Force Delete OOB Entries from Policy Configuration

You can delete out-of-band (OOB) entries from the XCO database and remove the configuration from associated devices.

About this task

Follow this procedure to force delete OOB entries from policy configuration.

To delete OOB entries for every delete command on a policy type, you can use an optional command line parameter "--force". However, if the command line options contain XCO-managed entries, a warning message appears before you proceed to delete and unconfigure them from the associated devices.

Procedure

To delete all OOB rules associated with community-list “clist-oob” of “standard” type, run the efa policy community-list delete --name clist-oob --type standard –-oob command.

If the sequence numbers are specified and they include both XCO-managed and OOB entries, then all rules that match the provided sequence numbers associated with given community list will be deleted.

efa policy community-list list --type standard --ip 10.20.246.29,10.20.246.30
Name: clist-oob
Seq: 24
Action: deny
StdValue: 10:100 local-as
ExtValue:

Name: clist-oob
Seq: 23
Action: permit
StdValue: local-as
ExtValue:

IP Addresses:
+-----------+-----+--------------+-----------------+
|   Name    | Seq |  IP Address  |    App State    |
+-----------+-----+--------------+-----------------+
| clist-oob | 24  | 10.20.246.29 | cfg-in-sync     |
+-----------+-----+--------------+-----------------+
| clist-oob | 23  | 10.20.246.29 | cfg-not-managed |
+-----------+-----+--------------+-----------------+

To delete all OOB rules of the "extended" type, run the efa policy extcommunity-list delete –name eclist-oob --type extended --seq all –-oob command.

You can also specify the sequence numbers you want to delete from the OOB list. The system will perform basic validation on the provided sequence numbers to ensure that they are associated with the correct community list.

efa policy extcommunity-list list --type extended --ip 10.20.246.29,10.20.246.30
Extended community list details:
Name: eclist-oob
Seq: 4
Action: deny
Route Target:
Site of Origin:
ExtValue: ^65000:.*_
 
Name: extcomm2
Seq: 4
Action: deny
Route Target:
Site of Origin:
ExtValue: ^65000:.*_

IP Addresses:
+------------------+-----+--------------+-----------------+
|       Name       | Seq |  IP Address  |    App State    |
+------------------+-----+--------------+-----------------+
| eclist-oob       | 4   | 10.20.246.29 | cfg-not-managed |
+------------------+-----+--------------+-----------------+
| extcomm2         | 4   | 10.20.246.29 | cfg-in-sync     |
+------------------+-----+--------------+-----------------+

To delete all OOB rules associated with the route map "rmap-oob", run the efa policy route-map delete --name rmap-oob --seq all --oob command.

efa policy route-map list --ip 10.20.246.29 --detail 
Route Map details:
Name: rmap-oob
Seq: 32
Action: permit
Matches:
   match: matchExtcommunityList eclist-oob [cfg-not-managed]
   match: matchCommunityList clist-oob [cfg-not-managed]
   match: matchLargeCommunityList lclist-oob [cfg-not-managed]
Sets:
   set: setLargeCommunityList lclist-oob [cfg-not-managed]
 
Name: rmap1
Seq: 5
Action: permit
Matches:
   match: matchExtcommunityList extcommunitystd1
Sets:
 
Name: rmap1
Seq: 65535
Action: permit
Matches:
Sets:
   set: setCommunityValue 6550:125 internet local-as
 
IP Addresses:
+----------+-------+--------------+-----------------+
|   Name   |  Seq  |  IP Address  |    App State    |
+----------+-------+--------------+-----------------+
| rmap-oob | 32    | 10.20.246.29 | cfg-not-managed |
+----------+-------+--------------+-----------------+
| rmap1    | 5     | 10.20.246.29 | cfg-in-sync     |
+----------+-------+--------------+-----------------+
| rmap1    | 65535 | 10.20.246.29 | cfg-in-sync     |
+----------+-------+--------------+-----------------+

To delete all OOB rules associated with the prefix list "plist-oob", run the efa policy prefix-list delete --type ipv4 --name plist-oob --oob command.

efa policy prefix-list list --type ipv4 --ip 10.20.246.29
 
Prefix-list details:
 
Name: plist-oob
+------+---------+--------+------------+----+----+--------------+-----------------+
| Type | Seq num | Action |   Prefix   | Ge | Le |   DeviceIP   |    AppState     |
+------+---------+--------+------------+----+----+--------------+-----------------+
| ipv4 | 4       | permit | 1.1.1.1/32 |    |    | 10.20.246.29 | cfg-not-managed |
+------+---------+--------+------------+----+----+--------------+-----------------+

