It used to be that access lists in Cisco IOS were numbered. Not only were they numbered, but the numbers were significant to what kind of access list they were. Now access lists (and just about everything else) can be named rather than numbered. Although this seemingly innocuous change has greatly reduced the number of network administrator headaches, it is also the source of some of my greatest pet peeves.
* Lower-case names
I picked a random switch that I manage and ran its configuration through wc
. What I found is that the configuration had 723 lines and 2370 words. And that's pretty simplistic. I ran another configuration file (this time a customer access router) and found that it had 5,382 lines and 23,965 words!
When I'm scrolling through hundreds or even thousands of lines of configuration, trying to find that lower-case access-list name in a sea of lower-case words drives me wonky. Obviously, I can pipe the configuration through the CLI output modifiers to get a list of access-list names (show run | inc access-list
), but at some point, I'm still going to have to wade through the configuration to find where those access-lists are applied.
Personally, I use all upper-case names in my configuration files. Then, I can instantly tell if something I'm looking at is part of an IOS command syntax or something unique to my configuration. Some folks prefer other methods like capitalizing just the first character of each 'word' in the name. That's OK, too.
* Useless Names
When naming something in IOS, you have a golden opportunity to choose a name that will give the configuration reader some idea of what is going on without having to refer to other parts of the configuration for help. Does that mean that the name ACCESS-LIST
is bad? (FYI, use the name access-list
, and I'll personally hunt you down.) Nope. Is an access-list name like NETBIOS
infinitely better? Definitely.
Generally speaking, if you follow my first rule and distinguish unique names with capital letters, the useless names will be less painful. There is nothing worse than an access-list
called access-list
, or a dynmap
called dynmap
. At least ACCESS-LIST
and DYNMAP
set those names apart from the IOS commands of the same name.