Closed earendilfr closed 2 years ago
You can also found bellow the current ACL config on both switches:
#sh run partition access-list
Building configuration...
Current configuration : 505 bytes ! Configuration of Partition - access-list ! ! ! ! ! ip access-list standard ACL-SNMP-RO permit 10.144.10.210 permit 10.176.10.212 permit 10.195.100.210 permit 10.48.15.212 permit 10.12.100.0 0.0.0.255 permit 10.23.241.0 0.0.0.255 permit 10.18.104.0 0.0.0.31 ! access-list 1 deny any access-list 10 permit 10.176.10.218 access-list 10 permit 10.12.100.18 access-list 10 permit 10.195.100.18 ! end
- Working switch
Building configuration...
Current configuration : 573 bytes ! Configuration of Partition - access-list ! ! ! ! ip access-list standard ACL-SNMP-RO permit 10.144.10.210 permit 10.176.10.212 permit 10.195.100.210 permit 10.48.15.212 permit 10.12.100.0 0.0.0.255 permit 10.23.241.0 0.0.0.255 permit 10.18.104.0 0.0.0.31 ! access-list 1 remark Deny all traffic access-list 1 deny any access-list 10 permit 10.176.10.218 access-list 10 permit 10.12.100.18 access-list 10 permit 10.195.100.18 ! end
SUMMARY
When I try to deplay an ACL configuration through ansible, it's work on many switches but seems failed with some switches. The type of switches that failed are:
But it's not failed on all switches of this type...
ISSUE TYPE
COMPONENT NAME
cisco.ios.ios_acls
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
Configure a playbook like bellow to update and replace ACL on switches
Execute the playbook to a failing switches
EXPECTED RESULTS
On a working switch, I have the following output: https://gist.github.com/earendilfr/3952cd9b03e2656a1fe24f192f55e534
ACTUAL RESULTS
You can found the complete error here: https://gist.github.com/earendilfr/3952cd9b03e2656a1fe24f192f55e534 The error message is