The following rancid.conf knob has been added, beginning with 2.3.2a8, to
# if ACLSORT is NO, access-lists will NOT be sorted.
Post by Mark ScheuberJohn -
Spending more time looking at this, the config lines could be
moved without impacting any functionality. Due to the nature of the
router it has several locations that if it receives traffic from it drops
it, if it has any other traffic it's supposed to log. This is simply in
place to reduce log volume. It's currently not having that much of an
impact other than sending an auditor scrambling and causing a caveat for
router restores.
access-list 122 deny ip any any log
access-list 122 deny ip <removed> any
access-list 122 deny ip <removed> any
access-list 122 deny ip <removed> any
access-list 122 deny ip <removed> any
access-list 122 deny ip <removed> any
access-list 122 deny ip <removed> any
access-list 122 deny ip <removed> any
I also have several ACL's that are optimized by packet hits given the
large amount of traffic and RANCID sorts those as well. So these aren't
necessarily functional problems so much as performance and audit issues. I
suppose I can hack up the script to turn this off, but I'd imagine other
people might possibly run into the same problem. Thanks,
Mark
05/10/2005 10:22 PM
To
cc
Subject
Re: Rancid Access-lists
Post by Mark ScheuberHi, I'm having a rather odd problem with RANCID. It's apparently
sorting
Post by Mark Scheubermy Cisco ACL's by IP which is bad to say the least. I'm just wondering
if anyone else has experienced this or knew of a way to shut this off?
rancid sorts a few of the ACL "types", but not all. there are no knobs
to adjust this behavior.
I thought that we only adjusted those which could be without buggering it.
example, please?