To delete all OOB rules associated with the prefix list "plis6t-oob" of IPv6 type, run the efa policy prefix-list delete --type ipv6 --name plist6-oob --oob command.

efa policy prefix-list list --type ipv6 --ip 10.20.246.29
 
Prefix-list details:
 
Name: plist6-oob
+------+---------+--------+---------------+----+----+--------------+-----------------+
| Type | Seq num | Action |    Prefix     | Ge | Le |   DeviceIP   |    AppState     |
+------+---------+--------+---------------+----+----+--------------+-----------------+
| ipv6 | 12      | deny   | 2006:db8::/44 |    |    | 10.20.246.29 | cfg-not-managed |
+------+---------+--------+---------------+----+----+--------------+-----------------+

To delete all OOB rules associated with the large community list "lclist-oob" of standard type, run the efa policy large-community-list delete --name lclist-oob --type standard --seq all –-oob command.

efa policy large-community-list list --type standard --ip 10.20.246.29
 
Large Community list details:
 
Name: lclist-oob
Seq: 12
Action: permit
StdValue: 10:11:12
ExtValue:
 
Name: llist1
Seq: 5
Action: permit
StdValue: 10:20:30 50:60:70
ExtValue:
 
IP Addresses:
+------------+-----+--------------+-----------------+
|    Name    | Seq |  IP Address  |    App State    |
+------------+-----+--------------+-----------------+
| lclist-oob | 12  | 10.20.246.29 | cfg-not-managed |
+------------+-----+--------------+-----------------+
| llist1     | 5   | 10.20.246.29 | cfg-in-sync     |
+------------+-----+--------------+-----------------+

To delete all OOB rules associated with the QoS map "dscp-tc" of "dscp-tc-map" type, run the efa policy qos map delete --name dscp-tc --type dscp-tc-map –-oob command.

✗ efa policy qos map list  --type dscp-tc-map --ip 10.20.246.29-30
QoS map details:
Name: dscp-tc
Type: dscp-tc-map
+------+----+----+
| DSCP | TC | DP |
+------+----+----+
| 0    | 0  | 2  |
+------+----+----+
| 1    | 0  | 2  |
+------+----+----+
| 2    | 0  | 2  |
+------+----+----+
| 3    | 0  | 2  |
+------+----+----+
Name: dscp-tc-oob
Type: dscp-tc-map
+------+----+----+
| DSCP | TC | DP |
+------+----+----+
| 0    | 2  | 2  |
+------+----+----+
| 1    | 2  | 2  |
+------+----+----+
| 2    | 2  | 2  |
+------+----+----+
| 4    | 2  | 2  |
+------+----+----+
| 5    | 2  | 2  |
+------+----+----+
Device Bindings:
+-------------+------+--------------+-----------------+
| dscp-tc     | 62   | 10.20.246.29 | cfg-in-sync     |
+-------------+------+--------------+-----------------+
| dscp-tc     | 62   | 10.20.246.30 | cfg-in-sync     |
+-------------+------+--------------+-----------------+
| dscp-tc     | 63   | 10.20.246.29 | cfg-in-sync     |
+-------------+------+--------------+-----------------+
| dscp-tc     | 63   | 10.20.246.30 | cfg-in-sync     |
+-------------+------+--------------+-----------------+
| dscp-tc-oob | 0    | 10.20.246.29 | cfg-not-managed |
+-------------+------+--------------+-----------------+
| dscp-tc-oob | 1    | 10.20.246.29 | cfg-not-managed |

To delete all OOB rules associated with the QoS map "pcp-tc" of "pcp-tc-map" type, run the efa policy qos map delete --name pcp-tc --type pcp-tc-map –-oob command.

