Solved

Editing the Cisco ACL on switch or router best practice

Posted on 2010-08-23
4
698 Views
Last Modified: 2012-05-10
Hi All,

I’d like to know what is the best practice of managing CISCO switch and router access control list (ACL)?
I’m now connecting using the blue console cable into the device and then use putty to connect to the console COM1.

1.      I enable logging then “show run”
2.      Keeps pressing the keyboard to go ahead the “- - more- - “ delimiter
3.      Open Notepad then edit the log to remove the “- - more - - “ keyword
4.      Make necessary changes
5.      Quickly Select 15 lines then Copy paste into the conf-t prompt (to reduce the input buffer limit and avoid timeout)
6.      Make sure that there is no spacing or copy paste error in the step above then “write mem”.

I wonder if there is a smarter or safest way in doing this to manage large scale network ? copy pasting hundreds of line and verifying it one by one through putty and pressing the keyboard is too cumbersome.

Any kind of help would be greatly appreciated.

Thanks,
0
Comment
Question by:jjoz
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 250 total points
ID: 33507642
What version of IOS are you running?  With newer versions (don't know exactly when this was implemented) you can generally remove specific lines or add specific lines using sequence numbers.  You don't necessarily have to use the "old school" way of copy into a text file, edit, then paste back in.  Can't find a good reference quickly, but if you do a "show access-list xyz" you will see in the output the sequence numbers for the lines.  You can use them to remove specific lines you don't want, and to place new lines where you want them in the structure of the ACL.

0
 
LVL 1

Author Comment

by:jjoz
ID: 33507700
it is version 12 and 12.4
segmented manual copy paste is too long and prone to errors, I wish there is another way to do it. but thanks for the reply
0
 
LVL 15

Assisted Solution

by:deepdraw
deepdraw earned 250 total points
ID: 33507916
I have all my acls in text files

conf t
int dialer1
no ip access-group inboundDSL in
no ip access-list extended inboundDSL
ip access-list extended inboundDSL
 permit udp host 194.72.9.34 eq domain any
 permit udp host 194.74.65.69 eq domain any
 permit udp host 4.2.2.1 eq domain any
 remark allow time server
 permit udp host 130.88.203.64 eq ntp any eq ntp

int dialer1
ip access-group inboundDSL in
exit
exit
when i copy and paste it into the router( even a remote router) it only applies the acl after its all done so as to not block access :)
 
Greg
0
 
LVL 1

Author Closing Comment

by:jjoz
ID: 33529966
thanks ma n!!!
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now