Cisco fix access list template

networktocode · Aug 4, 2023 · 3572809 · 3572809
1 parent bf322cc
commit 3572809
Show file tree

Hide file tree

Showing 4 changed files with 160 additions and 57 deletions.
diff --git a/ntc_templates/templates/cisco_ios_show_access-list.textfsm b/ntc_templates/templates/cisco_ios_show_access-list.textfsm
@@ -1,13 +1,14 @@
 # IOS ACL structure is quite complex.
-#
+# 
 # Extended IP ACL:
 # 	SEQUENCE_NUMBER ACTION PROTOCOL SOURCE [PORT id] [RANGE start finish] DESTINATION [MODIFIER]
 #
 # Standard ACL:
 #	SEQUENCE_NUMBER ACTION SOURCE DESTINATION [MODIFIER]
-#
+#	 
 #
 Value Filldown NAME (\S+)
+Value Filldown TYPE (\S+)
 Value Required SN (\d+)
 Value ACTION (\w+)
 Value PROTOCOL (\w+)
@@ -18,25 +19,25 @@ Value SOURCE (host\s\d+\.\d+\.\d+\.\d+|any|\d+\.\d+\.\d+\.\d+\s\d+\.\d+\.\d+\.\d
 #
 # We can specify protocols to match. 'eq', 'gt', 'lt', 'range' and 'neq' are supported.
 #
-Value PORT (eq|gt|lt|neq|range)
+Value OPERATOR_SOURCE_PORT (eq|gt|lt|neq|range)
+Value OPERATOR_DESTINATION_PORT (eq|gt|lt|neq|range)
 #
 # This can be either a single port or a list.
 #
-Value RANGE ([(\S+\s\S+)]+)
+Value SOURCE_PORT ([\s\S]+)
+Value DESTINATION_PORT ([\s\S]+)
 #
 # DESTINATION RegEx must be able to catch every possible source combination including masks. 'any' and 'host' and 'wildcard bits' are possible too.
-#
+# 
 Value DESTINATION (host\s\d+\.\d+\.\d+\.\d+|any|\d+\.\d+\.\d+\.\d+\s\d+\.\d+\.\d+\.\d+|\d+\.\d+\.\d+\.\d+,\s+wildcard bits\s\d+\.\d+\.\d+\.\d+)
-# MODIFIER "eq ftp" | "log" | "gt 1024"
-Value MODIFIER ((\w+\s)?\w+)
+Value MODIFIER (log|tos normal|eq ftp|gt 1024)
 Value MATCHES (\d+)
 
