Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL Sequence Number Help

Hi,

We have an ISR 3825 with the latest 12.4T running as our perimeter router.  We use sequence numbers to organize the ingress ACL.  For example, 200 to 2000 sequence numbers are to block prefixes from xxx country, 2100 to 4000 sequence numbers are for yyy country, etc.  Configuration is saved.

After I rebooted the router, I noticed that all my sequence numbers were resetted to default!  I found this documentation in CCO:

"Sequence numbers are not nvgened. That is, the sequence numbers themselves are not saved. In the event that the system is reloaded, the configured sequence numbers revert to the default sequence starting number and increment. The function is provided for backward compatibility with software releases that do not support sequence numbering."

It is hard for me to accept this answer.  Do you guys also see this issue?  Is there a way to retain your own sequence number organization after the reboot?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: ACL Sequence Number Help

kevin.hu wrote:

Hi,

We have an ISR 3825 with the latest 12.4T running as our perimeter router.  We use sequence numbers to organize the ingress ACL.  For example, 200 to 2000 sequence numbers are to block prefixes from xxx country, 2100 to 4000 sequence numbers are for yyy country, etc.  Configuration is saved.

After I rebooted the router, I noticed that all my sequence numbers were resetted to default!  I found this documentation in CCO:

"Sequence numbers are not nvgened. That is, the sequence numbers themselves are not saved. In the event that the system is reloaded, the configured sequence numbers revert to the default sequence starting number and increment. The function is provided for backward compatibility with software releases that do not support sequence numbering."

It is hard for me to accept this answer.  Do you guys also see this issue?  Is there a way to retain your own sequence number organization after the reboot?

Thanks.

Kevin

Sequence numbers are only used to allow you to insert additional lines without having to redo the whole access-list. If you want to organize your acl you should look at object-groups which your version of IOS should support. Object-groups would allow you to have groups of IPs per country and then use them in your acl -

12.4T IOS object-groups

Jon

2 REPLIES
Hall of Fame Super Blue

Re: ACL Sequence Number Help

kevin.hu wrote:

Hi,

We have an ISR 3825 with the latest 12.4T running as our perimeter router.  We use sequence numbers to organize the ingress ACL.  For example, 200 to 2000 sequence numbers are to block prefixes from xxx country, 2100 to 4000 sequence numbers are for yyy country, etc.  Configuration is saved.

After I rebooted the router, I noticed that all my sequence numbers were resetted to default!  I found this documentation in CCO:

"Sequence numbers are not nvgened. That is, the sequence numbers themselves are not saved. In the event that the system is reloaded, the configured sequence numbers revert to the default sequence starting number and increment. The function is provided for backward compatibility with software releases that do not support sequence numbering."

It is hard for me to accept this answer.  Do you guys also see this issue?  Is there a way to retain your own sequence number organization after the reboot?

Thanks.

Kevin

Sequence numbers are only used to allow you to insert additional lines without having to redo the whole access-list. If you want to organize your acl you should look at object-groups which your version of IOS should support. Object-groups would allow you to have groups of IPs per country and then use them in your acl -

12.4T IOS object-groups

Jon

New Member

Re: ACL Sequence Number Help

Thanks Jon.  It is exactly what I am looking for.

Kevin

685
Views
0
Helpful
2
Replies