Cisco Nexus 7000

  • Maximilian Louis

    We are currently migrating to Cisco Nexus 7000 using NX-OS.
    Unfortunately the IP-ACLs there are not as they were before.
    As far as i saw, the only difference is, that old lists had an extended in "ip access-list _extended _ randomname" and the new ones only consist of "ip access-list randomname".
    Now i built a shell-script to cut the extended.

    Is there any solution so i dont have to run the script manually every time the policies are compiled?
    Could work by:
    Running the script automatically once comile process is done.
    Adding a new OS in the source.
    Downloading a library/extension that supports NX-OS.

    Any tips how do do that/suggestions what is possible?

  • Mike Horn

    Mike Horn - 2013-02-25

    I believe there are also additional differences between the NX-OS ACLs and IOS ACLs, this includes things like address groups, service groups, etc.  Depending on the complexity of your rules you may run into issues by simply cutting the "extended" keyword.

    Also, in case you are interested the core team that wrote Firewall Builder just announced a commercial product that will include support for NX-OS ACLs.


Log in to post a comment.