Solved

Editing the Cisco ACL on switch or router best practice

Posted on 2010-08-23
4
694 Views
Last Modified: 2012-05-10
Hi All,

I’d like to know what is the best practice of managing CISCO switch and router access control list (ACL)?
I’m now connecting using the blue console cable into the device and then use putty to connect to the console COM1.

1.      I enable logging then “show run”
2.      Keeps pressing the keyboard to go ahead the “- - more- - “ delimiter
3.      Open Notepad then edit the log to remove the “- - more - - “ keyword
4.      Make necessary changes
5.      Quickly Select 15 lines then Copy paste into the conf-t prompt (to reduce the input buffer limit and avoid timeout)
6.      Make sure that there is no spacing or copy paste error in the step above then “write mem”.

I wonder if there is a smarter or safest way in doing this to manage large scale network ? copy pasting hundreds of line and verifying it one by one through putty and pressing the keyboard is too cumbersome.

Any kind of help would be greatly appreciated.

Thanks,
0
Comment
Question by:jjoz
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 250 total points
Comment Utility
What version of IOS are you running?  With newer versions (don't know exactly when this was implemented) you can generally remove specific lines or add specific lines using sequence numbers.  You don't necessarily have to use the "old school" way of copy into a text file, edit, then paste back in.  Can't find a good reference quickly, but if you do a "show access-list xyz" you will see in the output the sequence numbers for the lines.  You can use them to remove specific lines you don't want, and to place new lines where you want them in the structure of the ACL.

0
 
LVL 1

Author Comment

by:jjoz
Comment Utility
it is version 12 and 12.4
segmented manual copy paste is too long and prone to errors, I wish there is another way to do it. but thanks for the reply
0
 
LVL 15

Assisted Solution

by:deepdraw
deepdraw earned 250 total points
Comment Utility
I have all my acls in text files

conf t
int dialer1
no ip access-group inboundDSL in
no ip access-list extended inboundDSL
ip access-list extended inboundDSL
 permit udp host 194.72.9.34 eq domain any
 permit udp host 194.74.65.69 eq domain any
 permit udp host 4.2.2.1 eq domain any
 remark allow time server
 permit udp host 130.88.203.64 eq ntp any eq ntp

int dialer1
ip access-group inboundDSL in
exit
exit
when i copy and paste it into the router( even a remote router) it only applies the acl after its all done so as to not block access :)
 
Greg
0
 
LVL 1

Author Closing Comment

by:jjoz
Comment Utility
thanks ma n!!!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now