Can anyone tell me if you can use an IF THEN statement in an ePMP Template?
What I am trying to do is enable the layer2 firewall to only allow PPPoE Discovery and Sessions on the LAN port of CPEs configured in bridge mode.
My template to apply the firewall rules and enable the firewall works fine on it's own, but I want to run the template on ALL CPEs on my network but only apply to those that are in Bridge mode.
Here is the template I have tested without success. The template passes json verification, but does not execute the THEN parameters. The log of the CPE shows the following response.
Apr 6 11:14:15 UserName DEVICE-AGENT[3644]: handle_cns_msg: UNKNOWN message 125 received from cnMaestro
Any suggestions?
{
"template_props": {
"templateName": "Bridge Firewall Rules",
"templateDescription": "Allow only PPPoE",
"device_type": "",
"version": "3.5.1"
},
"device_props": {
"if": {"networkMode": "2"},
"then": {
"l2FirewallEnable": "1",
"l2FirewallTable": [{
"l2FirewallEntryName": "Allow PPoE Discovery",
"l2FirewallEntryAction": "1",
"l2FirewallEntryInterface": "2",
"l2FirewallEntryLog": "",
"l2FirewallEntryEtherType": "34915",
"l2FirewallEntryVlanID": "",
"l2FirewallEntrySrcMAC": "",
"l2FirewallEntrySrcMask": "",
"l2FirewallEntryDstMAC": "",
"l2FirewallEntryDstMask": ""
},
{
"l2FirewallEntryName": "Allow PPPoE Data",
"l2FirewallEntryAction": "1",
"l2FirewallEntryInterface": "2",
"l2FirewallEntryLog": "",
"l2FirewallEntryEtherType": "34916",
"l2FirewallEntryVlanID": "",
"l2FirewallEntrySrcMAC": "",
"l2FirewallEntrySrcMask": "",
"l2FirewallEntryDstMAC": "",
"l2FirewallEntryDstMask": ""
},
{
"l2FirewallEntryName": "Drop All Others",
"l2FirewallEntryAction": "0",
"l2FirewallEntryInterface": "2",
"l2FirewallEntryLog": "",
"l2FirewallEntryEtherType": "",
"l2FirewallEntryVlanID": "",
"l2FirewallEntrySrcMAC": "",
"l2FirewallEntrySrcMask": "",
"l2FirewallEntryDstMAC": "",
"l2FirewallEntryDstMask": ""
}
]
}
}
}