I've also been thinking of a couple of extensions, partially because they are
useful and partially because I haven't been coding in a while. Slightly
different than filter_audit would be something that checks for the existence and
linkage of the multiple maps Cisco requires for the modular quality of service
interface.
<br>Perhaps as a less ambitious project, I've also considered writing a tool
that gives a cross-reference to the appearance of certain IP addresses, first in
a single router configuration, and then across multiple configurations.
<br>Has anyone tried either of these? Is there interest? Is there another tool
that does these functions?

I shall join the rant. Actually, there was a behavior change in IOS 10.3.
Before then, if you defined an access-group without a corresponding access-list,
IOS would assume the existence of such a list, composed only of an "implicit
deny all", stopping everything on the interface.
really the theoretically correct behavior. Nevertheless, Cisco changed the
default to "permit all" if there was no corresponding access-list.

[cisco voice]
What's this "warning message" you keep mentioning?
[/cisco voice]

Which is a bit unfair, as there are some warning messages during configuration
but, AFAIK, only with a scope of a single command -- if one accepts "bad mask"
as a meaningful message for half a dozen conditions
No, I'm thinking of something that (gasp) I had with the IBM 360 assembler and
other compilers and assemblers.

At the end of a configuration (to start), it would list an address (or a
subnet), and tell you all the statements that referenced it. For example,
ip address
access-list (and probably indirect references in maps)
ospf network statements
server references
static routes
as a starting point. In other words, it tells you EVERYWHERE you need to make
changes when you change an address or something affecting it.

The next step would be to extend the scope beyond a single router, grabbing the
hostname to prefix the cross-reference. Again, the idea is that if an address
changes, you have a positive confirmation of every configuration that may need
to be changed. It's also a debugging tool, because you know which routers
affect that address.

Unfortunately, I suppose, it's something I do fairly often, as, for example,
when a small ISP gets its first PI allocation. Alternatively, we can come into
an existing ISP that really hasn't been documenting, and we have to both create
current documentation and rationalize the addressing and performance. I agree
it would be needed much less often in a running ISP, unless you have the
misfortune to have to deal with networks redefined by merger, acquisition, or
divestiture.
Agreed. At a minimum, you have to recognize:
1. The /32 address itself
2. The address if contained in a /length or under a subnet mask
3. The address if contained in an inverse mask (access list or ospf
network statment)
True about the specifying an interface on a static route, but that does have
different behavior than using a next-hop address. In particular, using the
interface reference can't force recursion, so if that next-hop address is not
adjacent and dynamic routing fails to get it into a routing table, you then have
a recognizable error condition. Of course, you can potentially get out of such
an error by having additional static routes with

This is perfectly on-topic for ***@isc.org. This is precisely
what this list was created for, in fact :-)


Joe