Rancid Access-lists

[Mark Scheuber]

John -
        Spending more time looking at this, the config lines could be 
moved without impacting any functionality.  Due to the nature of the 
router it has several locations that if it receives traffic from it drops 
it, if it has any other traffic it's supposed to log.  This is simply in 
place to reduce log volume.  It's currently not having that much of an 
impact other than sending an auditor scrambling and causing a caveat for 
router restores.

access-list 122 deny   ip any any log
access-list 122 deny   ip <removed> any
access-list 122 deny   ip <removed> any
access-list 122 deny   ip <removed> any
access-list 122 deny   ip <removed> any
access-list 122 deny   ip <removed> any
access-list 122 deny   ip <removed> any
access-list 122 deny   ip <removed> any

I also have several ACL's that are optimized by packet hits given the 
large amount of traffic and RANCID sorts those as well.  So these aren't 
necessarily functional problems so much as performance and audit issues. I 
suppose I can hack up the script to turn this off, but I'd imagine other 
people might possibly run into the same problem.  Thanks,

Mark

mark_scheuber at mgic.com



john heasley <heas at shrubbery.net> 
Sent by: owner-rancid-discuss at shrubbery.net
05/10/2005 10:22 PM

To
Mark Scheuber <Mark_Scheuber at mgic.com>
cc
rancid-discuss at shrubbery.net
Subject
Re: Rancid Access-lists






Tue, May 10, 2005 at 03:22:43PM -0500, Mark Scheuber:
> Hi, I'm having a rather odd problem with RANCID.  It's apparently 
sorting 
> my Cisco  ACL's by IP which is bad to say the least.  I'm just wondering 

> if anyone else has experienced this or knew of a way to shut this off? 

rancid sorts a few of the ACL "types", but not all.  there are no knobs
to adjust this behavior.

I thought that we only adjusted those which could be without buggering it.
example, please?