07-03-2007 08:02 AM - edited 03-05-2019 05:06 PM
Hi all,
What is the simplest way to make updates to ACL's using the config file so that I download it, make changes and upload simply the changes to the ACL's? Is there a specific procedure to make the upload delete the lines changed first, then upload the new lines?
please advise.
Solved! Go to Solution.
07-03-2007 09:10 AM
what I mean by copying and pasting:
login to the router or switch that has the ACL you want to work with.
issue at the CLI:
show run
note the ACL in question, highligh the whole acl text then copy it and paste it to notepad. Remove the line you want and add the new line. Then login back to the router, configuration mode.
You then delete the corrent running ACL
and past the new one.
Exmaple:
This is an extended access list from a router that has been retreaved and copy into a notepad from windows.
access-list 182 permit tcp 10.3.8.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 10.3.9.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 10.2.2.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 192.168.13.0 0.0.0.255 any eq telnet
access-list 182 permit tcp host 10.3.4.244 any eq telnet
access-list 182 permit tcp host 10.3.4.245 any eq telnet
access-list 182 deny ip any any log
you can remove and add the new line, then you log back into the router and paste the new ACL. In this example I removed 10.3.4.244 and 10.3.4.245
this was pasted in the router with an updated ACL. meaning you highligh the text from notepad and paste the whole thing in the router.
no ip access-list 182
ip access-list extended 182
access-list 182 permit tcp 10.3.8.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 10.3.9.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 10.2.2.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 192.168.13.0 0.0.0.255 any eq telnet
access-list 182 deny ip any any log
HTH
Jorge
07-03-2007 08:14 AM
In my opinion and practice , it is easier to copy current acl , work on it in a notepad, make the changes needed and paste the new acl in your switch or router. Whether there is a utility out there that would automate this process , perhaps someone out there could comment.
HTH
Jorge
07-03-2007 08:52 AM
This is exactly what I need, but what do you mean by pasting? Just take the acl porting of the config, update it and reload it vis copy tftp run?
07-03-2007 09:10 AM
what I mean by copying and pasting:
login to the router or switch that has the ACL you want to work with.
issue at the CLI:
show run
note the ACL in question, highligh the whole acl text then copy it and paste it to notepad. Remove the line you want and add the new line. Then login back to the router, configuration mode.
You then delete the corrent running ACL
and past the new one.
Exmaple:
This is an extended access list from a router that has been retreaved and copy into a notepad from windows.
access-list 182 permit tcp 10.3.8.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 10.3.9.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 10.2.2.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 192.168.13.0 0.0.0.255 any eq telnet
access-list 182 permit tcp host 10.3.4.244 any eq telnet
access-list 182 permit tcp host 10.3.4.245 any eq telnet
access-list 182 deny ip any any log
you can remove and add the new line, then you log back into the router and paste the new ACL. In this example I removed 10.3.4.244 and 10.3.4.245
this was pasted in the router with an updated ACL. meaning you highligh the text from notepad and paste the whole thing in the router.
no ip access-list 182
ip access-list extended 182
access-list 182 permit tcp 10.3.8.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 10.3.9.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 10.2.2.0 0.0.0.255 any eq telnet
access-list 182 permit tcp 192.168.13.0 0.0.0.255 any eq telnet
access-list 182 deny ip any any log
HTH
Jorge
07-03-2007 09:23 AM
i thought there was another way to do this by using the config file itself, making changes, and re-uploading the config with a special line at the begining of the NEW config file that basicaly tells the switch to discard the current config and replace with this uploaded one.
07-03-2007 09:31 AM
For a router or a switch I have not seen such.
What you are looking for can only be done on CIsco PIXs and ASA platforms which has GUI interfaces that allows you to make changes in a GUI manner and have the device push the chnages with a click of a mouse.
07-03-2007 09:40 AM
Post your question under Network Management forum here, Cisco systems has a network management software called CiscoWorks, I just don't know if this software can do what you are looking , I know this software can inport systems configurations, whether you can make ACL chnages and export then to devices I don't know.
07-03-2007 11:04 AM
I think SNMP can change ACL's the way the OP wants to, but I do it the way someone else here suggested.
1. copy the ACL to your fav text editor (textpad for me)
2. remove the ACL from the interface
3. delete the ACL
4. edit the acl in your text editor
5. re-add ACL
6. re-apply ACL back to your interface
I keep 'templates' where all i have to do is paste the existing ACL in and edit it, and then copy/paste it all into the device.
be careful when you copy/paste in bulk if you are using a DOS window or hyperterm. Either make sure yo'uve configured hyperterm with a large buffer, or use another term. emulator.
07-03-2007 11:25 AM
SNMP, good point !
07-03-2007 07:21 PM
To edit the ACL configurations via snmp, you would want to use the CISCO-CONFIG-COPY-MIB. Here's an example:
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094aa6.shtml
Also, as mentioned above, CiscoWorks LMS does have config editing tools built into RME that can assist with this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide