Deploying access-list statements in LMS 3.0

Unanswered Question
Oct 23rd, 2007

After reading through a couple of scenarios in the RME User guide I am still a little confuses on how should I go about deploying an access list permit statement to all the devices I have in Ciscoworks with this considered an user-defined task if so how do I go about deploying this statement?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Tue, 10/23/2007 - 10:36

You can do this using a User-Defined task or Ad hoc task in Netconfig. Just add your ACLs as you want them to look on the device.

If, however, your device already has an ACL configured, and you want to add new lines, you should use Config Editor or Archive Management Baseline Compliance to do this. Deployment in those situations will remove the current ACL, then add the new lines.

If you did want to use Netconfig to edit an ACL, you would need the first line of your user-defined task or adhoc task to be:

no access-list

Then you would put back the entire ACL as you want it to appear on the device.

If, however, all you want to do is append statements to an existing ACL, then you can just build a user-defined task or adhoc task that simply adds new lines. For example:

access-list 101 permit ip any

Admittedly, the ACL management capability in LMS is no where near as comprehensive as the ACL management capabilities in the ACL Manager application. The Cisco Security Management Suite has some more ACL management capabilities.

dionjiles Tue, 10/23/2007 - 10:49

Thanks for the quick update.....that is exactly what I wanted to do is to append statements to an existing ACL. I tested using Config Editor and it was fairly simple wasn't sure what system defined task to use to apply ACL Statement.

I will definitely look into the Security Suite


This Discussion