Forum Discussion
k_kirchev_28437
Nimbostratus
NimbostratusImport Cisco ACL(2000+ rows) from Cisco ACE to F5
Hello guys,
through last few months I have been looking for scenario how to upload/implement/import Cisco ACL to F5. I have been looking here and found like 5,10 Cisco ACLs articles but none of them is working for me.
So the problem is this:
I am migrating old Cisco ACE contexts to new client's F5 i5000 series vCMPs. I was preparing this for a couple of months since I had Cisco ACE configs provided. Everything with implementation of first context worked fine. I created vlans,trunks,vCMP, provisioning, configure vCMP itself etc. Also I have used Cisco provided scripts which are from 2015. And in fact for LTM they are not 100% effective. However I managed to configure what was left manually.
But now I come to the next context/vCMP where I have more than 2000 rows of ACL regarding some printers access. I was looking for solution of this but still without any result.
Interesting thing is that I have request from client if I could implement ACL to F5 directly from pre-defined/created list in .csv format. It could be text or xml whatever. Also this list will change in time. Is there any option for this ? Could it be done through tmsh? Some script?
Please help.
k_kirchev_28437Yes, in fact Packet Filters was my first thought but when I tested with a small amount of rules I gave up. It is difficult and hard to manage.
- k_kirchev_28437
Hi Y,
this is interesting approach. But lab license is not a option I think. It is a serious enterprise client and I do not it is appropriate. However I will have discussion about this because it sounds as option. Or at least test with AFM from F5 for 1 month.
Thank you!!
Julio_NavarroCirrostratus
https://devcentral.f5.com/s/feed/0D51T00006i7d0nSAA