Python Cisco IOS ACL compare output to variable

Question

I am trying to compare two ACL's. The first is on the router and the second is a string listed below. I am trying to compare to see if an update that was pushed to multiple machines made it.

As you can see below.. when both get printed to screen they have different formats and I am not sure how to fix that.

output = net_connect.send_command("show run | se access-list extended Pc_acl")

This results in

ip access-list extended pc_acl
 permit icmp any any
 permit udp any any eq bootps
 permit udp any host 224.0.1.2 eq 1985
 permit udp 192.168.1.128 0.0.0.31 object-group Pc_DNS eq domain
 permit tcp 192.168.1.128 0.0.0.31 object-group Proxy eq 8085
 permit udp 192.168.1.128 0.0.0.31 any eq 3268
 permit udp 192.168.1.128 0.0.0.31 any eq 445 log
 permit tcp 192.168.1.128 0.0.0.31 any eq 138
 permit tcp 192.168.1.128 0.0.0.31 object-group Pc_DC
 permit tcp 192.168.1.128 0.0.0.31 object-group SOT eq 5494
 permit tcp 192.168.1.128 0.0.0.31 object-group SOT eq 443
 permit tcp 192.168.1.128 0.0.0.31 host 10.100.34.31 eq 3389
 permit tcp 192.168.1.128 0.0.0.31 eq 3389 host 10.100.34.31
 permit tcp 192.168.1.128 0.0.0.31 host 10.1.24.69 eq 443
 permit tcp 192.168.1.128 0.0.0.31 host 10.51.5.56 eq 8731
 deny   ip any any

I try to compare it to

accessVar = ('ip access-list extended pc_acl\n' \
    ' permit icmp any any\n' \
    ' permit udp any any eq bootps\n' \
    ' permit udp any host 224.0.1.2 eq 1985\n' \
    ' permit udp ',ipList,'128 0.0.0.31 object-group Pc_DNS eq domain\n' \
    ' permit tcp ',ipList,'128 0.0.0.31 object-group Proxy eq 8085\n' \
    ' permit udp ',ipList,'128 0.0.0.31 any eq 3268\n' \
    ' permit udp ',ipList,'128 0.0.0.31 any eq 445 log\n' \
    ' permit tcp ',ipList,'128 0.0.0.31 any eq 138\n' \
    ' permit tcp ',ipList,'128 0.0.0.31 object-group Franchise_DC\n' \
    ' permit tcp ',ipList,'128 0.0.0.31 object-group SOT eq 5494\n' \
    ' permit tcp ',ipList,'128 0.0.0.31 object-group SOT eq 443\n' \
    ' permit tcp ',ipList,'128 0.0.0.31 host 10.10.34.31 eq 3389\n' \
    ' permit tcp ',ipList,'128 0.0.0.31 eq 3389 host 10.10.34.31\n' \
    ' permit tcp ',ipList,'128 0.0.0.31 host 10.1.24.69 eq 443\n' \
    ' permit tcp ',ipList,'128 0.0.0.31 host 10.51.5.56 eq 8731\n' \
    ' deny   ip any any')

but prints out to

print(accessVar)

('ip access-list extended pc_acl\n permit icmp any any\n permit udp any any eq bootps\n permit udp any host 224.0.1.2 eq 1985\n permit udp ', '192.168.1.', '128 0.0.0.31 object-group Pc_DNS eq domain\n permit tcp ', '192.168.1.', '128 0.0.0.31 object-group Proxy eq 8085\n permit udp ', '192.168.1.', '128 0.0.0.31 any eq 3268\n permit udp ', '192.168.1.', '128 0.0.0.31 any eq 445 log\n permit tcp ', '192.168.1.', '128 0.0.0.31 any eq 138\n permit tcp ', '192.168.1.', '128 0.0.0.31 object-group Franchise_DC\n permit tcp ', '192.168.1.', '128 0.0.0.31 object-group SOT eq 5494\n permit tcp ', '192.168.1.', '128 0.0.0.31 object-group SOT eq 443\n permit tcp ', '192.168.1.', '128 0.0.0.31 host 10.10.34.31 eq 3389\n permit tcp ', '192.168.1.', '128 0.0.0.31 eq 3389 host 10.10.34.31\n permit tcp ', '192.168.1.', '128 0.0.0.31 host 10.1.24.69 eq 443\n permit tcp ', '192.168.1.', '128 0.0.0.31 host 10.51.5.56 eq 8731\n deny   ip any any')

Any help would be appreciated!

score 0 · Answer 1 · answered May 18 '21 at 13:36

0

Figured it out.

I took the output that I was getting from the command and sent it to a list.
Printed out the list to see the format and recreated the variable that I was checking against as a list with the same formatting.

answered May 18 '21 at 13:36

jmyths

37
5

Python Cisco IOS ACL compare output to variable

1 Answers1