This NQE can be a quick way for you to identify interfaces and subinterfaces with configured ACLs. This could be invaluable from a couple angles: path analysis/troubleshooting and audit.
Check it out! Let me know what you think!
*I put both
where length(acls.inboundAclNames) > 0 && length(acls.outboundAclNames) > 0
and
where length(acls.inboundAclNames) > 0 || length(acls.outboundAclNames) > 0
because I feel both can have benefit in their own circumstances.
foreach device in network.devices
foreach interface in device.interfaces
foreach subinterface in interface.subinterfaces
let acls = subinterface.acls
where length(acls.inboundAclNames) > 0 && length(acls.outboundAclNames) > 0
// where length(acls.inboundAclNames) > 0 || length(acls.outboundAclNames) > 0
select {
deviceName: device.name,
asset: device.tagNames,
interfaceName: interface.name,
subinterfaceName: subinterface.name,
inboundAclNames: acls.inboundAclNames,
outboundAclNames: acls.outboundAclNames
}
