From: Manny Gonzalez (gonzalu@nyp.org)
Date: Mon Sep 09 2002 - 02:34:42 GMT-3
Not a problem, concentrate on the "feature" part, not the problem. Forget the
problem... I am not trying to solve the problem ... it is a new feature request. :-)
If you have never run into a buffer underrun or not getting a whole paste to a
router via a certain method (terminal, console, telnet, etc.) then you have not
been playing with enough combinations of routers/terminals/unix/windows, etc.
:-) All do respect but it has happened, and it will happen.
I ask for the feature because, hey, what if you have only a single line to
paste, not 10000, no need to do the special temrinal, with 300ms delay, blah
blah blah stuff. If you fat finger it, you are screwed no matter how fast and
effective the transfer.
With my suggested compound list, you NEVER MESS with the permit all lines...
just the denys or permits in the middle... this way you can screw up anything,
but general traffic should never be affected.
Do you get what I am trying to say? I am not trying to get help solving a
specific problem. I know how to get a bunch of lines in to a router :-))) It is
for those special times when you just fuck up!!
Manny
David C Prall wrote:
> Why not just change the CPS (Characters Per Second) sent via the Serial Port
> within your application. Configure the new ACL and then flip it on the
> interface and delete the original. I use Tera Term with a delay of 300msec
> per line, I've been able to paste 10,000 line configs via the console
> without any issues. It does take a little longer, but it works.
>
> David
>
> --
> David C Prall dcp@dcptech.com http://dcp.dcptech.com
>
>>-----Original Message-----
>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>>Manny Gonzalez
>>Sent: Wednesday, September 04, 2002 1:57 AM
>>To: ccielab@groupstudy.com
>>Subject: New IOS Feature Request
>>
>>
>>Because of issues with a constantly updated ACL on a router and
>>my humongous fat
>>fingers, I am recommending/asking/suggesting a new feature in IOS:
>>
>>Compound Access Lists
>>
>>What are they? Well, you sort of setup a multiple set of ACL's
>>that you then tie
>>into the interface in the order you wish. The beauty of it is
>>that if you change
>>some things all the time, and some others MUST be the same (like
>>the ALLOW ALL
>>at the bottom) You can be safe that the allow all at the bottom,
>>if on one of
>>the compund lists, will not get broken.
>>
>>Here is a more detailed explanation:
>>
>>Current Setup.
>>
>>Interface Ethernet1/0
>>ip access-group internet-inbound in
>>!
>>ip access-list extended internet-inbound
>>deny 1.2.3.4 any
>>deny 2.3.4.5 any
>>deny 3.4.5.6 any
>>permit 130.130.0.0 0.0.255.255 any
>>
>>If I paste this list in, and somehow the buffer gets overloaded
>>(think HUGE LIST
>>in real routers :-)) and the last line does not make it, and you
>>don't catch it
>>(yes, I do this a lot more than I care to admit) or whatever
>>happens, you're
>>screwed.
>>
>>Compound list way
>>-----------------
>>Interface Ethernet1/0
>>ip access-group internet-inbound-01 in
>>ip access-group internet-inbound-02 in
>>!
>>ip access-list extended internet-inbound-01
>>deny 1.2.3.4 any
>>deny 2.3.4.5 any
>>deny 3.4.5.6 any
>>ip access-list extended internet-inbound-02
>>permit 130.130.0.0 0.0.255.255 any
>>
>>The router still treats it like a regular list (as if it were one
>>list... ) but
>>it parses them separately. If I fat finger the portion that needs
>>constant
>>updating, so what, general traffic is unaffected. The order under
>>the interface
>>is critical and will follow the rule of last entered, last in sequence.
>>
>>Comments?
>>--
>>_______________________________________________
>>Manny Gonzalez ..................... CCIE# 9013
>>CORE Resources ....... NY Presbyterian Hospital
--
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:48 GMT-3