03-16-2010 07:34 AM - edited 03-04-2019 07:49 AM
Hi,
We have an ISR 3825 with the latest 12.4T running as our perimeter router. We use sequence numbers to organize the ingress ACL. For example, 200 to 2000 sequence numbers are to block prefixes from xxx country, 2100 to 4000 sequence numbers are for yyy country, etc. Configuration is saved.
After I rebooted the router, I noticed that all my sequence numbers were resetted to default! I found this documentation in CCO:
"Sequence numbers are not nvgened. That is, the sequence numbers themselves are not saved. In the event that the system is reloaded, the configured sequence numbers revert to the default sequence starting number and increment. The function is provided for backward compatibility with software releases that do not support sequence numbering."
It is hard for me to accept this answer. Do you guys also see this issue? Is there a way to retain your own sequence number organization after the reboot?
Thanks.
Solved! Go to Solution.
03-16-2010 07:39 AM
kevin.hu wrote:
Hi,
We have an ISR 3825 with the latest 12.4T running as our perimeter router. We use sequence numbers to organize the ingress ACL. For example, 200 to 2000 sequence numbers are to block prefixes from xxx country, 2100 to 4000 sequence numbers are for yyy country, etc. Configuration is saved.
After I rebooted the router, I noticed that all my sequence numbers were resetted to default! I found this documentation in CCO:
"Sequence numbers are not nvgened. That is, the sequence numbers themselves are not saved. In the event that the system is reloaded, the configured sequence numbers revert to the default sequence starting number and increment. The function is provided for backward compatibility with software releases that do not support sequence numbering."
It is hard for me to accept this answer. Do you guys also see this issue? Is there a way to retain your own sequence number organization after the reboot?
Thanks.
Kevin
Sequence numbers are only used to allow you to insert additional lines without having to redo the whole access-list. If you want to organize your acl you should look at object-groups which your version of IOS should support. Object-groups would allow you to have groups of IPs per country and then use them in your acl -
Jon
03-16-2010 07:39 AM
kevin.hu wrote:
Hi,
We have an ISR 3825 with the latest 12.4T running as our perimeter router. We use sequence numbers to organize the ingress ACL. For example, 200 to 2000 sequence numbers are to block prefixes from xxx country, 2100 to 4000 sequence numbers are for yyy country, etc. Configuration is saved.
After I rebooted the router, I noticed that all my sequence numbers were resetted to default! I found this documentation in CCO:
"Sequence numbers are not nvgened. That is, the sequence numbers themselves are not saved. In the event that the system is reloaded, the configured sequence numbers revert to the default sequence starting number and increment. The function is provided for backward compatibility with software releases that do not support sequence numbering."
It is hard for me to accept this answer. Do you guys also see this issue? Is there a way to retain your own sequence number organization after the reboot?
Thanks.
Kevin
Sequence numbers are only used to allow you to insert additional lines without having to redo the whole access-list. If you want to organize your acl you should look at object-groups which your version of IOS should support. Object-groups would allow you to have groups of IPs per country and then use them in your acl -
Jon
03-16-2010 07:44 AM
Thanks Jon. It is exactly what I am looking for.
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide