Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACL Manager : Changes in Classes don't result in different output

Hello,

when I add something to an existing Class without changing the ACE that is using that definition then "Edit ACE, Expand" does show new entries, but the generated "Delta config" does not include that (I can reproduce that !). When I delete that ACEs and enter the same again then the access-list is generated properly. If I have several ACEs using a changed class then I have to delete and reenter them all. This way the ACL Manager (version 1.3) is not very useful. Am I doing something wrong ? Is there a workaround ?

Any hints would be appreciated. Thank you very much.

3 REPLIES
Cisco Employee

Re: ACL Manager : Changes in Classes don't result in different o

Here is how the changes done to a class should be propagated to the devices.

Modify the class definition. If the class has been used in ACLs and if they have been downloaded to devices, you will find the "Device uses" for the class. You can see "device uses" for a class by expanding the class on the left view. As soon as you modify the class, validity of the device uses for each device/ACL will turn false. This is an indication that the class has changed and changes need to be propagated to the devices. Now, select the device uses that has validity set to false, do mouse right-click and invoke the option "synch network classes". This option lets you propagate the class definition changes to all the devices that have been selected. Follow the on screen instructions to create a download job. Refer to the "Using class manager" chapter in online help of ACL Manager. Let me know if anything is not clear. bkganesh@cisco.com

Thanks,

Ganesh.

ACL Manager team.

Community Member

Re: ACL Manager : Changes in Classes don't result in different o

Dear Ganesh,

when I do a right click then it says "Network class instances have been synced in a temporyry scenario. Download the scenario now ?". When I say "yes" then the "Schedule Config Download Job" window appears. But because there is no "Modified device" I can't download anything. If I say "no" then I can save a temporary scenario, but in any case "Network Class Instance Valid" stays false.

What am I doing wrong ? Thank you very much for your answer.

Bernd

Cisco Employee

Re: ACL Manager : Changes in Classes don't result in different o

Hello Bernd,

This can happen if the ACEs that are supposed to contain the network class don't really contain them. You can check this by choosing to save the temporary scenario that you get by saying "no" to "Network class instances have been synced in a temporyry scenario. Download the scenario now?". It will then ask you for a name. Once you have finished saving the scenario, open it and locate the ACLs whose ACEs are supposed to contain the network class. Please cross check if the ACEs indeed contain the network class. If they don't, something is wrong. You can open a TAC case for this and we can take it up from there.

Another possibility is as follows:

ACL Manager removes duplicate ACEs from an ACL. If the change to your network class is such that it results in a duplicate ACE in relation to another ace that is already present, you really won't see the change since there is no change.

Thanks,

Ganesh.

ACL Manager team.

91
Views
0
Helpful
3
Replies
CreatePlease to create content