Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1110
Views
0
Helpful
2
Replies

ACL Sequence Number Help

Go to solution
kevin.hu
Level 3
Level 3

‎03-16-2010 07:34 AM - edited ‎03-04-2019 07:49 AM

Hi,

We have an ISR 3825 with the latest 12.4T running as our perimeter router.  We use sequence numbers to organize the ingress ACL.  For example, 200 to 2000 sequence numbers are to block prefixes from xxx country, 2100 to 4000 sequence numbers are for yyy country, etc.  Configuration is saved.

After I rebooted the router, I noticed that all my sequence numbers were resetted to default!  I found this documentation in CCO:

"Sequence numbers are not nvgened. That is, the sequence numbers themselves are not saved. In the event that the system is reloaded, the configured sequence numbers revert to the default sequence starting number and increment. The function is provided for backward compatibility with software releases that do not support sequence numbering."

It is hard for me to accept this answer.  Do you guys also see this issue?  Is there a way to retain your own sequence number organization after the reboot?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-16-2010 07:39 AM 

kevin.hu wrote:
Hi,
We have an ISR 3825 with the latest 12.4T running as our perimeter router.  We use sequence numbers to organize the ingress ACL.  For example, 200 to 2000 sequence numbers are to block prefixes from xxx country, 2100 to 4000 sequence numbers are for yyy country, etc.  Configuration is saved.
After I rebooted the router, I noticed that all my sequence numbers were resetted to default!  I found this documentation in CCO:
"Sequence numbers are not nvgened. That is, the sequence numbers themselves are not saved. In the event that the system is reloaded, the configured sequence numbers revert to the default sequence starting number and increment. The function is provided for backward compatibility with software releases that do not support sequence numbering."
It is hard for me to accept this answer.  Do you guys also see this issue?  Is there a way to retain your own sequence number organization after the reboot?
Thanks.

Kevin

Sequence numbers are only used to allow you to insert additional lines without having to redo the whole access-list. If you want to organize your acl you should look at object-groups which your version of IOS should support. Object-groups would allow you to have groups of IPs per country and then use them in your acl -

12.4T IOS object-groups

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-16-2010 07:39 AM 

kevin.hu wrote:
Hi,
We have an ISR 3825 with the latest 12.4T running as our perimeter router.  We use sequence numbers to organize the ingress ACL.  For example, 200 to 2000 sequence numbers are to block prefixes from xxx country, 2100 to 4000 sequence numbers are for yyy country, etc.  Configuration is saved.
After I rebooted the router, I noticed that all my sequence numbers were resetted to default!  I found this documentation in CCO:
"Sequence numbers are not nvgened. That is, the sequence numbers themselves are not saved. In the event that the system is reloaded, the configured sequence numbers revert to the default sequence starting number and increment. The function is provided for backward compatibility with software releases that do not support sequence numbering."
It is hard for me to accept this answer.  Do you guys also see this issue?  Is there a way to retain your own sequence number organization after the reboot?
Thanks.

Kevin

Sequence numbers are only used to allow you to insert additional lines without having to redo the whole access-list. If you want to organize your acl you should look at object-groups which your version of IOS should support. Object-groups would allow you to have groups of IPs per country and then use them in your acl -

12.4T IOS object-groups

Jon

0 Helpful

Go to solution
kevin.hu
Level 3
Level 3
In response to Jon Marshall

‎03-16-2010 07:44 AM

Thanks Jon.  It is exactly what I am looking for.

Kevin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card