• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

Editing the Cisco ACL on switch or router best practice

Hi All,

I’d like to know what is the best practice of managing CISCO switch and router access control list (ACL)?
I’m now connecting using the blue console cable into the device and then use putty to connect to the console COM1.

1.      I enable logging then “show run”
2.      Keeps pressing the keyboard to go ahead the “- - more- - “ delimiter
3.      Open Notepad then edit the log to remove the “- - more - - “ keyword
4.      Make necessary changes
5.      Quickly Select 15 lines then Copy paste into the conf-t prompt (to reduce the input buffer limit and avoid timeout)
6.      Make sure that there is no spacing or copy paste error in the step above then “write mem”.

I wonder if there is a smarter or safest way in doing this to manage large scale network ? copy pasting hundreds of line and verifying it one by one through putty and pressing the keyboard is too cumbersome.

Any kind of help would be greatly appreciated.

Thanks,
0
jjoz
Asked:
jjoz
  • 2
2 Solutions
 
jmeggersCommented:
What version of IOS are you running?  With newer versions (don't know exactly when this was implemented) you can generally remove specific lines or add specific lines using sequence numbers.  You don't necessarily have to use the "old school" way of copy into a text file, edit, then paste back in.  Can't find a good reference quickly, but if you do a "show access-list xyz" you will see in the output the sequence numbers for the lines.  You can use them to remove specific lines you don't want, and to place new lines where you want them in the structure of the ACL.

0
 
jjozAuthor Commented:
it is version 12 and 12.4
segmented manual copy paste is too long and prone to errors, I wish there is another way to do it. but thanks for the reply
0
 
greg wardCommented:
I have all my acls in text files

conf t
int dialer1
no ip access-group inboundDSL in
no ip access-list extended inboundDSL
ip access-list extended inboundDSL
 permit udp host 194.72.9.34 eq domain any
 permit udp host 194.74.65.69 eq domain any
 permit udp host 4.2.2.1 eq domain any
 remark allow time server
 permit udp host 130.88.203.64 eq ntp any eq ntp

int dialer1
ip access-group inboundDSL in
exit
exit
when i copy and paste it into the router( even a remote router) it only applies the acl after its all done so as to not block access :)
 
Greg
0
 
jjozAuthor Commented:
thanks ma n!!!
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now