[rancid] cisco-xr ASR9K and numbered ACL's

Jos buoy at clear.net.nz
Wed Oct 15 07:59:08 UTC 2014 

Hi Guys

Thanks to you both for the replies. I should have mentioned I’ve tried the
ACL-SORT option being disabled/enabled in config without seeing any
success, I had this line in rancid.conf:

# if ACLSORT is NO, access-lists will NOT be sorted.
ACLSORT=NO; export ACLSORT
#

I have tried removing “export ACLSORT” with no luck either.


I have 4 or 5 ASR9K’s running 4.3.x and all do the same thing. Perhaps a
better example is this one:

Rancid backs up this:
ipv4 access-list name
 permit ipv4 any 166
 remark the below subnet is currently not in use
 permit ipv4 any 166

What we have configured is:
ipv4 access-list name
 10 permit ipv4 any 166.1xx.xx.xx/28
 20 remark the below subnet is currently not in use
 30 permit ipv4 any 166.1xx.xx.xxx/28


 - so the rancid backup leaves a bit to be desired here I think.

I have:
expect version 5.44.1.15
This is on centos 6.5, I had the packaged version of rancid installed, an
old 2.3.8 or something but then grabbed 3.1 and compiled it and have
removed the package.


Thanks for all your help with this, I can share more config if you let me
know what exactly.

Cheers, Jos


On 15/10/14 18:27, "heasley" <heas at shrubbery.net> wrote:

>Wed, Oct 15, 2014 at 07:22:23AM +0200, Alan McKinnon:
>> > Rancid collected config:
>> > ipv4 access-list no-rfc1918
>> >  remark Deny traffic to RFC 1918
>> >  deny ipv4 10.0.0.0/8 any
>> >  deny ipv4 any 10
>> >  deny ipv4 172.16.0.0/12 any
>> >  deny ipv4 any 172
>> >  deny ipv4 192.168.0.0/16 any
>> >  deny ipv4 any 192
>> >  permit ipv4 any any
>> > 
>> > 
>> > A minor problem where the ACL is obvious as above, but this is the
>> > exception.
>> > Can someone suggest a good fix or workaround for this please
>>(preferably
>> > without changing the ASR9K config), I trust it affects others with
>>this
>> > sort of config?
>> > I can see earlier posts mention xrrancid but can’t find that in our
>>3.1
>> > install.
>> 
>> This appears to be rancid's acl renumbering, which is the designed
>> behaviour for good reasons.
>
>I dont think so; yes its removing the line numbers, but its botching every
>other line.
>_______________________________________________
>Rancid-discuss mailing list
>Rancid-discuss at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo/rancid-discuss

More information about the Rancid-discuss mailing list