✗ efa policy qos map list  --type pcp-tc-map --ip 10.20.246.29-30

QoS map details: 
Name: pcp-tc
Type: pcp-tc-map
+-----+----+----+
| PCP | TC | DP |
+-----+----+----+
| 0   | 5  | 1  |
+-----+----+----+
| 4   | 5  | 1  |
+-----+----+----+
| 5   | 5  | 1  |
+-----+----+----+
| 6   | 5  | 1  |
+-----+----+----+
 
Name: pcp-tc-oob
Type: pcp-tc-map
+-----+----+----+
| PCP | TC | DP |
+-----+----+----+
| 2   | 3  | 0  |
+-----+----+----+
| 3   | 4  | 0  |
+-----+----+----+
Device Bindings:
+------------+-----+--------------+-----------------+
| pcp-tc     | 6   | 10.20.246.29 | cfg-in-sync     |
+------------+-----+--------------+-----------------+
| pcp-tc     | 6   | 10.20.246.30 | cfg-in-sync     |
+------------+-----+--------------+-----------------+
| pcp-tc-oob | 2   | 10.20.246.29 | cfg-not-managed |
+------------+-----+--------------+-----------------+
| pcp-tc-oob | 3   | 10.20.246.29 | cfg-not-managed |
+------------+-----+--------------+-----------------+

To delete all OOB rules associated with the QoS map "tc-pcp" of "tc-pcp-map" type, run the efa policy qos map delete --name tc-pcp --type tc-pcp-map –-oob command.

✗ efa policy qos map list  --type tc-pcp-map --ip 10.20.246.29-30
Name: tc-pcp
Type: tc-pcp-map
+----+----+-----+
| TC | DP | PCP |
+----+----+-----+
| 5  | 1  | 6   |
+----+----+-----+
 
Name: tc-pcp-oob
Type: tc-pcp-map
+----+----+-----+
| TC | DP | PCP |
+----+----+-----+
| 2  | 0  | 5   |
+----+----+-----+
| 3  | 1  | 4   |
+----+----+-----+

Device Bindings:
+------------+----+----+--------------+-----------------+
|    Name    | TC | DP |  IP Address  |    App State    |
+------------+----+----+--------------+-----------------+
| tc-pcp     | 5  | 1  | 10.20.246.29 | cfg-in-sync     |
+------------+----+----+--------------+-----------------+
| tc-pcp     | 5  | 1  | 10.20.246.30 | cfg-in-sync     |
+------------+----+----+--------------+-----------------+
| tc-pcp-oob | 2  | 0  | 10.20.246.29 | cfg-not-managed |
+------------+----+----+--------------+-----------------+
| tc-pcp-oob | 3  | 1  | 10.20.246.29 | cfg-not-managed |
+------------+----+----+--------------+-----------------+

To delete all OOB rules associated with the QoS service policy map "sp2", run the efa policy qos service-policy-map delete --name sp2 –-oob command.

✗ efa policy qos service-policy-map list --ip 10.20.246.29-30

QoS Service Policy Map details:
+------+-----------------+----------------+---------+
| Name | Strict Priority |  DWRR Weights  |  Class  |
+------+-----------------+----------------+---------+
| sp2  | 4               | 25,25,25,25    | default |
+------+-----------------+----------------+---------+
| sp2  | 4               | 25,25,25,25    | default |
+------+-----------------+----------------+---------+
| sp5  | 3               | 20,20,20,20,20 | default |
+------+-----------------+----------------+---------+
| sp6  | 5               | 50,25,25       | default |
+------+-----------------+----------------+---------+
 
Device Bindings:
+--------------+-----------------+
|  IP Address  |    App State    |
+--------------+-----------------+
| 10.20.246.29 | cfg-in-sync     |
+--------------+-----------------+
| 10.20.246.30 | cfg-in-sync     |
+--------------+-----------------+
| 10.20.246.30 | cfg-not-managed |
+--------------+-----------------+
| 10.20.246.29 | cfg-not-managed |
+--------------+-----------------+
| 10.20.246.30 | cfg-not-managed |
+--------------+-----------------+

Example

efa policy community-list list --type standard --ip 10.20.246.29,10.20.246.30
Name: clist-oob
Seq: 24
Action: deny
StdValue: 10:100 local-as
ExtValue:

Name: clist-oob
Seq: 23
Action: permit
StdValue: local-as
ExtValue:

IP Addresses:
+-----------+-----+--------------+-----------------+
|   Name    | Seq |  IP Address  |    App State    |
+-----------+-----+--------------+-----------------+
| clist-oob | 24  | 10.20.246.29 | cfg-in-sync     |
+-----------+-----+--------------+-----------------+
| clist-oob | 23  | 10.20.246.29 | cfg-not-managed |
+-----------+-----+--------------+-----------------+

efa policy extcommunity-list delete –name eclist-oob --type extended --seq all –-oob

To delete all OOB rules of the "extended" type, use the above command. You can specify the sequence numbers to be deleted from the OOB list. Basic validation is performed on the sequence numbers provided to ensure they are associated with the given community list.

