One of the cardinal rules of labbing (and production work) is that you verify what you’ve configured soon after you configure it. I was doing a lab today in which I needed to use an ip accounting-list to limit IP Accounting to a specific subnet (155.1.0.0/16).
Here’s what I entered:
Rack1R1(config)#ip accounting-list 155.1.0.0 255.255.0.0
Here’s how it showed up in the configuration:
Rack1R1(config)#do sh run | i ip accounting-list
ip accounting-list 0.0.0.0 255.255.0.0
Luckily: a) I looked at my configuration shortly after I entered it, and b) I’ve seen this ‘error’ before. I must have used a network mask when IOS expected wildcard bits. I usually screw up access-lists the same way.
Access-lists expect wildcard bits:
Rack1R1(config)#access-list 99 permit 155.1.0.0 ?
A.B.C.D Wildcard bits
log Log matches against this entry
<cr>
Rack1R1(config)#access-list 99 permit 155.1.0.0 0.0.255.255
IP addresses expect a network mask:
Rack1R1(config-if)#ip address 155.1.123.123 ?
A.B.C.D IP subnet mask
Rack1R1(config-if)#ip address 155.1.123.123 255.255.0.0
I must have boned up the configuration of the accounting-list by not paying attention to IOS help or just plugging in a network mask because I presumed that was what the command required. Which is odd because I don’t use ‘ip acounting-list’ that often so I should have been using IOS help. That’s when I discovered that IOS was fucking with me:
Rack1R1(config)#ip accounting-list 155.1.0.0 ?
A.B.C.D IP address mask
WTF? A quick trip to the Cisco documentation showed that IOS was lying to me:
wildcard – Wildcard bits to be applied to the ip-address argument.
This could be an error in the IOS code (12.3(14)T7). Either way I would have lost points on the lab if I had not verified my configuration. As I stated earlier, it’s a very good idea to get into the habit of double-checking your configurations. 99.9% of the time the error will be yours, but one in a great while IOS will stab you in the back. 🙂
Your running into the following bug:
CSCs77002
ip add for command “ip accounting-list” is nvgened incorrectly.
Since it’s a cosmetic bug they will be slow to fix it. I agree it’s confusing
Comment by booby gibson — April 3, 2009 @ 7:42 am |
Hmmm good post. I would have probably made the same mistake.
Comment by Dana — April 3, 2009 @ 1:58 pm |
I think I ran into the same issue running through an IE lab a little while back. Lesson learned… Verify, verify, verify!
Comment by jrensink78 — April 4, 2009 @ 9:24 am |
[…] Lab Tip: Sometimes IOS is a Lying Whore!!! […]
Pingback by A hét érdekeségei - April 30, 2009 | xcke's blog — April 30, 2009 @ 3:33 am |