Solved

Editing the Cisco ACL on switch or router best practice

Posted on 2010-08-23
4
701 Views
Last Modified: 2012-05-10
Hi All,

I’d like to know what is the best practice of managing CISCO switch and router access control list (ACL)?
I’m now connecting using the blue console cable into the device and then use putty to connect to the console COM1.

1.      I enable logging then “show run”
2.      Keeps pressing the keyboard to go ahead the “- - more- - “ delimiter
3.      Open Notepad then edit the log to remove the “- - more - - “ keyword
4.      Make necessary changes
5.      Quickly Select 15 lines then Copy paste into the conf-t prompt (to reduce the input buffer limit and avoid timeout)
6.      Make sure that there is no spacing or copy paste error in the step above then “write mem”.

I wonder if there is a smarter or safest way in doing this to manage large scale network ? copy pasting hundreds of line and verifying it one by one through putty and pressing the keyboard is too cumbersome.

Any kind of help would be greatly appreciated.

Thanks,
0
Comment
Question by:jjoz
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 250 total points
ID: 33507642
What version of IOS are you running?  With newer versions (don't know exactly when this was implemented) you can generally remove specific lines or add specific lines using sequence numbers.  You don't necessarily have to use the "old school" way of copy into a text file, edit, then paste back in.  Can't find a good reference quickly, but if you do a "show access-list xyz" you will see in the output the sequence numbers for the lines.  You can use them to remove specific lines you don't want, and to place new lines where you want them in the structure of the ACL.

0
 
LVL 1

Author Comment

by:jjoz
ID: 33507700
it is version 12 and 12.4
segmented manual copy paste is too long and prone to errors, I wish there is another way to do it. but thanks for the reply
0
 
LVL 15

Assisted Solution

by:greg ward
greg ward earned 250 total points
ID: 33507916
I have all my acls in text files

conf t
int dialer1
no ip access-group inboundDSL in
no ip access-list extended inboundDSL
ip access-list extended inboundDSL
 permit udp host 194.72.9.34 eq domain any
 permit udp host 194.74.65.69 eq domain any
 permit udp host 4.2.2.1 eq domain any
 remark allow time server
 permit udp host 130.88.203.64 eq ntp any eq ntp

int dialer1
ip access-group inboundDSL in
exit
exit
when i copy and paste it into the router( even a remote router) it only applies the acl after its all done so as to not block access :)
 
Greg
0
 
LVL 1

Author Closing Comment

by:jjoz
ID: 33529966
thanks ma n!!!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question