[rancid] Re: Rancid Access-lists

john heasley heas at shrubbery.net
Fri Feb 15 21:48:30 UTC 2008 

The following rancid.conf knob has been added, beginning with 2.3.2a8, to
affect the ACL sorting,


# if ACLSORT is NO, access-lists will NOT be sorted.
#ACLSORT=YES; export ACLSORT

> John -
>         Spending more time looking at this, the config lines could be 
> moved without impacting any functionality.  Due to the nature of the 
> router it has several locations that if it receives traffic from it drops 
> it, if it has any other traffic it's supposed to log.  This is simply in 
> place to reduce log volume.  It's currently not having that much of an 
> impact other than sending an auditor scrambling and causing a caveat for 
> router restores.
> 
> access-list 122 deny   ip any any log
> access-list 122 deny   ip <removed> any
> access-list 122 deny   ip <removed> any
> access-list 122 deny   ip <removed> any
> access-list 122 deny   ip <removed> any
> access-list 122 deny   ip <removed> any
> access-list 122 deny   ip <removed> any
> access-list 122 deny   ip <removed> any
> 
> I also have several ACL's that are optimized by packet hits given the 
> large amount of traffic and RANCID sorts those as well.  So these aren't 
> necessarily functional problems so much as performance and audit issues. I 
> suppose I can hack up the script to turn this off, but I'd imagine other 
> people might possibly run into the same problem.  Thanks,
> 
> Mark
> 
> mark_scheuber at mgic.com
> 
> 
> 
> john heasley <heas at shrubbery.net> 
> Sent by: owner-rancid-discuss at shrubbery.net
> 05/10/2005 10:22 PM
> 
> To
> Mark Scheuber <Mark_Scheuber at mgic.com>
> cc
> rancid-discuss at shrubbery.net
> Subject
> Re: Rancid Access-lists
> 
> 
> 
> 
> 
> 
> Tue, May 10, 2005 at 03:22:43PM -0500, Mark Scheuber:
> > Hi, I'm having a rather odd problem with RANCID.  It's apparently 
> sorting 
> > my Cisco  ACL's by IP which is bad to say the least.  I'm just wondering 
> 
> > if anyone else has experienced this or knew of a way to shut this off? 
> 
> rancid sorts a few of the ACL "types", but not all.  there are no knobs
> to adjust this behavior.
> 
> I thought that we only adjusted those which could be without buggering it.
> example, please?
>

More information about the Rancid-discuss mailing list