Hi,
We are hitting an issue where in somehow ace modification is split. show-cli shows the modification together but when CLIs are generated ace are split in 2 blocks for same ACL. Is there any debug capability to check why its generated this way?
This happends only when there is new ACL creation part of transaction
CLIs configured
(config)# ip access-list extended port-in-ip-acl
(config-ext-nacl)# no 2
(config-ext-nacl)# no 3
(config-ext-nacl)# 2 permit ip any any
(config-ext-nacl)# ip access-list extended qos_rule_14
(config-ext-nacl)# 2001 permit udp any any
ends up in
(config)# show configuration
ip access-list extended port-in-ip-acl
no 2 permit ip any host 127.0.0.1
2 permit ip any any
!
ip access-list extended qos_rule_14
2001 permit udp any any
!
ip access-list extended port-in-ip-acl
no 3 permit ip any any
Logs
Here aces of port-in-ip-acl is split
TYPE=CDB_SUB_COMMIT
diff commit 9 /native/ip/access-list/extended{port-in-ip-acl} modified
diff commit 9 /native/ip/access-list/extended{port-in-ip-acl}/access-list-seq-rule{2} modified
diff commit 9 /native/ip/access-list/extended{port-in-ip-acl}/access-list-seq-rule{2}/ace-rule/dst-any created
diff commit 9 /native/ip/access-list/extended{port-in-ip-acl}/access-list-seq-rule{2}/ace-rule/dst-host-address deleted (127.0.0.1 -> )
diff commit 9 /native/ip/access-list/extended{port-in-ip-acl}/access-list-seq-rule{3} deleted
diff commit 9 /native/ip/access-list/extended{qos_rule_1} created
diff commit 9 /native/ip/access-list/extended{qos_rule_1}/name set ( -> qos_rule_1)
diff commit 9 /native/ip/access-list/extended{qos_rule_1}/access-list-seq-rule{2001} created
diff commit 9 /native/ip/access-list/extended{qos_rule_1}/access-list-seq-rule{2001}/sequence set ( -> 2001)
diff commit 9 /native/ip/access-list/extended{qos_rule_1}/access-list-seq-rule{2001}/ace-rule/src-eq set ( -> 507)
diff commit 9 /native/ip/access-list/extended{qos_rule_1}/access-list-seq-rule{2001}/ace-rule/dst-eq set ( -> 507)
diff commit 9 /native/ip/access-list/extended{qos_rule_1}/access-list-seq-rule{2001}/ace-rule/any created
diff commit 9 /native/ip/access-list/extended{qos_rule_1}/access-list-seq-rule{2001}/ace-rule/action set ( -> enum<1>)
diff commit 9 /native/ip/access-list/extended{qos_rule_1}/access-list-seq-rule{2001}/ace-rule/dst-any created
diff commit 9 /native/ip/access-list/extended{qos_rule_1}/access-list-seq-rule{2001}/ace-rule/protocol set ( -> enum<14>)
cmd = ->ip access-list extended port-in-ip-acl
no 2 permit ip any host 127.0.0.1
2 permit ip any any
!
ip access-list extended qos_rule_1
2001 permit udp any eq 507 any eq 507
!
ip access-list extended port-in-ip-acl
no 3 permit ip any any
!