Forum Discussion

k_kirchev_28437's avatar
k_kirchev_28437
Icon for Nimbostratus rankNimbostratus
Dec 20, 2017

Import Cisco ACL(2000+ rows) from Cisco ACE to F5

Hello guys,

 

through last few months I have been looking for scenario how to upload/implement/import Cisco ACL to F5. I have been looking here and found like 5,10 Cisco ACLs articles but none of them is working for me.

 

So the problem is this:

 

I am migrating old Cisco ACE contexts to new client's F5 i5000 series vCMPs. I was preparing this for a couple of months since I had Cisco ACE configs provided. Everything with implementation of first context worked fine. I created vlans,trunks,vCMP, provisioning, configure vCMP itself etc. Also I have used Cisco provided scripts which are from 2015. And in fact for LTM they are not 100% effective. However I managed to configure what was left manually.

 

But now I come to the next context/vCMP where I have more than 2000 rows of ACL regarding some printers access. I was looking for solution of this but still without any result.

 

Interesting thing is that I have request from client if I could implement ACL to F5 directly from pre-defined/created list in .csv format. It could be text or xml whatever. Also this list will change in time. Is there any option for this ? Could it be done through tmsh? Some script?

 

Please help.

 

  • Yes, in fact Packet Filters was my first thought but when I tested with a small amount of rules I gave up. It is difficult and hard to manage.

     

  • Hi Y,

     

    this is interesting approach. But lab license is not a option I think. It is a serious enterprise client and I do not it is appropriate. However I will have discussion about this because it sounds as option. Or at least test with AFM from F5 for 1 month.

     

    Thank you!!