Re: 12.3(1a) and "Duplicate remark statement"

Discussion in 'Cisco' started by John Caruso, Jul 24, 2003.

  1. John Caruso

    John Caruso Guest

    In article <>, John Caruso wrote:
    > I've just installed 12.3(1a) on several routers as a result of the Cisco
    > debacle, and apparently there's a bug in this version which causes IOS to
    > reject any "duplicate" remark statements in ACLs.


    Believe it or not, Cisco says this is a *feature*, not a bug. Apparently
    they're soon going to add a "no remark" command to allow users to remove
    remarks from named ACLs. But they were faced with an issue: what do you
    do about duplicate remarks? Do you remove all of them, the first one, the
    last one, or what? So what they decided to do is to just NEVER ALLOW THEM
    IN THE FIRST PLACE. Problem solved. So instead of choosing a design that
    would leave all existing ACLs intact, they chose a method that will mangle
    ACLs for many of their customers when they upgrade to 12.3(1a) and other
    releases in which this "feature" exists.

    This means that in the future, when adding remarks, you'll always have to
    make sure you phrase them so that identical text never shows up on two
    lines. And when adding any clarifying text like (say) dashed boxes around
    particularly crucial remarks, you'll have to arbitrarily change the text
    each time to make sure it's different.

    Wow. This is a showcase example of a poor design decision, and though it's
    a minor issue it's still discouraging to see this kind of poor software
    design within Cisco and IOS. I requested that they at least mitigate the
    damage by adding an option like "service duplicate-remarks-allowed", and
    then have "no remark" remove all duplicates...we'll see how that fares.
    Based on the feedback so far, I'm not particularly hopeful.

    - John
    John Caruso, Jul 24, 2003
    #1
    1. Advertising

  2. In article <>,
    John Caruso <> wrote:
    :Believe it or not, Cisco says this is a *feature*, not a bug.

    Bizarre.

    : Apparently
    :they're soon going to add a "no remark" command to allow users to remove
    :remarks from named ACLs. But they were faced with an issue: what do you
    :do about duplicate remarks? Do you remove all of them, the first one, the
    :last one, or what? So what they decided to do is to just NEVER ALLOW THEM
    :IN THE FIRST PLACE.

    Why didn't they just go for the ACL line numbering as was implimented
    in PIX 6.3(1) ?
    --
    This signature intentionally left... Oh, darn!
    Walter Roberson, Jul 24, 2003
    #2
    1. Advertising

  3. John Caruso

    John Caruso Guest

    In article <bfn64t$lbc$>, Walter Roberson wrote:
    > In article <>,
    > John Caruso <> wrote:
    >:Believe it or not, Cisco says this is a *feature*, not a bug.
    >
    > Bizarre.


    I'm glad I'm not the only one who thought so.

    >: Apparently
    >:they're soon going to add a "no remark" command to allow users to remove
    >:remarks from named ACLs. But they were faced with an issue: what do you
    >:do about duplicate remarks? Do you remove all of them, the first one, the
    >:last one, or what? So what they decided to do is to just NEVER ALLOW THEM
    >:IN THE FIRST PLACE.
    >
    > Why didn't they just go for the ACL line numbering as was implimented
    > in PIX 6.3(1) ?


    Well, they more or less did. When you show an ACL in 12.3(1a) it's got
    line numbers next to each statement. But apparently whoever designed the
    "no remark" statement either 1) didn't know about this, or 2) didn't
    consider it as a potential basis for a solution to the ambiguity issue.
    IMO, software design is clearly not this person's strong suit.

    As I wrote to the engineer handling the case: the design decision Cisco
    made here will affect many, many people who will NOT be using the feature,
    rather than just affecting people who WILL be using the feature. Obviously
    the wrong way to go. We'll see if they agree.

    BTW, for reference, this "feature" was a response to bugid CSCdz34661.

    - John
    John Caruso, Jul 24, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chuck S
    Replies:
    5
    Views:
    782
    fluffy bunny
    Jul 1, 2003
  2. (=?iso-8859-1?Q?=AF=60=B7=2E=2E=2E=F8=A4=B0=60=B0=

    Astrology and Biorhythms and Numerology and Tarot 2000 - 2003

    (=?iso-8859-1?Q?=AF=60=B7=2E=2E=2E=F8=A4=B0=60=B0=, Oct 7, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    1,421
    (=?iso-8859-1?Q?=AF=60=B7=2E=2E=2E=F8=A4=B0=60=B0=
    Oct 7, 2003
  3. tester
    Replies:
    12
    Views:
    4,591
    Boomer
    Jun 2, 2004
  4. tester
    Replies:
    5
    Views:
    8,380
    Chong
    May 28, 2004
  5. Scot Gardner
    Replies:
    0
    Views:
    550
    Scot Gardner
    Aug 17, 2003
Loading...

Share This Page