From: P729 (p729@cox.net)
Date: Tue Sep 10 2002 - 03:25:04 GMT-3
Sequence numbers would be nice for specifying explicit order. Even nested
includes, route-map or access expression style access-group control would
help. Must be a huge code path penalty for nesting, but now with compiled
ACLs...hmmm.
Regards,
Mas Kato
https://ecardfile.com/id/mkato
----- Original Message -----
From: "Manny Gonzalez" <gonzalu@nyp.org>
To: "David C Prall" <dcp@dcptech.com>
Cc: "CCIE Lab groupstudy.com" <ccielab@groupstudy.com>
Sent: Sunday, September 08, 2002 10:34 PM
Subject: Re: New IOS Feature Request
Not a problem, concentrate on the "feature" part, not the problem. Forget
the
problem... I am not trying to solve the problem ... it is a new feature
request. :-)
If you have never run into a buffer underrun or not getting a whole paste to
a
router via a certain method (terminal, console, telnet, etc.) then you have
not
been playing with enough combinations of routers/terminals/unix/windows,
etc.
:-) All do respect but it has happened, and it will happen.
I ask for the feature because, hey, what if you have only a single line to
paste, not 10000, no need to do the special temrinal, with 300ms delay, blah
blah blah stuff. If you fat finger it, you are screwed no matter how fast
and
effective the transfer.
With my suggested compound list, you NEVER MESS with the permit all lines...
just the denys or permits in the middle... this way you can screw up
anything,
but general traffic should never be affected.
Do you get what I am trying to say? I am not trying to get help solving a
specific problem. I know how to get a bunch of lines in to a router :-))) It
is
for those special times when you just fuck up!!
Manny
David C Prall wrote:
> Why not just change the CPS (Characters Per Second) sent via the Serial
Port
> within your application. Configure the new ACL and then flip it on the
> interface and delete the original. I use Tera Term with a delay of 300msec
> per line, I've been able to paste 10,000 line configs via the console
> without any issues. It does take a little longer, but it works.
>
> David
>
> --
> David C Prall dcp@dcptech.com http://dcp.dcptech.com
>
>>-----Original Message-----
>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>>Manny Gonzalez
>>Sent: Wednesday, September 04, 2002 1:57 AM
>>To: ccielab@groupstudy.com
>>Subject: New IOS Feature Request
>>
>>
>>Because of issues with a constantly updated ACL on a router and
>>my humongous fat
>>fingers, I am recommending/asking/suggesting a new feature in IOS:
>>
>>Compound Access Lists
>>
>>What are they? Well, you sort of setup a multiple set of ACL's
>>that you then tie
>>into the interface in the order you wish. The beauty of it is
>>that if you change
>>some things all the time, and some others MUST be the same (like
>>the ALLOW ALL
>>at the bottom) You can be safe that the allow all at the bottom,
>>if on one of
>>the compund lists, will not get broken.
>>
>>Here is a more detailed explanation:
>>
>>Current Setup.
>>
>>Interface Ethernet1/0
>>ip access-group internet-inbound in
>>!
>>ip access-list extended internet-inbound
>>deny 1.2.3.4 any
>>deny 2.3.4.5 any
>>deny 3.4.5.6 any
>>permit 130.130.0.0 0.0.255.255 any
>>
>>If I paste this list in, and somehow the buffer gets overloaded
>>(think HUGE LIST
>>in real routers :-)) and the last line does not make it, and you
>>don't catch it
>>(yes, I do this a lot more than I care to admit) or whatever
>>happens, you're
>>screwed.
>>
>>Compound list way
>>-----------------
>>Interface Ethernet1/0
>>ip access-group internet-inbound-01 in
>>ip access-group internet-inbound-02 in
>>!
>>ip access-list extended internet-inbound-01
>>deny 1.2.3.4 any
>>deny 2.3.4.5 any
>>deny 3.4.5.6 any
>>ip access-list extended internet-inbound-02
>>permit 130.130.0.0 0.0.255.255 any
>>
>>The router still treats it like a regular list (as if it were one
>>list... ) but
>>it parses them separately. If I fat finger the portion that needs
>>constant
>>updating, so what, general traffic is unaffected. The order under
>>the interface
>>is critical and will follow the rule of last entered, last in sequence.
>>
>>Comments?
>>--
>>_______________________________________________
>>Manny Gonzalez ..................... CCIE# 9013
>>CORE Resources ....... NY Presbyterian Hospital
--
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:48 GMT-3