Re: ACL fewest numbers of lines

From: W. Alan Robertson (warobertson@xxxxxxxxxxxxx)
Date: Thu Jul 18 2002 - 11:25:04 GMT-3

• Next message: yakout esmat: "RE: EIGRP /IGRP"
• Previous message: Snow, Mark: "RE: Opinions on Cisco Interactive Mentor"
• Maybe in reply to: Alex: "ACL fewest numbers of lines"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
You can skirt around that gotcha as well, by using "reload at XX:XX"
or "reload in XX". I do this whenever I'm making non-trivial changes
to a non-local router. Modifying access-lists certainly falls into
the non-trivial category.

----- Original Message -----
From: <Ian.C.Stong@mail.sprint.com>
To: <ccielab@groupstudy.com>
Sent: Thursday, July 18, 2002 9:32 AM
Subject: RE: ACL fewest numbers of lines

> One other trick I've used to prevent the inevitable lockout due to
> removing/adding an ACL is to create 2 identical ACL's but with
different
> numbers (or names). Then you edit one and apply it. If you mess up
and
> get locked out you have the original access list that will kick in
once
> you reboot (you wouldn't have saved your changes yet because you
were
> locked out). The main gotcha is you have to have someone near or
at
> the site to reload the router.
>
>
> -----Original Message-----
> From: brian [mailto:brian@5g.net]
> Sent: Wednesday, July 17, 2002 11:09 PM
> To: ccielab
> Subject: RE: ACL fewest numbers of lines
>
>
> Yes it's pretty useful with large access-list to edit them in a text
> file that is saved on a tftp server. It's also nice to have remote
> console access to your routers so you don't have to worry about
being
> knocked off. That's of course providing that you don't type "line
con 0"
> "no exec"... ;-)
>
> If I ever actually had to reload a router during work hours I would
just
> do a "test crash" and blame it on the IOS ;-) Not that I would ever
do
> something like that but helps me from having to update my resume.
>
> Brian Dennis, CCIE #2210 (R&S/ISP Dial)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Manny Gonzalez
> Sent: Wednesday, July 17, 2002 6:43 PM
> To: ccielab@groupstudy.com
> Subject: Re: ACL fewest numbers of lines
>
> On our Internet Edge routers we have a very sensitive ACL that needs
> changin
> often. When I work from home, I SSH in, but I can't make live
changes to
> the
> ACLs because I get locked out for the reasons we talked about here.
>
> So I simply create my ACL (taking care of adding the NO to it on
top)
> and then
> TFTPing it to flash.
>
> Then, I do a copy flash tftp, I get kicked out, wait a few, SSH back
in
> and I
> have my router back. Works like a charm always.
>
> I like the reload trick, but, never on an edge router :-)) My resume
is
> outdated
> hahaha

• Next message: yakout esmat: "RE: EIGRP /IGRP"
• Previous message: Snow, Mark: "RE: Opinions on Cisco Interactive Mentor"
• Maybe in reply to: Alex: "ACL fewest numbers of lines"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:35 GMT-3