I’m struggeling with the exact same problem. Unfortunately, this 3 year old port without any replies is the most useful hit on Google.
Being 2021 I’m looking for how to implement this with Ansible for a variety of reasons - version controlling, ability to generate custom ACL depending on a number of variables and Ansibles dry-run diff functionality.
Any clues on how to progress with this? I expected this to be trivial bread and butter functionality, but I’m stuck from the very beginning.
Does the EXOS platform even support acting as a SCP _server_? I’ve done some rudimentary stuff with Ansible, but I’ve seen no evidence that the Ansible exos_* modules support handling the policy files which is handled outside of the general configuration.
It is possible to use scp2 command on the switch to upload/download .pol files. It is also possible to invoke scp from the outside to the switch. For the former, EXOS Command Reference is great. For the latter, please see Security chapter of EXOS User Guide in Secure Socket Layer section: https://documentation.extremenetworks.com/exos_30.6/downloads/EXOS_User_Guide_30_6.pdf
SFTP could also be used from the outside (later part of the same User Guide chapter):
BTW if it’s about edge switches and XMC is in place as in the original question, has Policy feature been considered?
Hope that helps,
Thanks, this helped me progress a step.
No idea what scp2 is in the Linux world, I used the ubiquitous OpenSSH scp client. In the Linux world, this will upload foo.pol to $HOME
scp foo.pol firstname.lastname@example.org:./foo.pol
Seems like removing the absolute path solved the problem:
scp foo.pol email@example.com:foo.pol
Files seems to end up in /usr/local/cfg so there is some magic happening behind the scenes.
Using the builtin Ansible module copy does not work as Ansible tries to copy the file
to a temp dir.
I had better luck with ansible.netcommon.net_put - the drawback is that this module does not support diff mode.
Any best practice from others? On Junos, this works fantastic.
I have not really looked into using XMC for this - at first glimpse XMC does not have any possibility to generate the policy files from external sources like IPAM/inventory database.
Contact Us:Sam PirokCommunity@extremenetworks.com