommlist-1 | 9   | 10.20.246.29 | cfg-in-sync |
+--------------+-----+--------------+-------------+

efa policy extcommunity-list list --ip 10.20.246.29 --name excommlist-2
 
Extended community list details:
 
Name: excommlist-2
Seq: 2
Action: permit
Route Target:
Site of Origin:
ExtValue: _15000_
 
Name: excommlist-2
Seq: 5
Action: deny
Route Target:
Site of Origin:
ExtValue: _20000_
 
IP Addresses:
+--------------+-----+--------------+-------------+
|     Name     | Seq |  IP Address  |  App State  |
+--------------+-----+--------------+-------------+
| excommlist-2 | 2   | 10.20.246.29 | cfg-in-sync |
+--------------+-----+--------------+-------------+
| excommlist-2 | 5   | 10.20.246.29 | cfg-in-sync |
+--------------+-----+--------------+-------------+
9037624-00 RevAA