Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

iosxe: access-list parser not working correctly with 'log' in ACL entry

See original GitHub issue

On genie 20.1 - on iosxe, when I have an ACL that looks like this (with ‘log’ in the statement), the parser is not working as I would expect.

ip access-list standard 1 deny log permit any

Name 10 is showing as the permit any, and there is no mention of the deny entry.

{ "context_manager": {}, "attributes": null, "commands": null, "connections": null, "info": { "acls": { "meraki-fqdn-dns": { "name": "meraki-fqdn-dns", "type": "ipv4-acl-type" }, "1": { "name": "1", "type": "ipv4-acl-type", "aces": { "10": { "name": "10", "actions": { "forwarding": "permit" }, "matches": { "l3": { "ipv4": { "protocol": "ipv4", "source_ipv4_network": { "any": { "source_ipv4_network": "any" } } } } } } } } } } }

When I remove the ‘log’ word from the ACL, the parser then runs correctly

{ "context_manager": {}, "attributes": null, "commands": null, "connections": null, "info": { "acls": { "meraki-fqdn-dns": { "name": "meraki-fqdn-dns", "type": "ipv4-acl-type" }, "1": { "name": "1", "type": "ipv4-acl-type", "aces": { "20": { "name": "20", "actions": { "forwarding": "permit" }, "matches": { "l3": { "ipv4": { "protocol": "ipv4", "source_ipv4_network": { "any": { "source_ipv4_network": "any" } } } } } }, "10": { "name": "10", "actions": { "forwarding": "deny" }, "matches": { "l3": { "ipv4": { "protocol": "ipv4", "source_ipv4_network": { "": { "source_ipv4_network": "" } } } } } } } } } } }

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

oiansoncommented, Feb 27, 2020

@xiaoxinz-cisco this looks to be fixed now, thank you 😃

xiaoxinz-ciscocommented, Feb 19, 2020

Hello @oianson ,

Yes, it is. We’ll fix it and get back to you.

Thanks, Irene

Read more comments on GitHub >

github_iconTop Results From Across the Web

Security Configuration Guide: Access Control Lists, Cisco IOS ...
IP Access List Overview. Access control lists (ACLs) perform packet filtering to control which packets move through a network and to where.
Read more >
Overview of Packet Capturing Tools in Cisco Switches and ...
Ability to choose the right troubleshooting tool for timely problem resolution. Embedded Packet Capture Tools. Ethanalyzer, NetDR,. Mini Protocol Analyzer,.
Read more >
Enable ACL “deny” or “permit” logging
You can use ACL logging to help: Test your network to ensure that your ACL configuration is detecting and denying or “permitting” the...
Read more >
Cisco Aggregation Services Router 1000 Series (ASR1K) - NIAP
IOS-XE uses both a running configuration and a starting configuration. ... access list entries are inserted above the default deny ACL.
Read more >
Configuring and using standard logs (access logs)
When a log entry is omitted from access logs, the number of entries in the access ... If you're not, the bucket owner...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found