 Start
-  ^.*list\s+${NAME}
-  ^\s+${SN}\s+${ACTION}\s+${PROTOCOL}\s+${SOURCE}(\s+${PORT})*(\s${RANGE})*\s+${DESTINATION}(\s+${MODIFIER})* -> Record
-  ^\s*${SN}\s+${ACTION}\s+${SOURCE}(\s+${MODIFIER}(\s\(${MATCHES} matches\))?)? -> Record
-  # Capture time-stamp if vty line has command time-stamping turned on
+  ^${TYPE}.*list\s+${NAME}
+  ^\s*${SN}\s+${ACTION}\s+${PROTOCOL}\s+${SOURCE}\s+${OPERATOR_SOURCE_PORT}\s${SOURCE_PORT}\s${DESTINATION}\s${OPERATOR_DESTINATION_PORT}\s${DESTINATION_PORT} -> Record
+  ^\s*${SN}\s+${ACTION}\s+${PROTOCOL}\s+${SOURCE}\s+${DESTINATION}(\s+${OPERATOR_SOURCE_PORT})*(\s${SOURCE_PORT})* -> Record
+  ^\s*${SN}\s+${ACTION}\s+${PROTOCOL}\s+${SOURCE}(\s+${OPERATOR_SOURCE_PORT})*(\s${SOURCE_PORT})*\s+${DESTINATION}(\s+${MODIFIER})*(\s\(*(\s\(${MATCHES}\smatches\))*\smatches\))* -> Record
+  ^\s*${SN}\s+${ACTION}\s+${SOURCE}(\s+${MODIFIER})*(\s\(${MATCHES}\smatches\))* -> Record
   ^Load\s+for\s+
   ^Time\s+source\s+is
-  ^\s*$$
-  ^. -> Error
diff --git a/tests/cisco_ios/show_access-list/cisco_ios_show_access-list.raw b/tests/cisco_ios/show_access-list/cisco_ios_show_access-list.raw
@@ -20,4 +20,7 @@ Extended IP access list ciao
     10 permit tcp any eq www whois uucp domain ident host 10.10.10.10 tos normal
     20 deny tcp any eq www any log
     30 deny tcp any range www domain 10.10.10.10 0.0.0.255
-
+Standard IP access list 10
+    10 permit 192.168.1.0, wildcard bits 0.0.0.255 (5177 matches)
+    16 deny udp host 192.168.1.3 host 192.168.2.12 range 12 15
+    17 deny tcp host 192.168.1.12 eq 12 host 192.168.2.30 eq 40
diff --git a/tests/cisco_ios/show_access-list/cisco_ios_show_access-list.yml b/tests/cisco_ios/show_access-list/cisco_ios_show_access-list.yml
@@ -1,162 +1,249 @@
 ---
 parsed_sample:
   - name: "Virtual-Access1.1#1"
+    type: "Extended"
     sn: "20"
     action: "permit"
     protocol: "icmp"
     source: "host 1.1.1.1"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: "any"
     modifier: ""
     matches: ""
   - name: "Virtual-Access1.1#1"
+    type: "Extended"
     sn: "30"
     action: "deny"
     protocol: "ip"
     source: "host 44.33.66.36"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: "host 1.1.1.1"
     modifier: ""
     matches: ""
   - name: "Virtual-Access1.1#1"
+    type: "Extended"
     sn: "40"
     action: "permit"
     protocol: "udp"
     source: "any"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: "host 1.1.1.1"
     modifier: ""
     matches: ""
   - name: "Virtual-Access1.1#2"
+    type: "Extended"
     sn: "10"
     action: "permit"
     protocol: "igmp"
     source: "any"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: "host 13.1.1.2"
     modifier: ""
     matches: ""
   - name: "Virtual-Access1.1#2"
+    type: "Extended"
     sn: "20"
     action: "permit"
     protocol: "icmp"
     source: "host 13.1.1.2"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: "any"
     modifier: ""
     matches: ""
   - name: "102"
+    type: "Extended"
     sn: "10"
     action: "permit"
     protocol: "tcp"
     source: "any"
-    port: ""
-    range: ""
+    operator_source_port: "eq"
+    operator_destination_port: ""
+    source_port: "ftp"
+    destination_port: ""
     destination: "host 192.168.1.100"
-    modifier: "eq ftp"
+    modifier: ""
     matches: ""
   - name: "102"
+    type: "Extended"
     sn: "20"
     action: "permit"
     protocol: "tcp"
     source: "any"
-    port: ""
-    range: ""
+    operator_source_port: "gt"
+    operator_destination_port: ""
+    source_port: "1024"
+    destination_port: ""
     destination: "host 192.168.1.100"
-    modifier: "gt 1024"
+    modifier: ""
     matches: ""
   - name: "VLAN-TEST"
+    type: "Extended"
     sn: "10"
     action: "permit"
     protocol: "ip"
     source: "any"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: "any"
     modifier: ""
     matches: ""
   - name: "VLAN-TEST"
+    type: "Extended"
     sn: "20"
     action: "deny"
     protocol: "ip"
     source: "any"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: "any"
     modifier: ""
     matches: ""
   - name: "1"
+    type: "Standard"
     sn: "10"
     action: "permit"
     protocol: ""
     source: "10.1.2.3"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: ""
     modifier: "log"
     matches: ""
   - name: "1"
+    type: "Standard"
     sn: "20"
     action: "deny"
     protocol: ""
     source: "10.1.1.1"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: ""
     modifier: ""
     matches: ""
   - name: "1"
+    type: "Standard"
     sn: "30"
     action: "deny"
     protocol: ""
     source: "192.168.1.0, wildcard bits 0.0.0.255"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: ""
     modifier: ""
     matches: ""
   - name: "1"
+    type: "Standard"
     sn: "40"
     action: "deny"
     protocol: ""
     source: "any"
-    port: ""
-    range: ""
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
     destination: ""
     modifier: "log"
     matches: ""
   - name: "ciao"
+    type: "Extended"
     sn: "10"
     action: "permit"
     protocol: "tcp"
     source: "any"
-    port: "eq"
-    range: "www whois uucp domain ident"
+    operator_source_port: "eq"
+    operator_destination_port: ""
+    source_port: "www whois uucp domain ident"
+    destination_port: ""
     destination: "host 10.10.10.10"
     modifier: "tos normal"
     matches: ""
   - name: "ciao"
+    type: "Extended"
     sn: "20"
     action: "deny"
     protocol: "tcp"
     source: "any"
-    port: "eq"
-    range: "www"
+    operator_source_port: "eq"
+    operator_destination_port: ""
+    source_port: "www"
+    destination_port: ""
     destination: "any"
     modifier: "log"
     matches: ""
   - name: "ciao"
+    type: "Extended"
     sn: "30"
     action: "deny"
     protocol: "tcp"
     source: "any"
-    port: "range"
-    range: "www domain"
+    operator_source_port: "range"
+    operator_destination_port: ""
+    source_port: "www domain"
+    destination_port: ""
     destination: "10.10.10.10 0.0.0.255"
     modifier: ""
     matches: ""
+  - name: "10"
+    type: "Standard"
+    sn: "10"
+    action: "permit"
+    protocol: ""
+    source: "192.168.1.0, wildcard bits 0.0.0.255"
+    operator_source_port: ""
+    operator_destination_port: ""
+    source_port: ""
+    destination_port: ""
+    destination: ""
+    modifier: ""
+    matches: "5177"
+  - name: "10"
+    type: "Standard"
+    sn: "16"
+    action: "deny"
+    protocol: "udp"
+    source: "host 192.168.1.3"
+    operator_source_port: "range"
+    operator_destination_port: ""
+    source_port: "12 15"
+    destination_port: ""
+    destination: "host 192.168.2.12"
+    modifier: ""
+    matches: ""
+  - name: "10"
+    type: "Standard"
+    sn: "17"
+    action: "deny"
+    protocol: "tcp"
+    source: "host 192.168.1.12"
+    operator_source_port: "eq"
+    operator_destination_port: "eq"
+    source_port: "12"
+    destination_port: "40"
+    destination: "host 192.168.2.30"
+    modifier: ""
+    matches: ""