Skip to content

vladimirs-git/cisco-acl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

101 Commits
cisco_acl
cisco_acl
 
 
docs
docs
 
 
examples
examples
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CHANGELOG.rst
CHANGELOG.rst
 
 
LICENSE.txt
LICENSE.txt
 
 
README.rst
README.rst
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

cisco-acl

Python package to parse and manage Cisco ACL (Access Control List).

Supported platforms:

  • Cisco IOS (tested on ISR4331/K9, IOS XE version 16.09.06)
  • Cisco Nexus NX-OS (tested on N3K-C3172TQ-XL, NXOS version 7.0(3)I7(8))

Main features:

  • Supports wildcards, converts wildcards to prefixes
  • Supports uni-dimensional address groups (address-group inside other address-group is not supported)
  • Represents TCP/UDP ports and IP protocols as numbers or well-known names
  • Converts IOS syntax to NX-OS and vice vera
  • Generates sequence numbers for ACEs
  • Looks for and removes ACEs in the shadow (rules without hits)
  • Groups ACEs to blocks. After sorting, the order of ACEs within a group does not change

Contents

Acronyms

Acronym Definition
ACL Access Control List
ACE Access Control Entry
ACEs Multiple Access Control Entries

Requirements

Python >=3.8,<3.12

Installation

Install the package from pypi.org release

pip install cisco-acl

or install the package from github.com release

pip install https://github.com/vladimirs-git/cisco-acl/archive/refs/tags/3.3.5.tar.gz

or install the package from github.com repository

pip install git+https://github.com/vladimirs-git/cisco-acl

acls()

cisco_acl.acls(config, kwargs) Creates Acl objects based on the "show running-config" output. Support address group objects. Each ACE line is treated as an independent Ace (default) or ACE lines can be grouped to AceGroup by text in remarks (param group_by)

Parameter Type Description
config str Cisco config, "show running-config" output
platform str Platform: "ios" (default), "nxos"
version str Software version, default is "0".
names List[str] Parses only ACLs with specified names, skips any other
max_ncwb int Max count of non-contiguous wildcard bits
indent str ACE lines indentation (default " ")
protocol_nr bool Well-known ip protocols as numbers, True - all ip protocols as numbers, False - well-known ip protocols as names (default)
port_nr bool Well-known TCP/UDP ports as numbers, True - all tcp/udp ports as numbers, False - well-known tcp/udp ports as names (default)
group_by str Startswith in remark line. ACEs group, starting from the Remark, where line startswith group_by, will be applied to the same AceGroup, until next Remark that also startswith group_by
Return
List of Acl objects

Examples

./examples/functions_acls.py

aces()

cisco_acl.aces(config, kwargs) Creates Ace objects based on the "show running-config" output

Parameter Type Description
config str Cisco config, "show running-config" output
platform str Platform: "ios" (default), "nxos"
version str Software version, default is "0".
max_ncwb int Max count of non-contiguous wildcard bits
protocol_nr bool Well-known ip protocols as numbers, True - all ip protocols as numbers, False - well-known ip protocols as names (default)
port_nr bool Well-known TCP/UDP ports as numbers, True - all tcp/udp ports as numbers, False - well-known tcp/udp ports as names (default)
group_by str Startswith in remark line. ACEs group, starting from the Remark, where line startswith group_by, will be applied to the same AceGroup, until next Remark that also startswith group_by
Return
List of Ace objects

Examples

./examples/functions_aces.py

addrgroups()

cisco_acl.addrgroups(config, kwargs) Creates AddrGroup objects based on the "show running-config" output

Parameter Type Description
config str Cisco config, "show running-config" output
platform str Platform: "ios" (default), "nxos"
version str Software version, default is "0".
max_ncwb int Max count of non-contiguous wildcard bits
indent str ACE lines indentation (default " ")
Return
List of AddrGroup objects

range_ports()

cisco_acl.range_ports(srcports, dstports, line, platform, port_nr) Generates ACEs in required range of TCP/UDP source/destination ports

Parameter Type Description
srcports str Range of TCP/UDP source ports
dstports str Range of TCP/UDP destination ports
line str ACE pattern, on whose basis new ACEs will be generated (default "permit tcp any any", operator "eq")
platform str Platform: "ios" (default), "nxos"
version str Software version, default is "0".
port_nr bool Well-known TCP/UDP ports as numbers, True - all tcp/udp ports as numbers, False - well-known tcp/udp ports as names (default)
Return
List of newly generated ACE lines

Examples

./examples/functions_range_ports.py

range_protocols()

cisco_acl.range_protocols(protocols, line, platform, protocol_nr) Generates ACEs in required range of IP protocols

Parameter Type Description
protocols str Range of IP protocols
line str ACE pattern, on whose basis new ACEs will be generated (default "permit ip any any")
platform str Platform: "ios" (default), "nxos"
version str Software version, default is "0".
protocol_nr bool Well-known ip protocols as numbers, True - all ip protocols as numbers, False - well-known ip protocols as names (default)
Return
List of newly generated ACE lines

Examples

./examples/functions_range_protocols.py

Objects

Documentation of objects for deep-code divers

./docs/objects.rst

About

Python package to parse and manage Cisco ACLs

Topics

ios cisco acl nexus nxos nx-os cisco-ios pyrhon

Resources

Readme

License

Apache-2.0 license
Activity

Stars

15 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases 16

3.2.4 (2024-04-01) Latest
Apr 1, 2024
+ 15 releases

Packages

No packages published

Languages