Hi, On Sun, Jan 19, 2020 at 12:39:18PM +0100, Christian Meutes wrote: > if you use ???copy src dst??? then a ???no $something??? line right in the > beginning of a new block of configuration lines (eg. for being used to > first deconfigure the whole ACL block and then to reapply it again) might > miss to apply the ???no ...??? initially first, which will lead to a merge > behavior instead of a full ACL replace. > > This bug not only affects ACLs but other commands as well. Unsure if it is > fixed in newest XE versions. Could this also affect you?
Our ACL config snippets do have
no ip access-list extended FOOBAR
ip access-list extended FOOBAR
permit ...
permit ...
deny ...
end
in them, so yes, this effect would result in "merge" behaviour (which
would very much puzzle me afterwards when looking at the resulting
config diff, I think :-) ).
It does not explain what we currently see - these ACLs have been installed
"from zero", and the resulting running- and startup-config have all the
lines "in". Just the filtering hardware doesn't...
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
