Is there a way to represent logical grouping for networks?

[stavr666]

I asking about Cisco's Object Groups and similar concepts for other vendors.

We'd like to move all our network documentation from Wiki to Netbox. Biggest part of it - IP addressing, where we have subnets, VLANs and Objects Groups associated to each other.
So, we have no problems with subnets and VLANs, it's documented, connected, and now can be monitored and automated. But we struggle to create all ACL related docs in Netbox, including nested relationships of Object Groups. Is there any way? Someone dealt with it successfully?

[mtinberg]

There is an ACL plugin to Netbox on Github, I haven't spent time with it so I can't vouch for it but it might have exactly what you need https://github.com/netbox-community/netbox/wiki/Plugins — Mark Tinberg ***@***.***> Division of Information Technology-Network Services University of Wisconsin-Madison

…

________________________________ From: stavr666 ***@***.***> Sent: Wednesday, April 19, 2023 3:15 AM To: netbox-community/netbox ***@***.***> Cc: Subscribed ***@***.***> Subject: [netbox-community/netbox] Is there a way to represent logical grouping for networks? (Discussion #12294) I asking about Cisco's Object Groups<https://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html> and similar concepts for other vendors. We'd like to move all our network documentation from Wiki to Netbox. Biggest part of it - IP addressing, where we have subnets, VLANs and Objects Groups associated to each other. So, we have no problems with subnets and VLANs, it's documented, connected, and now can be monitored and automated. But we struggle to create all ACL related docs in Netbox, including nested relationships of Object Groups. Is there any way? Someone dealt with it successfully? — Reply to this email directly, view it on GitHub<#12294>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAS7UM3CXJW5YUS6BEGA6O3XB6NINANCNFSM6AAAAAAXDWLOMQ>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[stavr666]

There is an ACL plugin to Netbox on Github

ACLs from RyanMerolle looks useful for simple rules and testing purposes.
But as far as I can see in screenshots, it uses "prefix"+"port" combinations. No groups, no services, i.e. no any abstraction level.

Also, it looks like single rule binds to single device. Not very useful in any HA-scenario. Not useful at all, when we have more than 5000 net devices with replicated ACLs.