ACL Week

This week has not been entirely unamusing.

On Monday (13 Feb) at work, I had been looking over the Access Control Lists (ACLs) on our Internet routers that govern what traffic can or cannot come in (or out) from the world wide internets. They had been really messy and hard to tell what exactly they are blocking or allowing. So I did some research, and I came across a page on Cisco’s site that instructs the use or remarks so I can comment my ACL entries. So I spend the better half of the day cleaning up the ACL and adding remarks.

We have a total of four T1 lines coming into our campus. They are handled by two Internet routers with two interfaces each. Now, I
was working on the router that handled the Internet traffic for the main campus. I was waiting to work on the router that handles the Internet traffic for the students in the dorms. Each interface on each router had a list of commands that it runs. One of those commands tells the router to check the traffic against a named ACL. For example, you can set up ACLs named traffic_in1 and traffic_in but the only ACL that is actually doing anything is the one named in the list of commands for the interface. Otherwise they’re just sitting in reserve.

The first router I’m working on is connected to the better of our two ISPs, Internap. I notice that there are two ACLs listed, one I had been working with, one I hadn’t touched. I checked the configuration on the interface, and both interfaces were set to use the ACL I hadn’t touched. So I switched it over to use the new ACL. Good times.

Monday night,
Becky and I went to Sharon’s house to hang out, eat dinner, and Becky wanted to catch the Bachelor live for a change (Tivo has really changed how we think of television). I wasn’t interested in watching the program, so I worked on the other router (the one for the students) which is connected to our second ISP, Broadwing. I started with the ACL I had created for the first router and adjusted some minor things to apply it to this router. I changed the inactive ACL to what I want it, then switched over active ACLs. Looked good, looked fine, Susan got kicked off, we went home and went to bed.

Tuesday (14 Feb) morning I woke up, and as I was getting ready for school I decided to check my e-mail. I got an e-mail from my boss, Mike. He told me that the Broadwing circuits are down. Crap.

I logged into the router and switched active ACLs back to what they were before. I called Mike and told him that I had made a change the night before, but It should all be back to normal. We waited a bit, and sure enough, traffic starts flowing along the Broadwing circuits. Problem (that I created) solved.

Went to classes. Hmmmm.

After school I swung by and picked up Becky at the house. We went to the grocery store, picked up some groceries and went back home. I deftly confirmed my namesake and whipped up some chicken parmigiana with spaghetti which we enjoyed with a nice shiraz. All was done in celebration of the patron saint of ventricules, St. Valentine.

Wednesday (15 Feb) was spent comparing ACLs on the Broadwing router to find out why the old one worked but the new one didn’t. I figured it out (the problem was bgp) and adjusted for my mistake. Then I switched over to the
new commented (and working) ACL.


One more thing: Our wedding pictures are online! Check ’em out. The password is ‘tiedtheknot’

2 Replies to “ACL Week”

  1. Hey Kurt!

    Great photos from your wedding! It looks like you had a wonderful day. You have a lovely and beautiful bride! I am guessing that, like me, you might have married above your pay grade!


    Congrats again!

  2. I’m glad you enjoyed dinner on Monday while not watching the bachelor and I glad you had a great St. Valentine’s day dinner – yeah, the rest makes no sense to me and I used to work in IT…maybe, that’s why I used to…hmmm.

Leave a Reply

Your email address will not be published. Required fields are marked *