Configure Large Community List

You can configure a large community list.

About this task

Follow this procedure to configure a large community list.
  • If the large community list not associated with a device, the configured large community rules will be stored in the Policy service DB.
  • If the large community list is already associated with devices, the configured large community rules will also be pushed to the devices.
  • The large community list configuration supports rollback. The rollback will be attempted on all the associated devices.

For supported commands on large community list, see ExtremeCloud Orchestrator Command Reference, 3.2.1 .

Procedure

  1. Run the following command to create a large community list: 
    efa policy large-community-list create
    Example:
    efa policy large-community-list create –-name lgcomm1 –-type standard –-rule "seq[5],action[permit],std-value[10:10:10;20:20:20]"

+---------------------+---------+--------+-------------------+-----------+
| Community List Name | Seq num | Action |     Std Value     | Ext Value |
+---------------------+---------+--------+-------------------+-----------+
| lgcomm1             | 5       | permit | 10:10:10 20:20:20 |           |
+---------------------+---------+--------+-------------------+-----------+
Community List details
+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results

efa policy large-community-list create –-name lgcommExt1 –-type extended –-rule "seq[5],action[permit],ext-value[_645XX:.*:.*]"

+---------------------+---------+--------+-------------------+--------------- +
| Community List Name | Seq num | Action |     Std Value     |    Ext Value   |
+---------------------+---------+--------+-------------------+----------------+
| lgcommExt1          | 5       | permit |                   |  _645XX:.*:.* |
+---------------------+---------+--------+-------------------+--------------- +
Community List details
+------------+--------+--------+-----------------+
| IP Address | Result | Reason | Rollback reason |
+------------+--------+--------+-----------------+
Device Results

efa policy large-community-list create --name lgcomm1 --type standard --rule "seq[15],action[permit],std-value[10:10:10 20:20:20]"
+---------------------------+---------+--------+-------------------+-----------+
| Large Community List Name | Seq num | Action |     Std Value     | Ext Value |
+---------------------------+---------+--------+-------------------+-----------+
| lgcomm1                   | 15      | permit | 10:10:10 20:20:20 |           |
+---------------------------+---------+--------+-------------------+-----------+
Large Community List details
+---------------+----------+--------------------------------------------------------------+-----------------+
|  IP Address   |  Result  |                            Reason                            | Rollback reason |
+---------------+----------+--------------------------------------------------------------+-----------------+
| 10.139.44.159 | Failed   | Policy lgcomm1 type large-community-list seq# 15 operation   |                 |
|               |          | failed on device 10.139.44.159 due to Reason: For seq        |                 |
|               |          | 15: netconf rpc [error] '%Error: Same filter is already      |                 |
|               |          | configured with sequence number 10.'                         |                 |
+---------------+----------+--------------------------------------------------------------+-----------------+
| 10.139.44.160 | Rollback |                                                              |                 |
+---------------+----------+--------------------------------------------------------------+-----------------+
Device Results
  2. Run the following command to update a large community list: 
    efa policy large-community-list update

    You can use the efa policy large-community-list update command to update (add or remove) devices. Use the update operation to configure or deconfigure the large community list rules on a device or list of devices. The update operation supports rollback for add device where rollback is attempted on failed devices.

    Example:
    • The following is an example of adding a device when you update a large community list:
      efa policy large-community-list update --operation add-device --ip 10.139.44.159 --name lgcomm1 --type standard        
+---------------------------+---------+--------+-------------------+-----------+
| Large Community List Name | Seq num | Action |     Std Value     | Ext Value |
+---------------------------+---------+--------+-------------------+-----------+
| lgcomm1                   | 5       | permit | 10:10:10 20:20:20 |           |
+---------------------------+---------+--------+-------------------+-----------+
| lgcomm1                   | 10      | permit | 30:30:30          |           |
+---------------------------+---------+--------+-------------------+-----------+
Community List details
+---------------+---------+--------+-----------------+
|  IP Address   | Result  | Reason | Rollback reason |
+---------------+---------+--------+-----------------+
| 10.139.44.159 | Success |        |                 |
+---------------+---------+--------+-----------------+
Device Results


efa policy large-community-list update –-name lgcommExt1 –-type extended –-operation add-device --ip 10.139.44.159

+---------------------+---------+--------+----------------------+-----------------+
| Community List Name | Seq num | Action |      Std Value       |    Ext Value.   |
+---------------------+---------+--------+----------------------+-----------------+
| lgcommExt1          | 5       | permit |                    |   645XX:.*:.*  |
+---------------------+---------+--------+----------------------+-----------------+
Community List details
+---------------+---------+--------+-----------------+
|  IP Address   | Result  | Reason | Rollback reason |
+---------------+---------+--------+-----------------+
| 10.139.44.159 | Success |        |                 |
+---------------+---------+--------+-----------------+
Device Results

      The following is an example of a switch configuration on SLX devices:

