[rancid] xrrancid destroys ipv[46] ACLs
Erik Wenzel
erik at code.de
Tue Jan 10 16:41:26 UTC 2012
regardless of setting ACLSORT in rancid.conf xrrancid is sorting an ACL like:
---snip---
#sh ipv4 access-lists eriktest-v4
ipv4 access-list eriktest-v4
1 remark erik
10 remark tests
100 remark acls
1000 deny ipv4 any any
#sh ipv6 access-lists eriktest
ipv6 access-list eriktest
1 remark erik
10 remark tests
100 remark acls
1000 deny ipv6 any any
---snip---
to:
---snip---
[…]
deny ipv6 any any
ipv6 access-list eriktest
1 remark erik
10 remark tests
100 remark acls
[…]
!
deny ipv4 any any
ipv4 access-list eriktest-v4
1 remark erik
10 remark tests
100 remark acls
!
[…]
---snip---
… in rancid backup. This is completely useless. This can't be used in case of
recovery. I urge everyone who uses xrrancid and sequence numbers to verify their
ACLs in CVS. My workaround is to comment out line 1022-1037. Can someone who is
using IOS-XR in this setup confirm this behavior?
xrrancid version string: $Id: xrrancid.in 2264 2010-11-04 23:35:17Z heas $
--
Erik Wenzel
erik at code.de
More information about the Rancid-discuss
mailing list