Make the icmpv6 protocol options available for cisco.nxos.nxos_acls like they are for cisco.iosxr.iosxr_acls

[digitalfiend64]

SUMMARY

Make the icmpv6 protocol options available for cisco.nxos.nxos_acls like they are for cisco.iosxr.iosxr_acls

ISSUE TYPE

• Feature Idea Currently only cisco.iosxr.iosxr.acls module supports icmpv6 and the protocol options. We have some requests from our customers to use these fields for nxos as well

COMPONENT NAME

cisco.nxos.nxos_acls

ADDITIONAL INFORMATION

The feature would allow me to use icmp options that are available in the command line for nxos but it does not recognize it in fact gathering or is there away to apply it with the cisco.nxos.nxos.acl module. Below is the nxos example acl ace. 40 permit icmp any any nd-ns

When that line is added to the acl the fact gathering doesn’t show any protocol options and it can’t be configured in the module.

    -   destination:
            any: true
        grant: permit
        protocol: icmp
        sequence: 30
        source:
            any: true

Below is what the IOSXR config looks like.

acls:
        -   acls:
            -   aces:
                -   destination:
                        any: true
                    grant: permit
                    protocol: icmpv6 
                    protocol_options:
                        icmpv6:
                            nd_na: true
                    sequence: 30
                    source:
                        any: true

[NilashishC]

@digitalfiend64 Could you please confirm if the following options are being requested in this RFE?

nxos-936(config)# ipv6 access-list ACL1
nxos-936(config-ipv6-acl)# 10 permit icmp any any ?
  <CR>                     
  <0-255>                  ICMPv6 message type
  beyond-scope             Destination beyond scope
  destination-unreachable  Destination address is unreachable
  dscp                     Match packets with given dscp value & Mask
  echo-reply               Echo reply
  echo-request             Echo request (ping)
  fragments                Check non-initial fragments
  header                   Parameter header problems
  hop-limit                Hop limit exceeded in transit
  mld-query                Multicast Listener Discovery Query
  mld-reduction            Multicast Listener Discovery Reduction
  mld-report               Multicast Listener Discovery Report
  mldv2                    Multicast Listener Discovery Protocol
  nd-na                    Neighbor discovery neighbor advertisements
  nd-ns                    Neighbor discovery neighbor solicitations
  next-header              Parameter next header problems
  no-admin                 Administration prohibited destination
  no-route                 No route to destination
  packet-length            Match packets based on layer 3 packet length
  packet-too-big           Packet too big
  parameter-option         Parameter option problems
  parameter-problem        All parameter problems
  port-unreachable         Port unreachable
  reassembly-timeout       Reassembly timeout
  redirect                 Redirect to interface(s). Syntax example: redirect Ethernet1/1,Ethernet1/2,port-channel1
  redirect                 Neighbor redirect
  renum-command            Router renumbering command
  renum-result             Router renumbering result
  renum-seq-number         Router renumbering sequence number reset
  router-advertisement     Neighbor discovery router advertisements
  router-renumbering       All router renumbering
  router-solicitation      Neighbor discovery router solicitations
  time-exceeded            All time exceeded
  time-range               Specify a time range
  udf                      User defined field match
  unreachable              All unreachable
  vlan                     Configure match based on vlan
  log                      Log matches against this entry
  telemetry_path           IPT enabled
  telemetry_queue          Flow of interest for BDC/HDC