      SLX# show running-config ip large-community-list
ip large-community-list standard lgcomm1 seq 5 permit 10:10:10 20:20:20
ip large-community-list standard lgcomm1 seq 10 permit 30:30:30
ip large-community-list extended lgcommExt1 seq 5 permit _645XX:.*:.*


efa policy large-community-list update --operation add-device --ip 10.139.44.159-160 --name lgcomm1 --type standard 
+---------------------------+---------+--------+-------------------+-----------+
| Large Community List Name | Seq num | Action |     Std Value     | Ext Value |
+---------------------------+---------+--------+-------------------+-----------+
| lgcomm1                   | 5       | permit | 10:10:10 20:20:20 |           |
+---------------------------+---------+--------+-------------------+-----------+
| lgcomm1                   | 10      | permit | 30:30:30          |           |
+---------------------------+---------+--------+-------------------+-----------+
Community List details
+---------------+---------+--------------------------------------------------------------+-----------------+
|  IP Address   | Result  |                            Reason                            | Rollback reason |
+---------------+---------+--------------------------------------------------------------+-----------------+
| 10.139.44.159 | Success |                                                              |                 |
+---------------+---------+--------------------------------------------------------------+-----------------+
| 10.139.44.160 | Failed  | Policy lgcomm1 type large-community-list seq# 5 operation    |                 |
|               |         | failed on device 10.139.44.160 due to Reason: For seq 10:    |                 |
|               |         | netconf rpc [error] '%Error: An IP Community access-list     |                 |
|               |         | with this name and instance number already exists'           |                 |
+---------------+---------+--------------------------------------------------------------+-----------------+
Device Results
    • The following is an example of removing a device when you update a large community list:
      efa policy large-community-list update –-name lgcomm1 –-type standard –-operation remove-device --ip 10.139.44.159

+---------------------------+---------+--------+-------------------+-----------+
| Large Community List Name | Seq num | Action |     Std Value     | Ext Value |
+---------------------------+---------+--------+-------------------+-----------+
| lgcomm1                   | 5       | permit | 10:10:10 20:20:20 |           |
+---------------------------+---------+--------+-------------------+-----------+
| lgcomm1                   | 10      | permit | 30:30:30          |           |
+---------------------------+---------+--------+-------------------+-----------+
Community List details
+---------------+---------+--------+-----------------+
|  IP Address   | Result  | Reason | Rollback reason |
+---------------+---------+--------+-----------------+
| 10.139.44.159 | Success |        |                 |
+---------------+---------+--------+-----------------+
Device Results
  3. Run the following command to delete a large community list:
    The CLI deletes a large community list rules on all devices for the given type and sequence and then deletes the large community list rules from XCO.
    efa policy large-community-list delete
    The following example deletes a large community list:
    efa policy large-community-list delete --name lgcomm1 --seq all --type standard

+---------------------+---------+--------+-------------------+-----------+
| Community List Name | Seq num | Action |     Std Value     | Ext Value |
+---------------------+---------+--------+-------------------+-----------+
| lgcomm1             | 5       | deny   | 10:10:10 20:20:20 |           |
+---------------------+---------+--------+-------------------+-----------+
| lgcomm1             | 10      | permit | 30:30:30          |           |
+---------------------+---------+--------+-------------------+-----------+
Community List details
+---------------+---------+--------+-----------------+
|  IP Address   | Result  | Reason | Rollback reason |
+---------------+---------+--------+-----------------+
| 10.139.44.159 | Success |        |                 |
+---------------+---------+--------+-----------------+
Device Results
  4. Run the following command to list the large community list for a list of devices or to filter by name or by type: 
    efa policy large-community-list list
    The following example shows the large community list configuration on list of devices:
    efa policy large-community-list list

large community list details:

Name: lgcomm1
Seq: 5
Action: deny
StdValue: 10:10:10 20:20:20
ExtValue: 

Name: lgcomm1
Seq: 10
Action: permit
StdValue: 30:30:30
ExtValue:

Name: lgcommExt1
Seq: 5
Action: permit
StdValue: 
ExtValue: _645XX:.*:.*

efa policy large-community-list list –-type standard –-ip 10.139.44.159

Large community list details: 

Name: lgcomm1
Seq: 5
Action: deny
StdValue: 10:10:10 20:20:20
ExtValue: 

Name: lgcomm1
Seq: 10
Action: permit
StdValue: 30:30:30
ExtValue:

IP Addresses:
+------------+-----+---------------+-----------------+
|    Name    | Seq |  IP Address   |    App State    |
+------------+-----+---------------+-----------------+
| lgcomm1    | 5   | 10.139.44.159 | cfg-in-sync     |
+------------+-----+---------------+-----------------+
| lgcomm1    | 10  | 10.139.44.159 | cfg-in-sync     |
+------------+-----+---------------+-----------------+
9037725-01 RevAA