efa policy extcommunity-list list --type extended --ip 10.20.246.29,10.20.246.30
Extended community list details:
Name: eclist-oob
Seq: 4
Action: deny
Route Target:
Site of Origin:
ExtValue: ^65000:.*_
 
Name: extcomm2
Seq: 4
Action: deny
Route Target:
Site of Origin:
ExtValue: ^65000:.*_

IP Addresses:
+------------------+-----+--------------+-----------------+
|       Name       | Seq |  IP Address  |    App State    |
+------------------+-----+--------------+-----------------+
| eclist-oob       | 4   | 10.20.246.29 | cfg-not-managed |
+------------------+-----+--------------+-----------------+
| extcomm2         | 4   | 10.20.246.29 | cfg-in-sync     |
+------------------+-----+--------------+-----------------+
efa policy route-map delete --name rmap-oob --seq all –force
✗ efa policy route-map list --ip 10.20.246.29 --detail 
Route Map details:
Name: rmap-oob
Seq: 32
Action: permit
Matches:
   match: matchExtcommunityList eclist-oob [cfg-not-managed]
   match: matchCommunityList clist-oob [cfg-not-managed]
   match: matchLargeCommunityList lclist-oob [cfg-not-managed]
Sets:
   set: setLargeCommunityList lclist-oob [cfg-not-managed]
 
Name: rmap1
Seq: 5
Action: permit
Matches:
   match: matchExtcommunityList extcommunitystd1
Sets:
 
Name: rmap1
Seq: 65535
Action: permit
Matches:
Sets:
   set: setCommunityValue 6550:125 internet local-as
 
IP Addresses:
+----------+-------+--------------+-----------------+
|   Name   |  Seq  |  IP Address  |    App State    |
+----------+-------+--------------+-----------------+
| rmap-oob | 32    | 10.20.246.29 | cfg-not-managed |
+----------+-------+--------------+-----------------+
| rmap1    | 5     | 10.20.246.29 | cfg-in-sync     |
+----------+-------+--------------+-----------------+
| rmap1    | 65535 | 10.20.246.29 | cfg-in-sync     |
+----------+-------+--------------+-----------------+

efa policy prefix-list delete --type ipv4 --name plist-oob –-oob
✗ efa policy prefix-list list --type ipv4 --ip 10.20.246.29
 
Prefix-list details:
 
Name: plist-oob
+------+---------+--------+------------+----+----+--------------+-----------------+
| Type | Seq num | Action |   Prefix   | Ge | Le |   DeviceIP   |    AppState     |
+------+---------+--------+------------+----+----+--------------+-----------------+
| ipv4 | 4       | permit | 1.1.1.1/32 |    |    | 10.20.246.29 | cfg-not-managed |
+------+---------+--------+------------+----+----+--------------+-----------------+

efa policy prefix-list delete --type ipv6 --name plist6-oob –-oob
✗ efa policy prefix-list list --type ipv6 --ip 10.20.246.29
 
Prefix-list details:
 
Name: plist6-oob
+------+---------+--------+---------------+----+----+--------------+-----------------+
| Type | Seq num | Action |    Prefix     | Ge | Le |   DeviceIP   |    AppState     |
+------+---------+--------+---------------+----+----+--------------+-----------------+
| ipv6 | 12      | deny   | 2006:db8::/44 |    |    | 10.20.246.29 | cfg-not-managed |
+------+---------+--------+---------------+----+----+--------------+-----------------+

efa policy large-community-list delete --name lclist-oob --type standard --seq all –-oob
✗ efa policy large-community-list list --type standard --ip 10.20.246.29
 
Large Community list details:
 
Name: lclist-oob
Seq: 12
Action: permit
StdValue: 10:11:12
ExtValue:
 
Name: llist1
Seq: 5
Action: permit
StdValue: 10:20:30 50:60:70
ExtValue:
 
IP Addresses:
+------------+-----+--------------+-----------------+
|    Name    | Seq |  IP Address  |    App State    |
+------------+-----+--------------+-----------------+
| lclist-oob | 12  | 10.20.246.29 | cfg-not-managed |
+------------+-----+--------------+-----------------+
| llist1     | 5   | 10.20.246.29 | cfg-in-sync     |
+------------+-----+--------------+-----------------+

efa policy qos map delete --name dscp-tc --type dscp-tc-map –-oob