Greetings from Annapolis, my name is Drew and I am the System Administrator here at Netcordia. I am relatively new to blogging, actually this blog entry is my first. So to start it off I thought I would share an experience I had here at work while working with ACL's, vlan access-maps and our in-house NetMRI.
I was updating an ACL on our core router and in the process of doing so deleted what I thought was an old outdated and un-used ACL. Minutes later I had two developers in my office and multiple emails from our development team stating they could not reach their development machines, all of which were located on a separate development vlan. Great! I just deleted the ACL that allowed traffic to and from that development vlan, hopefully I made a copy of it. Doh! No copy, I wasn't editing the ACL so I didn't copy/paste it into a text file, I simply removed it from the router via the 'no ip access-list...' command.
I couldn't even remember what that context of the ACL was and where it was being used, it wasn't applied to any interface or to the VTY lines and the vlan access-map looked fine to me. What was I going to do? I don't back up config files manually, we have a NetMRI that does it for me, ah-hah! I logged into our NetMRI and navigated to Network Explorer > Core Router > Configuration Management > Config Explorer and downloaded the last saved config. I was then able to decipher that the ACL in question was applied to a vlan access-map, of which when there is no ACL applied all traffic is blocked. I quickly re-created the ACL and applied it to the corresponding map and connectivity was restored.
Without NetMRI I could have easily deleted the vlan access-map and restored connectivity, however that would have been counterproductive to why it was there in the first place, it was there for a reason and I had to get it back. NetMRI is a great tool that allowed me to do that by backing up my Cisco config files.
Here's to not deleting ACL's unless you are absolutely sure they are not in use anymore!
Drew